Host Anne-Marie Leake welcomes back Crissy Terry and Amber Schweiger of ePayAdvisors to talk about why financial institutions should conduct a Reg E disputes audit, including its importance to risk mitigation, consumer protection, and operational efficiency. And no discussion of Reg E would be complete without a reminder of how it differs from – and works in tandem with – the Nacha Rules!

00:20

This is Anne -Marie Leake, Vice President of Communications for ePayResources. Welcome to the payment space.

We are welcoming back to the podcast Chrissy Terry, Vice President of Consulting and Amber Schweiger, Director of Payments, Risk and Compliance with ePay Advisors, which is the compliance and risk management subsidiary of ePayResources. Welcome Chrissy and Amber.

Thanks for Having us!

In a previous episode, We talked about the new services that ePay Advisors is offering, and today we want to drill down in more detail into the REG-E disputes audit. What are some of the key reasons a financial institution would want to conduct this type of audit?

So, there are a number of reasons that a financial institution would want to regularly have a REG-E audit completed, and just some of the things to consider would be things like mitigating their compliance risk.

So, while REG-E outlines specific requirements for financial institutions regarding disclosures, error resolution, liability limits, and other aspects of EFTs, an audit helps identify potential areas of non -compliance, preventing fines and penalties from regulatory bodies. Also, for protecting consumers. So, by ensuring adherence to REG-E, audits help safeguard consumer rights and interests related to

their electronic transactions, such as ATM withdrawals, online transfers, ACH debits, and also debit card activity. And then the last one would be something like improving operational efficiency. So, audits can reveal inefficiencies and processes related to EFTs, such as error resolution or dispute handling.

And by identifying and addressing these inefficiencies, the financial institutions can streamline their operations and improve customer service.

Yeah, Amber, I think those are all really great points. A few more things I think that we should consider- that's a benefit of a REG-E disputes audit- is maintaining a positive reputation. The compliance with consumer protection regulations, including regulation E, is crucial for maintaining a positive reputation and really just building the trust with the customer.

A robust audit program can help demonstrate a commitment to fair and transparent practices. Audits also help strengthen internal controls by identifying weaknesses in those internal controls related to EFTs, allowing financial institutions to strengthen processes and enhance security measures. And Amber, you already mentioned the regulatory bodies.

So those like OCC and NCUA, they really do have expectations of compliance with Regulation E. They conduct a review of how institutions are handling these types of claims. So, conducting internal audits on Regulation E can demonstrate a proactive approach to compliance and prepare for those regulatory reviews.

This is such an important type of audit for institutions to be conducting. Can you help our audience understand the difference between the Nacha operating rules regarding disputes and Reg E. I know this is a huge friction point for participants in the network.

Oh yeah, Anne-Marie, I'm so glad you brought that up because we do see regular confusion between regulation E and the Nacha requirements concerning disputed transactions and Amber and I recently had a conversation and I'll let you share your kind of rule of thumb with this.

Yeah, so on that the good rule of thumb to keep in mind is that regulation E and the NACHA rules apply in tandem on any given transaction. So, the differences are: Reg-E is what an F.I. must do for the customer or member and the NACHA operating rules are what the F.I. is allowed concerning the return of the entry.

Yeah, that's right. I think the biggest thing for financial institutions to remember is that their ability to recover funds has nothing to do with the Reg-E liability to protect the consumer.

So just as an example, when a customer makes a claim on an ACH debit that they're saying is not authorized, the financial institution generally has 60 calendar days to return an unauthorized consumer entry.

In order to comply with the NACHA operating rules, the financial institution must obtain a written statement of an authorized debit. More commonly known in the industry is the WSUD form. The WSUD must be signed by the customer.

Now there could be a scenario where the customer is not available to sign the WSUD. I don't know, maybe they're out of the country. The financial institution cannot wait to begin its regulation E investigation even if they don't have a signed WSUD.

So, as Amber stated, they're really two separate processes that are working in tandem. The REG-E investigation must begin immediately upon notice of an unauthorized entry and the timeline for communications, provisional credits if applicable, begins at the time the financial institution received notice from the customer.

That is a very important distinction we see as a pain point for the financial institutions and a great reason to conduct a REG-E audit. I think it's also important to mention that we also have debit card rules that play a factor. For example, if your institution is a Visa or a MasterCard issuer, there are zero liability protections that provide additional protection to the consumer.

Yes, you're absolutely correct, Amber. That is what the audits really designed to identify is gaps in compliance. There are so many rules imposed on the financial industry and with staffing turnover rates in recent years, it is so common for regulatory requirements to either be misinterpreted or just simply not known or understood by staff that's working these claims.

Obviously, taking the claim and proper handling are critical in complying with Reg E. What are some other things that should be considered when evaluating a regulation E dispute program

Notices are another critical component to that. We all know regulators want to make sure communication is clear and concise. There are initial disclosure requirements for error resolution along with annual disclosure requirements

And in addition, there are notice requirements for provisional credit and final decisions relating to Reg-E disputes.

It sounds like there could be some substantial risk of not having a compliant regulation E dispute program, Is that correct?

Oh yeah, absolutely. I mean, it's just like any type of program a financial institution has, there's several risks. As already mentioned, reputational risk is one that comes first to mind. You will lose your customers’ trust, which could significantly, you know, negatively impact your institution. But there's also financial risk because you could be fined for not complying with regulation E.

And I know some financial institutions who have been fined regarding Reg-E disputes simply because they were not properly handling interest on claim debits

Amber, I know exactly what case you're talking about. Basically, the financial institution did not realize they needed to go back and calculate how much interest

the customer would have earned if the unauthorized debit never posted. So just to keep it simple, the financial institutions must calculate interest and fees as if the unauthorized debit never occurred.

There is also another case in recent years where the financial institution was claiming customer negligence was a reason to deny a claim.

Yeah, Amber, this one actually makes me cringe a little bit. So, regulation E is clear that customer negligence is not a reason to deny a claim. And as ridiculous as it sounds, the customer can even write their PIN number on their debit card, and that is not considered a reason to deny.

Wow, so it sounds like it's really important that financial institutions consider adding this to their audit program. Who do they contact at ePay advisors if they want to hear more about this?

Well, they can contact us at info@epayadvisors.com and we can get a proposal sent. Once the proposal is accepted, we will enter into an agreement and get them scheduled.

So why isn't a Reg-E audit required?

You know, Anne-Marie, that's a really good question. It really just depends on the regulatory agency. So, while NACHA requires an ACH audit to be completed annually by December 31st, and the Clearing House requires the RTP audit to be completed annually.

There are many other payment roles and services that are offered by financial institutions that don't have any type of regulatory requirement similar to regulation E. Now, I will tell you the best practice in the industry standard is for these audits to be completed.

Most financial institutions that I have previously worked at or had experience with are conducting those internally, but as mentioned throughout the podcast, there's a lot of things to consider with regulation E, especially as Amber had mentioned, when you start including the card roles with Visa and MasterCard and those zero liability. And so that's why it's a great reason to partner with ePay advisors because having the resources and the expertise and knowledge to complete these audits adequately is sometimes a challenge for financial institutions.

Absolutely, thank you for that insight. Chrissy and Amber, thank you both so much for joining me again today and for all the valuable compliance information you've been sharing in the Payment Space podcast. Thank you.

Thank you!