The CFPB recently issued FAQs regarding compliance with the Electronic Fund Transfer Act (EFTA) and Regulation E involving electronic fund transfers, unauthorized transfers, and error resolution processes. The previous update to the FAQs had been made in June 2021.
The FAQs have been substantially revised since their June edition and should be reviewed to understand the CFPB’s interpretation of EFTA and Regulation E. Many of the changes address P2P payment processing. The FAQs maintain substantially similar statements from June regarding unauthorized transfers and the effect of payment network rules.
The new FAQs cover a variety of issues, including:
- The definition of an Electronic Fund Transfer and covered transactions under EFTA and Regulation E;
- Whether Person-to-Person (P2P) transactions are EFTs under Regulation E;
- The definition of a financial institution as it relates to P2P transfers and ACH agreements under EFTA and Regulation E;
- Whether non-banks may be considered a financial institution under EFTA when they are involved in a P2P transaction;
- The definition of an error for purposes of EFTA and Regulation E, including what steps a financial institution must take in response; and
- Guidance on identifying an unauthorized electronic fund transfer, as defined by EFTA and Regulation E, using stolen credentials or P2P payment methods.
The CFPB also revised its FAQ regarding how a financial institution may determine consumer liability by clarifying that the FAQ addressed an initial transfer that met the definition of an unauthorized EFT.