Regulation E Back to Basics : Compliance Management of Overdraft Programs

Articles By Jim Treacy
Jim Treacy
Director

Managing overdraft programs is challenging. At the federal level, there are strict, technical requirements governing electronic fund transfer (EFTs) under the Electronic Fund Transfer Act (EFTA), implemented by Regulation E. There are also qualitative considerations under Unfair, Deceptive or Abusive Acts or Practices (UDAAP) that relate to the fees being charged, the notices provided, and other aspects of overdraft programs.

Both the Office of the Comptroller of the Currency (OCC) and the Federal Deposit Insurance Corporation (FDIC) issued guidance in 2023 addressing overdraft practices. The approach of the Consumer Financial Protection Bureau (CFPB) during the Biden era was to classify overdraft fees as “junk fees,” and a rule was passed capping the fee in certain situations. Supervisory Highlights routinely covered enforcement actions relating to overdraft programs.

Under the current administration, the CFPB’s rule is facing legal challenges and Congressional action is aimed at overturning it. However, the states may be picking up the slack. Given all of the regulatory turmoil in this area, it might be a good time to return to basics and shore up your compliance management program for overdraft services in 2025.

Requirements under the EFTA

The EFTA includes requirements related to offering overdraft services that consumers can access through electronic fund transfers (EFTs) initiated by one-time debit card or automated teller machine (ATM) transactions. The regulation includes a requirement that FIs not assess a charge or fee on ATM or one-time debit card transactions (“covered transactions”) that cause an account to become overdrawn until after the consumer has opted in to allowing this type of activity, along with other requirements that will be discussed below.

Definition of an overdraft service

The EFTA defines an overdraft service as a service in which FIs assess a fee or charge to the consumer’s account for paying a transaction when the consumer has insufficient or unavailable funds in the account (1005.17(a)). Overdraft service does not include the payment of overdrafts related to:

  • Lines of credit that are subject to Regulation Z, such as transfers from a credit card, home equity line of credit, or an overdraft line of credit;
  • A service that transfers funds from another account at the FI, such as a savings account;
  • A line of credit or other transaction exempt from Regulation Z pursuant to 12 CFR 1026.3(d) through a securities or commodities account; or
  • A covered separate credit feature accessible by a hybrid prepaid credit card as defined in 12 CFR 1026.61.

Opt-in requirement

FIs are prohibited from assessing a fee or charge on a consumer’s account for paying covered transactions pursuant to the institution’s overdraft service unless certain EFTA requirements (§1005.17(b) (1)) have been met, including:

  1. Providing the consumer with a notice (initial disclosure) in writing or electronically (if agreed to by the consumer), set apart from all other information, describing the FI’s overdraft service;
  2. Providing a reasonable opportunity for the consumer to affirmatively consent to and opt-in to the service for covered transactions;
  3. Obtaining the consumer’s affirmative consent, or opt-in, to the FI’s payment of covered transactions if the account is overdrawn; and
  4. Providing the consumer with confirmation of the consumer’s consent in writing, or if the customer agrees, electronically, which includes a statement regarding the consumer’s continuing right to revoke this consent.

Affirmative consent is required to be obtained independently from other consents, and evidence is to be retained to demonstrate that the consumer has provided this consent. There are several options for obtaining the consumer’s affirmative consent, including:

  • Having the consumer check a box and sign a form indicating the consent;
  • Allowing the consumer to contact the FI by phone to communicate the consent and documenting this consent in the FI’s records; or
  • Providing an electronic option for the consumer to consent, such as through checking a box on the FI’s website.

Affirmative consent is not permitted to be included in preprinted language in an account disclosure or signature card with no opportunity for the consumer to communicate the consent to the payment of overdrafts caused by covered transactions. The opportunity to consent to this option can be made at the time of account opening or at any point after the account is opened. Until a consumer has affirmatively consented to this option by following the FI’s procedures, the FI is prohibited from charging the consumer a fee for overdrawing the account through a covered transaction.

In addition, FIs are prohibited from conditioning the payment of overdrafts for checks, automated clearing house (ACH) transactions, and other types of transactions on the consumer affirmatively consenting to the FI’s payment of covered transactions when insufficient funds are in the account, or declining to pay checks, ACH transactions, and other types of transactions that overdraw the consumer’s account because the consumer has not affirmatively consented to the FI’s overdraft service for covered transactions.

Content and format of disclosures

The initial disclosure required by the EFTA (§1005.17(d)) mentioned above must be substantially similar to the model form contained in Appendix A of the regulation (Model Form A-9). Specifically, the disclosure must include the following:

  • A brief description of the overdraft services offered, including a description the FI’s standard overdraft practices as well as any other overdraft protection plans offered;
  • A list of the types of transactions for which a fee or charge for paying an overdraft may be assessed, including covered transactions;
  • The dollar amount of any fees assessed for the FI paying a covered transaction;
  • The maximum number of overdraft fees that may be assessed per day (if applicable);
  • An explanation of the consumer’s right to affirmatively consent to the payment of overdrafts caused by covered transactions and the methods by which the consumer can consent; and
  • Alternative options available to the consumer for the handling of overdraft items, such as a line of credit subject to Regulation Z or a service that transfers funds from a different account at the FI to cover the overdraft amount.

After the consumer communicates the consent to allow fees to be assessed due to covered transactions causing the account to be overdrawn, FIs are required to provide a confirmation notice to the consumer acknowledging the consumer has elected to opt-in to this service (§1005.17(b)(1)(iv)). FIs can also comply with this requirement by providing the consumer with a copy of the opt-in election along with the notice. This notice must also include a statement that communicates the right to opt out of this service at any time.

Joint relationships

If two or more consumers hold a joint account, the FI may treat the consent of any joint consumer as affirmative consent for that account (§1005.17(e)). Similarly, the FI must also revoke this affirmative consent after such intent is communicated by any of the joint consumers.

The EFTA states that consumers can affirmatively consent to allowing overdrafts caused by covered transactions at any time after the account is opened if they follow the opt-in process described in the initial EFTA disclosure (§1005.17(f)). The EFTA also states that consumers can revoke the consent to allow overdrafts from covered transactions at any time by adhering to the revocation options established by the FI and included in the initial disclosure. FIs can assess overdraft fees on accounts caused by ATM or one-time debit card transactions up until the time that the consumer withdraws the consent for this service.

Compliance management of overdraft programs

Over the last few years, regulators and auditors have found that FIs were assessing overdraft fees to consumers when they incur overdrafts due to covered transactions even though the consumer has not opted into this service. Because the EFTA requires that consumers opt-in to this service prior to an FI assessing an overdraft fee for these types of transactions, charging this fee when the consumer has not opted in to the service is not consistent with the regulation.

Regulators have also issued enforcement actions when FIs were processing one-time debit card transactions that were initially authorized at the time of the transaction, (due to sufficient funds being in the account,) but then assessing an overdraft fee when the account balance did not have sufficient funds to pay the transaction at the time it posted to the account, which could be a few days after the transaction.

These types of transactions are referred to “authorize positive, settle negative” (APSN). Even though the FI may be technically compliant with the EFTA overdraft rules by obtaining affirmative consent to allow ATM and one-time debit card transactions to overdrawn the account, regulators have determined that consumers are not able to readily anticipate these fees in this situation given that there were sufficient funds in the account at the time of the transaction and have deemed this to be a UDAAP violation. (See CFPB Circular 2022-06 for additional information.)

APSN transactions can result from various factors, such as whether the FI uses the ledger or available balance to determine sufficient funds. If an automated courtesy overdraft program is in place, the process may skip a manual review, increasing the risk of APSN transactions slipping through.

The Biden-era CFPB also cited FIs for failing to retain adequate records to demonstrate that consumers have opted in to allowing overdraft fees to be assessed when covered transactions cause an overdraft to occur. The CFPB issued guidance to FIs to assist with remaining compliant with regulatory requirements relating to the documentation to be retained to confirm the consumer has affirmatively consented to allowing ATM and one-time debit card transactions that cause the account to become overdrawn (Circular 2024-05). This guidance states that a copy of the opt-in form signed by the borrower is to be retained to evidence that the consumer elected this additional service when the opt-in was communicated in person. It also states that retaining a recording of the call that includes the consumer’s affirmative consent to this service would constitute evidence that this election was made over the telephone or retaining proof of the consumer’s electronic signature as required by the E-Sign Act that conclusively demonstrates the consumer’s actions through an electronic process that includes the date and time the electronic signature was provided.

To address these and other regulatory concerns regarding overdraft fees, many FIs made the unilateral decision to lower or eliminate overdraft fees for consumers, including many large FIs. In December of 2024, the CFPB issued a final rule to establish a general overdraft fee limit of $5, although FIs also had the option to assess a fee that does not exceed costs or losses experienced through overdrafts. This final rule only applied to banks with assets over $10 billion in assets and was to take effect on October 1, 2025. However as mentioned, Congress is currently working on legislation to overturn this final rule.

Considerations for compliance management

A strong compliance management system (CMS) related to the handling of overdraft activity from covered transactions is important to ensure ongoing compliance with federal and state requirements. An FI should consider the following elements as part of an effective CMS:

  1. Detailed procedures for the handling of covered transactions that cause an account to become overdrawn, including the required core processing system settings to prevent overdraft fees from being assessed on accounts when consumers have not opted into allowing this type of activity, if available, as well as a process to prevent overdraft fees from being assessed against APSN transactions.
  2. Identification of FI personnel responsible for reviewing overdraft activity to confirm that overdraft fees are being assessed when appropriate for covered transactions.
  3. Review of consumer complaints related to overdraft fees being assessed for potential instances of nonconformance with established procedures when processing covered transactions that cause an overdraft.
  4. Periodic monitoring of overdraft activity to verify that overdraft transactions for covered transactions are handled correctly.
  5. Training within the FI’s framework to cover the requirements for the handling of covered transactions that cause an overdraft.
  6. Monitoring of overdraft fees, including frequency and amount of fees charged, transactions leading to fees (e.g., APSN), and high fee customers (outliers.)
  7. Third-party oversight if using any vendors for core processing or overdraft optimization.
  8. Board or management committee oversight and approval of the Overdraft Program and related policies, as well as a review of the results of compliance monitoring and consumer complaint resolution.

Conclusion

Now is the time to review and enhance the CMS for your overdraft program. While some rules may be changing (such as the CFPB’s cap on fees), other statutes and rules such as EFTA and UDAAP remain and can be technically tricky. Regulatory oversight and enforcement may wax or wane, or even shift from the federal regulators to the states. However, FIs need to continue to be responsive to their customers.

As published in ABA Risk and Compliance 

Speaking Engagements

View All

Courses and Guides

View All

Announcements

View All

White Papers

View All