Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
On August 29, the U.S. Court of Appeals for the 6th Circuit affirmed a district court’s ruling that a bank was not obligated under the Fair Credit Reporting Act (FCRA) to investigate a credit reporting error because the consumers failed to ever notify a consumer reporting agency. According to the opinion, after plaintiffs paid off their line of credit, the bank (defendant) continued reporting the plaintiff as delinquent on the account. After plaintiffs contacted the bank regarding the reporting error, the bank employee ensured plaintiffs that the defendant submitted amendments to the credit reporting bureaus to correct the situation. However, the plaintiffs claimed the error was not corrected until almost a year later. Plaintiffs also alleged that they did not contact the credit reporting bureau in reliance on the bank employee’s statements. The district court granted summary judgment in favor of the bank, concluding that the FCRA requires that notification of a credit dispute be provided to a consumer reporting agency as a prerequisite for a claim that a furnisher failed to investigate the dispute. Since the plaintiffs failed to trigger the defendant’s FCRA obligations because they never filed a dispute with a consumer reporting agency, the defendant’s responsibility to investigate was never activated.
On appeal, the 6th Circuit agreed with the district court that direct notification to the furnisher of the inaccurate credit report does not meet the FCRA’s prerequisite. Additionally, the plaintiffs’ state common law claims for breach of the duty of good faith and fair dealing and tortious interference with contractual relationships were preempted by the FCRA, and their fraudulent misrepresentation claim was forfeited on appeal.
On July 16, the U.S. Government Accountability Office (GAO) submitted a report to the ranking members of the Senate Banking Committee and the House Committee on Financial Services recommending that the CFPB improve communications to consumer reporting agencies (CRAs) and furnishers about the Bureau’s supervisory expectations. Specifically, the report—based on a CRA performance audit conducted by GAO from July 2018 to July 2019—presents two recommendations to the CFPB director on communicating expectations to CRAs concerning: (i) “reasonable procedures for assuring maximum possible accuracy of consumer report information;” and (ii) “reasonable investigations of consumer disputes.” According to the report, there are various causes for consumer report inaccuracies: errors in the data collected by CRAs and data not being matched to the correct consumer by CRAs. While the Bureau has “generally focused on assessing compliance with Fair Credit Reporting Act (FCRA) requirements,” GAO notes that the CFPB “has not defined its expectations for how CRAs can comply with key statutory requirements.” For instance, under the FCRA, CRAs must follow reasonable procedures for ensuring maximum possible accuracy and reasonably investigate consumer disputes. However, although the CFPB has identified deficiencies concerning these requirements in its CRA examinations, the Bureau “has not defined its expectations—such as by communicating information on appropriate practices—for how CRAs can comply with these requirements.” Therefore, GAO concluded, there exist opportunities for the Bureau to improve its oversight of CRAs. The CFPB neither agreed nor disagreed with GAO’s recommendations, and stressed that “it has made oversight of the consumer reporting market a top priority and that its supervisory reviews of CRAs have focused on evaluating their systems for assuring the accuracy of data used to prepare consumer reports.” The Bureau also commented on CRAs’ significant advances in promoting greater accuracy.
On January 9, the U.S. Court of Appeals for the 9th Circuit held that Fannie Mae is not a “consumer reporting agency” under the FCRA and therefore is not liable under the law. According to the opinion, homeowners attempted to refinance their current mortgage loan two years after completing a short sale on their prior mortgage. While shopping for the refinance, lenders used Fannie Mae’s Desktop Underwriting (DU) program to determine if the loan would be eligible for purchase by the agency. Three of the eight DU findings showed the loan would be ineligible due to a foreclosure reported for the homeowners within the last seven years, which was not true. The homeowners sued Fannie Mae alleging the agency violated the FCRA for inaccurate reporting. On cross motions for summary judgment, the lower court determined that Fannie Mae was liable under the FCRA for furnishing inaccurate information because the agency “acts as a consumer reporting agency when it licenses DU to lenders.”
On appeal, the 9th Circuit reviewed whether Fannie Mae was a consumer reporting agency under the FCRA and noted that the agency must “regularly engage in . . . the practice of assembling or evaluating” consumer information, which Fannie Mae argues it does not do. Specifically, the agency asserts that it simply provides software that allows lenders to evaluate consumer information. The appeals court agreed, concluding that Fannie Mae created the tool but the person using the tool is the person engaging in the act. The court reasoned, “[t]here is nothing in the record to suggest that Fannie Mae assembles or evaluates consumer information.” Moreover, the court noted, if Fannie Mae were found to be a consumer reporting agency, it would be subject to other FCRA duties to borrowers, which “would contradict Congress’s design for Fannie Mae to operate only in the secondary mortgage market, to deal directly with lenders, and not to deal with borrowers themselves.”
On January 4, the Illinois governor signed HB 4873, which amends the state’s Payday Loan Reform Act (the Act) to increase from $1 to $3 the maximum verification fee that a certified consumer reporting service may charge a lender—and that the lender may pass on to the borrower—for verifying an installment payday loan as required by the Act. The increased verification fees may be charged beginning July 1, 2010. The verification fee paid by the borrower cannot exceed the fee paid by the lender.
CFPB releases annual adjustments to HMDA, TILA, and FCRA; agencies release CRA asset-size threshold adjustments
On December 31, the CFPB published final rules adjusting both the asset-size thresholds under HMDA (Regulation C) and TILA (Regulation Z), and the maximum amount consumer reporting agencies may charge consumers for providing the consumer the consumer’s credit file under FCRA. All rules take effect on January 1, 2019.
Under HMDA, institutions with assets below certain dollar thresholds are exempt from the collection and reporting requirements. The final rule increases the asset-size exemption threshold for banks, savings associations, and credit unions from $45 million to $46 million, thereby exempting institutions with assets of $46 million or less as of December 31, 2018, from collecting and reporting HMDA data in 2019.
TILA exempts certain entities from the requirement to establish escrow accounts when originating higher-priced mortgage loans (HPMLs), including entities with assets below the asset-size threshold established by the CFPB. The final rule increases this asset-size exemption threshold from $2.112 billion to $2.167 billion, thereby exempting creditors with assets of $2.167 billion or less as of December 31, 2018, from the requirement to establish escrow accounts for HPMLs in 2019.
Lastly, the FCRA permits consumer reporting agencies to impose a reasonable charge on a consumer when disclosing the consumer’s credit file in certain circumstances. Where the annual adjustment to this maximum charge had historically been announced via regulatory notice, the Bureau is now codifying the maximum charge in Regulation V. For 2019, the Bureau increased the maximum amount consumer reporting agencies may charge for making a file disclosure to a consumer from $12.00 to $12.50.
Separately, on December 20, the Federal Reserve Board, the OCC, and the FDIC (collectively, the “Agencies”) jointly announced the adjusted asset-size thresholds used to define “small” and “intermediate small” banks and savings associations under the Community Reinvestment Act (CRA). Effective January 1, 2019, a “small” bank or savings association will be defined as an institution that, as of December 31 of either of the past two calendar years, had assets of less than $1.284 billion. An “intermediate small” bank or savings association will be defined as an institution with assets of at least $321 million as of December 31 of both of the past two calendar years, but less than $1.284 billion in assets as of December 31 of either of the past two calendar years. The Agencies published the annual adjustments in the Federal Register on December 27.
District Court allows certain check authorization recommendation claims against consumer reporting agency to proceed
On October 2, the U.S. District Court for the Western District of Texas granted in part and denied in part a request for judgment on the pleadings brought by a nationwide specialty consumer reporting agency (defendant) that provides check authorization recommendations used by merchants when determining whether to honor a consumer’s check. According to the order, the plaintiff’s attempts to cash checks were denied based upon guidelines for authorization established by the defendant. The plaintiff subsequently (i) complained to the defendant that consumers did not have access to the recommendation guidelines; (ii) disputed the accuracy of the recommendations; and (iii) requested that denied transactions be reinvestigated. In its second amended complaint, the plaintiff claimed the defendant violated the Fair Credit Reporting Act (FCRA), the Texas Consumer Credit Reporting Act (TCCRA), and the Texas Deceptive Trade Practices Act, asserting that the consumer file prepared by the defendant contained two inaccuracies and that the defendant failed to conduct a reasonable reinvestigation of his consumer file or did not have procedures in place to correct inaccurate information. While the court dismissed the FCRA and TCCRA §20.07 claims to the extent they were based on allegations that the defendant did not have reasonable procedures in place to correct inaccurate information, it held that the allegations regarding the defendant’s failure properly to reinvestigate the consumer’s file did state a plausible claim for relief.
On August 22, the CFPB released the latest quarterly consumer credit trends report, which focuses on the reporting of telecommunications-debt collections to nationwide consumer reporting agencies based on a sample of approximately 5 million credit records. The report notes that during the past five years approximately 22 percent of credit records contained at least one telecommunications-related (telecom-related) item, with nearly 95 percent of these telecom-related items being reported by collection agencies. The report highlights that 37 percent of consumers who reported having been contacted about a debt in collection in the prior year were contacted about a telecommunications debt, and more than one fifth of all debt collection revenue is telecom-related debt. The report also observed that a single telecom collection may be associated with multiple tradelines in a credit record over time, suggesting that telecom collections are often reassigned. Notably, however, the report suggests that while the presence of a telecom-related collection item on a credit record is most commonly associated with consumers with lower credit scores, the change in score before and after the collection item appears on the credit record is often small, and as a result, a single telecom-related collection is unlikely to affect a credit decision for those consumers.
On July 12, the Senate Committee on Banking, Housing, and Urban Affairs held a hearing entitled “An Overview of the Credit Bureaus and the Fair Credit Reporting Act” to discuss the scope and enforcement of the Fair Credit Reporting Act (FCRA), the measures undertaken by the CFPB and the FTC to oversee credit bureau data security and accurate credit reporting, and other laws and regulations as they pertain to credit bureaus. Committee Chairman Mike Crapo, R-Idaho, opened the hearing by discussing the need to understand the “current state of data security, data accuracy, data breach policy” given consumers’ increased reliance on technology and recent cybersecurity incidents.
Associate Director for the Division of Privacy and Identity Protection at the FTC, Maneesha Mithal, discussed in prepared remarks the FTC’s role in implementing, enforcing, and interpreting the FCRA, as we all as the importance of educating consumers and businesses about FCRA requirements. According to Mithal, the FCRA continues to be a “top priority” for the FTC as the consumer reporting system evolves and new technologies emerge. Mithal discussed consumer reporting agency (CRA) FCRA compliance requirements concerning, among other things, dispute resolution processes, furnisher obligations, and credit reporting accuracy. Specifically, Mithal commented on the FTC’s more than 30 FCRA enforcement actions, in addition to the more than 60 law enforcement actions taken against companies for allegedly failing to implement reasonable data security practices. Mithal also touched upon the FTC’s business guidance and consumer education efforts concerning FCRA rights and obligations.
Assistant Director for Supervision Policy at the Bureau, Peggy Twohig, similarly discussed the Bureau’s authority over CRAs and furnishers with respect to the agency’s supervisory and enforcement authority, and noted, among other things, that while the agency possesses broad authority to promulgate rules as required to enforce the FCRA, it lacks rulemaking authority under certain sections of the FCRA related to red flags and the disposal of records, which fall under the FTC’s purview. Twohig further commented on the Bureau’s efforts to educate consumers on a variety of topics, including data breaches, credit freezes, and credit and identity monitoring.
On April 11, CFPB Director Richard Cordray delivered prepared remarks at the Operation HOPE Global Forums Annual Meeting in Atlanta addressing, among other things, financial challenges facing the “economically vulnerable”—most notably with respect to credit reporting and the handling of consumer disputes. As previously covered in InfoBytes, credit reporting was one of the top three consumer complaint categories for 2016. In his speech, Cordray cited a FTC study that found that “millions of people had an error on at least one of their credit reports that was serious enough to materially affect their credit score” and outlined the Bureau’s position for addressing these concerns such as (i) requiring credit reporting companies to improve quality control systems; (ii) creating easier access for consumer to dispute errors; and (iii) cleaning up information initially provided to the credit reporting companies by examining the ways in which banks and financial companies furnish the information.
On March 23, the CFPB ordered a nationwide credit reporting company and its subsidiaries to pay $3 million for allegedly deceiving consumers about how credit scores they marketed and sold were used by lenders. The consent order claims the company developed its own proprietary credit scoring model (PLUS Score), which was used to generate credit scores from information in a consumer’s credit file. The company then allegedly deceptively marketed and sold the “educational” credit score as the same type of score lenders use to make credit decisions, when in fact lenders did not use the scores. Moreover, there were instances of significant discrepancies between the “educational” credit scores that the company sold to consumers and the actual credit scores used by the lenders. The Bureau also alleges the company—up until March 2014—violated the Fair Credit Reporting Act (FCRA) by requiring consumers to view advertisements before they could access their credit reports. Pursuant to the consent order, the company must pay a $3 million civil money penalty, truthfully inform consumers about the nature of the credit scores it sells, and develop and implement an effective compliance management system to ensure its advertising practices comply with federal consumer laws. As previously reported in InfoBytes, earlier this year the CFPB issued consent orders against two different nationwide credit reporting companies for similar allegations.
- Amanda R. Lawrence to discuss "Data privacy litigation" at the Mortgage Bankers Association Regulatory Compliance Conference
- Brandy A. Hood to discuss "How to ace your TRID exam" at the Mortgage Bankers Association Regulatory Compliance Conference
- Katherine L. Halliday to discuss "UDAP, UDAAP & the Map rule compliance basics" at the Mortgage Bankers Association Regulatory Compliance Conference
- Daniel P. Stipano to discuss "Lessons learned from recent enforcement actions and CMPs" at the ACAMS AML & Financial Crime Conference
- Daniel P. Stipano to discuss "Assessing the CDD final rule: A year of transitions" at the ACAMS AML & Financial Crime Conference
- Jonice Gray Tucker to discuss "HMDA data is out, now what?" at the Mortgage Bankers Association Regulatory Compliance Conference
- Melissa Klimkiewicz to discuss "Navigating FHA rules and regs" at the Mortgage Bankers Association Regulatory Compliance Conference
- Jeffrey P. Naimon to discuss "Washington regulatory overview" at the Mortgage Bankers Association Regulatory Compliance Conference
- Daniel P. Stipano to discuss "Consenting views: Achieving positive outcomes from consent order recovery" at the ACAMS AML & Financial Crime Conference
- APPROVED Webcast: Preparing for 2020 license renewals
- Kathryn L. Ryan to discuss "The state’s role in fintech: Providing an industry framework for innovation" at Lend360
- Daniel P. Stipano to discuss "AML developments: The latest trends, challenges and opportunities" at the American Conference Institute Financial Crime Executive Roundtable
- Marshall T. Bell and Jeffrey P. Naimon to discuss "Truth in lending" at the American Bar Association National Institute on Consumer Financial Services Basics
- Amanda R. Lawrence and Michael A. Rome to discuss "California Consumer Privacy Act compliance" at the Capital Area Compliance Roundtable
- Daniel P. Stipano to discuss "Lessons learned from recent enforcement actions" at the Institute of International Bankers Risk Management and Regulatory Examination/Compliance Seminar
- Daniel P. Stipano to discuss "Customer identification program/customer due diligence/enhanced due diligence" at a National Association of Federal Credit Unions webinar
- Jonice Gray Tucker to discuss "MCCA's blueprint for selling & buying - A pitch workshop for outside counsel" at the Minority Corporate Counsel Association Creating Pathways to Diversity Conference
- Kathryn L. Ryan and Moorari K. Shah to discuss "Today's regulatory environment - Are you in the know?" at the Equipment Leasing and Finance Association Annual Convention
- Kathryn L. Ryan and Tim Lange to discuss "Temporary authority to operate - Are you prepared? Hear what the states are doing" at the RegList Annual Workshop
- Jonice Gray Tucker to discuss "Fintech regulatory developments, crypto-assets, blockchain and digital banking, and consumer issues" at the Practising Law Institute Banking Law Institute
- Amanda R. Lawrence to discuss "How to balance a successful (and stressful) career with greater personal well-being" at the American Bar Association Women in Litigation Joint CLE Conference