CFPB Circular on Improper Overdraft Opt-In Practices
On September 17, 2024, the CFPB issued a Circular on improper overdraft opt-in practices. Specifically, the following question was addressed:
Can a financial institution violate the law if there is no proof that it has obtained consumers’ affirmative consent before levying overdraft fees for ATM and one-time debit card transactions?
The CFPB indicated very clearly that financial institutions MUST maintain some form of “proof” that a consumer opted in prior to being charged any overdraft fee for an ATM or one-time debit card transaction. While such proof may vary among institutions and/or the channels through which consumers opt-in, evidence of a consumer’s consent is necessary to avoid regulatory violations.
Some examples of adequate documentation provided in the Circular include:
- For consumers who opt into covered overdraft services in person or by postal mail, a copy of a form signed or initialed by the consumer indicating the consumer’s affirmative consent to opting into covered overdraft services would constitute evidence of consumer consent to enrollment.
- For consumers who opt into covered overdraft services over the phone, a recording of the phone call in which the consumer elected to opt into covered overdraft services would constitute evidence of consumer consent to enrollment.
- For consumers who opt into covered overdraft services online or through a mobile app, a securely stored and unalterable “electronic signature” as defined in the E-Sign Act (15 U.S.C. 7006(5)) conclusively demonstrating the specific consumer’s action to affirmatively opt in and the date that the consumer opted in would constitute evidence of consumer consent to enrollment.
This warning from the CFPB is a result of exam findings, including not only those instances where institutions were unable to provide evidence of a consumer’s opt-in but also instances where institutions either did not obtain affirmative consent prior to enrolling consumers in overdraft services or obtained the consent via deceptive and abusive acts or practices.
In light of this Circular, now would be a good time to review your institution’s practices related to the Regulation E opt-in requirements (including record retention) to determine if there are any deficiencies or areas of concern and provide any necessary training to your team.
If you want to learn more about Regulation E’s opt-in requirements be sure to check out our webinar, “Reg E ATM & One-Time Overdraft Opt-In”, which is available now OnDemand.
Published
2024/09/30
Amy Kudlacek
Amy brings many years of banking and compliance experience to Banker’s Compliance Consulting. She has worked for both large and small financial institutions and spent time working in every area of a bank. She started out as a teller in college and eventually became a branch manager. Her love, however, was always compliance. Amy began her career with Banker’s Compliance Consulting in 2000. Her knowledge and experiences have allowed her to develop a well-rounded and practical approach to regulatory compliance. Amy is CRCM certified, has a Bachelors Degree in Business Administration and is a graduate of the ABA Compliance School. Amy & her husband have two children at home and stay busy following their activities. They spend a lot of time in the bleachers!