REGULATION E ERROR RESOLUTION AND POLICE REPORTS – NEITHER THE TWAIN SHALL MEET?

During a recent Regulation E training event, the class and I discussed the Regulation E Section 1005.11 “Procedures for resolving errors” and there, as always, was very active discussion of what a bank may request, but not require.
I brought up the prohibition against requiring police reports as a requirement for the bank to either begin the investigation provision or to provide provisional credit and there were a number of questions.  Many banks have in the past required police reports as a condition to open a Regulation E error resolution case or to begin an investigation of unauthorized electronic fund error.  Bank examiners historically have not typically taken objection to the practice but there is precedent if they so choose.  The FDIC entered into a Consent Decree with Markle Bank of Markle, Indiana on September, 9, 2011 which resulted in a $82,500 Civil Monetary Penalty for the bank.  The bank’s practice was to delay provisional credit until after the consumer had provided a copy of a police report.
The FDIC’s Consent Decree actually never mentioned the term “police report” within its agreement but various sources reported on the bank’s process of requiring police reports that led to the Consent Decree.  The FDIC stated that it had “considered the matter and determined that it has reason to believe that the bank violated the prohibition against deceptive acts or practices found in section 5 of the Federal Trade Commission Act,  in that the bank established and followed procedures for the resolution of errors involving the use of ATM and/or debit cards, and payment transactions serviced through its automated clearing house that were contrary to the bank’s disclosures concerning error resolution for these products and in violation of Regulation E, 12 C.F.R. Part 205.”
The interesting part of the Consent Decree was that, while there was reference to Regulation E, the FDIC primarily cited the FTC Act Section 5’s UDAP provisions as the applicable regulatory citation.  That may have been because of the recent transition of Regulation E from the Federal Reserve to the CFPB (July 11, 2011) or the fact that any burden of proof on a regulatory agency is likely easier under Section 5 than the Electronic Fund Transfer Act (EFTA).  There is no, per se, individual or class action section for damages in Regulation E itself.  However, the EFTA, sets forth actual damages, in the case of individual suits, of amounts ranging from $100 to $1,000 and court plus legal costs.  Most importantly, the penalty provisions of the EFTA do not impose any liability if the act was “done or omitted in good faith conformity with any rule, regulation ……..”.  Additionally, the EFTA seemingly sets aside financial penalties for acts that occurred for any “violation was not intentional and resulted from a bona fide error ….”
A word search of the term “police” produced zero hits in Section 1005.11 and its Official Staff Commentary.  Therefore, it might have proven problematic for the FDIC to declare a clear-cut violation of Section 11 of Regulation E since neither seems to address the prohibition against requiring a police report before beginning any investigation or providing provisional credit in response to a notice of error.  It’s possible this was not addressed in Regulation E or its Commentary because the regulatory agencies do not believe that the existence of a police report would provide assistance in the bank’s investigation of a claim of unauthorized use since many police departments do not spend an extensive amount of time investigating small dollar crimes initiated by use of an electronic fund transfer.
The most relevant regulatory guidance on this issue is a publication issued by the Philadelphia Federal Reserve Bank in its Compliance Corner:  Third Quarter 2006 publication entitled “Compliance Alert: The Long and Short of Regulation E’s Error Resolution Process and Notarized Affidavits”.
In that article, the FRB stated that bankers have asked whether it is permissible to require a consumer to provide certain documentation in support of an unauthorized electronic transfer, such as affidavits of forgery, notarized statements, police reports, etc.
The FRB stated that the “short answer” is: “Regulation E does not permit a bank to require documentation such as notarized affidavits, statements, or copies of police reports. Nor does the regulation allow a bank to require a consumer to visit the branch office to sign notarized documents, regardless of whether the bank charges the consumer for the notarization process. Requiring such additional documentation, or visits to a branch office, would be burdensome and unreasonable for consumers and, at the same time, would not provide any real assistance in the investigation and resolution process.”
In fact, there is no requirement that the consumer participate in any manner with the bank after the consumer has given oral or written notification of a potential unauthorized fund transfer within 60 days after the date on the statement on which the alleged error is first reflected as long as the oral or written notification provides enough information, such as a SSN or other information, that would enable the bank to identify the consumer’s name and account number.  Additionally, the consumer’s notification must provide why the consumer believes an error occurred and includes the type, date and amount of the error to the extent possible.
This same FDIC article also points to former Section 205.11(b)(2) (now CFPB 1005.11 of Regulation E) which allows the bank to require a “written confirmation” of error from a consumer as part of the error resolution process, within 10 business days of an oral notice of error. If the bank elects to require a consumer to put the notice of error in writing, then the bank must inform the consumer of the written requirement and provide the address where written confirmation of error must be sent when the consumer gives the oral notification.
The regulation requires the bank to start the investigation as soon as it receives an oral notice of error and does not allow the bank to delay the start of, or the completion of, the investigation pending receipt of the written confirmation. However, while the regulation requires the bank to begin its investigation upon oral notification of an error, it allows the bank to withhold provisional credit to a consumer’s account when the bank has not received “written confirmation” within 10 business days, if so required.
The FRB’s Fourth Quarter 2012 Consumer Compliance Outlook publication also addressed error resolution procedures and, in that document, stated that the “consumer’s notice is effective when a consumer takes steps reasonably necessary to provide the institution with the pertinent information, whether or not a particular employee or agent of the institution actually receives the information.  Consumers may give notice in person, by phone, or in writing. Written notice is effective when the consumer mails the notice.”  One can see that this regulation was written to provide the highest degree of protection to consumers.
The above passages do not mean that a bank can’t request a police report, it simply means that a bank can’t postpone opening an error resolution case just because the consumer will not voluntarily provide such a report.  A key point is for banks to review their written policies and procedures relating to notice of unauthorized transfer and ensure that the language does not appear to require either a copy of a police report or that the consumer complete any written form utilized by the bank to compile information for the notice of error.
The language above does not necessarily mean the bank is powerless in situations where it believes a crime was perpetrated and has led to the bank paying provisional credit or other funds to a consumer for an alleged error.
At this point in the process, the table has turned and it is likely the bank may be the victim of a financial crime.  If the bank investigates the error and determines that someone linked to the consumer, such as child or other relative, is the culprit after having been seen on surveillance video, the bank is free to share the results of its investigation with the consumer – the bank is required to report the results of its investigation to the consumer within three business days after completing an investigation that was promptly completed – and inform the consumer that the bank likely will be taking further legal action against a potential suspect.  The bank should not threaten any legal action which the bank is not prepared to undertake or which it hasn’t taken in similar prior situations.  Such threatened actions could likely be construed as a UDAP issue.
At this juncture the bank has two choices.  First, it would be required to correct the error within one business day after completing its investigation and report its results, either in writing or orally, within three business days which might include finalization of a provisional credit, if applicable.  Any crediting of lost interest or reversal of fees related to the original notice of unauthorized use should have been completed at the time of the provisional credit, but if it was not, the post investigation crediting process should include a review that no interest on the consumer account was lost because of the unauthorized transfer and no fees, such as NSF, Overdraft or Maintenance, were caused by the error.
Second, the bank, as indicated above, can inform the consumer that a likely suspect has been potentially identified and that the bank is planning on proceeding with legal action.  If at this point, the consumer decides to withdraw their claim, the bank can request, but not require, the consumer to provide written documentation, such as in the form of a letter, asking that the initial claim be withdrawn.  The regulation, at that point, states that the bank “has no further error resolution responsibilities” and one could infer that the bank would not be required to notify the consumer of the debiting of the provisional credit and honoring of incoming debits for five business days.  In the spirit of UDAP, the bank might wish to either request the consumer to recognize the immediate reversal of the provisional crediting or the bank may wish to follow its normal debiting of provisional crediting procedures and provide written notification to the consumer than incoming debits will be paid for five business days.
As a follow-up reminder, consumer liability is not altered by any negligence such as writing a PIN down on the card.  Liability will simply be determined by whether or not the consumer reported the loss of the card, which led to the unauthorized transfers, within the prescribed time frames.  While the bank may have redress against the consumer under state law for a negligence claim, the consumer’s alleged negligence does not affect the consumer’s liability for unauthorized transfers under Regulation E.
In summary, if the consumer has provided enough information orally or in writing to any bank employee that allows the bank to identify the transaction being disputed, the bank must start the clock on the investigation and on providing provisional credit.