Consumer Compliance Outlook: Second Issue 2021

Error Resolution and Liability Limitations Under Regulations E and Z: Regulatory Requirements, Common Violations, and Sound Practices

By Scott Sonbuchner, Examiner, Federal Reserve Bank of Minneapolis

Debit and credit card payments “grew to 131.2 billion transactions with a value of $7.08 trillion in 2018, up 29.7 billion and $1.56 trillion since 2015,” according to the Federal Reserve’s 2019 Payments Study.¹ Given this large volume of card transactions involving multiple parties, errors can occur that harm consumers. For example, a merchant may inadvertently charge a customer’s card twice for the same purchase, or unauthorized transactions may occur after a consumer loses a debit or credit card. According to the Consumer Financial Protection Bureau’s (Bureau) 2019 Consumer Response Annual Report, 27 percent of the nearly 30,000 credit card complaints it received involved a “problem with a purchase shown on your statement.”² The data also show a large number of complaints for unauthorized transactions.

To protect consumers, the Electronic Fund Transfer Act (EFTA), as implemented by Regulation E, requires financial institutions to investigate when a consumer notifies them of an error for an electronic fund transfer (EFT), to communicate the results within specific timelines and correct the error if one is found, and to limit the consumer’s liability if the error involves unauthorized transactions. Similarly, the Truth in Lending Act, as implemented by Regulation Z, imposes error resolution requirements and limits consumer liability for credit cards and other open-end credit plans, which differ to a degree from the requirements for EFTs. These obligations may impact multiple departments within the bank, and the error notices may arrive from different channels. Given the complexities involved with these complaints, financial institutions can strengthen compliance and achieve higher levels of customer satisfaction by having a strong compliance management system for complying with these regulatory requirements.

This article reviews the error resolution requirements for Regulations E and Z by cross-referencing Consumer Compliance Outlook’s (Outlook) comprehensive 2012 article on Regulation E’s requirements and Outlook’s 2016 article on Regulation Z’s requirements. We then discuss examiner observations and suggest sound practices to help financial institutions comply with these regulations. We also have a companion article in this issue that discusses Regulation E’s error resolution and consumer liability limitations for prepaid accounts, which became effective in April 2019, as well as error resolution for foreign remittance transfers.

Regulation E Electronic Fund Transfer Error Resolution Requirements

This section of the article focuses primarily on common violations and sound practices related to Regulation E error resolution requirements. Outlook published an article³ in 2012 that reviewed the procedures for resolving EFT errors and the limits on a consumer’s liability for unauthorized transfers. Tables 1 and 2 summarize the EFT error resolution procedures by listing the transactions defined as errors, the elements of an error notice, and the obligations financial institutions must satisfy in response to an error notice.

TABLE 1 — Regulation E Error Resolution Coverage and Notice Requirements for EFTs (excluding prepaid accounts)

Electronic Fund Transfers
Error Resolution *Coverage*	EFTs covered by error resolution rules debit card and ATM transactions direct deposits or withdrawals transfers initiated by telephone Exceptions checks and wire transfers modified rules for prepaid accounts Types of errors covered unauthorized EFT incorrect EFT EFT omitted from periodic statement computational error for EFT receipt for an incorrect amount of money from electronic terminal EFT not identified per §1005.9 or §1005.10(a) request for documentation under §1005.9 or §1005.10(a) or for information concerning an EFT
Error Notice Requirements	Oral or written notice must be provided within 60 days after transmitting a periodic statement listing the disputed transactions (can be extended for extenuating circumstances). Notice identifies consumer’s name and account number. Notice indicates why an error exists and includes information about the error.

TABLE 2 — Regulation E Error Resolution Requirements for EFTs (excluding prepaid accounts)

Error Resolution for Electronic Fund Transfers
Required Response Financial institutions must investigate and respond to errors within these time limits	Resolve errors within 10 business days (accounts open more than 30 days); for accounts open 30 days or fewer (new accounts), resolve errors within 20 days, subject to these additional requirements: Investigation period can be extended by providing consumer with provisional credit. If so, the financial institution must inform a consumer of the amount and date of provisional credit and provide access to the funds during the investigation. For provisional credit, the financial institution may extend the investigation period: 45 calendar days after notice (for accounts opened more than 30 days); for new accounts, for debit card point-of-sale (POS) transactions, or EFT transactions outside the U.S., the period can be extended up to 90 calendar days after notice.
Financial institution’s obligation when an error has occurred	If an error is found, correct within one business day Report the result to the consumer orally or in writing within three business days after completing the investigation. For provisional credit, notify the consumer the credit has been made final.
Financial institution’s obligation when no error has occurred	Report the result to the consumer within three business days after completing the investigation in writing; Include a notice of the consumer’s right to request the documents used in the investigation; and Follow one of two alternative procedures in §1005.11(d)(2) and related commentary if financial institution chooses to debit the provisional credit.

Examiner Insights and Common Violations

Examiners continue to find violations of Regulation E error resolution requirements during examinations. Here we discuss common violations and the ways institutions can enhance their compliance management programs related to EFT errors.

Failing to Apply the Limitations on Liability Properly

When a consumer asserts an unauthorized transaction that occurred more than 60 days after the institution transmitted the periodic statement listing the disputed transactions, the institution is not required to follow the error resolution requirements of §1005.11.⁴ Examiners have found that some institutions mistakenly believe this timing requirement for error notices also applies to the limits on a consumer’s liability for unauthorized transactions. However, the Official Staff Commentary for Regulation E clarifies that even when a consumer notifies the financial institution of unauthorized transactions more than 60 days after the institution transmitted the periodic statement listing the unauthorized transactions, the liability limits under §1005.6 still apply for transactions that occurred prior to the 61st day.⁵ For example, assume a consumer lost his card on January 1, 2021, noticed it was missing the same day, and had unauthorized transactions of $400 occurring on January 2, 2021, which were included on a periodic statement transmitted by the institution on February 5, 2021. The consumer notifies his financial institution of the lost card on April 30, 2021. His liability is limited to $50 for the unauthorized transfers that occurred on January 2, 2021, which is 61 days prior to transmitting the statement showing the unauthorized transactions and still within the $50 liability limit for unauthorized transactions occurring within 48 hours of when the consumer learned the card was missing.⁶ Outlook reviewed the framework in depth in our 2012 article, using multiple tables to illustrate the liability provisions with two examples involving late notices.

Institutions can mitigate this risk by ensuring that their EFT error resolution procedures and training include specific guidance for the added protections afforded to consumers alleging unauthorized transactions. These added protections can be especially important when determining the effect of a late notice of error and when documenting consumers’ promptness in reporting the loss or theft of an access device.

Failure to Promptly Initiate an Investigation

Institutions must investigate alleged errors promptly after receiving an error notice containing the information set forth in Regulation E,⁷ whether written or oral.⁸ While financial institutions may request a written confirmation after receiving an oral notice of error, they still must promptly begin investigating after receiving the oral notice.⁹ Additionally, while institutions may require that notice be provided only to the telephone number or address disclosed by the institution, if the consumer attempts to provide notice in a different manner, the institution must maintain reasonable procedures to refer the consumer to the specific telephone number or address required.¹⁰

An institution does not comply with the prompt investigation requirement if it requires, as a condition for starting the investigation, that consumers provide information not specified in the regulation. Common examples of requests the regulation does not require in a consumer’s error notice, and therefore may not be used as a condition to begin the investigation, include asking a consumer to visit a branch to complete an error notice, requesting that the consumer first try to resolve the dispute with the merchant, or requiring a notarized affidavit or the filing of a police report.¹¹

A 2019 Bureau consent order against USAA Federal Savings Bank (USAA) provides additional examples of conduct inconsistent with the regulatory obligation to promptly initiate an investigation. For consumers who notified USAA of a suspected error concerning a payday loan, the bank’s procedures directed representatives to warn consumers about potential financial and legal consequences of proceeding with the investigation. Staff informed consumers that if USAA determined that the ACH debit was authorized, consumers would put their USAA membership at risk, they may be ineligible to purchase additional USAA products, and their existing USAA accounts could be closed. The script also stated that it is a federal crime to make a false statement to a bank and doing so is punishable by a fine of up to $1 million or imprisonment for up to 30 years, or both. If the customer still wanted to proceed with the error resolution procedure, the bank required the customer to complete and notarize a written dispute form. The consent order noted that these practices violated Regulation E’s requirement to promptly initiate and conduct error resolution investigations.¹²

To help manage this risk, compliance officers can review error resolution procedures for any steps that may delay an investigation and confirm they are consistent with the regulatory requirement for a prompt investigation. Additionally, compliance officers can review the procedures for receiving consumer disputes from different channels to ensure disputes are routed to the correct point of contact. This could include tellers, receptionists receiving incoming calls, and email inboxes for consumer feedback.

Issues with Provisional Credit

Institutions choosing to extend an error investigation period beyond the 10-business day timeframe (or 20 days for new accounts) generally must provide provisional credit within 10 or 20 days, as applicable.¹³

Examiners have seen instances in which provisional credit was not provided in a timely manner or at all. In some cases, the provisional credit covers the alleged error but fails to include interest when an interest-bearing account is involved. Provisional credit should include both the amount of the alleged error and interest, when applicable.¹⁴

Institutions can mitigate this risk by reviewing error resolution procedures, including provisional credit requirements, to confirm they align with Regulation E and by conducting training. Compliance officers may also benefit from reviewing error resolution logs for any extended investigations in which the bank did not provide provisional credit. For extended investigations in which the bank did not provide provisional credit, the institution can confirm if the circumstances fall within the regulation’s provisional credit exceptions, such as when the institution requires, but does not receive, written confirmation of an error.

Not Conducting a Reasonable Investigation

A financial institution cannot deny a consumer’s claim of an error without conducting a reasonable investigation, unless it corrects the error as alleged by the consumer. A reasonable investigation includes reviewing relevant information within the institution’s records. If this review confirms the error, the claim cannot be denied.

When the alleged error is an unauthorized EFT, the EFTA places the burden of proof on the financial institution to establish the transaction was authorized. Therefore, if the institution cannot establish the disputed EFT transaction was authorized, the institution must credit the consumer’s account.¹⁵

For example, in the USAA enforcement action, the Bureau found that when consumers had previously authorized transactions with a merchant that predated a disputed transaction with the merchant, the bank summarily determined an error had not occurred without considering other evidence in its records, including the consumer’s error notice. In numerous instances when USAA found no error, the Bureau determined a reasonable review of all relevant information within USAA’s records would have validated the error. The consent order noted that an institution’s “reviews must include ‘any relevant information within the institution’s own records,’ … and the investigation ‘must be reasonable.’”¹⁶

To mitigate this risk, compliance departments can conduct transaction testing on previously denied error notices. For each previously denied allegation within the selected sample, the institution can confirm that employees reviewed all relevant information within the institution’s records and that the findings of the investigation met the institution’s burden of proof to establish that an error did not occur. If the transaction testing revealed it was not adhering to regulatory requirements, the staff handling the investigations can receive additional training on this issue.

Issues When Denying Claims

A financial institution is required to follow specific regulatory requirements if it determines an error has not occurred or an error occurred in a manner or amount different from what the consumer described. Within three business days after completing its investigation, the institution must report its results to the consumer. This explanation of findings must be in writing and disclose the consumer’s right to request the documents relied upon to make the denial. Upon consumer request, institutions must provide the documents in an understandable form. Regulators have seen institutions fail to meet these requirements.

The institution must follow one of two options to debit a previously provided provisional credit.¹⁷ Both options require the financial institution to honor checks and preauthorized transfers from the consumer’s account (without charge to the consumer for overdrafts that would have been paid had the provisional credit not been debited) for five business days. Under the option in §1005.11(d)(1)(i), the institution debits the amount first, and then provides the consumer notice, which includes a statement that certain items will be honored for five business days after the notification. Under the second option described in Comment 11(d)(1)(ii)-1, the institution provides the notice first, and then debits the amount five business days later. This option is simpler for the institution but also permits the consumer more freedom with the provisional credit during the five days prior to the debit.

Regulators have seen issues when an institution’s notice to consumers does not align with its actual practice for debiting provisional credit. This can happen because template language is not accurate, or employees are not knowledgeable about bank processes. For example, if the provisional credit is debited immediately upon notice, institutions must notify consumers that third-party payments and preauthorized transfers will be honored for five days. But if an institution uses the alternative option from the Official Staff Commentary to Regulation E, the provisional credit cannot be debited until five days after the notice is provided.

To mitigate these risks, compliance officers can review bank procedures, interview appropriate staff, and review template letters. Procedures and staff practices need to comply with Regulation E and be consistent with the template letters that employees send to consumers. In cases in which misalignment among written procedures, employee practices, and templates exist, consider retraining employees to ensure they follow the bank’s practices correctly.

Issues When Correcting Alleged Errors

If, after completing an investigation, an institution determines an error occurred, it must correct the error within one business day and report the results to the consumer within three business days, subject to the liability provisions of §§1005.6(a) and (b). This correction should include, as applicable, a credit for interest and a refund of fees charged by the institution. While reviewing practices for correcting alleged errors, regulators have found issues with institutions failing to provide timely corrections of errors and notices to consumers. Regulators have also found some fact patterns where institutions failed to include lost interest and fees caused by the error (e.g., an error resulted in an overdraft fee) in monetary adjustments provided to consumers.

Compliance officers can mitigate timing and consumer notification issues by properly documenting requirements and training employees. However, in some cases, determining the full amount of an error may be complicated. For instance, employees may need to examine the account and look at transactions that occurred around the same time as the error or to postdate the credit so the account can accrue the interest. Depending on how the bank’s systems and accounts are configured, reducing risk may involve more detailed discussions with employees who have a comprehensive understanding of the bank’s deposit account systems.

Issues with Making Investigations Final

Once an investigation is completed, a consumer may not reassert the same error. Similarly, the financial institution cannot reopen the investigation or reverse the credit, unless the transaction is a remittance transfer in which the remittance transfer provider has corrected the same error.¹⁸ Regulators have found these situations can be challenging for institutions. For example, if an institution determines an error occurred and credits a consumer’s account, but later finds that a merchant refunded the consumer or that the transaction was authorized, it cannot reverse the credit.

Steps to help mitigate this risk include educating the appropriate staff about the consumer protections under Regulation E for errors. Depending on a bank’s culture, training covering Regulation E can benefit deposit operations employees as much as it benefits compliance staff. Attending the same training together can help ensure different areas understand when the bank’s discretion ends and its legal obligations begin.

Error Resolution Under Regulation Z: Regulatory Requirements, Common Violations, and Sound Practices

In 2016, Outlook reviewed the Regulation Z error resolution requirements for credit card transactions.¹⁹ In this article, we review the regulation’s limitations on a consumer’s liability for unauthorized transactions with a credit card.

This section summarizes Regulation Z’s liability limiting provisions of §1026.12(b). To understand some of the challenges that can arise from this section of Regulation Z, it is valuable to consider the requirements of Regulation Z’s billing error resolution procedures.

Tables 3 and 4 summarize Regulation Z’s billing error resolution procedures by providing the list of billing errors it covers, the elements of a billing error notice, and the obligations a creditor must satisfy in response to a billing error notice. This section concludes by reviewing two commonly misunderstood requirements from §1026.12(b) limitations on cardholder liability for unauthorized transactions.

Regulation Z Limitation on Liability for Unauthorized Credit Card Charges

Generally speaking, Regulation Z limits a cardholder’s liability for unauthorized credit card transactions.²⁰ But before any liability can be imposed on the consumer, the regulation imposes three threshold requirements that a credit card issuer must satisfy:

The cardholder must have used an accepted credit card, meaning a credit card the cardholder requested or applied for and received, has signed, has used, or has authorized another person to use.
The card issuer provided adequate notice of the maximum potential liability and described the procedure to provide notice of unauthorized use (e.g., a telephone number, address, or both). These disclosures may be provided on the credit card’s initial disclosure, on the credit card itself, or on the periodic statements.
The cardholder has provided a method to identify the cardholder or authorized user. For example, this may be a signature, photograph, or fingerprint. This means that cardholders cannot be held liable for unauthorized Internet or telephone purchases, if the issuer has not provided a means to identify the cardholder under these circumstances.²¹

When these conditions are satisfied, liability may be imposed on the cardholder for unauthorized use, but only up to the lesser of $50 or the amount charged by the unauthorized use before the issuer was notified. If a state law or an agreement between the cardholder and the card issuer imposes lesser liability than provided in §1026.12(b), then the lesser liability governs. The regulation defines unauthorized as the use of a credit card by someone other than the cardholder without actual, implied, or apparent authority, and from which the cardholder received no benefit. The cardholder may provide notice to the card issuer by taking reasonable steps in the ordinary course of business to provide the issuer with the relevant information about the loss, theft, or possible unauthorized use. The notice may be oral or written and need not reach a specific person.

TABLE 3 — Regulation Z Error Resolution for Credit Cards: Definitions

Credit Cards

Definition of Billing Error

An unauthorized charge;
A charge listed on the monthly account statement with the wrong amount or date;
A charge for goods or services not accepted or delivered as agreed;
The card issuer’s failure to post payments or other credits;
A computational error;
A charge on a monthly account statement where the consumer requests additional information; and
The creditor’s failure to deliver the monthly account statement to the consumer’s last known address (assuming the creditor has the change of address, in writing, at least 20 days before the billing period ends).

Billing Error Notice Consumers trigger the requirement for financial institutions to follow regulatory procedures for resolving errors when they give notice that complies with these requirements

A billing error is a written notice from a consumer that:

Is received by the creditor at the address specified for billing inquiries, no later than 60 days after the creditor sent the first billing statement reflecting the error (the creditor may require in the billing rights statement that the written notice not be made on the payment medium or other material accompanying the periodic statement);
Enables the creditor to identify the consumer’s name and account number;
Explains why the consumer believes there is a billing error; and
Includes the type, date, and amount of the error.

TABLE 4 — Regulation Z Error Resolution Response Requirements for Credit Cards

Required Response Financial institutions must follow regulatory requirements for time limits of the investigation	Investigate within two complete billing cycles (but not later than 90 days) after error notice Conduct a reasonable investigation and may request consumer’s cooperation If not resolved within 30 days, acknowledge within 30 days receipt of notice While investigating: consumers may withhold a disputed amount but must pay the undisputed part of bill; creditor can collect undisputed portions of bill and apply the disputed amount/ finance charges to credit limit; financial institution cannot report account as delinquent (unless undisputed amounts remain unpaid), accelerate the debt, restrict or close the account.
Actions financial institution must take if error occurred	Correct billing error and adjust account accordingly. Explain in writing any corrections made (separately or with periodic statement).
Actions financial institution must take if no error (or different one) occurred	Explain in writing the amount owed, including finance charges accrued during the investigation, and when it is due. If payment was in the grace period when notified of error, customer has a grace period to pay the amount owed. Consumers may request copies of documents used to investigate; If the amount owed is not paid after the longer of the card issuer’s grace period for making payment or 10 days after notice received, a creditor may begin collection and report account as delinquent. Financial institution may not report account is delinquent if notice during time payment is due indicating any portion of billing error is still disputed, and If different billing error occurred than one asserted, creditor must correct it and credit account.

Examiner Insights on Regulation Z’s Cardholder Liability Notice Requirements

While both the billing error resolution section and cardholder liability section require the cardholder to notify the card issuer of an unauthorized use of credit, the notice standards for each are different. For the billing error resolution requirements of §1026.13 to apply, the notice must be in writing, received at the address specified for billing, and received no later than 60 days after the creditor transmitted the first periodic statement that reflects the alleged billing error (see Table 3). However, the notice requirements for limiting consumer liability are less strict about where to send the notice and the notice can be provided at any time.

Issues with Late Notices

Similar to our earlier discussion under Regulation E for issues with a consumer’s liability, some financial institutions have incorrectly applied the billing error notice time limits to all consumer notices of unauthorized use.²² For the billing error procedures under §1026.13 to apply, consumers cannot provide a billing error notice more than 60 days after the card issuer sent the first billing statement reflecting the alleged error. This may lead some institutions to ignore notices regarding unauthorized use received after the billing error notice time limit. However, while such a notice is ineffective as a billing error notice that would subject the creditor to the error resolution procedures in §1026.13, it may still be effective notice for the liability limits of §1026.12(b) to apply.

To mitigate this risk, compliance officers can review credit card error resolution procedures to confirm they do not unintentionally instruct employees to dismiss cardholder claims of unauthorized transactions merely because they are received more than 60 days after the card issuer sent the first billing statement reflecting the alleged error. Additionally, the compliance officer may review previously denied billing error investigations to determine if a late notice was one of the reasons for denying previous investigations. If any of those denied billing error investigations alleged unauthorized transactions, the compliance officer can consider retraining the individuals in charge of the investigations.

Issues with Receiving Notices

The regulation allows the consumer to provide notice of an unauthorized transaction in person, by telephone, or in writing. Card issuers cannot require that notices reach a specific person or department.²³ Thus, the issuer’s challenge is to ensure it is capturing and documenting error notices from all normal business communication channels.

To mitigate the risk of misplacing a notice of unauthorized credit card use, compliance officers can review points of access where a cardholder may provide notice in a normal business manner. Train receptionists to identify calls and walk-ins where cardholders are alleging unauthorized transactions and instruct them to forward cardholders to the correct department. While all inbound email boxes are a potential access point, generic email addresses on the institution’s website are at elevated risk for receiving notices of unauthorized credit card use. Identifying reasonable access points and training employees who monitor them can limit the risk of missing the notice.

Conclusion

The federal consumer protections for debit and credit cards are extensive and complex and can present challenges for compliance departments. We hope this article’s review of these requirements along with examiner observations and sound practices can help facilitate compliance. Specific issues and questions related to Regulation E and Z billing error issues should be raised with the institution’s primary regulator.

Bureau Issues FAQs for Electronic Fund Transfers

As Consumer Compliance Outlook was preparing to publish this article, the Consumer Financial Protection Bureau on June 4, 2021, published Electronic Fund Transfer FAQs, a compliance aid that provides eight FAQs on various error resolution issues under the Electronic Fund Transfer Act (EFTA). The Bureau previously published a policy statement about compliance aids in the Federal Register that addresses whether they are legally binding and whether they provide a safe harbor to institutions complying with them.

ENDNOTES

¹ See The 2019 Federal Reserve Payments Study (Federal Reserve Board, 2019). This is the Board’s most recent payment study, which it conducts triennially. The transactions consisted of non-prepaid debit cards (55.4 percent), prepaid debit cards (10.5 percent), and credit cards (34.1 percent). Prior to 2019, prepaid debit cards were generally not subject to Regulation E’s error resolution requirements. The Bureau amended Regulation E in 2016 to add these protections for these cards effective April 2019, subject to certain limitations, which are codified at 12 C.F.R. §1005.18.

² See Consumer Response Annual Report: January 1–December 31, 2019 (Consumer Financial Protection Bureau, 2019).

³ See Kenneth Benton, “Error Resolution Procedures and Consumer Liability Limits for Unauthorized Electronic Fund Transfers,” Consumer Compliance Outlook (Fourth Quarter 2012).

⁴ See §1005.11(b)(1). Alternative time limits may apply to government benefit cards and prepaid accounts. See §1005.15(e)(3),(4) (benefit cards) and §1005.18(e))(prepaid cards). These requirements are discussed later in the article.

⁵ See Comment §1005.11(b)(1)-7.

⁶ See §1005.6(b)(2)(i): “Timely notice not given. If the consumer fails to notify the financial institution within two business days after learning of the loss or theft of the access device, the consumer’s liability shall not exceed the lesser of $500 or the sum of … $50 or the amount of unauthorized transfers that occur within the two business days, whichever is less.”

⁷ See §1005.11(b)(1).

⁸ See §1005.11(c)(1).

⁹ See Comment §1005.11(c)-2.

¹⁰ See Comment §1005.11(b)(1)-6.

¹¹ See Comments §1005.11(b)(1)-2 and 11(c)-2.

¹² See In the Matter of USAA Federal Savings Bank (Bureau Consent Order January 2, 2019) at pp. 9‒13 (citing 12 C.F.R. §§1005.11(c)(1) and .11(a)-(e)).

¹³ An exception applies under §1005.11(b)(2) if the institution requires written confirmation of an error within 10 days of an oral notice but does not receive it. In that case, the institution may extend the investigation period without providing provisional credit. Comment §1005.11(b)(2)-1. The regulation requires that the consumer be notified of the written confirmation requirement when the oral notice of an error is made and the institution must provide the address to send the confirmation.

¹⁴ See Comment §1005.11(c)-6.

¹⁵ See EFTA §909(b) (codified at 15 U.S.C. §1693.g(b). See also 83 Federal Register 6364, 6382 (February 13, 2018) (“Under EFTA section 909(b), the burden of proof is on the financial institution to show that an alleged error was in fact an authorized transaction; if the financial institution cannot establish proof of valid authorization, the financial institution must credit the consumer’s account.”) Emphasis added.

¹⁶ See In the Matter of USAA Federal Savings Bank (Bureau Consent Order January 3, 2019) at p. 12.

¹⁷ See §1005.11(d)(2(i) and (ii).

¹⁸ See Comment §1005.33(f)-3.

¹⁹ See Kenneth Benton, “Credit and Debit Card Issuers’ Obligations When Consumers Dispute Transactions with Merchants,” Consumer Compliance Outlook (First Quarter 2016).

²⁰ See §1026.12(b)(1)(ii).

²¹ If the card issuer will not be imposing liability on the consumer, it does not have to comply with the disclosure or identification requirements. See Comment §1026.12(b)(2)-1.

²² See Comment §1026.12(b)(3)-3.

²³ See §1026.12(b)(3).