Compliance Blog

Apr 29, 2019

The Regulations on Business Accounts

Written by Elizabeth M. Young LaBerge, Senior Regulatory Compliance Counsel, NAFCU

Or rather, the lack thereof. The NAFCU Regulatory Compliance Team regularly gets asked whether federal regulations apply to business deposit accounts.

Business Cat meme with caption "I need to make a deposit. I killed this cricket fresh this morning."

Most consumer protection rules do not apply to deposit accounts held by a business. It is important to understand that a business-purpose account can be held by a legal entity, such as an LLC or a corporation, or by individuals operating a business themselves as a sole proprietorship. Understanding whether the individuals or a legal entity own the account can be important to determining the applicability of a rule, as well as the credit union’s ability to open the account under field of membership considerations and its share insurance coverage.

Further, it is important to understand that even if an account is not covered by the scope of a rule, a credit union may contractually obligate itself to treat the account as if it were covered due to the language in its agreements. Some credit unions make a risk-based business decision to use the same documentation for all accounts, rather than establishing parallel processes and paperwork for business accounts. Each credit union needs to make its own decision on the topic, but educated decisions are best. So let’s talk about what rules do and do not apply to accounts held by businesses.

Truth in Savings

Subsection 707.2(a) defines “accounts” under the regulation to include a share or deposit account held by or offered to a “member” or potential “member.” “Member” is defined in paragraph 707.2(p) to solely include “natural persons.” A natural person is an individual, not legal entity members such as LLCs and corporations. Further, comment 2 to the definition of account in subsection 707.2(a) specifies that accounts of individuals operating businesses as sole proprietors are not covered. The result is if an individual is using their deposit account for the purposes of operating a sole proprietorship or an account is held by a legal entity, it would not be covered by the Truth in Savings regulation.

Regulation E

The coverage of Regulation E is stated in section 1005.3(a). It applies to "electronic fund transfers" that debit or credit a “consumer’s account.” Paragraph 1005.2(b)(1) defines an “account" as a consumer asset account established primarily for personal, family, or household purposes. Paragraph 1005.2(e) defines a "consumer” as a natural person. The result is if an individual is using their deposit account for the purposes of operating a sole proprietorship or an account is held by a legal entity, it would not be covered by Regulation E either.

Regulation CC

Generally, Regulation CC's provisions apply to an "account" which is defined in section 229.2(a)(1) by referring to a “deposit” that is a “transaction account” as defined in Regulation D. This definition makes no reference to the account’s purpose or the legal nature of the owner of the account.

Section 229.2(n) does contain a definition of "consumer account," which refers solely to accounts “used primarily for personal, family, or household purposes,” but this phrase is used sparingly throughout the regulation. The posting of the availability policy and providing notice of changes in the availability policy are only required for “holders of consumer accounts” under section 229.18. The availability timeframes, exception holds, initial disclosure of the availability policy and most other provisions of Regulation CC apply to accounts generally.

Fair Credit Reporting Act

The FCRA applies to reports on “consumers,” which is defined to mean “individuals.” The FTC’s 40 Years’ Experience with the FCRA report gets more specific. It states that “consumer” “includes only a natural person. It does not include artificial entities, such as partnerships, corporations, trusts, estates, cooperatives, associations or entities created by statute, such as governmental agencies.” However, this does not mean that the FCRA would never be implicated in opening a business-purpose account.

For example, imagine an LLC or a sole proprietorship requests to open a business-purpose account at the credit union. The credit union chooses to order a ChexSystems Report on an individual associated with the account, such as the LLC’s authorized signer or the sole proprietor. Because the report is ordered on an individual and the report meets the definition of a “consumer report” under the FCRA, the FCRA would apply. If the credit union chose to decline to open the account based on that report, an adverse action notice may be required to be sent to the individual under section 615 of the FCRA.

Regulation P

Regulation P specifies its scope in section 1016.1. Paragraph 1016.1(b)(1) defines its scope as solely applying to individuals who obtain financial products or services primarily for personal, family, or household purposes. Therefore, accounts held by legal entities or by individuals for business, commercial or agricultural purposes are not covered by Regulation P and do not require its initial or annual privacy disclosures, the opportunity to opt out, or the prohibitions on sharing nonpublic personal information.


The E-SIGN Act’s provisions regarding consent and the provision of disclosures electronically only apply to consumers. Section 7006(1) defines “consumer” as an individual who obtains products or services primarily for personal, family, or household purposes. A credit union seeking to provide disclosures electronically may be able to do so by simple agreement, rather that following E-SIGN’s provisions, unless specifically required to by other federal regulation.


The requirements of the BSA and OFAC absolutely apply to businesses. A “customer” for the purposes of the Customer Identification Program (CIP) is a “person” which includes a corporation, partnership, a trust, an estate or any other entity recognized as a legal person. There is guidance on performing CIP and conducting due diligence on legal entity customers in the FFIEC’s BSA/AML Manual. The requirements of OFAC as well as the BSA’s other requirements, such as risk rating, monitoring accounts and filing reports, all also apply to legal entities.

State Law and Other Considerations

In the absence of applicable regulation at the federal level, state laws may come into play. This is especially true surrounding electronic disclosures and signatures, privacy and deposit account requirements. A state’s adopted Uniform Commercial Code would likely apply to business accounts. Further, private agreements and network requirements like the NACHA Rules or Visa/MasterCard rules may apply to all types of accounts – with some situations where business accounts may be treated differently. Where federal and state regulations or private requirements do not require specific treatment of business accounts, the credit union would be able to establish its own requirements via contract with the business.

About the Author

Elizabeth M. Young LaBerge, NCCO, NCRM, CIPP/US, Senior Regulatory Counsel, NAFCU

Elizabeth M. Young LaBerge, NCCO, NCRM, CIPP/US, Senior Regulatory Compliance CounselElizabeth M. Young LaBerge, NCCO, NCRM, CIPP/US,  joined NAFCU as regulatory compliance counsel in July 2015 and was named Senior Regulatory Compliance Counsel in July 2016.

Read full bio