We have card/fraud monitoring that calls our customers when there are questionable transactions.

Our customer refused to authorize the transaction and demanded his card be unblocked, which the third party complied with. $1000 worth of charges are now being disputed by the customer.

Reg E doesn't care, right? Not authorized, customer told us within the required time frames, so we owe the money back? Regardless of his negligence in not allowing our third party monitoring to do its job?

It sounds like you need to request that your third party vendor receive some retraining about the Bank's wishes for how their call center staff handles these types of requests. The customer cannot 'waive' their Reg E protections by refusing fraud safeguards that you provide. The commentary to 1005.6 notes that liability is based solely on timeliness of reporting.

3. Limits on liability. The extent of the consumer's liability is determined solely by the consumer's promptness in reporting the loss or theft of an access device. Similarly, no agreement between the consumer and an institution may impose greater liability on the consumer for an unauthorized transfer than the limits provided in Regulation E.

Your third party's response to the cardholder should have been, "We're sorry. The card must remain deactivated until you speak with your bank."

Now if we conclude that the cardholder had knowledge of the loss or theft of the access device at the time of the third party call and then waited more than two business days to notify the bank, they may be liable for up to $500 of any transactions that occurred more than two business days after the date of the call according to 1005.6(b)(2).