Electronic Funds Transfers and Other Payment Systems - Module 4 of 6

Module 4: Electronic Funds Transfers and Other Payment Systems

Electronic Funds Transfers

Article 4A of the UCC governs “wholesale wire transfers,” or simply “wire transfers.”[1]  These are large funds transfers sent great distances and sometimes include international wire payments.  While the term “wire” indicates electronic payment, there may be paper aspects between the banks involved in a transaction.

The transfer of funds is a series of payment orders started by an “originator” and resulting in the transfer of funds to a “beneficiary.”  The parties designated as the originator and the beneficiary keep those titles throughout the transaction.  The banks that send and receive the funds are called the “sending bank” and the “receiving bank.”  Different banks may assume these titles over the course of a funds transfer.[2] 

There are two ways a transfer may take place.  The first is when the originator’s bank and the beneficiary’s bank have a direct relationship and can process the transaction without  involving intermediary banks.  Alternatively, the parties may avail themselves of an intermediary bank, which is a receiving bank other than the originator’s bank or the beneficiary’s bank.[3] The Federal Reserve Banks offer a popular intermediary processing function called Fedwire.[4] Unless the originator specifies a later payment date, the date of payment is the date of receipt of the funds by the beneficiary’s bank.  The sending bank sends a “payment order” to the receiving bank to facilitate the payment to the recipient.[5]        

Once a bank accepts a wire transfer, it activates the sending bank’s obligation to send payment.  This acceptance also terminates the receiving bank’s option to refuse payment of the obligation.  When the receiving bank acts on the payment order, it is called an “execution,” which constitutes its acceptance.[6]  The originator may alternatively establish a date on which the receiving bank may make its acceptance. 

If the receiving bank is the beneficiary’s bank, then the acceptance occurs at the earliest of three events: 

1.    When the beneficiary’s bank makes the funds available to the beneficiary;

2.    When the beneficiary’s bank receives the funds; or

3.    The opening of the bank on the next business day following the receipt of the order, unless the funds are not available or there is a rejection.[7]

Credit Cards

Large urban department stores offered charge cards in the middle of the twentieth century to customers who could use their short-term lines of credit to make purchases. [8]  In the 1960’s, credit cards became widespread and featured lines of credit offered by banks to their customers who could use their bank-issued cards at participating retailers.  BankAmericard, which is now called VISA, and MasterCard, both gave their customers access to revolving credit, which was administered by a network of banks.  Revolving credit meant that once the bank received payment that paid down a line of credit, the amount would then be available again for customers to borrow without the need to reapply for credit.  

An agreement, called the “merchant’s agreement”, governs the relationship between the merchant and the merchant’s bank, which is called the “acquiring bank.”  The agreement addresses such provisions as fees, billing, and settlement.  There are few regulatory provisions that govern banks and credit cards.  An antitrust action brought by the U.S. government invalidated VISA’s and MasterCard’s original rules against member banks issuing cards offered by their competitors, so that member banks can now offer Discover, American Express and other cards to their customers.[9]    

Little regulation pertains to merchants and acquiring banks, whose relationship is largely governed by their contractual arrangements and the rules of credit card networks. The relationships between issuing banks and their respective cardholders has been federally regulated since 1968 when Congress passed the Truth in Lending Act,[10] which has been supplemented by the Federal Reserve regulation known as Regulation Z.[11] Regulation Z primarily addresses five key areas: disclosures, payment liability, unauthorized use liability, defenses to nonpayment and billing dispute resolution.[12]  Note that interest rates are largely left to state usury laws, which set maximum interest rates banks may charge.

Regulation Z mandates disclosures of charges, interests, and fees along with any introductory rates, post-introductory rates and grace periods during which interest does not accrue.  The regulation also requires disclosures for fees charged for exceeding the card’s credit limit and late fees, along with card inactivity, late payments, returned payments, cash advances, credit insurance and balance transfers.  Disclosures are required when the bank solicits prospective cardholders, opens an account for a cardholder, sends its cardholders periodic statements and changes the terms of the credit agreement.  Regulation Z provides model disclosure forms for card issuers that serve as “safe harbor” provisions, which means that the use of the forms protects card issuers from allegations of non-compliance with the disclosure requirements.[13]

For a person or business to be liable for a credit card charge, the cardholder must have “accepted” the card,[14] which occurs when the consumer applies for and receives the card. Alternatively, a cardholder accepts a card if she signs or uses the card or authorizes another person to use the card.  In addition, the issuer of the card must have disclosed the maximum potential liability for use or misuse of the card along with a means of notifying the card issuer if the card is lost or stolen.   

The issuer must also provide a means of identifying the user of the card for those who take the card as payment in a transaction   This is accomplished in face-to-face transactions by signing the back of the card and in internet and telephone transactions by providing the expiration date and three- or four-digit security code on the back of the card.  In one case, a card issuer mailed to a couple a credit card application  that was later stolen.  The thief obtained the card in the couple’s name and the couple was not liable for charges on the card because they had never “accepted” the card under Regulation Z.[15]   

Cardholder Liability and Disputes

The cardholder is liable for any authorized use of the card.  Authorized use includes purchases made by the cardholder and purchases made by persons other than the cardholder under the law of agency.  The cardholder is responsible for purchases made by anyone with actual, implied or apparent authority.  In one case, the cardholder allowed his personal assistant to use his credit card and the assistant embezzled over one million dollars.[16] Since the cardholder allowed the assistant to use his card, the cardholder was responsible for the charges.  Moreover, in that case, evidence showed that the cardholder did not review his statements for over seven years.  The court ruled that the bank could have reasonably believed that the assistant had the apparent authority to use the card.  Note that while the Code bases liability on principles of fault as in negligence, Regulation Z imposes strict liability on the cardholder for authorized charges.[17]

However, unauthorized charges are a different matter.  A cardholder is limited in liability for unauthorized charges to a maximum of $50.  The cardholder is not liable for any additional unauthorized charges if the cardholder notifies the issuer of the loss, theft, or misuse of the card.[18]

A cardholder may withhold payment for a credit card bill if the cardholder makes a good faith effort to resolve the dispute, the amount of the dispute exceeds $50 and the sale occurred within the cardholder’s home state or within 100 miles of the cardholder’s residence. [19] The geographic restriction was established before electronic banking and the Internet. A card issuer may waive the geographic restriction by agreement or by its representations to the cardholder, thereby preventing the bank from raising this geographic limitation. In one case, a Pennsylvania federal court denied the geographic defense to a bank when it repeatedly assured a customer it would assist with a disputed bill with an overseas merchant.[20]  The geographic limitation does not apply if the cardholder solicited the transaction in dispute and the merchant is the same entity as the card issuer. An issuer may not report an unpaid balance as delinquent if there is a pending dispute that is in accordance with these rules.

Regulation Z also provides for billing error resolution.[21]  Billing errors include wrongful charges, computational and accounting errors and failure to send a proper billing statement.  Regulation Z requires that the cardholder notify the issuer within sixty days of when the issuer first sent the billing statement with the error.  The cardholder must specify her name, account number and the reasons for disputing the error, along with the type, date and amount of the error. If the issuer allows, the cardholder may report the error electronically.

The issuer must acknowledge the receipt of the cardholder’s error report within thirty days of receipt and resolve the error within two billing cycles, but no later than ninety days.  The cardholder may withhold payment and the issuer cannot collect the debt or deduct it under an automatic payment arrangement, nor may the issuer report the cardholder as late, close the account or accelerate the cardholder’s indebtedness.

The cardholder must also correct any errors it finds that were not reported by the cardholder.  The issuer must credit the cardholder’s account with the charge, along with any related finance and other charges.  If the cardholder does not find an error then it must provide a written explanation to the cardholder and include any amounts owed by the cardholder along with any applicable finance charges, the payment date and the standard grace period.  If the customer raises the same error again, the issuer is not required to repeat the investigatory process.

While interest rates are largely regulated by state usury laws, Regulation Z requires 45 days advance notice of  any change in interest rates under the CARD Act of 2009.[22]  Notice is not required when the rate was previously scheduled and disclosed, the cardholder failed to make a minimum payment for more than sixty days or the account is subject to a prior rate adjustment for hardship.  The cardholder may reject the rate change and pay off any outstanding balances subject to the rate.  Regulation Z prohibits charging interest for both the current and previous cycles simultaneously, which is called “double cycle billing” and this prohibition effectively protects the grace period.[23]  Payments beyond the minimum payment must  first be applied to the cardholder’s amounts that have the highest interest rates.[24]  It also requires that late payment fees, charges for exceeding the card’s limits and other penalties be reasonable and proportionate to the costs borne by the issuer resulting from the violation.[25]   

Regulation Z contains many consumer protections such as requiring card issuers to consider the ability of the cardholder to repay her debt in making the decision to issue the card.  It also prohibits issuers from requiring prospective cardholders to buy services as a condition of opening an account.  Remedies for violations include statutory damages of twice the finance charge up to a maximum of $5000, actual damages, court costs and attorneys’ fees.[26]  Higher statutory amounts are available when there is a noncompliant pattern with the Truth in Lending Act.  Recovery in class actions is limited to $1 million or 1% of the violator’s net worth, whichever is less. The Dodd-Frank Act empowers the Consumer Financial Protection Bureau to pursue enforcement actions for issuers who engage in deceptive acts and practices.  

Debit Cards

Consumer electronic funds transfers have grown dramatically in recent years.  Automated teller machine cards, or “ATM” cards allow customers to access their funds at bank machines even when the bank is not open, and ATMs are often situated away from the brick and mortar bank.  ATM cards have evolved into today’s debit cards.

The National Automated Clearinghouse Association was established in 1974 as a product of regional clearinghouses to devise a system for direct deposits which businesses adopted for administering their payrolls. Under this arrangement, called “ACH transfers,” the employer communicates with its bank to credit the employee’s bank with her pay. After the net amounts are settled by the central clearinghouse, then the employee’s bank credits the employee’s account.  This is the same system that allows consumers to set up automatic recurring debits for paying bills.[27]

The Electronic Funds Transfer Act[28] is the primary public law that governs debit cards and ACH transfers.  The law only applies to consumers, not businesses, and seeks to afford them regulatory protections.  The Federal Reserve Banks implemented Regulation E[29] to govern these transactions.   

Regulation E limits liability for unauthorized transfers made by someone who is not the consumer and lacks the proper authority to transact on the consumer’s behalf.  A cardholder is deemed to have authorized transactions by another person if the cardholder provides the other person with the account’s debit card and access code.[30]  For a cardholder to be liable for an unauthorized transaction the cardholder must have “accepted” the card, received a personal identification number, and received Regulation E’s disclosures.[31]  A cardholder is liable only for the lesser of $50 or the amount of unauthorized transfers if the issuer is notified within two business days of the loss or theft.  Note that the notice requirement is the determinant of the cardholder’s maximum possible liability, not the possible negligence of the cardholder.[32]

For example, assume Lisa lost her debit card in a restaurant on Friday night along with  a sticky  note attached to the card that has the personal identification number for accessing the account.  On Saturday and Sunday, a server in the restaurant withdraws $1200 from Lisa’s account.  Lisa notifies the bank on Monday that she lost the card.  Lisa will only be liable for $50.  Lisa’s carelessness in keeping her access code with the card is irrelevant because Regulations E and Z do not follow the UCC’s principles of comparative negligence.    

If the cardholder does not notify the bank within two business days of the loss or theft of the debit card, then the possible damages increase to $500 for the amount of the unauthorized transfers that occurred after the initial two business-day period but before the cardholder notified the bank.  Should a cardholder fail to provide notice of loss or theft of the card within sixty days, then liability is potentially unlimited.[33] 

For example, assume Lisa does not notify the bank until the following Friday of the loss of her debit card and access code.  The server additionally withdraws $200 on Wednesday and $400 on Thursday.  The total amount of Lisa’s potential liability would be $50 for the unauthorized withdrawals in the first two business days, along with the $200 and $400 withdrawals, for a total liability amount of $650.  But the regulation limits liability to $500, so Lisa’s liability is $500.   

A bank is responsible under the Electronic Funds Transfer Act to properly execute fund transfers, but can be excused for circumstances beyond its control as long as it acted with due diligence. Regulation E treats payments as irrevocable final payments.[34]  However, a cardholder may stop a regularly scheduled preauthorized debit by giving the bank three business days-notice.[35] 

A cardholder who discovers a transaction involving unauthorized transfers or incorrect transfers has sixty days to notify the bank of the error.  Upon receipt of the notice from the cardholder, the bank has ten business days to investigate and another three business days to notify the cardholder of the results of its investigation.  If the bank finds an error, it must correct it within one business day.  Regulation E provides lengthier compliance times for the bank if it cannot timely complete its investigation or the alleged error involves new accounts, point of sale debits or electronic funds transfers initiated out of state.[36]   

Other Regulation E Provisions

Regulation E also prohibits business practices that coerce consumers to use electronic funds transfers. The regulation has safeguards to validate new cards, provisions for suspension of banking liability for system malfunctions and required notices to the cardholder for preauthorized transfers.[37]         

Damages under the Electronic Funds Transfer Act and Regulation E include actual damages, statutory damages between $100 and $1000 and attorney’s fees and costs.  Class action damages are capped at $500,000 or 1 percent of the issuer’s net worth, along with reasonable attorney’s fees and costs.[38]  If a bank failed to conduct a reasonable investigation of a cardholder’s claim or error, or failed to recredit the cardholder account then the bank may be subject to damages.[39]  If the bank does make a mistake but complies with Regulation E’s investigatory requirements then the bank is not liable for the cardholder’s actual damages.  A bank may defend its actions by showing that it acted in good faith or timely corrected a cardholder’s claim by removing the violation and paying the cardholder’s resulting actual damages.  A prospective plaintiff must bring an action within one year of the alleged violation.[40]  Regulation E also governs foreign remittances consisting of electronic transfers to persons or businesses in other countries.[41]

In our next module, we’ll cover allocation rules under the UCC, including the fictitious payee rule and imposter rule. We’ll also discuss letters of credit and the types of risk financial institutions encounter and how they account for this risk through the use of certain standard clauses in bank-customer and particularly, lender-borrower agreements.