Does the bank's EFT disclosure supersede Regulation E?
No, it cannot. The EFT disclosure is based on the liability limitations as stated in the regulation. There is a reason our regulators gave us model language for the EFT disclosure in
Appendix A.
If your disclosure imposes greater liability on the consumer than the regulation permits, you could find yourself with a UDAP violation, a civil money penalty and customer restitution. This point is further illustrated in the commentary to 1005.6(b).
3. Limits on liability. The extent of the consumer's liability is determined solely by the consumer's promptness in reporting the loss or theft of an access device. Similarly, no agreement between the consumer and an institution may impose greater liability on the consumer for an unauthorized transfer than the limits provided in Regulation E.Now to your specific example: When determining if a customer's error claim meets the definition of an unauthorized EFT, consder the definition in 1005.2(m)(1).
(m) “Unauthorized electronic fund transfer†means an electronic fund transfer from a consumer's account initiated by a person other than the consumer without actual authority to initiate the transfer and from which the consumer receives no benefit. The term does not include an electronic fund transfer initiated:
(1) By a person who was furnished the access device to the consumer's account by the consumer, unless the consumer has notified the financial institution that transfers by that person are no longer authorized;So if I give my card to my son and tell him to get $20 from the ATM and he stops at Gamestop and goes on a shopping spree, Reg E says I am liable. However, simply giving my card to someone else does not automatically make me liable for anything that happens. If, on the way to the ATM, my careless son drops my card on the street and someone else uses it to go on a shopping spree, then the transaction(s) by some unknown perpetaitor are considered unauthorized. Giving my card to my son did not authorized Joe Thief to use it so your proposed clause that giving my card information to a non-account owner automatically meaning I am liable does not comply with Reg E requirements.