I think I'm having a Monday brain cramp, and hopefully someone can help me out.

We have a customer that just contacted us last Friday regarding an unauthorized ACH coming off their statement since last Dec 2005. They are asking us to credit back the whole year ACH payments. I know we aren't required to do that, but...

Are we liable for the transactions up to 60 days after the first statement since we weren't notified within 60 days? 205.6(b)3 and 205.11(b)1 seem almost contradictory. Or is 205.11(b)1 simply saying that if we're not notified within 60 days, we don't necessarily have to follow the time frames for recredit? Thanks for your help!



205.6(b)3 A consumer must report an unauthorized electronic fund transfer that appears on a periodic statement within 60 days of the financial institution's transmittal of the statement to avoid liability for subsequent transfers. If the consumer fails to do so, the consumer's liability shall not exceed the amount of the unauthorized transfers that occur after the close of the 60 days and before notice to the institution, and that the institution establishes would not have occurred had the consumer notified the institution within the 60-day period.

205.11(b)1 A financial institution shall comply with the requirements of this section with respect to any oral or written notice of error from the consumer that:
(i) Is received by the institution no later than 60 days after the institution sends the periodic statement or provides the passbook documentation

Start by separating section 205.11 from section 205.6 in your mind. If a consumer makes an error claim under 205.11 that involves an unathorized EFT, then section 205.6 kicks in. Otherwise, the two sections have nothing to do with one another.

Your customer basically has until the Twelfth of Never to claim that transactions are unauthorized. Unlike paper transactions covered by the UCC, there is no statute of limitations or one-year time constraint.

What you should do is identify all the allegedly unauthorized transfers. Determine whether they are, in the bank's opinion, unauthorized. Then apply the section 205.6 limits on liability in 205.6. Start with the first unauthorized transfer, go to the statement on which it was reported, and count 60 days from the date the statement was made available to your customer. Any of the unauthorized EFTs occurring on or before that 60th day will be subject to reimbursement. Those occurring after that date are your customer's responsibility.

The $50/$500 limits don't apply at all, because no access device is involved.