Consumer Compliance

Regulation E: Electronic Fund Transfers and Error Resolution

The short version

The Electronic Fund Transfer Act, implemented by Regulation E, protects consumers using electronic fund transfers: debit-card transactions, ACH, ATM withdrawals, and many person-to-person and prepaid transfers. Its two best-known mechanics are error resolution and liability for unauthorized transfers. When a consumer reports an error in time, the institution must investigate on a defined timeline, generally ten business days, and either resolve it or extend the investigation while granting provisional credit. A consumer's liability for an unauthorized transfer is capped and rises with delay in reporting, so prompt reporting protects the consumer.

Regulation E is the rule fintechs and neobanks meet first, because it governs exactly what they do: move money electronically for consumers. Its error-resolution and unauthorized-transfer rules are prescriptive and time-bound, which makes them a frequent source of both consumer complaints and examination findings. This guide covers the scope, disclosures, the error resolution process, consumer liability, and where programs fall short.

What it covers

Regulation E applies to electronic fund transfers from a consumer's account: debit-card purchases, ATM transactions, ACH debits and credits, point-of-sale transfers, and many person-to-person and prepaid-account transfers. It is consumer-focused; transfers from business accounts are generally outside it. The regulation governs disclosures, receipts, periodic statements, error resolution, and liability limits.

Error resolution

The error-resolution process is the heart of Regulation E. When a consumer notifies the institution of an error, including an unauthorized transfer, within the timeframe the regulation allows, the institution must investigate.

The timelines are firm, and a program that misses them creates both a violation and a consumer harmed by a frozen disputed amount.

Liability for unauthorized transfers

Regulation E caps a consumer's liability for unauthorized transfers, and the cap rises with delay in reporting a lost or stolen access device or an unauthorized transfer shown on a statement. The tiers are defined.

When the consumer reportsMaximum liability
Within two business days of learning of the loss or theftUp to $50.
After two business days, but within 60 days of the statement showing the first unauthorized transferUp to $500.
Not within 60 days of that statementUnlimited for the transfers that occur after the 60-day period.

The structure exists to encourage prompt reporting, and the institution bears the loss the consumer is not liable for. Some access devices and card-network rules reduce the consumer's exposure further, and the timelines can be extended for new accounts and certain other situations.

Disclosures

The regulation requires initial disclosures of the terms and conditions of electronic fund transfers, including the consumer's liability, the error-resolution process, and the institution's contact information, along with receipts for transfers and periodic statements. For prepaid accounts, additional short-form and long-form disclosure requirements apply.

Where it goes wrong

Regulation E is the prescriptive, time-bound core of consumer payments compliance, and a frequent source of complaints and findings. For the structure that manages it, see the Compliance Management System guide; for the launch-stage obligations that include it, see the BaaS compliance before launch guide.

Primary sources

Common questions

What does Regulation E cover?
Electronic fund transfers from a consumer's account: debit-card purchases, ATM transactions, ACH debits and credits, point-of-sale transfers, and many person-to-person and prepaid-account transfers. It governs disclosures, receipts, periodic statements, error resolution, and liability limits, and is focused on consumers rather than business accounts.
What is the Regulation E error resolution timeline?
When a consumer reports an error in time, the institution generally has ten business days to investigate and resolve it. It may take longer, generally up to forty-five days, but only if it provisionally credits the disputed amount to the account while it investigates, and it must report the outcome to the consumer.
What is a consumer's liability for an unauthorized transfer?
Regulation E caps the liability in tiers that rise with delay. Reporting within two business days of learning of a loss or theft limits liability to $50; reporting after that but within 60 days of the statement showing the first unauthorized transfer limits it to $500; failing to report within 60 days of that statement exposes the consumer to unlimited liability for the transfers after the 60-day period. The institution bears the loss the consumer is not liable for, and the timelines can extend for new accounts.
Is a Regulation E error only fraud?
No. The error definition is broader than fraud. It includes unauthorized transfers but also computational or bookkeeping errors, the wrong amount, an omitted transfer from a statement, and a consumer's request for documentation or clarification. A dispute process built only for fraud misses the other error types.
From the team behind this guide

Reg E disputes resolved on the clock

Compliance Command Center builds the Regulation E error-resolution and liability controls to the regulation's timelines, with the investigation, provisional credit, and notice steps documented. Practitioners build it, with a human reviewing every deliverable, so disputes are resolved within the deadlines an examiner checks.

See Compliance Command Center Talk to a Practitioner