How to File a CFPB Complaint for Unauthorized ACH Withdrawals from Your Business Account in Texas
Texas business owners can file a CFPB complaint online in about 10–15 minutes, and the CFPB typically forwards it to the bank within 1 business day. If unauthorized ACH debits are draining your operating account, time-sensitive notice rules under the UCC and your account agreement can affect your recovery. This article explains how to prepare, file, and escalate a CFPB complaint from Texas, plus what to do in parallel to preserve legal claims.
Unauthorized ACH withdrawals from a Texas business account: why the CFPB complaint route matters
When an unknown “WEB,” “CCD,” or “PPD” ACH debit hits your Texas business account, the immediate damage is cash-flow disruption—missed payroll, overdraft fees, delayed vendor payments, and strained credit lines. The longer-term risk is legal: banks often deny reimbursement by pointing to account agreement terms, “commercial account” exclusions, or alleged failure to give timely notice.
A Consumer Financial Protection Bureau (CFPB) complaint can be a powerful pressure-and-paperwork tool. It does not replace litigation, but it can (1) force a tracked, written response from the financial institution, (2) escalate the issue beyond a branch-level denial, and (3) create a clear record of what you reported and when—often critical under Uniform Commercial Code (UCC) timing rules and contractual notice provisions.
Before you file: confirm what type of ACH transaction you’re disputing
ACH disputes turn on details. In practice, banks classify unauthorized withdrawals differently depending on the Standard Entry Class (SEC) code and how the transaction was initiated.
Common ACH scenarios affecting Texas businesses
1) Unauthorized debit from a “new vendor” you never approved. Example: Your statement shows “ABC Marketing LLC WEB DEBIT $9,875,” but you never signed an authorization.
2) Legitimate vendor, wrong amount or duplicate debits. Example: A software vendor drafts twice in one day or drafts $12,000 instead of $1,200.
3) Account takeover leading to ACH origination. Example: A criminal gains online banking access and pushes ACH transactions through your treasury portal.
4) “Micro-deposit” or verification scheme abuse. Example: Unknown debits appear after someone attempts to link your account to a third-party platform.
These categories matter because your bank may treat the issue as an “ACH return/authorization problem,” a “wire/Commercial UCC Article 4A funds transfer” dispute, or an “online banking fraud” claim governed by your treasury management contract.
Know the legal landscape: business accounts are not automatically protected like consumer accounts
Many business owners assume the same rules that protect personal checking accounts apply. Often they do not.
Regulation E usually does not cover business ACH debits
The federal consumer protection rule for electronic fund transfers—Regulation E—generally applies to consumer accounts, not business accounts. That means the familiar “unauthorized transaction” timelines and liability caps for individuals are often unavailable to companies.
UCC and contract terms often control business ACH disputes
For business banking, responsibility and deadlines frequently come from:
• Your deposit account agreement (including “reporting unauthorized transactions” clauses).
• Treasury management/online banking agreements (security procedures, token requirements, dual control, and “commercially reasonable” standards).
• UCC provisions adopted in Texas (Texas has enacted UCC articles that govern bank deposits/collections and, for many electronic transfers, funds transfer rules). Banks frequently argue that your remedies are limited if you did not promptly review statements or if you agreed to specific notice periods.
Practical takeaway: File your complaint and send written notice fast—even if you are still investigating—because timing and documentation frequently drive outcomes.
Step-by-step: how to file a CFPB complaint about unauthorized ACH withdrawals (Texas business edition)
Step 1: Take immediate damage-control steps (same day, if possible)
Before filing, stabilize the account:
• Contact your bank’s fraud department and ask to freeze/disable ACH debits, add an ACH block, or implement ACH filters (where available).
• Change online banking credentials and revoke API/third-party access (accounting apps, payment processors).
• Preserve evidence: download statements, transaction details, and any alert emails/texts.
• Ask for fees to be reversed (NSF, overdraft, “item returned” fees) and document the request.
Step 2: Gather the documents the CFPB complaint will need
Strong CFPB complaints read like a short case file. Attach or be ready to upload:
• Bank statements showing each unauthorized ACH entry (highlighted).
• ACH transaction details (trace number, effective date, amount, merchant/originator name, SEC code if shown).
• Written communications with the bank (emails, secure messages, branch notes, denial letters).
• Proof of non-authorization: contracts showing the vendor relationship ended, emails showing you refused authorization, internal approvals policy, or affidavits from authorized signers.
• Timeline: date you discovered the withdrawals, date you notified the bank, how you notified them, and who you spoke with.
• Impact evidence: overdraft notices, payroll issues, late fees, vendor penalties, or business interruption details.
Step 3: Identify the correct respondent (bank vs. payment platform)
File the complaint against the institution that holds your account (your bank or credit union). If the unauthorized debits flowed through a fintech platform (e.g., a payment processor), you may also submit a separate complaint against that company if it is in CFPB’s system. Make sure the “who did what” is clear: “My bank processed unauthorized ACH debits and refused to return them,” versus “A payment platform initiated debits without authorization.”
Step 4: Submit the complaint through the CFPB portal
Use the CFPB’s online complaint tool and select the most applicable product category (typically “Checking or savings account” or “Money transfer, virtual currency, or money service,” depending on the institution and the facts). In the narrative, use numbered paragraphs and keep it factual.
Step 5: Write an effective narrative (sample structure)
A persuasive narrative for unauthorized ACH withdrawals should include:
1) The account and parties. “I am the owner/CFO of a Texas LLC. The disputed transactions occurred in our business checking at [Bank], account ending 1234.”
2) The unauthorized debits. List each debit with date, amount, and descriptor. Example: “On 04/02/2026, $6,420 ‘XYZ Solutions WEB’ posted; on 04/03/2026, $6,420 posted again.”
3) The discovery and notice. “We discovered the debits on 04/03/2026 at 9:10 a.m. and notified [Bank] by phone and secure message the same day.”
4) The bank’s response. “The bank refused to return the items, stating ‘business accounts are not covered’ and closed the claim without providing supporting documentation.”
5) What you want. Be specific: “Return of $12,840, reversal of all related fees, written explanation of the basis for denial, and copies of any authorization the bank relied on.”
6) Why it’s wrong. “No authorization exists; the vendor relationship ended on [date]. We did not share credentials; the bank did not provide evidence of authorization and ignored our written notice.”
Step 6: Upload exhibits and keep a submission record
Upload key exhibits (statements, denial letters, timeline). Save the CFPB confirmation number and a PDF of your submission. If you later pursue demand, arbitration, or suit, that record helps prove prompt notice and the bank’s stated reasons.
What happens after you file: CFPB workflow and typical timelines
After submission, the CFPB generally routes the complaint to the company and requests a response. You can track status in the portal. Many banks respond with (a) a substantive explanation, (b) a request for more information, or (c) a “final” position letter.
What to watch for in the bank’s response:
• Reliance on account agreement deadlines. They may cite a short window (sometimes 30–60 days) to report unauthorized items.
• “Authorization” assertions without evidence. Demand copies of any ACH authorization, proof of “commercially reasonable” security procedures, and internal claim notes.
• Reclassification of the loss. Some banks attempt to characterize the dispute as customer error, vendor dispute, or authorized transfer.
Parallel actions to take in Texas while the CFPB complaint is pending
A CFPB complaint is not an injunction and does not stop continued debits by itself. Consider these parallel steps to protect your business and preserve claims.
Send a formal written dispute/notice letter (certified and email)
Send a dated letter to the bank’s disputes/fraud address and legal notices address listed in your agreements. Include the transaction list, a demand for return, and a request that the bank produce any alleged authorizations. If your agreement has a specific notice method, follow it.
Request an ACH stop, block, or filter
Texas businesses often have access to treasury tools that consumers don’t. An ACH block can prevent all debits; an ACH filter allows only approved originators and limits amounts.
File a police report when appropriate
If the facts suggest criminal activity (account takeover, identity theft, forged authorizations), a police report can help establish the seriousness of the dispute and support reimbursement
