Written by Jennifer Aguilar, Regulatory Compliance Counsel, NAFCU
Last week, the Compliance Team hosted our Regulatory Compliance School. Congrats to all the new NCCOs! If you, too, want to become an NCCO, you can join us in Minneapolis for the summer session of Regulatory Compliance School.
One of the key principles we teach at Compliance School is that most of the consumer regulations (TISA, Reg E, Reg X, Reg Z, etc.) do not apply to business-purpose accounts. These rules generally leave it up to the credit union to determine when an account is opened for a business purpose. If a credit union determines the account is for business purposes, then it does not have to provide disclosures, such as account opening disclosures, periodic statements or change in terms notices. Like many of our Compliance School attendees also learned, the CFPB loves its exceptions and enjoys hiding them in the commentary. So, today’s blog focuses on the exception to this rule for credit card accounts.
Section 1026.3(a) of Regulation Z provides the general rule: credit extended to a person for business purposes and credit extended to an entity are exempt from the regulation. The commentary to this provision explains that, for credit card accounts, there are two rules that apply even if the credit extended is generally considered exempt from the regulation: section 1026.12(a) on issuing credit cards and section 1026.12(b) on liability for unauthorized use.
Issuing Credit Cards . Section 1026.12(a) explains credit cards can only be issued upon request or as a renewal or substitution for another credit card. For cards issued upon request, the request can be verbal, written or as part of an application for a credit card account. The cards can only be provided to the person making the request and any authorized users on the account. Renewal generally refers to the scenario when a previous card has expired or a new technology is incorporated into the card, such as when chip-enabled cards were issued. Substitution generally refers to when a card is replaced because the account relationship has changed, such as when the features on the account have changed. Anytime a credit card is issued for a business account, these rules will apply.
Liability for Unauthorized Use. Section 1026.12(b) provides the liability limits for unauthorized use. Under the rule, a member may be held liable only if:
An investigation into the alleged unauthorized transaction is also required before liability can be passed on to the member. A member’s liability is limited to the lesser of $50 or the amount of the transactions that occurred before notice was provided to the credit union. These liability limits apply even if the account is for business purposes or the cardholder is an entity.
There is also a special liability rule for cards issued to employees of an organization. Section 1026.12(b)(5) explains when ten or more cards are issued for the same organization, the credit union and the organization can contract for higher liability. The commentary clarifies credit unions can take advantage of this special rule only when the organization is in the position to provide at least ten cards to employees. For example, ten cards cannot be issued to an organization with only three employees. It is also important to note that the higher liability limit cannot be passed on to individual employees. The organization itself is the liable party.
Since Regulation Z generally does not apply to business purpose credit cards, it can be easy to overlook these two provisions. Credit unions may want to review any agreements and disclosures provided for business credit cards to determine whether they meet these requirements.
Share Your Thoughts!
NAFCU is gathering comments on various credit card practices in response to the CFPB’s request for information (RFI). The RFI covers terms of credit card agreements, effectiveness of disclosures, how implementation of the Credit CARD Act has affected costs and other practices. More information, including how to submit your comments, can be found in this Regulatory Alert (NAFCU member login required).