The Electronic Fund Transfer Act (“EFTA”) and Crypto

I. Introduction

It is unclear whether and to what extent the Electronic Fund Transfer Act (“EFTA”)—which dictates rights and liabilities as to unauthorized electronic fund transfers—applies to cryptoassets and crypto transactions. The answer depends on future interpretations of various terms in the EFTA’s statutory text. If crypto assets are “funds” held in “accounts” established for “personal, family, or household purposes,” then the EFTA should apply to “unauthorized electronic transfers” of those crypto assets and impose obligations and liabilities on crypto exchanges or wallet providers. Conversely, if any of those elements is lacking, then the EFTA would not apply or otherwise impose any obligations.

Unfortunately, the precedent assessing the EFTA and crypto is sparse, and parties have reasonable arguments both in favor and against the EFTA’s applicability. Consequently, parties often will not know whether the EFTA applies to a particular crypto transaction. Parties should remain cognizant of the developing precedent and assess the relevant characteristics that would affect whether a transaction falls within the EFTA’s ambit.

II. What is the EFTA?

The EFTA was enacted to “establish[] the basic rights, liabilities, and responsibilities of consumers … and of financial institutions or other persons that offer these services.” 12 CFR § 1005.1(b). The statute “authorizes a private right of action against a bank that fails to comply with any provision of the Act including the provision limiting a consumer's liability for unauthorized transfers.” McDonald v. Navy Fed. Fin. Group, LLC, 223CV01325ARTEJY, 2023 WL 8084850, at *4–5 (D. Nev. Nov. 21, 2023); see also Boston v. Metabank, 4:21-CV-04218-KES, 2023 WL 5748116, at *3 (D.S.D. Sept. 6, 2023) (“If a consumer reports an error, including an unauthorized electronic fund transfer, to a financial institution, the EFTA requires the financial institution to investigate and promptly correct errors the investigation confirms.”). Indeed, “[t]he EFTA authorizes a private right of action against a bank that fails to comply with any provision of the Act, including the provision limiting a consumer's liability for unauthorized transfers.” Sparkman v. Comerica Bank, 23-CV-02028-DMR, 2023 WL 5020269, at *9 (N.D. Cal. Aug. 4, 2023).

To state a claim under the EFTA, “a plaintiff must allege that (1) the relevant accounts were demand deposit, savings deposit, or other asset accounts established primarily for personal, family, or household purposes; and (2) the unauthorized electronic fund transfer was initiated through an electronic terminal, telephone, computer, or magnetic tape for the purpose of ordering, instructing, or authorizing a financial institution to debit or credit a consumer's account.” Zarate v. Chase Bank, 22CV1178AMDLB, 2023 WL 5956334, at *3–4 (E.D.N.Y. Sept. 13, 2023).

Moreover, “[i]n any action which involves a consumer's liability for an unauthorized electronic fund transfer, the burden of proof is upon the financial institution to show that the electronic fund transfer was authorized or, if the electronic fund transfer was unauthorized, then the burden of proof is upon the financial institution to establish that the conditions of liability set forth in subsection (a) have been met . . . .” McDonald v. Navy Fed. Fin. Group, LLC, 223CV01325ARTEJY, 2023 WL 8084850, at *4–5 (D. Nev. Nov. 21, 2023).

Furthermore, the Consumer Financial Protect Bureau (“CFPB”)—i.e., the federal agency charged to enforce compliance with the statute—has confirmed that the EFTA applies in wide-ranging contexts where consumers lose funds, including when:

• A fraudster using stolen credentials initiates an electronic fund transfer (see 12 CFR 1005.2(m));

• A third party fraudulently induces a consumer into sharing account access information (see 12 CFR 1005.2(m));

• The consumer is 100% negligent as to the unauthorized electronic fund transfer (12 CFR 1005.6);

• The consumer’s contract waives all liability (see 15 U.S.C. § 1693g(e); 15 U.S.C. § 1693l);

• The consumer’s contract states that all transfers are final, regardless of intent, knowledge, or authorization (see 15 U.S.C. § 1693l)

• Using a non-bank peer-to-peer payment provider (e.g., PayPal or Venmo) that has no affiliation with the consumer, a fraudster accesses the consumer’s bank account and causes a transfer (see 12 CFR § 1005.2(i)).

Thus, although consumers may be fully negligent—and, in some instances, a financial institution may have done nothing but honor a transaction initiated by a third-party payment provider—the EFTA can require the financial institution to make the consumer whole.

III. Does the EFTA apply to crypto transactions?

It depends. Four main factors affect whether the EFTA will apply to a crypto transaction: (1) did the plaintiff have an “account”; (2) did (s)he use that account for “personal, family, or household purposes”; (3) was there an “electronic fund transfer”; and (4) was that transfer “authorized.” If those four factors are met, the EFTA would apply to cryptocurrency transactions. See Yuille v. Uphold HQ Inc., 22-CV-7453 (LJL), 2023 WL 5206888, at *5 (S.D.N.Y. Aug. 11, 2023) (“That cryptocurrency did not exist when the EFTA was passed . . . cannot, standing alone, limit the EFTA's application to cryptocurrency.”).

1. Was there an “account”?

The EFTA defines an “account” as “a demand deposit (checking), savings, or other consumer asset account . . . held directly or indirectly by a financial institution and established primarily for personal, family, or household purposes.” 12 CFR § 1005.2(b)(1). The EFTA applies to any person “who . . . directly or indirectly . . . holds an account belonging to a consumer” (see 15 USC 1693(a)(9)) or who issues “an access device and agrees with a consumer to provide electronic fund transfer services.” 12 CFR § 1005.2(i); see also id. at (a)(1) (defining “access device” as a “card, code, or other means of access to a consumer’s account, or any combination thereof, that may be used by the consumer to initiate electronic fund transfers”).

Under those definitions, a crypto transaction may or may not involve an “account” or “access device” falling within the EFTA’s ambit. Regardless of whether the transaction involved a custodial wallet, non-custodial wallet, centralized crypto exchange, or decentralized crypto exchange, therefore, a plaintiff could argue that (s)he had an “account” with the defendant or that the defendant issued an “access device” for electronic fund transfers.

2. Was the “account” established for “personal, family, or household purposes”?

The EFTA applies to a “consumer asset account established primarily for personal, family, or household purposes.” See 12 CFR § 1005.2(b)(1). “Classifying an account for purposes of EFTA application is a fact-bound question prompting the court to analyze what the primary use of the account is – business or personal.” Waldeck v. PNC Bank, Nat’l Ass’n, 4:21-CV-00389, 2021 WL 4899031, at *2 (N.D. Ohio Aug. 12, 2021) (collecting cases and holding that “[i]t would be inappropriate to dismiss Plaintiff's EFTA claim prior to more extensive fact discovery to determine the nature of the account”).

Only two state or federal decisions (as published on Westlaw) have assessed whether a crypto “account” was established for personal, family, or household purposes under the EFTA. Unfortunately, those decisions set forth inconsistent tests for making this determination.

First, Judge Liman recently held that the plaintiff did not have an account for personal, family, or household purposes with defendant Uphold HQ Inc. See Yuille v. Uphold HQ Inc., No. 22-CV-7453 (LJL), 2023 WL 5206888, at *5-9 (S.D.N.Y. Aug. 11, 2023). The court explained that “the relevant question here is whether the Account was ‘established primarily’ for profit-making purposes.” Id. Under that analysis, the court concluded that the plaintiff had created the account for a profit motive:

The purpose for which the Account was established was for investment, which has an inherent profit motive. Notably, [Plaintiff] does not allege that the Account had any of the indicia an account established for “personal, family, or household purposes”: He did not establish the Account to “receive[ ] direct deposits from [his] paychecks,” and he did not establish or maintain the account to hold funds earmarked to pay household or other personal expenses. Instead, Plaintiff alleges that he had to “reduce” his holdings in the Account “to dollars and transfer dollars to his bank,” presumably to use those dollars for personal expenses.

Id. at *8 (S.D.N.Y. Aug. 11, 2023).

Second, Judge Cote subsequently applied a different analysis that did not focus on the plaintiff’s profit motive for the subject account. Nero v. Uphold HQ Inc., 22CV1602 (DLC), 2023 WL 5426203, at *5 (S.D.N.Y. Aug. 23, 2023). The court explained that “[t]he EFTA’s reference to ‘personal’ accounts distinguishes between an account established for a natural person’s own use, including for investments, and one established by a natural person for a separate entity, such as a business.” Id. at *5 . Accordingly, the court specified that “an account is established primarily for a personal purpose where the natural person established the account for their individual or family use, as opposed to for a business or commercial endeavor.” Id. The court further clarified that “[u]nder this definition, any profit motive in establishing the asset account is irrelevant.” Id. The court concluded that “personal asset accounts that are investment accounts like . . . the cryptocurrency accounts at issue here, are accounts covered by the EFTA.” Id.

Because those decisions conflict, they fail to provide direction to consumers, crypto businesses, and litigants seeking to understand their rights and obligations under the EFTA. Simply put, the EFTA’s applicability to a particular “account” will depend on two features: (a) whether the court applies a profit-motive test (see Yuille, 2023 WL 5206888) or a commercial-endeavor test (see Nero, 2023 WL 5426203); and (b) the application of the chosen test to the facts underlying the establishment of the account in question.

3. Was there an “electronic fund transfer”?

The EFTA defines “electronic fund transfer” as “any transfer of funds, other than a transaction originated by check, draft, or similar paper instrument, which is initiated through an electronic terminal, telephonic instrument, or computer or magnetic tape so as to order, instruct, or authorize a financial institution to debit or credit an account.” 15 U.S.C. § 1693a(7). Consequently, there is an open question as to whether cryptoassets can be “funds” under the EFTA.

Only one state or federal decision (as published on Westlaw) has reached a holding as to whether particular cryptoassets were “funds” under the EFTA. Rider v. Uphold HQ Inc., 657 F. Supp. 3d 491, 498 (S.D.N.Y. 2023). Holding that the cryptoassets were “funds,” Judge Cote explained:

The EFTA does not define the term “funds.” “When a term goes undefined in a statute,” courts give the term “its ordinary meaning.” Black's Law Dictionary defines “funds” as “[a] sum of money or other liquid assets established for a specific purpose.” Black's Law Dictionary (11th ed. 2019). “Cryptocurrency” is defined in the dictionary as “[a] digital or virtual currency that is not issued by any central authority, is designed to function as a medium of exchange, and uses encryption technology to regulate the generation of units of currency, to verify fund transfers, and to prevent counterfeiting.” Black's Law Dictionary (11th ed. 2019). Under its ordinary meaning, the term “cryptocurrency” means a digital form of liquid, monetary assets that constitute “funds” under the EFTA.

Id. (cleaned up). Under that analysis, any particular cryptoassets may be “funds” under the EFTA. Nonetheless, the caselaw is undeveloped, and courts may apply alternative analyses or reach different conclusions as to this issue.

4. Was the electronic fund transfer “authorized”?

The EFTA defines “unauthorized electronic fund transfer” as “an electronic fund transfer from a consumer’s account initiated by a person other than the consumer without actual authority to initiate such transfer and from which the consumer receives no benefit.” 15 U.S.C. § 1693a(12). Additionally, the CFPB has determined that “an unauthorized EFT includes a transfer initiated by a person who obtained the access device from the consumer through fraud or robbery.” The CFPB further has confirmed that when a third-party “fraudulently induces a consumer to share account access information,” there is an unauthorized transfer under the EFTA. In other words, “access to account information that was furnished in the first instance under fraudulent pretenses is not ‘authorized’ access under the EFTA.” Green v. Capital One, N.A., 557 F. Supp. 3d 441, 448 (S.D.N.Y. 2021).

Accordingly, litigants should be wary that it is fact-specific and context-specific whether a particular crypto transaction would be deemed “unauthorized” under the EFTA. The result could vary depending on the knowledge, intent, and precise actions by the account holder as to the transaction.

-Constantine P. Economides