FDIC offers guidance on multiple NSF fees
Recently, the FDIC issued guidance to address consumer compliance risks associated with assessing multiple nonsufficient funds (NSF) fees arising from re-presentment of the same unpaid transaction. This issue often comes up when transactions are presented for payment that can’t be covered by a customer’s balance, the bank charges NSF fees and the merchant subsequently resubmits the transaction for payment.
According to the FDIC, if the bank charges additional NSF fees for the same transaction, there’s “an elevated risk of violations of law and harm to consumers.” This risk may arise, for example, because disclosures didn’t fully or clearly describe the bank’s re-presentment policy by explaining that the same unpaid transaction might result in multiple NSF fees. As a result, there may be a heightened risk of violating the Federal Trade Commission Act’s unfair or deceptive acts or practices (UDAP) provisions.
The guidance encourages banks to review their practices and disclosures regarding NSF fees for re-presented transactions and to adjust them if necessary. If violations are noted, the FDIC expects banks to make restitution.
Complying with the updated FTC Safeguards Rule
In December 2021, the Federal Trade Commission (FTC) updated its Standards for Safeguarding Customer Information (Safeguards Rule). It’s generally applicable as of January 10, 2022, with some requirements taking effect December 9, 2022. According to the FTC, the amended rule preserves the flexibility of the original while providing more concrete guidance. “It reflects core data security principles that all covered companies need to implement,” the FTC explains. Some institutions are exempt, including those that maintain customer information concerning fewer than 5,000 consumers.
Financial institutions — including mortgage lenders, collection agencies, tax preparation firms, and non-federally insured credit unions — should review their information security programs to ensure that they comply with the latest standards. A good place to start is the FTC’s publication, “FTC Safeguards Rule: What Your Business Needs to Know,” which you can find at https://www.ftc.gov/business-guidance/resources/ftc-safeguards-rule-what-your-business-needs-know.
Failure to safeguard data may violate consumer protection laws
In a recent circular, the Consumer Financial Protection Bureau (CFPB) confirmed that banks and other financial companies that fail to safeguard consumer data may violate federal consumer financial protection laws. The circular warns companies they risk violating the Consumer Financial Protection Act if they fail to have adequate measures to protect against data security incidents. It also provides examples of data security measures that, if not implemented, may trigger liability. These include multifactor authentication, adequate password management, and timely software updates.