Compliance Blog

Blog Home
Dec 01, 2017
Categories: Operations Accounts Cybersecurity and Data Security

Reg E Error Resolution for POS Disputes and Unjust Enrichment; Blockchain Resources

Talk about Black Friday, the perfect opportunity for fraudsters to go holiday shopping with your member's debit cards, online or in store. The holiday season truly is a fantastic time to review key provisions of the error resolution process of Regulation E. So let's dig in!

The basic concept of the error resolution process is that members will notify their credit union when they notice an unauthorized EFT from their account. See12 C.F.R. § 1005.11(b). The credit union will receive the information needed to investigate the claim and resolve the issue within a specified time period. While the credit union investigates the error, the member will be provided with provisional funds to minimize disruptions to the member's life.  See, 12 C.F.R. § 1005.11(c)(2)(i). Finally, the credit union will notify the member of the resolution and make the provisional credit final or revoke the credit if no error occurred. Sounds simple enough, right?

Wrong. Regulation E is deceptively simple, but it is full of compliance pitfalls and stumbling blocks. We have already addressed a couple of these issues in prior blogs here and here. Today's blog focuses on point-of-sale (POS) dispute timelines and what to do if you finalized the provisional credit and new information shows the member was already refunded by the merchant or the transaction was not unauthorized.

The normal timeline to resolve a Reg E error is within 10 business days of when the member notifies the credit union of an unauthorized transfer from their account. See, 12 C.F.R. § 1005.11(c)(1). Some credit unions pride themselves in providing extreme member service and correcting most errors within this timeline and to save themselves the hassle of providing provisional credit. While admirable and very member-friendly, this also means the credit union will have to mad-rush to investigate the dispute, contact merchants, compare signatures, pull video from the security cameras (if any) and come to a conclusion. Whew! I am exhausted just thinking about the process. In POS dispute cases, 10 days is simply not enough to even get a return call from merchants, let alone any documentation of the transaction.

To remedy this, the regulation permits the investigation period to be extended up to 90 days for point-of-sale (POS) debit card transactions such as swiping your debit card at any store in the mall. See, 12 C.F.R. § 1005.11(c)(3)(ii). To take advantage of the extended timeline, the credit union must: (1) provisionally credit members for the amount of the alleged error as long as the member notifies the credit union in writing; (2) notify the member within 2 business days of the amount and date the provisional credit was given; and (3) give the member full use of the provisional credit while the investigation is pending.

Taking the time to investigate a POS dispute is essential as lately, credit unions are noticing that merchants are refunding members after the credit union has already resolved the error and finalized provisional credit. Basically, the member is getting back their money twice. As awesome as it is to get a windfall, it is simply not right. So credit unions want to know whether they can remove funds from a member's account if the member had been made whole by the merchant or if the credit union uncovers convincing evidence that the transaction was not unauthorized.

The answer to this question is not found in the regulation of course. That would make it way too easy on the NAFCU compliance team that takes these questions as a white elephant gift from the regulators. Regulation E explicitly states that credit unions can reverse provisional credit if there was no error or a different error occurred. See12 C.F.R. § 1005.11(d). Nothing in the regulation states that credit unions can take back final credit if it later discovers that no error or a different error occurred. If this seems inherently unfair, you are not alone. There is an entire contract law concept called unjust enrichment that has been around long before any of us or our predecessors were thinking about compliance. The just of this notion is that someone received a benefit they were not entitled to at the expense of someone else. Unfortunately, to pursue an unjust enrichment claim, the credit union would have to file a civil suit against the member who received the windfall. A less expensive option may be to politely ask the member to reimburse the credit union if the merchant credited the member or if the member later admits to having made the transaction. But an even better option is probably to take the full 90 days to investigate the dispute and ensure the credit union is monitoring the member's account during that time.

Regardless of the option, this is an area where the regulation is not entirely clear on when or whether a credit union has the ability to revoke final credit if the member is unjustly enriched. Interestingly enough, the remittance transfer rule that makes up sections 1005.30 to 1005.36 of Regulation E, has a provision regarding these types of unjust enrichment cases that should be added to the EFT error resolution part of the regulation. Here is a relevant excerpt from the official interpretation to section 1005.33(f):

In addition, nothing in this section prevents an account-holding institution or creditor from reversing amounts it has previously credited to correct an error if a sender receives more than one credit to correct the same error. For example, assume that a sender concurrently asserts an error with his or her account-holding institution and remittance transfer provider for the same error, and the sender receives credit from the account-holding institution for the error within 45 days of the notice of error. If the remittance transfer provider subsequently provides a credit of the same amount to the sender for the same error, the account-holding institution may reverse the amounts it had previously credited to the consumer's account, even after the 45-day error resolution period under §1005.11.

12 C.F.R. § 1005, Supp I, 1005.33(f) (emphasis added). I am just going to put it out there, adding this to the official interpretation of section 1005.11(d) would be a pretty fantastic present for all compliance officers.

***

Blockchain Resources

NAFCU Regulatory Affairs Counsel Andrew Morris recently wrote an article for our Cyber Cafe edition of the Compliance Monitor (log-in required). To continue to assist credit unions interested in staying ahead of the curve he teamed up with NAFCU Special Counsel Pamela Yu, to produce a webpage that describes how blockchain technology impacts credit union regulations from BSA to Mortgage Servicing. 

Categories