Signed in March 2020, the CARES Act provides Economic Impact Payments (EIPs) to qualified consumers. The government is disbursing EIPs to people based on information contained within their 2018 or 2019 federal tax returns. Both electronic and physical EIPs will be distributed in weekly cycles. As these stimulus funds begin to be distributed to individuals, certain questions and risks have arisen that financial institutions need to consider.
Recognizing Liability
The Treasury Department has stated that any EIP Automated Clearing House (ACH) direct deposit that’s returned by an institution will be redistributed as a physical check payment. Some instances have been documented where EIPs have been received for deceased accountholders. EIPs are not subject to reclamation of funds by the Treasury Department and should be handled in accordance with the institution’s existing controls.
Problems have arisen during situations when an electronic EIP is received for a closed account. An institution may risk reputational harm returning the EIP if the closed account relates to an existing customer that’s readily identifiable. However, an institution may expose itself to liability if it distributes the funds to an incorrect party. Careful analysis should be performed with proper documentation if an institution chooses not to automatically return the EIP.
As a Receiving Depository Financial Institution (RDFI), the institution enjoys a safe harbor protection if it exactly processes and posts the EIP in accordance with the instructions accompanying the transaction entry. Any change in depositing the funds into an account other than that received in the transaction entry, or subsequently transferring the funds to another account, will create potential liability. Again, careful analysis should be performed when altering the original instructions.
Outstanding Debts and Overdrafts
On a federal level, EIPs are not protected from offset by the financial institution for outstanding debts or overdrafts. Some states, such as Massachusetts and New York, have passed restrictions prohibiting institutions from claiming EIPs for such purposes while others have issued guidance strongly urging their respective financial institutions to voluntarily refrain from such acts. Depending on the location of the institution, the restriction may exist for 30 days or longer. Institutions should review their core system settings to ensure that EIPs are not automatically applied to such pre-existing negative account balances. Different systems may require different process solutions.
Social Security Concerns
The Treasury Department has stated that the EIPs will have Social Security Numbers (SSN) included in the payment transaction information. Institutions will need to review IT controls to determine whether the SSN information will carry into the recording and reporting of the EIP through its online statements, physical paper statements, and mobile banking services. Unfortunately, bad actors may attempt to obtain SSN information from unsecure resources. Fraud may also exist, either in the creation of fraudulent EIP checks or the fraudulent transacting of valid EIP checks. Multiple deposits of EIP checks through remote deposit capture or mobile banking channels are other concerns that should be considered. Communication and training on potential fraud and identity theft red flags will be essential in combatting these risks.
Conclusion
Wolf appreciates the efforts and performance by financial institutions to service their customers during this crisis. Please visit our COVID-19 Resource Center for current insights and discussions regarding the pandemic, as well as recent COVID-related announcements, regulatory guidance, and interpretations. Please feel free to contact us with any questions if we can assist.
