Written By ESR News Blog Editor Thomas Ahearn
On December 6, 2018, the Consumer Financial Protection Bureau (CFPB) – the U.S. government agency responsible for consumer protection in the financial sector that may soon be called the Bureau of Consumer Financial Protection (BCFP) – announced a settlement with State Farm Bank for violating the Fair Credit Reporting Act (FCRA) and Regulation V by obtaining consumer reports without a permissible purpose.
Under the terms of the consent order, State Farm Bank – a federal savings association headquartered in Bloomington, Illinois – must not violate the FCRA or Regulation V and must implement and maintain reasonable written policies, procedures, and processes to address the practices at issue in the consent order and prevent future violations. As described in the consent order, State Farm Bank violated:
- The FCRA, Regulation V, and the Consumer Financial Protection Act of 2010 by obtaining consumer reports without a permissible purpose;
- Furnishing to credit-reporting agencies (CRAs) information about consumers’ credit that the bank knew or had reasonable cause to believe was inaccurate;
- Failing to promptly update or correct information furnished to CRAs;
- Furnishing information to CRAs without providing notice that the information was disputed by the consumer; and
- Failing to establish and implement reasonable written policies and procedures regarding the accuracy and integrity of information provided to CRAs.
According to the consent order, Section 604(f) of FCRA mandates that consumer reports be used or obtained only for permissible purposes enumerated in the statute. The FCRA states that a “person shall not use or obtain a consumer report for any purpose unless (1) the consumer report is obtained for a purpose for which the consumer report is authorized to be furnished” and one other condition is met.
The purposes specified in FCRA include consumer reports furnished “in connection with a credit transaction involving the consumer on whom the information is to be furnished and involving the extension of credit to, or review or collection of an account of, the consumer.” In certain instances, the CFPB claims State Farm obtained consumer reports of consumers who were not seeking an extension of credit.
The planned rebranding proposal from former acting CFPB Director Mick Mulvaney that would change the name of the Consumer Financial Protection Bureau (CFPB) to the Bureau of Consumer Financial Protection (BCFP) could cost banks, lenders, and other financial services firms subject to CFPB supervision more than $300 million, according to a report from The Hill based on “an internal agency analysis.”
The CFPB – established by the 2010 Dodd-Frank Wall Street Reform and Consumer Protection Act – was known as the Consumer Financial Protection Bureau and CFPB since opening in 2011. Mulvaney – who is also the White House budget director – took over in 2017 began referring to the agency as the Bureau of Consumer Financial Protection or BCFP, reflecting the name codified in the Dodd-Frank legislation.
In September 2018, the CFPB issued an interim final rule updating two model disclosures used by CRAs for consumer reports to reflect changes made to the FCRA by legislation. In May 2018, Congress passed the Economic Growth, Regulatory Relief, and Consumer Protection Act which requires nationwide consumer reporting agencies to provide “national security freezes” free of charge to consumers.
The Act mandates that when the FCRA requires a consumer to receive the Summary of Consumer Rights – a summary of rights to obtain and dispute information in consumer reports and to obtain credit scores – or the Summary of Consumer Identity Theft Rights – a summary of rights of identity theft victims – a notice regarding the new security freeze right also must be included. Here are links to the new forms:
The Act also extended from 90 days to one year the minimum time that nationwide consumer reporting agencies must include an initial fraud alert in a consumer’s file to inform a prospective lender that a consumer may be a victim of identity theft. Congress set an effective date of September 21, 2018, for the security freeze right, the notice requirement, and the change in duration for initial fraud alerts.
To help businesses comply with the new law, the interim final rule issued updates the BCFP’s model forms, incorporating the new required notice and the change to the minimum duration of initial fraud alerts. The interim final rule also took steps to mitigate the impact of these changes on users of the model forms published by the Bureau in November 2012 by permitting various compliance alternatives.
The FCRA requires the CFPB to write model forms of the documents. Consumer reporting agencies and other entities can use the Bureau’s model forms or their own substantially similar forms. The interim final rule invited comments on these and any other aspects of the Bureau’s model forms to inform any possible further rulemaking. The interim final rule issued by the BCFP is available here.
More Information about the CFPB from ESR
Employment Screening Resources® (ESR) – a global background check firm – provides employers with information about the Consumer Financial Protection Bureau (CFPB), which took over administering notices required by the federal Fair Credit Reporting Act (FCRA) from the Federal Trade Commission (FTC) on January 1, 2013. To read more about the CFPB, visit www.esrcheck.com/wordpress/tag/cfpb/.
NOTE: Employment Screening Resources® (ESR) does not provide or offer legal services or legal advice of any kind or nature. Any information on this website is for educational purposes only.
© 2018 Employment Screening Resources® (ESR) – Making copies or using of any part of the ESR News Blog or ESR website for any purpose other than your own personal use is prohibited unless written authorization is first obtained from ESR.