Graeme Sloan/Sipa USA via AP Images
A recent change in policy around electronic fund transfers shows how federal regulatory agencies like the Consumer Financial Protection Bureau can change millions of lives for the better.
The Consumer Financial Protection Bureau was put into dry dock during the Trump years. Trump’s appointed directors—first, White House budget director Mick Mulvaney; then, his ally Kathy Kraninger—turned away from enforcement, reduced fines systematically (which became known as “the Mulvaney discount”), and rewrote rules to undermine consumer protection.
But the Supreme Court came to the rescue before the shift to the Biden administration. The ruling in Seila Law enabled the incoming president to fire Kraninger, which Biden quickly did. And while his nominee to run the agency, Rohit Chopra, remains at the Federal Trade Commission pending confirmation, CFPB has already returned to the living under its acting director, Dave Uejio.
Enforcement and penalties have resumed, as well as data collection on key industries. The bureau has rescinded deregulatory policy statements put in place during the COVID-19 pandemic to provide compliance relief to financial institutions, and restored examinations for violations of the Military Lending Act. In perhaps its most wide-ranging action, CFPB effectively stopped foreclosures for the rest of the year, by finalizing mortgage servicing rules that allow borrowers who took advantage of pandemic forbearance options to negotiate a new monthly payment plan with minimal paperwork, and require servicers to inform customers of their options.
But one of CFPB’s more unheralded changes reflects how federal regulatory agencies can change millions of lives for the better simply by adhering to congressional intent. The power of the presidency’s regulatory authority can be seen in this simple guidance, which will save defrauded consumers from being held liable for bogus charges. Successful governments are built on the backs of tiny policies like this that have a tangible effect on people’s lives. It should be the prime directive of Democratic governance.
The change involves Regulation E, which implements the Electronic Fund Transfer Act of 1978 (EFTA). Electronic transfers that are commonplace now—think direct deposit, ATM withdrawals, automatic bill payments, remittance transfers abroad, or payment services like Venmo or Zelle—were rather newfangled at the end of the 1970s. Congress’s goal when passing this law was to protect individual consumers. The idea that a financial institution could reach into a bank account and take out money was concerning enough for Congress to build an entire architecture around permissions and regulatory double checks.
Still, the existence of electronic find transfers invites abuse by fraudsters. All they have to do is get access to that bank account and they can bilk it periodically. So the EFTA protects consumers from suffering major losses over “unauthorized” transfers. As long as the consumer reports the unauthorized transfer within 60 days, the financial institution must investigate the matter and credit the consumer’s account if they find the transfer to be unauthorized. Depending on the circumstances, the consumer may have to take a hit of up to $500, but the limit on liability is even more stringent (no more than $50) if the consumer informs their bank within two business days. The financial institution picks up the rest of the cost.
Regulation E says that a third-party transfer enacted without “actual authority” and “from which the consumer receives no benefit” is unauthorized. Several courts have interpreted this very narrowly, expanding the definition of “actual authority” even to situations where the bank, instead of the consumer, authorizes the transfer.
But in its guidance issued on June 4, presented as a series of frequently asked questions and answers, CFPB indicated that unauthorized transfers also occur whenever a consumer is “fraudulently induced” into sharing their account information. That includes situations where a consumer gives out their information over the phone before realizing they’ve been scammed, or phishing schemes where a consumer’s computer is compromised. Often, banks will conclude that a customer was personally negligent by giving out their account number or giving access to their computer through an email scam, and use that to deny restitution. CFPB’s guidance now says that doesn’t matter; if the account number was obtained deceptively, the consumer has to be made whole.
In addition, banks cannot require the consumer to contact the third party or file a police report before initiating an investigation into the fraudulent charge. Banks also cannot invoke any waiver of Regulation E that it forces consumers to sign (the Electronic Fund Transfer Act has an anti-waiver provision).
This simple guidance will save defrauded consumers from being held liable for bogus charges.
This is a huge win for the countless number of people pursued on a routine basis by financial predators, and particularly for the elderly. Digital banking fraud alone was a $2.3 billion business in 2016, and is likely larger today (complaints about peer-to-peer transfers like Venmo have surged in the pandemic). The CFPB guidance creates a path to protecting people from those losses.
It does, however, put that liability on the banks that facilitate the transfers. And this has banks and compliance lawyers in a tizzy. “This interpretive guidance is arguably a significant departure from the language of the EFTA,” claims an analysis from two attorneys at Locke Lord, a corporate law firm that has many financial services clients. Of course, the actual text of the EFTA states that the primary objective is “the provision of individual consumer rights.” Given the landscape of financial predation and the nature of these scams, restoring consumers’ funds when they are subject to deception seems perfectly in line with the statute.
Bankers are concerned about their “potential risk of loss.” But they have the power to develop compliance systems to preempt fraudulent transfers. These are not country bumpkins but sophisticated operations with plenty of ability to keep fraudsters out of bank accounts if they are so motivated. In other words, it’s up to the people with the resources to prevent fraud to do it, not some 80-year-old getting a weird phone call asking for their bank information.
This could have been enacted at any time in the CFPB’s short existence. The Trump-era bureau wasn’t going to do it. But Uejio, the acting director, made it a priority. That kind of aggressiveness is needed across the government. Witness the first public hearing in decades of the Federal Trade Commission, which signaled a sea change in its posture toward enforcing the law.
That’s the purpose of government, at least from the activist perspective: intervene to correct market failures and protect the public. The CFPB has taken up the challenge. If they want a successful presidency, the Biden team should do it more often.
