Glossary · Compliance

What is
Regulation E?

Complexity Advanced
Shows up Monthly
Scope Optional
Operator relevance Important
Related reg z ach return code friendly fraud chargeback representment
Share definition X LinkedIn Reddit HN Email
Quick definition

Regulation E is the CFPB rule implementing the Electronic Fund Transfer Act. It governs consumer rights around electronic debits to bank accounts (ACH, debit cards, prepaid cards) — including the 60-day window to dispute unauthorized charges and the bank's obligation to investigate and provisionally credit.

The short answer

Regulation E is the federal rule (enforced by the CFPB, originally from the Electronic Fund Transfer Act of 1978) that protects consumers when electronic transfers from their bank accounts go wrong — ACH debits, debit-card transactions, prepaid-card transactions, online bill pay, P2P transfers. The core consumer right: if an electronic transfer is unauthorized, erroneous, or incorrect, the consumer has 60 days from the statement date to dispute it, and the bank must investigate and provisionally credit the account within 10 business days.

What Reg E covers

  • ACH debits to consumer accounts (see ACH return codes).
  • Debit-card transactions.
  • Prepaid-card transactions (as of 2019 Prepaid Rule).
  • ATM transactions and online bill pay.
  • Peer-to-peer transfers (Zelle, Venmo, Cash App — with nuances around "authorized but fraudulently induced" transactions the CFPB is still litigating).

Importantly: Reg E does not cover credit-card transactions. Those are governed by Regulation Z under the Truth in Lending Act. The dispute mechanics are similar but the timelines and merchant obligations differ.

Merchant impact in an ACH dispute

  1. Customer tells bank: "I didn't authorize this."
  2. Bank investigates — can pull the ACH authorization from the originator (you, via your processor).
  3. Bank must decide within 10 business days; can extend to 45 with provisional credit.
  4. If customer prevails, bank sends return code R10 (Unauthorized) to originator.
  5. You lose the funds AND take a hit on your unauthorized-return ratio.

What operators need to know

  • Keep authorizations forever. NACHA requires two years; good operational hygiene is indefinite. Signed, e-signed, or recorded-call authorizations are what defend an R10.
  • The 60-day clock is generous. A customer's ACH subscription can run for 45 days, then they can dispute every charge going back 60 days from the statement. You can lose months of recurring revenue in one dispute cycle.
  • Bank decisions are final at the Reg E level. You have no re-presentment path like card chargeback representment. Your only recourse is debt collection or small-claims against the customer — rarely worth it.
  • Friendly-fraud Reg E is the ACH equivalent of card friendly fraud. Customer actually made the purchase, then disputes later. The bank presumes the consumer because the burden to "prove authorization" sits with the merchant.
  • Prepaid now covered. Since 2019, GPR and payroll prepaid cards fall under Reg E. Same 60-day window.
  • P2P is evolving. Zelle/Venmo fraud has driven regulators to push for broader coverage of "authorized fraud" under Reg E. Watch for expansion — it'll affect business receivers too.

Related glossary terms

reg z ach return code friendly fraud chargeback representment

Processing across
multiple brands?

multiflow consolidates your ledger, keeps per-brand billing descriptors, and fans out payouts to the right legal entity.

Start your application How it works

The Operator Briefing

Twice-monthly. No fluff.

Processor shutdowns, reserve-hold playbooks, reconciliation lessons, and the merchant-account decisions that save operators six-figure years. Delivered to your inbox — never spam.

No spam. Unsubscribe in one click.

We use essential cookies · Privacy