Prepaid cards and digital accounts are subject to Regulation E consumer protection requirements. Here is what the prepaid account rules require, how they apply to fintech products, and what compliance looks like in practice.
Regulation E and Prepaid Cards: What Fintechs Must Know
Prepaid cards and digital prepaid accounts are among the most compliance-intensive fintech products. The Consumer Financial Protection Bureau's prepaid account rules — which implement the Electronic Fund Transfer Act through Regulation E — impose a comprehensive set of consumer protection requirements on prepaid account issuers and their program manager fintech partners.
Understanding what Regulation E requires for prepaid products is essential for any fintech building or distributing prepaid cards or digital wallet products that store consumer funds.
What Is a Prepaid Account Under Regulation E?
The CFPB's prepaid account rules cover "prepaid accounts" — a defined category that includes prepaid cards, mobile wallets, digital accounts, and other account types that can be loaded with funds and used for purchases or transfers. The definition is intentionally broad: digital wallet compliance considerations apply to any product that stores consumer funds in a reloadable account for spending and transfers.
The prepaid account rules do not apply to gift cards that are non-reloadable and cannot be used for multiple purposes, or to certain other limited-purpose cards. But for any reloadable prepaid card or digital account product offered to consumers, the full prepaid account rule applies.
Key Regulation E Requirements for Prepaid Accounts
Pre-Acquisition Disclosures
Before acquiring a prepaid account — which for digital products typically means before completing account registration — consumers must receive a short form disclosure in a standardized format showing all fees in a mandated order. The CFPB has published a specific short form disclosure template that prepaid account issuers must use.
A long form disclosure with more detailed terms and conditions must also be made available and provided to the consumer at acquisition. Both the short and long form must be accessible online at a publicly available website.
Periodic Statements or Account Access
Prepaid account holders must either receive periodic account statements or have access to their transaction history through an online portal or mobile app. The Regulation E rules for periodic statements specify the minimum information that must be available. Most fintech prepaid products provide online account access rather than mailed statements.
Error Resolution Procedures
One of the most demanding requirements is the error resolution process. When a consumer reports an error — including an unauthorized transaction, an incorrect transaction amount, or a technical failure — the prepaid account issuer must acknowledge the error claim within 10 business days and complete an investigation within 45 days for most errors (extended periods apply in some cases). If the investigation is not complete within 10 business days, the issuer must provide provisional credit for the disputed amount.
Fintechs in prepaid programs must have documented error resolution procedures, staff or systems to handle error claims within these timelines, and a clear process for escalating claims to the sponsor bank where applicable.
Unauthorized Transaction Liability
Consumer liability for unauthorized transactions on prepaid accounts is limited under Regulation E. If the consumer reports within two business days, liability is limited to $50. Reports within 60 days are limited to $500. Reports after 60 days may result in unlimited liability. These limits are consumer-protective and cannot be contracted away.
FDIC Insurance Pass-Through Disclosure
Prepaid accounts that are eligible for pass-through FDIC insurance — meaning the funds are held at an FDIC-insured bank and consumers are eligible for insurance coverage — must make specific disclosures about FDIC insurance eligibility. The disclosure must state whether FDIC insurance is available and clarify that registration may be required to receive coverage. Fintechs operating prepaid programs without FDIC-insured sponsor banks must clearly disclose the absence of FDIC insurance.
The BaaS/Program Manager Structure
Most fintech prepaid card products operate through a Bank-as-a-Service or program manager structure — the fintech serves as the program manager and the card is issued by an FDIC-insured bank. In this structure, Regulation E compliance responsibilities are shared between the bank and the fintech program manager per their program agreement.
Regulators hold the bank ultimately responsible for Regulation E compliance — but the bank contractually requires the fintech program manager to implement Regulation E compliant processes. Fintechs in these arrangements must have compliant disclosure, error resolution, and consumer communication processes even though the bank is the legal issuer of the prepaid account.
Frequently Asked Questions
Does Regulation E apply to digital wallets that don't issue physical cards?
Yes. The CFPB's prepaid account rules cover digital accounts — including mobile wallets and app-based accounts — that store consumer funds and enable spending and transfers. The absence of a physical card does not remove the product from the prepaid account rule's coverage.
Are business prepaid cards covered by Regulation E?
The CFPB's prepaid account rules primarily cover consumer accounts. Prepaid accounts established for commercial purposes — business expense cards and similar products — may have different regulatory treatment. However, the line between consumer and commercial can be blurry in some fintech contexts, and a careful analysis of whether a specific product is covered is advisable.
What are the consequences of Regulation E violations for prepaid accounts?
The CFPB has broad enforcement authority over Regulation E violations and has taken enforcement actions against prepaid issuers for failures including improper error resolution procedures, inadequate disclosures, and violations of the fee disclosure requirements. Civil money penalties, restitution to affected consumers, and required remediation are all potential consequences of significant Regulation E violations.
How ComplyOne Helps
ComplyOne helps fintech prepaid card and digital wallet companies build Regulation E compliant programs — from drafting required disclosure documents to designing error resolution workflows to assessing compliance program gaps against CFPB requirements — through advisory services, compliance technology, or both.
Talk to the ComplyOne team to get started.
The information in this article is for general educational purposes and does not constitute legal or regulatory advice. Regulation E requirements are subject to CFPB rulemaking. Consult qualified legal counsel for guidance specific to your prepaid product.