Skip to content
 

Reg E: A Duty to Investigate

There's this provision in Regulation E (and in the Electronic Fund Transfer Act) that requires the issuer of electronic devices to investigate errors alleged by consumers. The OCC recently issued AL 2001-9 reminding national banks of their obligations to investigate errors. The advice is appropriate for all financial institutions.

An important point made early in the advisory letter is that the institution bears the burden of proof to show that the transaction was authorized. This is an important point. The requirement is the opposite of the almost automatic human tendency to ask the person alleging the problem to prove it.

EFTA does quite the opposite. The Act operates on the thesis that the financial institution is in a position to investigate and determined what happened while the consumer cannot do so.

Taking note of this obligation, the OCC reminds financial institutions of their responsibilities to investigate. The OCC specifically notes that the institution has insufficient evidence to reject a complaint simply because the customer's card and PIN were used. The obligation is on the institution to find out - from the customer or another source - when and how the card and PIN were misappropriated. In other words, the institution may not assume that because the customer's PIN was used, the customer authorized the transaction.

The OCC suggests a number of steps that an institution could take to investigate an alleged error. Although gently worded as suggestions, institutions should read these as firm guidelines for investigations. It is this list that examiners are likely to use so it should become a part of your routine procedures.

Recommended steps to investigate errors include:

  • reviewing documentation or signed statements provided by the customer;
  • information you have regarding the customer's pattern of use, such as timing, location, and amounts of transactions;
  • location of the transactions relative to the customer's residence or place of business;
  • the customer's location when the alleged error occurred ;
  • other problems reported or identified with that ATM;
  • film from security cameras;
  • contract information and signature samples; and
  • police reports, if available.

The institution should not consider its investigation complete unless and until it has compiled and reviewed all of the above information to the extent that it is relevant to the situation alleged by the customer.

For example, suppose a transaction occurred at a local, proprietary ATM, but the customer states that she was out of town on a business trip. The customer should provide you with a statement of the error. The customer should also be able to show you documentation consistent with being on a trip (airline tickets, for example.) You should also review any security films available and advise the customer to file a police report. In this situation, you probably wouldn't gain information by reviewing the customer's previous activity.

This advice comes at a critical time for electronic transactions, and for consumer relations. The Advisory Letter contains no new information. It only outlines what institutions should have been doing all along. It therefore constitutes a warning to institutions to take these responsibilities seriously. The OCC's warning is not the first. The Federal Reserve has for some time been reminding institutions of their responsibilities to conduct a thorough investigation.

Copyright © 2001 Compliance Action. Originally appeared in Compliance Action, Vol. 6, No. 11, 9/01

First published on 09/01/2001

Filed under: 
Compliance
Filed under compliance as: 
ATM
Compliance/Compliance Management
EFT
EFTA
Federal Reserve
OCC
FRB

Report a problem with this page

Search Topics