Last week, we discussed the cost of non-compliance with CFPB Fair Lending Practices, and how regulatory intelligence technology can help organizations stay up-to-date and in compliance. The second blog of this series will highlight the Fair Credit Reporting Act (FCRA) and instances when a financial institution may be considered a consumer reporting agency. There are over 400 consumer reporting agencies in the United States. Still, when most people think about a consumer reporting agency, the first providers that come to mind are Equifax, TransUnion, and Experian. Although these are correct assumptions, the FCRA provides a more detailed definition of a consumer reporting agency. Generally, financial institutions are not considered consumer reporting agencies, but those who engage in certain information-sharing practices can be deemed consumer reporting agencies.
The Fair Credit Reporting Act
Implementing regulations at 12 CFR Part 1022 (Regulation V) was originally proposed as an amendment to the Truth in Lending Act in 1968 by the late House Representative Clement J. Zablocki. Although the amendment was defeated, it got the attention of the late Senator Edward W. Proxmire and Congresswoman Leonor K. Sullivan. Senator Proxmire wanted to alleviate the problems where a “consumer is unjustly denied credit because of faults or incomplete information in a credit report, or because he has been confused with another individual.” Senate Bill 823 was constructed around three requirements: confidentiality of the information in the credit report, the opportunity to correct adverse information in the credit report, and procedures to discard irrelevant and outdated information. The FCRA became effective in 1970. Title VI of the Act protects the data collected by consumer reporting agencies. Companies that provide information to consumer reporting agencies have legal obligations to investigate disputed information and ensure the information is accurate. Users of the information for credit must notify a consumer when a negative action is taken based on a credit report. The notification should be timely and accurate. While most banks and credit unions furnish consumer credit information to consumer reporting agencies, there is no federal requirement that obligates them. A credit report is primarily a record of a consumer’s payment history, including credit cards, auto loans, mortgages, student loans, and similar debts.
When is a Financial Institution a Consumer Reporting Agency?
Business entities that are consumer reporting agencies have significant responsibilities under the FCRA; business entities that are not consumer reporting agencies have somewhat lesser responsibilities. Generally, financial institutions are not considered consumer reporting agencies; however, those that engage in certain types of information-sharing practices can be deemed consumer reporting agencies.
Title 12 CFR Part 220.40 applies to banks that are members of the Federal Reserve System and their duties as furnishers of information. Under Part 220.41, a furnisher of information is defined as:
- An entity that furnishes information relating to consumers to one or more consumer reporting agencies for inclusion in a consumer report.
Under the Fed Compliance Consumer Handbook, the FCRA requires financial institutions to provide consumers with various notices and information if based on:
- Employment Purposes – Requires written permission of the consumer; Disclosure that a consumer report may be obtained for employment purposes;
- If adverse action is taken involving the employment, the institution must provide a copy of the report;
- A description in writing of the rights of the consumer; and
- The consumer must be given an adverse action notice.
In addition, the FCRA applies to financial institutions that operate as;
- Procurers and users of information (for example, when granting credit, purchasing dealer paper, or opening deposit accounts);
- Furnishers and transmitters of information (by reporting information to consumer reporting agencies or other third parties, or to affiliates);
- Marketers of credit or insurance products.
The Federal Trade Commission Bureau of Consumer Protection and the Consumer Finance Protection Bureau are the two primary federal government bodies responsible for enforcing the FCRA. State attorneys general and litigations by private parties also play a role in enforcement. It is imperative for every financial institution or business defined as a consumer reporting agency to be aware of the applicable regulations. Not complying can subject a business to statutory damages ranging from $100 to $1,000 per violation.
In March 2020, the Federal Trade Commission issued an order under a civil action in the amount of $220,000 against a national department store chain for violations of the FCRA.
In December 2020, the Consumer Finance Protection Bureau issued a consent order in the amount of $4.7 million penalty against an originator of auto loans and leases that contained errors that could have negatively impacted consumers’ credit scores and access to credit.
There are many ways to stay up-to-date with regulatory changes: monitor regulatory agency websites; follow regulatory agencies on social media; subscribe to newsletters; attend conferences, etc. These methods are not only time consuming for a compliance officer, but the information can be outdated. Regology’s artificial intelligence addresses those challenges and keeps businesses up-to-date with regulations specific to their needs.