Skip to content
BOL Conferences
Thread Options
#1737946 - 09/05/12 01:58 PM Reg. E & Business Account Takeover
Polo Offline
100 Club
Polo
Joined: Feb 2003
Posts: 178
It is my understanding that regulation E (EFTA) is a “Consumer Protection” regulation.

One of our Business customers (LLP) had a malware/virus get onto their business computer system which resulted in some thief hacking into their account with our bank and generated thousands of dollars in ACH & Bill-Pay transactions.
Once this was discovered by the customer, we terminated the account transaction abilities immediately.

However, now the customer's attorney has contacted us demanding that we refund ever dollar lost, "as is required by the Electronic Fund Availability Act (Regulation E)."

In addition to simply citing the definition and coverage of EFTA, is there any information that someone would suggest or could furnish to me that would help this customer (and his attorney) understand the coverage provisions of EFTA? Or, do you know of any case law that may show same?
Last edited by John Burnett; 09/05/12 03:11 PM. Reason: spelling and subject
Return to Top
Deposits and Payments
#1737991 - 09/05/12 03:10 PM Re: Reg. E & Business Account Takeover Polo
BrianC Offline
Power Poster
BrianC
Joined: Nov 2004
Posts: 6,685
Illinois
While their attorney is barking up the wrong tree in citing Reg E, there are several cases related to internet banking credentials. Some courts have sided with the customer, some have sided with the institution. A lot weighs on how well your institution has complies with the http://www.ffiec.gov/press/pr062811.htm FFIEC Guidance of 2011 regarding authentication for Internet banking.

A recently documented case, http://www.bankersonline.com/infovault/courtwatch.html#patco Patco Construction vs. People's United Bank D/B/A/ Ocean Bank, was originally decided in favor of the bank, but an appeals court overturned that ruling and sided with the customer.

You're going to want to gather documentation on your authentication procedures and get in touch with bank counsel. I do not recommend responding directly to your customer's attorney.
Last edited by John Burnett; 09/05/12 03:15 PM. Reason: spelling and placement of URLs in the clear
_________________________
Sola Gratia, Sola Fides, Sola Scriptura, Solus Christus, Soli Deo Gloria!
www.tcaregs.com

Return to Top
#1738238 - 09/05/12 11:32 PM Re: Reg. E & Business Account Takeover Polo
rlcarey Online
10K Club
rlcarey
Joined: Jul 2001
Posts: 83,219
Galveston, TX
You might also want to make sure that you didn't also deliver a copy of your Regulation E disclosure with the account opening disclosures, including checking that fact off on your signature card (if you use one of the standard vendors).

Consultation (as Brian mentioned) with your attorney is a must, but make sure your give them all of the account documentation to make sure that you didn't inadvertently incorporate the Regulation E protections into your depositor's agreement.
_________________________
The opinions expressed here should not be construed to be those of my employer: PPDocs.com

Return to Top
#1738250 - 09/06/12 01:47 AM Re: Reg. E & Business Account Takeover Polo
Elwood P. Dowd Offline
10K Club
Elwood P. Dowd
Joined: Aug 2001
Posts: 21,939
Next to Harvey
Some banks tweak the nose of the hangman when they print the A 3(b) error resolution notice on the back of their statement stock then use that stock for business and consumer customers alike. Your customer's attorney may be clueless in this allegation, or he may have just turned over the statement and found this paragraph:

We will investigate your complaint and will correct any error promptly. If we take more than 10 business days to do this, we will credit your account for the amount you think is in error, so that you will have the use of the money during the time it takes us to complete our investigation.

At present, I'm betting your customer's attorney is clueless or your bank either does not put the notice on the statement or has added words of limitation. Otherwise he would have just said, "I couldn't tell Regulation E from Vitamin E, but the language on the back of the statement you provided is pretty clear about what you said you would do in this circumstance."

Banks that read it before it went to the printers add words of limitation indicating that the language only applies to consumer accounts and repeat themselves to clarify that it does not apply to business and trust accounts.

The bank has not yet lost the Patco law suit. The appellate court simply sent it back to the trial court for reconsideration.
_________________________
In this world you must be oh so smart or oh so pleasant. Well, for years I was smart. I recommend pleasant.

Return to Top
#1738282 - 09/06/12 12:45 PM Re: Reg. E & Business Account Takeover Polo
Soccer Offline
Diamond Poster
Joined: Jan 2010
Posts: 1,028
Utopia
We were using the same stock paper with the notice for both consumer & business, I warned operations numerous times not to do it,they felt the risk was low and didn't change the practice well guess what businesses got smart and started fileing reg e claims. Not very large dollar amounts but enough to get them to quickly change the way things were done.
_________________________
Everything happens for a reason

Return to Top
#1738382 - 09/06/12 02:40 PM Re: Reg. E & Business Account Takeover Polo
John Burnett Offline
10K Club
John Burnett
Joined: Oct 2000
Posts: 40,086
Cape Cod
As for PATCO, the appeals court did rule that the bank's security procedures for verifying customer credentials and detecting fraudulent transfer requests was not commercially reasonable under UCC 4A. What was remanded to the district court was the question of responsibility for PATCO's losses, given the failure of the bank to have a commercially reasonable procedure. So the district court will have to decide to what degree the bank's lacking security and the company's failure to keep its computers safe contributed to the loss. We may never know the answer, if the parties listen to the advice of the appeals court: settle it out of court.
_________________________
John S. Burnett
BankersOnline.com
Fighting for Compliance since 1976
Bankers' Threads User #8

Return to Top
#1738387 - 09/06/12 03:00 PM Re: Reg. E & Business Account Takeover John Burnett
Elwood P. Dowd Offline
10K Club
Elwood P. Dowd
Joined: Aug 2001
Posts: 21,939
Next to Harvey
This should make interesting reading: How the Patco Ruling Could Benefit Banks
_________________________
In this world you must be oh so smart or oh so pleasant. Well, for years I was smart. I recommend pleasant.

Return to Top
#1738473 - 09/06/12 04:58 PM Re: Reg. E & Business Account Takeover Polo
Andy_Z Offline
10K Club
Andy_Z
Joined: Oct 2000
Posts: 27,748
On the Net
The take-away here is that Reg E doesn't apply, unless you somehow contracted that it does. This might be a case for a deceptive practice as well. UCC 4A will play, and unless you have a strong case, it is a business decision of reputational and legal risk vs. the loss. The cases we know of (some referenced already) resulted in a loss to the bank, or a settlement in which we assume the bank lost, at least in part.

The real message though, is what should you have done to be prepared for this before you got that call? Just as you know what you'll do under Reg E, you need to have a plan in place for corporate account takeover.

(SOW attendees will see a presentation on this, as will those who attend the Texas Bankers Assoc security school in Nov. )
_________________________
AndyZ CRCM
My opinions are not necessarily my employers.
R+R-R=R+R
Rules and Regs minus Relationships equals Resentment and Rebellion. John Maxwell

Return to Top

Moderator:  John Burnett