Compliance Blog

Categories: Business Lending

Credit Cards for Business Purposes: When Reg Z Actually Does Apply

Written by Jennifer Aguilar, Regulatory Compliance Counsel, NAFCU

Last week, the Compliance Team hosted our Regulatory Compliance School. Congrats to all the new NCCOs! If you, too, want to become an NCCO, you can join us in Minneapolis for the summer session of Regulatory Compliance School.

One of the key principles we teach at Compliance School is that most of the consumer regulations (TISA, Reg E, Reg X, Reg Z, etc.) do not apply to business-purpose accounts. These rules generally leave it up to the credit union to determine when an account is opened for a business purpose. If a credit union determines the account is for business purposes, then it does not have to provide disclosures, such as account opening disclosures, periodic statements or change in terms notices. Like many of our Compliance School attendees also learned, the CFPB loves its exceptions and enjoys hiding them in the commentary. So, today’s blog focuses on the exception to this rule for credit card accounts.

Section 1026.3(a) of Regulation Z provides the general rule: credit extended to a person for business purposes and credit extended to an entity are exempt from the regulation. The commentary to this provision explains that, for credit card accounts, there are two rules that apply even if the credit extended is generally considered exempt from the regulation: section 1026.12(a) on issuing credit cards and section 1026.12(b) on liability for unauthorized use.

Issuing Credit Cards. Section 1026.12(a) explains credit cards can only be issued upon request or as a renewal or substitution for another credit card. For cards issued upon request, the request can be verbal, written or as part of an application for a credit card account. The cards can only be provided to the person making the request and any authorized users on the account. Renewal generally refers to the scenario when a previous card has expired or a new technology is incorporated into the card, such as when chip-enabled cards were issued. Substitution generally refers to when a card is replaced because the account relationship has changed, such as when the features on the account have changed. Anytime a credit card is issued for a business account, these rules will apply.

Liability for Unauthorized Use. Section 1026.12(b) provides the liability limits for unauthorized use. Under the rule, a member may be held liable only if:

  • The credit card is an accepted credit card;
  • The credit union has provided a way to identify the cardholder or authorized user (such as a signature or photo on the card); and
  • The credit union has disclosed the member’s potential liability and how the member may inform the credit union of an unauthorized transaction.

An investigation into the alleged unauthorized transaction is also required before liability can be passed on to the member. A member’s liability is limited to the lesser of $50 or the amount of the transactions that occurred before notice was provided to the credit union. These liability limits apply even if the account is for business purposes or the cardholder is an entity.

There is also a special liability rule for cards issued to employees of an organization. Section 1026.12(b)(5) explains when ten or more cards are issued for the same organization, the credit union and the organization can contract for higher liability. The commentary clarifies credit unions can take advantage of this special rule only when the organization is in the position to provide at least ten cards to employees. For example, ten cards cannot be issued to an organization with only three employees. It is also important to note that the higher liability limit cannot be passed on to individual employees. The organization itself is the liable party.

Since Regulation Z generally does not apply to business purpose credit cards, it can be easy to overlook these two provisions. Credit unions may want to review any agreements and disclosures provided for business credit cards to determine whether they meet these requirements.

Share Your Thoughts!

NAFCU is gathering comments on various credit card practices in response to the CFPB’s request for information (RFI). The RFI covers terms of credit card agreements, effectiveness of disclosures, how implementation of the Credit CARD Act has affected costs and other practices. More information, including how to submit your comments, can be found in this Regulatory Alert (NAFCU member login required).

About the Author

Jennifer Aguilar, NCCO, Senior Regulatory Compliance Counsel, NAFCU

Jennifer Aguilar, NCCO, Regulatory Compliance CounselJennifer Aguilar, NCCO, joined NAFCU as regulatory compliance counsel in February 2017 and was named Senior Regulatory Compliance Counsel in March 2019. In this role, Aguilar helps credit unions with a variety of compliance issues.

Read full bio