TIP: The CFPB issued a circular last week, explaining that financial institutions may violate Reg. E if they charge consumers certain overdraft fees without affirmative proof that those consumers “opted in” and consented to be charged. Significantly, the circular seems to suggest that credit unions and other financial institutions should keep proof of a consumer’s opt-in indefinitely, even though Reg. E only requires a two-year retention period.
The opt-in requirement
As The League explains in ii Release No. 0120, Reg. E prohibits credit unions and other financial institutions from charging overdraft fees on ATM and one-time debit card transactions without the consumer’s affirmative consent.
Specifically, credit unions must:
- Provide consumers a reasonable opportunity to affirmatively consent, or opt in, to overdraft services.
- Obtain the affirmative consent from the consumer before charging the consumer any overdraft fees.
- Provide the consumer with confirmation of the consent that includes a statement informing the consumer of their right to revoke that consent.
What the CFPB has found
The CFPB said that even when financial institutions maintain policies and procedures to comply with Reg. E’s opt-in requirement, in some cases those institutions could not produce for CFPB examiners any evidence of a specific consumer’s affirmative consent.
In a footnote, the CFPB said that Reg. E’s two-year record retention requirement is an “independent legal obligation,” and it does not change the fact that an “absence of records” – presumably even if the record retention period has expired – is still “suggestive that a consumer did not opt in.”
This suggests that if credit unions dispose of opt-in records outside Reg. E’s two-year record retention period, and if they therefore cannot prove the consumer opted in to overdraft services, then they should treat that consumer as not having opted in.
The CFPB also said that it had found “numerous other violations of law relating to Regulation E’s overdraft opt-in requirements over the years.” That includes cases where institutions improperly got consent through deceptive or abusive practices.
Acceptable proof of opt-in
The CFPB offered the following examples of acceptable evidence that a consumer has opted in:
- For consumers who opt in by mail or in-person, a copy of a form signed or initialed by the consumer indicating the consumer’s affirmative consent to opting into covered overdraft services.
- For consumers who opt into covered overdraft services over the phone, a recording of the phone call in which the consumer elected to opt into covered overdraft services.
- For consumers who opt into covered overdraft services online or through a mobile app, a securely stored and unalterable “electronic signature” as defined in the E-Sign Act conclusively demonstrating the specific consumer’s action to affirmatively opt in and the date that the consumer opted in. (For E-SIGN information, please see The League’s ii Release No. 0175.)
