Skip to main content
Menu Icon

InfoBytes Blog

Financial Services Law Insights and Observations


Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.

  • District Court rules apps’ terms of service hyperlinks were clear and conspicuous


    On February 23, the U.S. District Court for the Eastern District of New York ruled that parties must arbitrate class claims concerning alleged fraudulent transactions on app users’ accounts. Plaintiffs—users of the defendants’ mobile payment platform who claimed that third parties fraudulently withdrew funds from their app accounts—alleged that the defendants’ inadequate dispute resolution process “improperly places the burden on the user to prove that a disputed transaction was unauthorized” in violation of the EFTA and N.Y. Gen. Bus. Law § 349. Defendants, however, countered that the plaintiffs agreed to arbitrate any disputes related to their app accounts, and moved to compel arbitration and dismiss the complaint. The court analyzed the applicable sign-up flows and ruled that in signing up for the apps, users agreed to unambiguous terms of service, which included an arbitration agreement presented in a clickable hyperlinked URL. The court rejected plaintiffs’ assertion that a reasonably prudent smartphone user would not think to click on the terms of service hyperlink, stating that the hyperlink for both apps provided reasonably clear and conspicuous interfaces. The court further found that the claims were subject to arbitration because plaintiffs’ specifically assented to the arbitration provisions and that the parties’ agreed to present any question of arbitrability to an arbitrator.

    Courts Arbitration Class Action Consumer Finance Mobile Payments EFTA State Issues New York

  • CFPB releases EFTA bulletin

    Federal Issues

    On February 15, the CFPB released a bulletin reiterating that the EFTA and its implementing regulation, Regulation E, apply to government benefit accounts with the exception of certain state and local electronic benefit transfer programs. The EFTA establishes, among other things, that “no person may require a consumer to establish an account for receipt of electronic fund transfers with a particular financial institution as a condition of employment or receipt of government benefits.” According to the Bulletin, this “compulsory use prohibition ensures that consumers receiving the government benefits” are provided “a choice with respect to how they receive their funds.” The bulletin also summarized the regulation’s disclosure requirements for government benefit accounts, which includes disclosing that the consumer: (i) “has several options to receive benefit payments, followed by a list of the options available to the consumer, and a statement directing the consumer to tell the agency which option the consumer chooses”; or (ii) “does not have to accept the government benefit account and directing the consumer to ask about other ways to receive government benefit payments.”

    Federal Issues CFPB EFTA Consumer Finance Regulation E

  • CFPB updates remittance transfer examination procedures

    Agency Rule-Making & Guidance

    Recently, the CFPB updated its remittance transfer examination procedures to reflect the latest amendments to Regulation E (EFTA’s implementing regulation), Subpart B, as of May 2020. The updates are reflected within the Bureau’s Supervision and Examinations Manual. The updated procedures outline practices for examiners when evaluating institutions that provide remittances in the normal course of business to individuals and businesses in foreign countries. “Examiners should complete a risk assessment, conduct necessary scoping, and use these procedures, in conjunction with the compliance management system review procedures, to conduct a remittance transfer examination,” the Bureau stated. The procedures specify four objectives for remittance transfer examinations: (i) to assess the quality of a regulated entity’s compliance risk management systems in its remittance transfer business; (ii) to identify acts or practices that materially increase the risk of federal consumer financial law violations, as well as associated harm to consumers in connection with remittance transfers; (iii) to gather facts to help determine whether a supervised entity engages in acts or practices in connection with remittance transfers that are likely to violate federal consumer financial law; and (iv) to determine, in accordance with CFPB internal consultation requirements, whether a federal consumer financial law has been violated and whether it is appropriate to take further supervisory or enforcement action.

    Agency Rule-Making & Guidance CFPB Remittance Transfer Rule Examination Regulation E EFTA

  • 9th Circuit partially reverses unauthorized EFTs action


    On December 20, the U.S. Court of Appeals for the Ninth Circuit affirmed in part and reversed in part a district court’s dismissal of an action under the EFTA against a national bank related to alleged unauthorized electronic fund transfers. The plaintiff, a foreign national who resided primarily outside the U.S., held several accounts with the defendant, including the checking account at issue. According to the plaintiff, “through unknown means, unidentified individuals gained access to her [] checking account in October 2017 and began making unauthorized withdrawals without her knowledge.” A separate bank flagged a large transfer from the plaintiff’s account and reached out to the defendant’s fraud department. That bank ultimately refunded the plaintiff’s money; however, according to the opinion, the defendant allegedly did not change the plaintiff’s account number and password, freeze her account, or inform her of the unauthorized transfer. From November 2017 through March 2019, more than 100 additional unauthorized withdrawals were made. The plaintiff acknowledged that she did not report any of these unauthorized transactions until March 2019, claiming she had been overseas with “‘very limited or no’ internet access to check her bank statements.” While some of the unauthorized withdrawals were reimbursed through the defendant’s internal dispute-resolution process, the defendant allegedly “refused to reimburse her for $300,000 of the losses she suffered, citing her failure to report the initial unauthorized withdrawals within 60 days of their appearance on her bank statements, as the EFTA ordinarily requires.” The plaintiff sued, claiming that the defendant violated the EFTA or, alternatively, California’s EFTA counterpart, and asserting various other state law claims. The district court granted the defendant’s motion to dismiss, ruling that because the plaintiff “failed to report the withdrawals at issue” within the required time frame, “the EFTA bars her claim as a matter of law.”

    On appeal, the 9th Circuit determined that the plaintiff plausibly alleged sufficient facts under the EFTA to suggest that “the subsequent unauthorized transfers for which she sought reimbursement would still have occurred.” While the plaintiff did not dispute that she failed to report any of the unauthorized withdrawals to the defendant within EFTA’s 60-day reporting period, she argued that her compliance was excused based on her limited access to her banking records and that the defendant “was already aware of the initial $29,000 withdrawal in November 2017[.]” The appellate court agreed with the district court that the plaintiff failed to “plausibly explain how someone with [her] financial means lacked adequate internet access to view her banking records for more than a year.” The 9th Circuit also rejected the plaintiff’s argument that she did not need to report the unauthorized withdrawals by virtue of the defendant’s communications with the other bank, agreeing that the EFTA “says nothing about a bank receiving notice from third-party sources unaffiliated with the consumer”

    However, the 9th Circuit disagreed with the district court’s decision to dismiss the EFTA claim or its California counterpart, after concluding that the plaintiff satisfied her pleading burden by alleging facts “plausibly suggesting that even if she had reported an unauthorized transfer within the 60-day period, the subsequent unauthorized transfers for which she [sought] reimbursement would still have occurred.” The panel emphasized that a consumer may be held liable for unauthorized transfers occurring after the 60-day period only where the bank establishes that those transfers “‘would not have occurred but for the failure of the consumer’” to report the earlier unauthorized transfer within the 60-day period. The district court “overlooked this requirement, and the error was not harmless,” the appellate court explained.

    Courts Appellate Ninth Circuit EFTA Consumer Finance Electronic Fund Transfer State Issues California

  • CFPB releases EFTA FAQs

    Federal Issues

    On December 13, the CFPB released updated Electronic Fund Transfers FAQs, which pertain to compliance with the Electronic Fund Transfer Act (EFTA) and Subpart A to Regulation E. The updated topics include transaction coverage, financial institution coverage, error resolution, and unauthorized EFT error resolution. Highlights from the updated FAQs include:

    • Person-to-person (P2P) payments can be unauthorized electronic transfers under Regulation E.
    • “[A] ‘pass-through’ payment transfers funds from the consumer’s account held by an external financial institution to another person’s account held by an external financial institution,” which is “initiated through a financial institution that does not hold a consumer’s account, for example, a non-bank P2P provider.”
    • “Regulation E section 1005.2(i) defines financial institution under EFTA and Regulation E to include banks, savings associations, credit unions, and: any other person that directly or indirectly holds an account belonging to a consumer, or any other person that issues an access device and agrees with a consumer to provide electronic fund transfer (EFT) services.”
    • “Any P2P payment provider that meets the definition of a financial institution, as discussed in Electronic Fund Transfers Coverage: Financial Institutions Question 1, is a financial institution under Regulation E.” Therefore, “if a P2P payment provider directly or indirectly holds an account belonging to a consumer, they are considered a financial institution under Regulation E.”
    • The transfer is considered to be an unauthorized EFT under Regulation E if a consumer’s account is obtained from a third party through fraudulent means (hacking), and a hacker utilizes that information to make an unauthorized electronic transfer from the consumer’s account.
    • “Although private network rules and other commercial agreements may provide for interbank finality and irrevocability, they do not reduce consumer protections against liability for unauthorized EFTs afforded by the Electronic Fund Transfer Act…. Accordingly, any financial institution in this transaction must comply with the error resolution requirements discussed in Electronic Fund Transfers Error Resolution Question 2, as well as the liability protections for unauthorized transfers.”

    Federal Issues CFPB Consumer Finance EFTA Electronic Fund Transfer Regulation E

  • CFPB supervisory highlights cover wide range of violations

    Federal Issues

    On December 8, the CFPB released its fall 2021 Supervisory Highlights, which details its supervisory and enforcement actions in the areas of credit card account management, debt collection, deposits, fair lending, mortgage servicing, payday lending, prepaid accounts, and remittance transfers. The report’s findings cover examinations that were completed between January and June of 2021 in addition to prior supervisory findings that led to public enforcement actions in the first half of 2021. Highlights of the examination findings include:

    • Credit Card Account Management. Bureau examiners identified violations of Regulation Z related to billing error resolution, including instances where creditors failed to (i) resolve disputes within two complete billing cycles after receiving a billing error notice; (ii) reimburse late fees after determining a missed payment was not credited to a consumer’s account; and (iii) conduct reasonable investigations into billing error notices concerning missed payments and unauthorized transactions. Examiners also identified deceptive acts or practices related to credit card issuers’ advertising practices.
    • Debt Collection. The Bureau found instances of FDCPA violations where debt collectors represented to consumers that their creditworthiness would improve upon final payment under a repayment plan and the deletion of the tradeline. Because credit worthiness is impacted by numerous factors, examiners found “that such representations could lead the least sophisticated consumer to conclude that deleting derogatory information would result in improved creditworthiness, thereby creating the risk of a false representation or deceptive means to collect or attempt to collect a debt in violation of Section 807(10).”
    • Deposits. The Bureau discussed violations related to Regulation E, including error resolution violations related to misdirected payment transfers and failure to investigate error notices where consumers alleged funds were sent via a person-to-person payment network but the intended recipient did not receive the funds.
    • Fair Lending. The report noted instances where examiners cited violations of ECOA and Regulation B by lenders "discriminating against African American and female borrowers in the granting of pricing exceptions based upon competitive offers from other institutions,” which led to observed pricing disparities, specifically as compared to similarly situated non-Hispanic white and male borrowers. Among other things, examiners also observed that lenders’ policies and procedures contributed to pricing discrimination, and that lenders improperly inquired about small business applicants’ religion and considered religion in the credit decision process.
    • Mortgage Servicing. The Bureau noted that it is prioritizing mortgage servicing supervision attributed to the increase in borrowers needing loss mitigation assistance due to the Covid-19 pandemic. Examiners found violations of Regulations Z and X, as well as unfair and deceptive acts and practices. Unfair acts or practices included those related to (i) charging delinquency-related fees to borrowers in CARES Act forbearances; (ii) failing to terminate preauthorized EFTs; and (iii) assessing fees for services exceeding the actual cost of the performed services. Deceptive acts or practices found by examiners related to mortgage servicers included incorrectly disclosed transaction and payment information in a borrower’s online mortgage loan account. Mortgage servicers also allegedly failed to evaluate complete loss mitigation applications within 30 days, incorrectly handled partial payments, and failed to automatically terminate PMI in a timely manner. The Bureau noted in its press release that it is “actively working to support an inclusive and equitable economic recovery, which means ensuring all mortgage servicers meet their homeowner protection obligations under applicable consumer protection laws,” and will continue to work with the Federal Reserve Board, FDIC, NCUA, OCC, and state financial regulators to address any compliance failures (covered by InfoBytes here). 
    • Payday Lending. The report identified unfair and deceptive acts or practices related to payday lenders erroneously debiting consumers’ loan balances after a consumer applied and received confirmation for a loan extension, misrepresenting that consumers would only pay extension fees on the original due dates of their loans, and failing to honor loan extensions. Examiners also found instances where lenders debited or attempted one or more duplicate unauthorized debits from a consumer’s bank account. Lenders also violated Regulation E by failing “to retain, for a period of not less than two years, evidence of compliance with the requirements imposed by EFTA.”
    • Prepaid Accounts. Bureau examiners found violations of Regulation E and EFTA related to stop-payment waivers at financial institutions, which, among other things, failed to honor stop-payment requests received at least three business days before the scheduled date of the transfer. Examiners also observed instances where service providers improperly required consumers to contact the merchant before processing a stop-payment request or failed to process stop-payment requests due to system limitations even if a consumer had contacted the merchant. The report cited additional findings where financial institutions failed to properly conduct error investigations.
    • Remittance Transfers. Bureau examiners identified violations of Regulation E related to the Remittance Rule, in which providers “received notices of errors alleging that remitted funds had not been made available to the designated recipient by the disclosed date of availability” and then failed to “investigate whether a deduction imposed by a foreign recipient bank constituted a fee that the institutions were required to refund to the sender, and subsequently did not refund that fee to the sender.”

    The report also highlights recent supervisory program developments and enforcement actions.

    Federal Issues CFPB Supervision Enforcement Consumer Finance Examination Credit Cards Debt Collection Regulation Z FDCPA Deposits Regulation E Fair Lending ECOA Regulation B Mortgages Mortgage Servicing Regulation X Covid-19 CARES Act Electronic Fund Transfer Payday Lending EFTA Prepaid Accounts Remittance Transfer Rule

  • District Court denies EFTA safe harbor in overdraft class action


    On November 8, the U.S. District Court for the District of New Hampshire denied a credit union’s motion to dismiss claims concerning its overdraft fees and policies. Plaintiffs filed a putative class action alleging that the defendant failed to properly disclose how it assessed overdrafts in violation of EFTA and implementing Regulation E. According to the plaintiffs, the defendant’s overdraft fee opt-in disclosure did not provide a “clear and readily understandable” explanation of the meaning of “enough money,” nor did it specify whether overdrafts are calculated based on the actual balance or the available balance. The defendant moved to dismiss, arguing that the opt-in disclosure should be read in conjunction with a separate membership agreement that outlines the account terms and discloses the defendant’s use of the “available balance” method to determine when an account is overdrawn. The defendant further contended that it did not violate Regulation E and that it qualifies for EFTA’s safe harbor provision. The court disagreed, ruling that the plaintiffs had plausibly alleged a violation of Regulation E, as it requires the opt-in disclosure to be “segregated from all other information.” Among other things, the court stated that “[c]ountless courts examining virtually identical language have agreed” that language similar to the phrase “enough money” can plausibly amount to a violation of Regulation E’s “clear and readily understandable” explanation of overdraft fees.

    With respect to defendant’s safe harbor claim, the court observed that EFTA may provide safe harbor to banks using an appropriate CFPB model clause (15 U.S.C. § 1693m(d)(2)) or a disclosure form “substantially similar” to the Bureau’s Model Form A-9, which states “[a]n overdraft occurs when you do not have enough money in your account to cover a transaction, but we pay it anyway.” The court agreed, however, with the reasoning of several courts that using language identical to that in the A-9 does not necessarily provide safe harbor defeating plaintiffs’ claims where, as here, the plaintiffs “have plausibly stated a claim that the clause from Model Form A-9 was not ‘appropriate’ because the language did not describe [defendant’s] overdraft policy in a ‘clear and readily understandable’ way.”

    Courts EFTA Overdraft Safe Harbor Regulation E Fees Class Action Disclosures CFPB Consumer Finance

  • CFPB orders tech companies to submit payment system information

    Federal Issues

    On October 21, the CFPB issued orders to six large U.S. technology companies seeking information and data on their payment system business practices. The Bureau stated that the information is intended to help the Bureau understand how these companies use personal payments data and manage data access to users. The Bureau issued the orders citing its authority under the CFPA, Section 1022(c)(4), which grants the agency “statutory authority to order participants in the payments market to turn over information to help the Bureau monitor for risks to consumers and to publish aggregated findings that are in the public interest.” The Bureau’s press release also noted it intends to study the payment system practices of two major Chinese tech companies.

    The Bureau made available an example order that contains 55 requests seeking various information and data on several topics, including: (i) “[d]ata harvesting and monetization”; (ii) “[a]ccess restrictions and user choice”; and (iii) documents and information related to payment platforms and compliance with federal consumer protection laws, such as the EFTA and the Gramm-Leach-Bliley Act. Citing consumer data and privacy expectations, the Bureau explained that “[c]onsumers expect certain assurances when dealing with companies that move their money. They expect to be protected from fraud and payments made in error, for their data and privacy to be protected and not shared without their consent, to have responsive customer service, and to be treated equally under relevant law.”

    Director Rohit Chopra issued a statement commenting on the purpose of the orders. He noted that the Bureau’s inquiry “is one of many efforts within the Federal Reserve System to plan for the future of real-time payments” and that it “will help to inform regulators and policymakers about the future of our payments system.” 

    Federal Issues CFPB CFPA Consumer Finance Privacy/Cyber Risk & Data Security Payments Payment Systems EFTA Gramm-Leach-Bliley

  • CFPB reaches $6 million settlement with prison financial services company

    Federal Issues

    On October 19, the CFPB issued its first enforcement action under newly-appointed Director Rohit Chopra. The consent order, issued against a provider of financial services to prisons and jails, stated that the company engaged in unfair, deceptive, and abusive acts or practices in violation of the CFPA by charging consumers fees to access their own funds on prepaid debit cards that they were required to use. The CFPB also claimed the company violated the EFTA and implementing Regulation E by requiring consumers to sign up for its debit card as a condition of receiving gate money (i.e. “money provided under state law to help people meet their essential needs as they are released from incarceration”). According to the CFPB, the company provided approximately 1.2 million debit release cards to consumers, which replaced cash or check options previously offered by state departments of correction. In addition to forcing consumers to use the debit cards to access their funds, the company also allegedly charged consumers fees that were not authorized by the cardholder agreement and misrepresented the fees that it charged. Pursuant to the consent order, the company—which neither admitted nor denied the allegations—may only charge “a reasonable inactivity fee” if a debit card is not used for 90 days. The company is also required to pay $4 million in consumer redress and a $2 million civil money penalty.

    Chopra released a separate statement, saying the “case illustrates some of the market failures and harms that occur when the disbursement of government benefits is outsourced to third-party financial services companies that fail to adhere to the law.” He warned that the CFPB “will continue to scrutinize these companies, particularly when law violations and abuses of dominance undermine the intent of such government benefits, and where the harms fall heavily on people who are struggling financially.”

    Federal Issues CFPB Enforcement CFPA EFTA UDAAP Abusive Deceptive Unfair Regulation E Debit Cards Fees Consumer Finance

  • District Court says bank must face reopened accounts allegations


    On September 27, the U.S. District Court for the District of New Jersey granted in part and denied in part a national bank’s motion to dismiss a putative class action concerning allegations that the bank opened and reopened accounts without notifying customers. The plaintiffs alleged that they discovered the bank reopened closed accounts after receiving tax refunds and a one-off refund from a retailer. According to the plaintiffs, the bank accepted deposits into the reopened accounts and then allegedly collected funds from the accounts, resulting in unanticipated fees.

    The court issued an opinion, calling it an issue of first impression within the Third Circuit, finding that “account numbers, whether new or old, which identified or provided access to the disputed accounts opened in Plaintiffs’ names each qualified as a ‘card, code, or other means of access’ to those accounts” under [EFTA] § 1693i(a).” Since the opening of an account “necessarily must be accompanied with an account number associated with that account,” the court found that the plaintiffs sufficiently stated a claim that the bank violated § 1693i(a). Among other things, the court disagreed with the bank’s argument that it could not “have been unjustly enriched by assessing [the plaintiff] fees in exchange for her acceptance of the services [the bank] provides,” stating that the bank’s argument “either misunderstands or purposefully misconstrues the basis” for the plaintiff’s claim, which was that the bank “opened the account in her name without her permission, and therefore did not have a contractual basis for assessing such fees associated with maintaining that account[.]” The court also allowed the plaintiffs’ unjust enrichment claim and Massachusetts Consumer Protection Act claim to proceed. While the court provided the plaintiffs the opportunity to file an amended complaint to revive their dismissed breach of contract claims, their FCRA allegations were dismissed with prejudice.

    Courts EFTA Class Action State Issues


Upcoming Events