Skip to content

Regulation E

The CFPB examines institutions for compliance with Regulation E, which implements the Electronic Fund Transfer Act (EFTA). The CFPB also examines for compliance with other relevant statutes and regulations, including Regulation DD, which implements the Truth in Savings Act, and the CFPA’s prohibition on unfair, deceptive, and abusive acts or practices (UDAAPs). Examiners found that institutions violated Regulation E. These are summarized in CFPB Supervisory Highlights Issue 25 for Fall 2021.

Supervision conducted examinations of institutions in connection with the provision of person-to-person digital payment network services. Regulation E defines the term “error” to include, among other things, “[a]n incorrect electronic fund transfer to or from the consumer’s account.” Regulation E requires institutions to investigate promptly and determine whether an error occurred. Examiners found that, in certain cases, due to inaccurate or outdated information in the digital payment network directory, consumers’ electronic fund transfers (EFTs) were misdirected to unintended recipients, even though the consumer provided the correct identifying token information for the recipient, i.e., the recipient’s current and accurate phone number or email address. These misdirected transfers are referred to as “token errors.” Token errors are incorrect EFTs because the funds are not transferred to the correct account. Examiners found that institutions violated Regulation E by failing to determine that token errors constituted “incorrect” EFTs under Regulation E.

SOC as a Service

Additionally, institutions violated Regulation E by failing to conduct reasonable error investigations when the institutions received error notices from consumers that alleged that the consumers had sent funds via a person-to-person payment network, but that the intended recipients had not received the funds. The institutions reviewed only whether they processed the transactions in accordance with the sender’s payment instructions and not whether the transfer went to an unintended recipient due to a token error. The institutions did not consider relevant information in their own records, or information that they reasonably could obtain during their investigation, to consider whether the consumer’s error notice constituted an error under Regulation E.

These violations caused monetary harm to consumers. As a result of these findings, institutions should evaluate their policies, procedures, and training to ensure compliance.