The comments about credit reporting at your next examination may come as a surprise. It’s something that most of us don’t think that much about, especially considering the heavy hitting issues of TRID, HMDA, and UDAAP. Think the Consumer Financial Protection Bureau (CFPB) and other federal bank regulators aren’t thinking about credit reporting compliance? The CFPB issued a Supervisory Highlights Consumer Reporting Special Edition in March 2017 detailing the problems in the credit reporting industry that it has uncovered and corrected through its oversight work. In the release, the agency says, “Consumers continue to complain about the credit reporting industry in high numbers. The Bureau has handled approximately 185,700 credit reporting complaints as of February 1, 2017. Consumers have said that when they dispute an item on their report, nothing changes even though federal law requires the consumer reporting company to conduct a reasonable reinvestigation and update the file to reflect any necessary changes or delete the item. Consumers also frequently complain of debts already paid showing up on their report as unpaid and information that is not theirs being included in their report negatively affecting their credit scores.”
With that kind of ammunition, there will continue to be a good deal of regulatory interest in credit reporting timeliness, accuracy, and error investigation and resolution.
Two Federal laws cover the lion’s share of credit reporting compliance requirements.
The Fair Credit Reporting Act (FCRA) was enacted in 1970 and was administered by the Federal Reserve Board until 2011 when rulemaking authority for it and several other federal consumer protection regulations were transferred to the Consumer Financial Protection Bureau (CFPB) by the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010 (Dodd-Frank Rules). The CFPB established the new Regulation V for Fair Credit Reporting. The primary purpose of the FCRA is to provide guidance to consumer reporting agencies about collecting and disseminating information about consumers to be used in credit evaluations and for other purposes, including insurance applications and employment. The FCRA also has rules for users of consumer reports and consumer information, and those rules are important for lenders and servicers.
The Fair and Accurate Credit Transactions Act (FACTA) was signed into federal law in December 2003, and most the requirements became effective in December 2004. The guidance in FACTA builds on provisions for credit reporting that are found in the Fair Credit Reporting Act (FCRA), and it implements guidance for identity theft prevention.
Credit bureaus (credit reporting agencies) are common types of consumer reporting agencies. Under FCRA, credit bureaus must verify the accuracy of credit records they maintain when consumers dispute the accuracy. Credit bureaus must notify the consumer if it reinserts negative information that it had removed because of the consumer’s dispute. Under the Fair and Accurate Credit Transactions Act of 2003 (FACTA), which amended the FCRA, consumers may obtain a free credit report once every 12 months. Consumers must request the reports, and they may be obtained from three national consumer credit reporting agencies – TransUnion, Experian, and Equifax.
A creditor is covered by the FCRA because it provides information to consumer reporting agencies. Under FCRA, if a creditor provides information to consumer reporting agencies, it must:
- Provide complete and accurate information;
- Investigate information disputed by the consumer and correct the error or provide an explanation about its accuracy within 30 days of receiving the dispute; and
- Inform consumers about negative information reported or about to be reported to a consumer reporting agency within 30 days.
The FACTA contains seven separate titles and includes these major provisions:
Identity Theft Prevention and Credit History Protection – FACTA is intended to deter fraudulent use of consumers’ credit histories. The law provides for alerts to protect consumers’ credit records; limits how credit card account information is used on receipts; and requires new regulations to compel financial institutions and creditors to implement procedures to detect identity theft. FACTA mandates proper destruction and disposal of certain information that is collected about consumers.
Fraud Alerts – FACTA allows individuals who suspect they may be subject to identity theft or who are deployed overseas with the military to implement alert notifications on their credit records. Such alerts deter many fraudulent uses of credit records.
Credit and Debit Card Numbers – FACTA requires that businesses print no more than five digits of a customer’s card number or card expiration date receipts for point-of-sale or purchase transactions. All types of receipts are covered by the requirements, including those that are imprinted or handwritten. The credit and debit card number truncation rules became effective in 2005.
Red Flags Rule – The FACTA Red Flags Rule required federal agencies to create joint regulations about identity theft prevention that was applicable to financial institutions and creditors. The coverage of the FACTA Red Flags Rule extends to covered accounts at “financial institutions and creditors” which have been defined by the Federal Trade Commission (FTC) to include “lenders such as banks, finance companies, automobile dealers, mortgage brokers, utilities companies and telecommunications companies”. The FTC has also defined “covered accounts” to mean any account for which there is a foreseeable risk of identity theft. For example, credit cards, monthly billed accounts like utility bills or cell phone bills, social security numbers, driver’s license numbers, medical insurance accounts, and many others.
Consumer Credit Report Access – Consumers may obtain a free credit report once every 12 months. Consumers must request the reports, and they may be obtained from three national consumer credit reporting agencies – TransUnion, Experian, and Equifax. The three agencies worked with the Federal Trade Commission to implement a website for consumers to more easily access credit reports (www.AnnualCreditReport.com).
Rights and Protection of Identity Theft Victims – FACTA required federal agencies to establish a summary of rights for identity theft victims. It also requires credit reporting agencies to block information in a consumer’s file that the consumer indicates is a result of identity theft. The consumer must confirm that the information is not a result of his/her own transactions. FACTA required all consumer credit reporting agencies to develop a method to communicate with each other about complaints of fraud or identity theft from consumers and about requests for fraud alerts and blocking on records.
FCRA, FACTA, and the CMS
Lenders and servicers should ensure the Compliance Management System they employ provides adequate coverage to the requirements of FCRA and FACTA.
Around the Industry:
CFPB continues to target debt collection compliance.
On the Horizon:
Federal Trade Commission announces agenda for May Identity Theft Conference.
Do your marketing practices expose your organization to fair lending risk? See this for insight.