Changes to Pre-authorized Debit Rules

Note: The rules and law may have changed since this article was first published. It is provided for archival purposes but you should consult with your lawyer for the current state of the law

Pre-authorized debit programs are a popular method of payment for businesses. On average, more than 2.3 million pre-authorized debits were processed through the Canadian clearing system each business day during 2007.

A pre-authorized debit payment is based on an agreement between the customer (payor) and the business (payee) where the customer authorizes a business to debit a bank account for goods and/or services under specified terms. This is often for fixed amounts at fixed intervals, but it can be sporadic payments based on services or goods provided. The business provides its bank with the customer’s bank account particulars and requests the bank to collect the payment from the customer’s bank. The message between the two banks is an electronic payment item called a pre-authorized debit, or “PAD”. The two banks clear and settle the amounts following the rules of the Canadian Payments Association (“CPA”).

In June 2008, the CPA changed its pre-authorized payment and debit program to enhance disclosure to customers. The amended rules apply to pre-authorized payment programs entered into on or after February 28, 2010. PAD’s entered into prior to February 28, 2010 will be “grandfathered” under the old rules and need not be updated.

The new rules require all businesses using pre-authorized debit programs as a method of payment to make some changes to the forms and processes through which they obtain their customers’ authorization.Recurring charges to credit cards do not fall under these rules.

The CPA’s changes to the PAD rules make it clearer for businesses using PAD’s by describing what information is mandatory and what is optional in a PAD agreement. The following elements are mandatory:

  • the customer’s clear authorization for the business, through its bank, to debit the customer’s account;
  • a clear statement of the amount, frequency and timing of the payments;
  • a statement indicating whether the pre-authorized debit is with respect to business, personal or funds transfer purposes;
  • a statement that the customer may cancel the authorization at any time, and no more than 30 days notice may be required for cancellation;
  • information on how to cancel a pre-authorized debit, including information about where the customer can obtain a sample cancellation form or further information;
  • contact information for the business; and
  • a standard statement outlining the customer’s right of recourse in the event that a debit is taken in error, does not follow the terms of the agreement or is not authorized.

CPA’s amendments also provide greater flexibility by allowing businesses to establish pre-authorized debit agreements through electronic means. This could include telephone, email or internet authorizations. Businesses that wish to use pre-authorized debit agreements electronically must submit their proposed electronic forms or processes to their financial institution for review. This submission must include the process they will use to confirm the identity of the payor in the electronic environment.

If a pre-authorized debit is entered into electronically, businesses must also take the additional step to confirm the authorization before the pre-authorized debit can be initiated. The business must send a written confirmation which includes all of the details of the pre-authorized debit agreement to the payor 15 days prior to the first debit. The 15 day period can be reduced by mutual agreement but cannot be waived. As with non-electronically formed pre-authorized debit agreements, the business must retain the authorization. Pre-authorized debit agreements which are printed, signed and returned via e-mail attachment or facsimile are not considered an electronically-formed agreement.

As mentioned above, pre-authorized debit agreements entered into before February 28, 2010 do not need to be updated or revised. The new rules apply only to pre-authorized debit agreements created on or after that date. Even so, it may be worthwhile to review all PAD’s currently in place, and consider upgrading them to the new standards. While this may not be strictly required, it could have benefits in customer relations, and might also identify files which need more information or documentation.