Changes to Regulation CC

AuditOne Advisory 

From Bud Genovese, Chairman

Genelle Wrzesinski, Senior Associate and Electronic Funds Transfer Practice Director, based in our Northern California office, has written the article below that summarizes the details, including what auditors and examiners will look for, contained in the revised Regulation CC rules effective July 1, 2018. Please feel free to forward this useful column to any appropriate people in your financial institution, thank you.  – Bud

Changes to Regulation CC


The Federal Reserve published a final rule amending Regulation CC on May 31, 2017, with an effective date of July 1, 2018.  It more recently issued a commentary for Regulation J changes to enable implementation of the revised Regulation CC rules.

Current check collection and return requirements will be
modified to reflect a virtually all-electronic check collection and return
environment and to encourage all depository institutions to receive, and paying institutions to send, returned checks electronically.  These changes will better align with current practices for electronic image-based processing of check collection and returns, which have been driven by many institutions signing agreements to join processing networks with their core provider. These networks follow ECCHO (Electronic Check Clearing House Organization) rules. The revised Regulation CC will adopt these rules and enable efficiencies via faster processing.  Faster payments could also come from the push for a second returned-item cash letter to paying banks each day.

While the increased hold limits and shorter return times (as outlined below) may get most attention, in fact it is the revised assignment of liability on fraudulently altered or re-deposited checks that is most
significant, together with the new warranties applying to the exchange of
imaged electronic checks.  The revisions require that a financial
institution (FI) receiving a remote or mobile deposit item indemnify any FI
that subsequently receives the original (paper) check, given that the item was already paid and settled.  However, as elaborated on below, the indemnity does not protect the subsequent FI if the check carries a restrictive endorsement.

Definitional changes

  • The routing number is revised to include the bank identification number in electronic checks.
  • “Indemnifying bank” is now defined as a bank that provides an indemnity under Section 229.34 for remote deposit capture or for an electronically-created item.
  • The MICR line includes the number established in X9.100-817 (today’s standard).
  • “Sufficient copy” is defined to include the electronic
    reproduction of a check that the recipient has agreed to receive instead of paper.
  • Subject to Regulation CC, an electronic check is treated the same as a paper check for all purposes unless otherwise noted.  However, the regulation does not give the bank the right to send an electronic check absent agreement to do so by both parties. It includes provisions for notice of nonpayment, expeditious return and warranties.
  • Banks may send information required in writing in electronic form (such as electronic statements), if there is an agreement to do so.

Revised hold limits

In 2011, Regulation CC established the limits for holds
placed on consumer DDA accounts (used for personal, family or household purposes).  FIs subject to compliance are required to make $200 available the first business day following a deposit, unless an exception hold is placed for one of the six types of eligible reason under the regulation.  For exception holds the regulation requires that $5,000 be made available the next business day (with some subject to longer hold periods in accordance with a schedule specified in Regulation CC). Effective July 1, 2018, the above-noted limits will change from $200 and $5,000 to $225 and $7,500, respectively. There is a rising concern that this change could impact ATM currency for banks that do not include $5 bills.

Note that the regulation does not cover business accounts or
personal savings, money market or CD accounts.  Also, cash deposits made
in person and electronic payments are still required to be made available next day.

Revised two-day test

The final rule requires expedited return for both paper and
electronic checks to meet the two-day test: a requirement to return to the bank of deposit (BOFD) no later than 2:00 p.m. on the second business day following check presentment to the paying bank.  The previous deadline was 4:00 p.m. on the second business day.

Handling of returned deposited items

Checks have always had endorsements on the back to indicate
the returning bank.  But not so with imaged checks, making it difficult to
determine the path of collection.  Several banks have been granted
extended return times to research the BOFD or have forwarded the item to the Fed requesting assistance.  But BOFD information is more readily available via check file record #26 (i.e., line 26 of the report attached to imaged file, provided by either the Fed or the processor).  The paying or returning bank could be liable for failing to meet this requirement if the depository bank has arrangements for return of checks electronically by “commercially reasonable means”.

In addition, there is a new requirement for the paying bank
to notify the BOFD of non-payment of items over $5,000.  This is an
increase in the threshold amount from the previous $2,500.  However, the
new notification requirements eliminate some of the information that previously had to be reported.

RCC procedures

ECCHO is working with the Federal Reserve to effect changes
to remotely-created checks (RCCs) and claims with ECCHO Rule 8 and Rule 9 warranty and claim procedures.  As mentioned above, there is currently a proposal out for complementary changes to Regulation J.  Specifically, ECCHO is proposing the use of external processing code (EPC) digit “6” to identify RCCs.  The EPC field position 44 on the MICR line will be located just left of the routing number; this can be over laid with “4” if an IRD image replacement document – i.e., photocopy of check) is created.  Use of the code is voluntary and is not an immediate solution to fraud but could identify the legitimate remote check processors.  Financial institutions will have to update agreements to require the code, and will then be required to monitor volumes and return rates.  Depository banks may then allocate liability to the depositor in their customer agreements.

Warranties, indemnifications and endorsements

With the Federal Reserve now adopting ECCHO rules, liability
will shift to the depository bank for altered or forged checks.  This
introduces a “rebuttable presumption” (i.e., presumed liability to the BOFD) that can be overcome if the original check is made available for all parties in the dispute, in which case standard UCC rules would apply.

The revisions will also allow FIs operating in multiple
states to have clearer guidelines when subjected to out-of-state
jurisdiction.  They will affect claims with duplicate warranty – i.e.,
when a receiving bank pays an item already paid – because warranty is valid
even if demand for duplicate payments results from a fraudulent check about which the warrantying bank had no knowledge.  This scenario can occur with remote and mobile deposit capture systems; however, Regulation CC applies to consumers, so it is mobile deposit that represents the major risk.

The depository bank’s indemnity provides that:

  • The truncating bank accepts deposit of electronic image
    or information related to the original check
  • It does not receive the original check
  • It receives settlement or other consideration for the
    deposited check
  • It does not receive return of check unpaid

There is an exception for a restrictive endorsement, which
includes “For mobile deposit only – Bank name”, even though the bank will not have the item in their possession.  Banks will need to work with their core processor to ensure virtual endorsements include this restrictive
verbiage.  Also, it is very important to train bank operations staff on
the teller line not to accept any over the counter deposits with checks that
include a restrictive endorsement sprayed when an item is processed with a
remote capture scanner, to help mitigate potential losses from duplicate

What auditors and examiners will look for

These changes will impact several areas of auditing, though
this will await further clarifications, including complementary changes to
Regulation J.

For a Central or Branch Operations audit (e.g., Fed
returns), there will be additional requirements:

  • Review of the Federal Reserve monthly fee statement to
    determine whether fees were assessed for needlessly forwarding a check to
    be researched by the Federal Reserve instead of looking at record #26 for
    the BOFD information.
  • Reason codes should be reviewed, as “Refer to Maker”
    will no longer be allowed.
  • Review training records to ensure over the counter
    deposits do not include restrictive endorsements for mobile or remote
    deposit captured items.

For Compliance audits, reviews are likely to include the

  • Change in $ limits of holds.
  • Timely release of funds for availability.
  • Changes for $ limits of notification of returns for
    large items ($5,000 and over)
  • Changes with deadline time of returns at 2:00 p.m.

For EFT Audits covering remote deposit capture and mobile
deposit capture, reviews are likely to include the following:

  • Require a closer review
    of changes to the bank’s agreements with restrictive endorsement
  • Ensure that endorsement
    requirements are met.


    • Review whether core
      processors include the restrictive virtual endorsements that will include
      “For Mobile Deposit Only with the name of the Bank”.  Client’s
      account numbers will not be a requirement.
    • If the core processor
      does not virtually provide the endorsement, review how the bank is
      ensuring it is present prior to deposit capture processing.

Resources and reference tools

Genelle Wrzesinski has over 35 years of hands-on experience in banking operations and compliance/BSA management, working in various community and regional banks. She holds a B.Sc. in Business Administration, has earned the AAP (Accredited ACH Professional) certification, and regularly attends compliance seminars and conferences.

AuditOne LLC – Company Overview

AuditOne LLC provides independent risk management services to financial institutions. Our sole focus is providing internal audit and credit review services to the financial institution industry. We have experience with all regulatory authorities and offer a full selection of audit services comprising Credit Review/ALLL, BSA/Compliance, IT/Information Security, ACH rules Compliance, Operations, Network Tests, Asset/Liability Management and various specialty areas. Our expertise is your edge. For more information on this article, please contact Jeremy Taylor, Co-CEO at: Contact Us or Kevin Watson, Co-CEO at: Contact Us and for information about all of our audit services see