On July 1, 2010 the Regulation E rules established by the Board of Governors of the Federal Reserve take effect. By then all financial institutions must have in place controls that opt-out all customers from overdraft protection for ATM and one-time debit card transactions if they have not affirmatively consented, or opted-in for the service.

Over the past couple of weeks, we have received a number of inquiries from our bank and credit union customers looking for guidance on how to create online forms that can meet the opt-in and opt-out requirements of Regulation E.

Based on our research on the topic and various conversations with customers here is what we understand.

1. Before the compliance deadline, all customers must be set to an opt-out status for specified overdraft services.
2. Notification must be sent to customers instructing them that to continue the specified protection, they must opt-in.
3. The institution must provide a full explanation of the overdraft protection including all fee disclosures.
4. Customers can then indicate their consent for the protection or continue to opt-out.
5. Assuming that the first two requirements are met by the bank or credit union, they may direct customers to an online consent form in order to opt-in.

Suggested wording of the form is provided by the Federal Reserve and should include the ability to select the opt-in or opt-out status, the customer’s name, the date, and the customer’s account number. In order to request this information online, special attention must be paid to security.

The following recommendations offer a guideline for your online form.

1. Ensure that the form is only available through SSL encryption.
2. In order to help the customer verify the validity of the form, an Extended Validation SSL certificate (such as a VeriSign Secure Site with EV) is also recommended.
3. Use secure email to deliver the form contents. Sign and encrypt the email using a personal certificate associated with the recipient email address (such as a VeriSign Digital IDs for Secure Email).
4. Include a form validation such as the free reCAPTCHA anti-bot service to reduce the number of false form submissions.

Financial institutions that are users of the novo for Banking web content management system can meet all of these recommendations. If you’re not currently using novo for Banking, there are implementation steps that can be applied to your site as well.

If the above recommendations cannot be met for whatever reason, then we would further recommend that the website provide only a PDF version of the form which customers can print, complete, and deliver it to a branch personally.

For assistance, contact any of us here at Dovetail and we’ll be happy to help ensure you’re ready for Regulation E.

-- Mike