Skip to main content
Consumer Financial Protection Circular

Consumer Financial Protection Circular 2024-05

Improper Overdraft Opt-In Practices

Question presented

Can a financial institution violate the law if there is no proof that it has obtained consumers’ affirmative consent before levying overdraft fees for ATM and one-time debit card transactions?

Response

Yes. A bank or credit union can be in violation of the Electronic Fund Transfer Act (EFTA) and Regulation E if there is no proof that it obtained affirmative consent to enrollment in covered overdraft services. The form of the records that demonstrate consumer consent to enrollment may vary according to the channel through which the consumer opts into covered overdraft services.

Regulation E’s overdraft provisions establish an opt-in regime, not an opt-out regime, where the default condition is that consumers are not enrolled in covered overdraft services. Financial institutions are prohibited from charging fees for such services until consumers affirmatively consent to enrollment. Violations of 12 CFR 1005.17(b)(1) can be proven in part by showing evidence that a consumer was charged an overdraft fee on a covered transaction where the available evidence does not adequately validate that the consumer opted in.1

Regulatory background

Regulation E implements the EFTA and governs the assessment of certain overdraft fees. Specifically, before a financial institution may charge a consumer a fee in connection with an ATM or one-time debit transaction, Regulation E requires the financial institution to provide consumers with a “reasonable opportunity for the consumer to affirmatively consent, or opt in” to covered overdraft services, and to obtain the consumer’s “affirmative consent, or opt in” to such services.2 Institutions are also required to provide consumers with a written or electronic notice describing the institution’s overdraft services prior to opt in, and to provide consumers with confirmation of the consumer’s consent to enrollment in writing or electronically with a notice informing the consumer of the right to revoke such consent.3 These rules do not apply to overdraft fees charged on written checks, recurring debit transactions, or ACH transactions.

Analysis

As noted above, Regulation E sets forth an opt-in, rather than opt-out, process before financial institutions are permitted to assess fees for covered overdraft services. The opt-in provisions provide that, absent affirmative enrollment by consumers, consumers’ default status is to not be enrolled in covered overdraft services. Regulation E’s opt-in provisions were established after the Federal Reserve Board found that consumers who were automatically enrolled in overdraft services may prefer to “avoid fees for a service they did not request."4 Therefore, consistent with this opt-in design, when determining compliance with Regulation E’s opt-in provisions, regulators and enforcers should inspect the financial institutions’ records to determine whether there is evidence of affirmative consent to enrollment in covered overdraft services.

In the CFPB’s supervisory work, examinations have found that some institutions have been unable to provide evidence that consumers had opted into overdraft coverage before they were charged fees for ATM and one-time debit transactions. While some institutions maintained policies and procedures relating to Regulation E’s overdraft opt-in requirements, supervisory examinations found that the institutions were unable to show that these policies and procedures were actually followed with respect to individual consumers. In response to examination findings, institutions began maintaining records to prove the consumer’s affirmative consent to enrollment in covered overdraft services.

In supervisory and enforcement work, the CFPB has also identified numerous other violations of law relating to Regulation E’s overdraft opt-in requirements over the years. These violations have included, for example: the failure of institutions to obtain consumers’ affirmative consent to enrollment in covered overdraft services,5 and obtaining consumers’ opt-in to covered overdraft services through deceptive and abusive acts or practices.6 The prevalence of violations related to overdraft opt in underscores the need for effective supervision and enforcement of Regulation E’s overdraft opt-in provisions.

Form of records evidencing opt-in

The form of the records that demonstrate consumer consent to enrollment may vary according to the channel through which the consumer opts into covered overdraft services. For example:

  • For consumers who opt into covered overdraft services in person or by postal mail, a copy of a form signed or initialed by the consumer indicating the consumer’s affirmative consent to opting into covered overdraft services would constitute evidence of consumer consent to enrollment.
  • For consumers who opt into covered overdraft services over the phone, a recording of the phone call in which the consumer elected to opt into covered overdraft services would constitute evidence of consumer consent to enrollment.
  • For consumers who opt into covered overdraft services online or through a mobile app, a securely stored and unalterable “electronic signature” as defined in the E-Sign Act (15 U.S.C. 7006(5)) conclusively demonstrating the specific consumer’s action to affirmatively opt in and the date that the consumer opted in would constitute evidence of consumer consent to enrollment.

About Consumer Financial Protection Circulars

Consumer Financial Protection Circulars are issued to all parties with authority to enforce federal consumer financial law. The Consumer Financial Protection Bureau (CFPB) is the principal federal regulator responsible for administering federal consumer financial law, see 12 U.S.C. 5511, including the Consumer Financial Protection Act’s prohibition on unfair, deceptive, and abusive acts or practices, 12 U.S.C. 5536(a)(1)(B), and 18 other “enumerated consumer laws,” 12 U.S.C. 5481(12). However, these laws are also enforced by state attorneys general and state regulators, 12 U.S.C. 5552, and prudential regulators including the Federal Deposit Insurance Corporation, the Office of the Comptroller of the Currency, the Board of Governors of the Federal Reserve System, and the National Credit Union Administration. See, e.g., 12 U.S.C. 5516(d), 5581(c)(2) (exclusive enforcement authority for banks and credit unions with $10 billion or less in assets). Some federal consumer financial laws are also enforceable by other federal agencies, including the Department of Justice and the Federal Trade Commission, the Farm Credit Administration, the Department of Transportation, and the Department of Agriculture. In addition, some of these laws provide for private enforcement.

Consumer Financial Protection Circulars are intended to promote consistency in approach across the various enforcement agencies and parties, pursuant to the CFPB’s statutory objective to ensure federal consumer financial law is enforced consistently. 12 U.S.C. 5511(b)(4). Consumer Financial Protection Circulars are also intended to provide transparency to partner agencies regarding the CFPB’s intended approach when cooperating in enforcement actions. See, e.g., 12 U.S.C. 5552(b) (consultation with CFPB by state attorneys general and regulators); 12 U.S.C. 5562(a) (joint investigatory work between CFPB and other agencies).

Consumer Financial Protection Circulars are general statements of policy under the Administrative Procedure Act. 5 U.S.C. 553(b). They provide background information about applicable law, articulate considerations relevant to the Bureau's exercise of its authorities, and, in the interest of maintaining consistency, advise other parties with authority to enforce federal consumer financial law. They do not restrict the Bureau’s exercise of its authorities, impose any legal requirements on external parties, or create or confer any rights on external parties that could be enforceable in any administrative or civil proceeding. The CFPB Director is instructing CFPB staff as described herein, and the CFPB will then make final decisions on individual matters based on an assessment of the factual record, applicable law, and factors relevant to prosecutorial discretion.­

Endnotes

  1. Depending on the circumstances, a financial institution’s overdraft practices may also implicate the CFPA’s prohibition on unfair, deceptive, or abusive acts or practices. 12 U.S.C. 5531, 5536. See e.g., Consumer Financial Protection Circular 2022-06, Unanticipated Overdraft Fee Assessment Practices (Oct. 26, 2022).

  2. 12 CFR 1005.17(b)(1)(ii) & (iii).

  3. 12 CFR 1005.17(b)(1)(i) & (iv). 12 CFR 1005.13(b)(1) requires a person to retain evidence of compliance with the requirements of EFTA and Regulation E for a period of not less than two years from the date disclosures are required to be made or action is required to be taken. This is an independent legal obligation, which does not change the fact that the absence of records proving that an opt-in occurred is suggestive that a consumer did not opt in.

  4. Electronic Fund Transfers, 74 Fed Reg. 59033, 59038-59039 (Nov 17, 2009) (amending 12 CFR 205).

  5. See e.g., CFPB Consent Order, In the Matter of Atlantic Union Bank, No. 2023-CFPB-0017 (December 7, 2023); CFPB Consent Order, In the Matter of Regions Bank, No. 2015-CFPB-0009 (April 28, 2015); Supervisory Highlights, Summer 2015 Edition, at 23, available at https://files.consumerfinance.gov/f/201506_cfpb_supervisory-highlights.pdf .

  6. See e.g., CFPB Consent Order, In the Matter of TD Bank, N.A.. No. 2020-BCFP-0007 (August 20, 2020); CFPB v. TCF National Bank, Stipulated Final Judgment and Order, 17-cv-00166 (July 20, 2018).