November 30, 2015
Authored by: Bryan Cave Leighton Paisner
On November 23, 2015, the CFPB issued a Bulletin alerting companies that they must obtain proper authorization from consumers before automatically debiting their accounts. The Bulletin relates to the Electronic Fund Transfer Act requirements for “preauthorized electronic fund transfers,” which are EFTs scheduled in advance to recur at substantially regular intervals. The preauthorized EFTs in the CFPB’s spotlight are those that debit a consumer’s account.
Regulation E of the EFTA provides that preauthorized EFTs from a consumer’s account must be authorized by a “writing signed or similarly authenticated by the consumer.” The authorization must be readily identifiable as such and have clear terms, and the person obtaining that authorization must provide a copy to the consumer. It’s important to keep in mind that these are two separate requirements. The Bulletin clarifies how a company can obtain the consumer’s authorization, and describes the critical elements of that authorization, but leaves unanswered certain questions about delivering a copy of the authorization to the consumer when it is obtained by telephone.
Content of the Authorization
As noted above, the consumer’s authorization must be readily identifiable as such and must have clear terms. The Bulletin states that companies sometimes provide consumers with notices of terms for preauthorized EFTs that fail to disclose “critical information.” The CFPB explains that the authorization must be clear as to the recurring nature of the transfers and the amount and timing of the payments agreed to. Of course the authorization also needs to identify the consumer and the account to be charged. Regardless of how the consumer’s authorization is obtained, which is discussed below, all of this information needs to be in the authorization and in the copy provided to the consumer.