seminar objectives - total training solutionsttsmedia.ttstrain.com/fcrabjp041316.pdf · damage...
TRANSCRIPT
4/13/2016
1
1
Fair Credit Reporting Act:
Ten Critical Issues
April 13, 2016
Presented by:
Susan Costonis, C.R.C.M.Compliance Training & Consulting for Financial Institutions
Seminar Objectives
• The Fair Credit Reporting Act has been in effect since 1971,but has been amended substantially over the years, mostrecently by significant changes in the FACT Act. Even thoughthis regulation is an “oldie but goodie”, there are still manyissues and violations have been cited. The CFPB trackscomplaints and the “credit reporting” complaint category hasincreased focus by all the regulators. In addition, increasedidentify theft, fraud, and cyber crime have a directrelationship to the potential for inaccurate credit reports.
• What are the ten critical issues?
2
4/13/2016
2
WHAT YOU WILL LEARN:
• What are the key definitions in the Fair Credit Reporting Act for “person”, “consumer” “consumer report” and “consumer reporting agency”?
• What are the permissible purposes for a consumer reporting agency to furnish a consumer report?
• What requirements must be followed by the USERS of consumer reports?
• What are the responsibilities to “furnish” accurate information?
• Is there a restriction on sharing credit and debit card numbers on electronic receipts?
• How should “negative” credit performance information be provided?
• How should adverse action/FCRA notices be given?
• Credit score disclosure notices – what’s required?
• Use of medical information – what are the rules?
• Exam procedures for FCRA – highlights and best practices.
3
FCRA KEY DEFINITIONS
• Consumer – is an individual
• Consumer Report ‐ written, oral, or other communication by a CRA bearing on credit worthiness…consumer purpose (see details and exclusions)
• Identifying information – name, social security number, date of birth, ID, etc.
• Identify Theft – fraud committed or attempted using the identifying information of another person without authority.
• Identity theft report ‐ see details
• Medical information ‐ ‐ see details
4
4/13/2016
3
PART 1022 – FAIR CREDIT REPORTING (REGULATION V)
Subpart A—General Provisions
Subpart C—Affiliate Marketing
Subpart D—Medical Information
Subpart E—Duties of Furnishers of Information
Subpart F—Duties of Users Regarding Obtaining and Using Consumer Reports
Subpart H—Duties of Users Regarding Risk‐Based Pricing
Subpart I—Duties of Users of Consumer Reports Regarding Identity Theft
Subpart M—Duties of Consumer Reporting Agencies Regarding Identity Theft
Subpart N—Duties of Consumer Reporting Agencies Regarding Disclosures to Consumers
Subpart O—Miscellaneous Duties of Consumer Reporting Agencies
5
FCRA KEY PROVISIONS
A. Users Must Have a Permissible Purpose As instructed by the consumer in writing, for the extension of credit as
a result of an application from a consumer, or the review or collection of a consumer's account; account review, “prescreened” offers
B. Users Must Provide Certifications
C. Users Must Notify Consumers When Adverse Actions Are Taken– 1. Adverse Actions Based on Information Obtained From a CRA
– 2. Adverse Actions Based on Information Obtained From Third Parties Who Are Not Consumer Reporting Agencies
6
4/13/2016
4
FCRA KEY PROVISIONS
D. Users Have Obligations When Fraud and Active Duty Military Alerts are in Files
E. Users Have Obligations When Notified of an Address Discrepancy
F. Users Have Obligations When Disposing of Records
III – Obligations for Employment Purposes
VI. OBLIGATIONS OF USERS OF MEDICAL INFORMATION
VII. OBLIGATIONS OF USERS OF "PRESCREENED" LISTS
7
ADVERSE ACTION NOTICE REQUIREMENTS
UNDER THE ECOA AND THE FCRA
• Regulation B defines adverse action as:
• A refusal to grant credit in substantially the amount or on substantially the terms requested in an application unless the creditor makes a counteroffer (to grant credit in a different amount or on other terms), and the applicant uses or expressly accepts the credit offered;
• A termination of an account or an unfavorable change in the terms of an account that does not affect all or substantially all of a class of the creditor’s accounts; or
• A refusal to increase the amount of credit available to an applicant who
has made an application for an increase.
8
4/13/2016
5
ADVERSE ACTION NOTICE REQUIREMENTS
UNDER THE ECOA AND THE FCRA
• The FCRA, by contrast, defines adverse action more broadly to include:
• Adverse action as defined in section 701(d)(6) of ECOA ;
• A denial or cancellation of, an increase in any charge for, or a reduction or other adverse or unfavorable change in the terms of coverage or amount of, any insurance, existing or applied for, in connection with the underwriting of insurance;
• A denial of employment or any other decision for employment purposes that adversely affects any current or prospective employee;
• A denial or cancellation of, an increase in any charge for, or any adverse or unfavorable change in the terms of a government license or benefit; or
• An action on an application or transaction initiated by a consumer, or in connection with account review that is adverse to the consumer’s interests.
9
10
WHEN ADVERSE ACTION NOTICES ARE REQUIRED
4/13/2016
6
11
Who Must Receive Notice?
12
What Are the Notice Timing Requirements?
4/13/2016
7
13
What Disclosures Are Required?
14
What Disclosures Are Required?
4/13/2016
8
When are additional FCRA credit score disclosures required?
• Specifically, the FCRA requires a person to make the following disclosures in writing or electronically as part of the adverse action notice in addition to those identified in Table 4:
• The consumer’s numerical credit score used by the person in taking adverse action
• The range of possible credit scores;
• All the key factors that adversely affected the credit score;
• The date on which the credit score was created; and
• The name of the person or entity providing the credit score or the information upon which score was created.
• But if the credit score did not play a role in the decision to take adverse action, these disclosures are not required.
15
FURNISHERS OBLIGATIONS UNDER THE FCRA AND ECOA
1. A furnisher must designate accounts to reflect both spouses' participation in the following circumstances: for new accounts when the spouse is an authorized user or is liable on the account (except as a guarantor, surety, endorser, or similar party); and for existing accounts when one of the spouses makes a written request to reflect both spouses' participation on the account
2. When an account is designated to reflect the participation of both spouses, the information must be furnished to the CRAs in a way that enables the CRAs to provide access to the information in the name of each spouse.
3. When a creditor receives an inquiry about an account that reflects the participation of both spouses, the creditor must furnish the information in the name of the spouse for whom the request is made
16
4/13/2016
9
MORE DUTIES…
• Duty to Provide Accurate Information
Inaccurate Information
Duty to Correct and Update Information
Duty to Provide Notice of Dispute
Duty to Provide Notice of Closed Accounts
Duty to Provide Notice of Delinquency of Accounts
Identity Theft
Negative Information17
Investigation of Disputes
• Investigation Procedures
Investigate the disputed information
Notify national CRAs as needed
Respond in 30 days from dispute
18
4/13/2016
10
Additional Furnishers' Duties
• Accuracy and Integrity Requirements
• “Accuracy” means that the information provided to a CRA by a furnisher correctly:
• identifies the appropriate consumer;
• reflects the account's terms and liability; and
• reflects the consumer's performance with respect to the account.
19
Additional Furnishers' Duties
• “Integrity” means the information provided to a CRA by a furnisher:
• is substantiated by the furnisher's records at the time it is furnished;
• is in a form designed to minimize the likelihood that the information may be incorrectly reflected in a consumer report; and
• includes information in the furnisher's possession that the CFPB has determined would likely be materially misleading in evaluating a consumer's creditworthiness, credit standing, credit capacity, character, general reputation, personal characteristics, or mode of living, if absent. For open‐end credit products, the credit limit (if any) is the one item of information the agencies have determined would likely be materially misleading if omitted.
20
4/13/2016
11
Direct Disputes Rule
• When a consumer files a direct dispute, a furnisher is required to investigate if the dispute relates to any of the following issues: (1) the consumer's liability for a credit account or other debt with the furnisher; (2) the terms of a credit account or other debt with the furnisher; (3) the consumer's performance or other conduct concerning an account or other relationship with the furnisher; or (4) any other information contained in a consumer report for an account or other relationship with the furnisher that bears on the consumer's creditworthiness, credit standing, credit capacity, character, general reputation, personal characteristics, or mode of living.
21
CFPB “Summary of Rights”
You must be told if information in your file is used against you
You have the right to know what is in your file
You have the right to ask for a credit score
You have the right to dispute incomplete or inaccurate information
CRAs must correct or delete inaccurate, incomplete, or unverifiable information
CRAs my not report outdated negative information
Access to your file is limited
You must give your consent for reports to be provided to employers
You may limit “prescreened” offers
You may seek damages from violators
Identity theft victims and active duty military personnel have additional rights
22
4/13/2016
12
WHO IS JULIE MILLER?
• Equifax Hit with $1.62M in Punitive Damages for Failing to Fix Credit Report
• US District Judge Anna Brown in Oregon actually reduced a jury’s punitive damage award from $18.4 million, but preserved the $180,000 compensatory damage award – so the total recovery is $1.8 million.
• Miller repeatedly wrote, telephoned and faxed Equifax over two years, but it never investigated the information, never made a correction and never gave miller the entire contents of her credit file.
• Miller spent more than $250,000 in legal fees to pursue her case, which was reported in the In the end, the judge said punitive damages could be no more the New York Times. In the end, the judge said punitive damages could be no more than 9 times the amount of compensatory damages.
23
RULES FOR IDENTITY THEFT RED FLAGS
1. Identify relevant patterns, practices, and specific forms of activity that are red flags signaling possible identity theft and incorporate those red flags into the program;
2. Detect red flags that have been incorporated into the program;
3. Respond appropriately to any red flags that are detected to prevent and mitigate identity theft; and
4. Ensure that the program is updated periodically to reflect changes in risks from identity theft.
24
4/13/2016
13
SUPPLEMENT A TO APPENDIX J EXAMPLES FOR RED FLAGS
Alerts, Notifications or Warnings from a Consumer Reporting Agency
Suspicious Documents
Suspicious Personal Identifying Information
Unusual Use of, or Suspicious Activity Related to, the Covered Account
Notice from Customers, Victims of Identity Theft, Law Enforcement Authorities, or Other Persons Regarding Possible Identity Theft
25
FCRA REQUIRED TRAINING – RED FLAGS
REQUIRED ANNUAL TRAINING – Check with YOUR Regulator or POLICY
Required by law, regulation, or policy Required by policy, corrective action, or regulatory “expectation”
1. Annual Red Flags for Identity Theft
2. Bank Protection Act (Physical Security)
3. Privacy Act and Information Security
4. Dispute procedures for accuracy of Credit Report Information
Fair Lending Bank Secrecy Act Recent exam or audit findings most
commonly include:o HMDA reporting problemso Flood Issueso New regulations & disclosureso UDAP/UDAAP – Abusive Practices
26
4/13/2016
14
Regulatory Web Addresses
Web Address Regulator
www.consumerfiance.gov Consumer Financial Protection Bureau*
www.federalreserve.gov Federal Reserve Board
www.fdic.gov Federal Deposit Insurance Corporation
www.occ.treas.gov Office of the Comptroller of the Currency
www.ncua.gov National Credit Union Administrations
27
Ten Steps to Mitigate Identity Theft Risks
28
1. Initial Risk Assessment
2. Covered Accounts
3. “Red Flags”
4. Detection
5. Response
6. Written Program
7. Training
8. Gap Analysis
9. Enhancements
10. Subsequent Risk Assessments – changes in account offerings, new covered accounts, policies & procedures for on‐going compliance
4/13/2016
15
IDENTITY THEFT AND FACTA PROVISIONS
29
• Truncation of numbers
• Change of Address with Request for Replacement Cards
• Address Discrepancy in Credit Report
• Disposal of Consumers Reports
• Disputing Inaccurate Information
• Medical Information and Consumer Reports
Four Step Process to Comply
1. Identify Relevant Red Flags
2. Detect Red Flags
3. Prevent And Mitigate Identity
Theft
4. Update The Program
30
4/13/2016
16
FCRA EXAM PROCEDURES
31
CONSUMER PERSPECTIVE AND RECENT
SETTLEMENT
• What Is a Credit Report?
• How Will the Settlement Agreement Change Credit Reporting?
• 180‐Day Waiting Period Before Reporting Medical Debt
• Traffic Tickets and Government Fines Will Not Appear in Credit Reports
• Enhanced Dispute Resolution Procedures
• Improving notifications to consumers on reinvestigation results
• Additional free annual credit report to consumers following dispute investigations
32
4/13/2016
17
FTC ADVICE TO CONSUMERS – DISPUTING ERRORS ON
CREDIT REPORTS
• How to Order Your Free Report
• Other situations where you might be eligible for a free report
• Correcting Errors;
• Step One – tell the Credit Reporting Agency in writing what is inaccurate
• Step Two – tell the information provider in writing that you are disputing an item
• About Your File
33
FCRA RULES AND PERMISSIBLE PURPOSE
• NOTE: The CFPB has begun to examine the “Big 3” Credit Reporting Agencies. BE CAREFUL TO MONITOR CREDIT REPORTS. Are they all being pulled for a “permissible purpose”?
• Warning from an Equifax representative: A bank may receive a letter from Equifax that references a credit report and your bank must supply the application that shows it was authorized for permissible purposes. Big issue is if an employee accesses a credit report (even their own) without authorization, it is a violation of FCRA and Equifax immediately terminates service. There is no chance for appeal. Examples of permissible purposes – skip tracing, review of loans, investigating fraud or possible identity theft. Examples of non‐credible/permissible purposes –pulling a credit report for your own personal reason.
• This representative recommended keeping both approved and denied applications for 6 years on file because FCRA allows for action 5+ years after the infraction or 2 years after the discovery of the infraction
34
4/13/2016
18
CFPB RELEASE COMPLAINT REPORT
AUGUST 2015
• Credit reporting complaints showed the greatest month‐over‐monthincrease, with the number of such complaints submitted by consumers inJuly 2015 up 56 percent from the number submitted in June 2015
• DO YOU HAVE A COMPLAINT POLICY?
• Is it being followed?
• Have you received any credit report disputes or complaints?
• Have they been reported to your Board?
• What was the root cause of the complaint?
• Have you checked SOCIAL media for complaints?
35
CFPB STUDY ON CREDIT REPORTS
• 26 million consumers (11% of U.S. adults) are “credit invisible” (i.e., they do not have a credit file with any of the three nationwide credit reporting agencies: Equifax, Experian, and TransUnion).
• 19 million consumers (8% of U.S. adults) have “unscored” credit records (i.e., they have insufficient credit history to generate a credit score).
• Consumers in low‐income neighborhoods are more likely to be credit invisible or to have an unscored record.
• Black and Hispanic consumers are more likely to have limited credit records.
36
4/13/2016
19
FDIC FAIR LENDING ISSUES WITH CREDIT
REPORT FEES
From the fee structure perspective, it is the difference in the price of the credit reports that some banks have negotiated with their credit reporting agencies that give a price reduction to co‐applicants that are traditional “joint” credit files (typically a husband and wife) which is not available to non‐traditional co‐applicants that are unmarried. This discounted credit report fee, which in one case created a $32 difference when the fees are passed along to the consumer, as a settlement services charge at closing. That fee difference discriminates against the unmarried co‐applicants based on marital status and is a violation of the ECOA
37
FDIC FAIR LENDING ISSUES WITH CREDIT
REPORT FEES
• From a processes perspective, unmarried co‐applicants were also found by the FDIC examiners to have some discriminatory issues. One of the banks the FDIC noted on the violations was due to the requirement that unmarried co‐applicants complete separate applications, while married co‐applicants completed a single application. This requirement is a violation of the “same standards” regardless of marital status provisions of the above sections.
• Make sure that whatever the price a “joint” credit report is, the cost of two individual credit reports equals that same amount.
38
4/13/2016
20
TOP TEN ISSUES AND SUGGESTIONS FOR
FCRA COMPLIANCE
1. Have internal controls been established to monitor credit reports? Can the bank prove that credit reports are only pulled for a permissible purpose? Is there an audit program to compare the list of credit reports that have been pulled against all applications, renewals, collection activity, and employment inquiries? Are credit reports being properly disposed or protected from computer intrusion?
2. Does the bank make an annual report to the Board that outlines the effectiveness of the Identity Theft/Red Flags program? Have new threats been identified? Has additional training been required? Have updates been made to the program?
39
TOP TEN ISSUES AND SUGGESTIONS FOR
FCRA COMPLIANCE
3. Are consumer disputes concerning the accuracy of credit reports being handled within the guidelines of resolving the dispute and responding within 30 days? Has appropriate training been done for new employees? Is there any audit module that reviews these disputes?
4. Is the information being reported to the credit reporting agencies accurate? Is there any audit module to monitor this function?
40
4/13/2016
21
TOP TEN ISSUES AND SUGGESTIONS FOR
FCRA COMPLIANCE
5. Are address changes being verified in connection for the request of replacement debit or credit cards?
6. If there is an address discrepancy, is it being resolved when a credit report is pulled?
7. If there is an identity theft alert on the credit report or an active duty alert, are appropriate procedures for verification being followed?
41
TOP TEN ISSUES AND SUGGESTIONS FOR
FCRA COMPLIANCE
8. Are the restrictions against the consideration of medical information being followed?
9. Are the appropriate adverse action/FCRA notices being completed? Are they correct?
10.Are the required risk‐based credit score notices or credit score disclosure notices being provided?
42
4/13/2016
22
TOP TEN ISSUES AND SUGGESTIONS FOR
FCRA COMPLIANCE
• Suggestions for FCRA compliance
• Monitor your primary regulator’s exam procedures and guidance for any “hot spots” that relate to credit reports, identity theft, and similar concerns
• Review policies and procedures that relate to FCRA
• Update audit programs as needed.
• Provide training to new hires and training for any
corrective action cited in audits or exams.
43
Questions!!!
44
4/13/2016
23
Thank You!
Susan [email protected]
45
Upcoming Webinars
April 14th – Opening New Accounts II - Business Accounts
April 14th – Mastering the Balancing Act
April 15th – BSA Officer Series: Managing Your BSA Alerts
April 20th – Do's and Don'ts of Checks: How to Avoid Loss
April 20th – Developing and Organizing an Effective Remote Deposit Capture Program (RDC)
April 21st – Reg E Compliance – Five Best Practices for Handling Disputes
April 26th – Analyzing Appraisals for Mortgage Decisions
April 27th – TRID for Construction Loans
April 28th – Properly Audit Your Safe Deposit Department: 30 Important Steps (2016 Update)
April 28th – Compliance Perspectives: A Monthly Update