IBA Compliance Connection

Your go to source for compliance!

Is there a law requiring us to continue mailing deposit account statements after several have been returned to us as undeliverable? The phone number we have on file has been disconnected, but we are seeing continued debit card transactions on the account.

by

admin

We are not aware of any law or regulation that would require you to continue mailing periodic statements in this situation. Our recommendation is to place a freeze on the customer’s account, which should cause the customer to contact the bank, at which point you will be able to collect the customer’s updated contact information. Alternatively, if the card is being used fraudulently, freezing the account will mitigate the ongoing fraud. In any event, you should retain all of the returned statements (or electronic copies of them) in a file associated with the customer’s account.

Ongoing debit card transactions when there is no known customer contact information is a pattern of suspicious activity identified as a red flag in the Interagency Guidelines on Identity Theft Detection, Prevention, and Mitigation, which states: “Mail sent to the customer is returned repeatedly as undeliverable although transactions continue to be conducted in connection with the customer's covered account.”  While your account agreement most likely contains one or more provisions unrelated to suspected fraud that might provide a basis for freezing the account, in our view this identified red flag in the Interagency Guidelines certainly provides such a basis.

We also note that under the Uniform Commercial Code, customers have a duty to report unauthorized transactions with reasonable promptness, which is measured from the time that your institution “sends or makes available” an account statement to the customer. For this reason, some deposit account agreements provide that when a customer’s mail is returned as undeliverable, the bank will discontinue mailing statements and will consider statements to be “made available” to the customer on the day that the account statement is generated. 

For citations related to our guidance, please see below:

  • Regulation V — 12 CFR 334, Appendix J (Interagency Guidelines on Identity Theft Detection, Prevention, and Mitigation, #23 undelivered mail)
  • Illinois UCC — 810 ILCS 5/4-406 (customer’s duty to review account statements with reasonable promptness)