Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
District Court: Identity theft alone is not enough to remove allegedly fraudulent debt from credit report
On April 20, the U.S. District Court for the Southern District of California granted a defendant debt collector’s motion for summary judgment, ruling that claiming to be a victim of identity theft alone is not enough to have a collection item removed from a credit report, or to give rise to an FDCPA violation. In 2014, the plaintiff purportedly obtained a payday loan from a lender who ultimately assigned the loan to the defendant for collection. In 2019, the plaintiff called the defendant to verbally dispute the debt as fraudulent after seeing the loan on her credit report. The defendant continued to report the loan to the consumer reporting agencies (CRAs), but marked the account as disputed, and informed the plaintiff of measures she needed to take to have the item removed from her credit report, including instructions for filing an identity theft affidavit. After an attorney representing the plaintiff submitted a formal written dispute of the debt, the defendant responded with the required verification and continued reporting the debt until the account was recalled by the lender. At this point the loan record was deleted and the defendant stopped reporting the loan account to the CRAs. The plaintiff filed suit alleging the defendant violated FDCPA Sections 1692e and 1692f and various state laws by continuing to report the debt after it was notified of the potential fraud. The court disagreed, stating, “there was nothing about [the defendant’s] statements that would confuse or mislead even the least sophisticated debtor’s attempt to remove the fraudulent account from their credit report,” the court wrote, adding that none of the defendant’s communications were false, deceptive, or misleading, nor did they undermine the plaintiff’s “ability to intelligently choose her action concerning the loan account.”
On December 22, the CFPB announced a settlement with a nonprime auto loan originator and servicer (company) for allegedly violating the FCRA by providing erroneous consumer loan data to consumer reporting agencies (CRAs). According to the consent order, between January 2016 and August 2019, the company (i) furnished inaccurate information to CRAs it knew or should have known was inaccurate; (ii) failed to promptly update information with the CRAs once it was determined to be inaccurate or incomplete; (iii) failed to furnish dates of first delinquency for severely delinquent or charged off accounts; and (iv) failed to implement reasonable written policies and procedures regarding the accuracy of furnished information. The consent order imposes a civil money penalty of $4.75 million and requires the company to, among other things, correct all inaccuracies identified by the Bureau, conduct monthly reviews of information furnished to CRAs, and establish reasonable written policies and procedures regarding the accuracy and integrity of furnished information.
On November 12, the CFPB announced a settlement with an Illinois-based non-bank debt collector, resolving allegations that the company violated the Fair Credit Reporting Act (FCRA), Regulation V, and the Consumer Financial Protection Act when providing information to consumer reporting agencies (CRAs). According to the Bureau, the company allegedly (i) “furnished information to CRAs that it knew or had reasonable cause to believe was inaccurate and failed to report to CRAs an appropriate first date of delinquency on certain accounts”; (ii) failed to conduct reasonable investigations into disputes reported to the company and to the CRAs; (iii) failed to send required notices about the results of investigations; and (iv) “failed to establish, implement, and update its policies and procedures regarding its furnishing of consumer information to CRAs.” According to the consent order, the company, among other things, allegedly furnished actual payment amounts as $0.00 on roughly 165,000 accounts even though consumers had made payments. For about 72,000 accounts, the company allegedly furnished current balances and amounts past due in amounts other than $0.00 even though the accounts were settled in full.
The consent order requires the company to pay a $500,000 civil money penalty and to (i) regularly review samples of furnished account information for accuracy and integrity; (ii) review samples of consumer disputes to ensure they are handled in compliance with the FCRA; (iii) update its policies and procedures to ensure compliance and continued effectiveness; and (iv) secure at least one independent consultant who specializes in FCRA and Regulation V compliance to conduct a review of the company’s activities, policies, and procedures related to furnishing and credit reporting.
On August 24, the FTC announced several Notices of Proposed Rulemaking (NPRM) intended to clarify that five Fair Credit Reporting Act (FCRA) rules promulgated by the FTC will now apply only to motor vehicle dealers. The NPRMs also propose non-substantive amendments to correspond to changes made to the FCRA by the Dodd-Frank Act, and will apply to the following rules:
- Address Discrepancy Rule. This rule requires users of consumer reports to implement policies and procedures for, among other things, handling notices of address discrepancy received from a nationwide consumer reporting agency (CRA) and furnishing an address for a consumer that a “user has reasonably confirmed as accurate to the CRA from whom it received the notice.” The proposed amendments narrow the scope of the rule to motor vehicle dealers excluded from CFPB jurisdiction.
- Affiliate Marketing Rule. This rule provides consumers the right to restrict a person from using certain information obtained from an affiliate to make solicitations to the consumer. While the proposed amendments narrow the scope of the rule to “motor vehicle dealers” excluded from CFPB jurisdiction, they retain the substantive provisions of the rule because they “addresses the relationship between covered motor vehicle dealers and their affiliates, which may not be motor vehicle dealers.”
- Furnisher Rule. Under this rule, furnishers are required to implement policies and procedures regarding the accuracy and integrity of the consumer information they provide to a CRA. The amendments propose changes including narrowing the rule’s scope to entities set forth in Dodd-Frank “that are predominantly engaged in the sale and servicing of motor vehicles, excluding those dealers that directly extend credit to consumers and do not routinely assign the extensions of credit to an unaffiliated third party.”
- Prescreen Opt-Out Notice Rule. This rule outlines requirements for those who use consumer reports to make unsolicited credit or insurance offers to consumers. The proposed amendments will narrow the scope of the rule to cover only motor vehicle dealers. The model form is unchanged from the previous model notice and is identical to the model notice used by the CFPB.
- Risk-Based Pricing Rule. Under this rule persons that use information from a consumer report to offer less favorable terms are required to provide a risk-based pricing notice to consumers about the use of such data. Under the proposed amendments, only motor vehicle dealers will be required to comply.
The FTC seeks feedback on the effectiveness of the five rules, including (i) whether there exists a continuing need for each rule’s specific provisions; (ii) what benefits have been provided to consumers under each rule; and (iii) should modifications be made to each rule in order to benefit consumers and businesses or to account for changes in relevant technology or economic conditions.
Comments are due 75 days after the NPRMs are published in the Federal Register.
2nd Circuit: Furnisher’s duty to investigate triggered only after it receives notice of dispute from CRA
On August 10, the U.S. Court of Appeals for the Second Circuit affirmed the dismissal with prejudice of FCRA and related state law allegations against a state bank and trust company, concluding that the bank’s duty to investigate is triggered only after it receive a notice of dispute from a consumer reporting agency (CRA). According to the opinion, the plaintiffs obtained a mortgage from the bank but later defaulted on their payments. The bank initiated foreclosure proceedings, and in 2014 both parties agreed to a deficiency judgment. In February 2016, one of the plaintiffs notified the bank that his credit report “inaccurately indicated ‘that the mortgage. . .was still open and payments had not been made in more than two years.’” The bank acknowledged the error in March, said a correction had been made to report the loan as closed, and indicated that “information [would] be supplied to the credit reporting agencies.” However, the plaintiff claimed the bank did not correct the information until November 2016. In their amended complaint, the plaintiffs alleged the bank violated the FCRA by (i) “negligently and willfully fail[ing] to perform a reasonable reinvestigation and correction of inaccurate information”; and (ii) “engag[ing] in behavior prohibited by [the] FCRA by failing to correct errors in the information that it provided to credit reporting agencies.” The bank countered that its “duty of investigation is only triggered after a furnisher of information receives notice of a dispute from a consumer reporting agency” and that the plaintiffs failed to allege that the bank “‘ever received notice of a dispute from a consumer reporting agency.’” The district court granted the bank’s motion to dismiss with prejudice for failure to state a claim.
On appeal, the 2nd Circuit agreed with district court, concluding, among other things, that the plaintiffs “do not allege that a CRA notified [the bank] of their dispute concerning the information in the [r]eport.” According to the appellate court, the plaintiffs “do not even allege that they notified a CRA of the discrepancy. The [a]mended [c]omplaint alleges only that, after receiving the [r]eport, [the plaintiff] directly notified [the bank] of the [r]eport’s inaccuracy. This alone is insufficient to state a claim under Section 1681s–2(b).”
On July 27, the FTC announced the DOJ, on behalf of the FTC, filed a complaint in the U.S. District Court for the Central District of California alleging a background report company used misleading billing and marketing practices in violation of several consumer protection laws. According to the complaint, the background report company’s marketing practices included suggesting that individuals’ reports contained arrest, criminal, sexual offender, bankruptcy, and other records that the reports did not actually include. The complaint alleges the company used these practices to induce users to purchase subscriptions to access background reports. The complaint asserts the company’s practices violated the FTC Act by making false or misleading representations about the criminal records of searched individuals, and that the company violated the Telemarketing Sales Rule and the Restore Online Shoppers’ Confidence Act by materially misrepresenting the benefits of a company subscription; the refund and cancelation policies; and the negative-option features of the subscription.
Moreover, the complaint asserts the company qualifies as a consumer reporting agency under the FCRA, as it “regularly assembles and evaluates information on consumers into consumer reports that, for a fee, it then provides to customers online through interstate commerce.” The complaint argues the company violated the FCRA by failing to maintain reasonable procedures to (i) verify how its reports would be used; (ii) ensure the information was accurate; and (iii) make sure that the information it sold would be used only for legally permissible purposes.
The FTC is seeking a permanent injunction, restitution, and civil money penalties.
On June 19, the U.S. Court of Appeals for the Eleventh Circuit vacated a magistrate judge’s final judgment in an FCRA action, concluding that there was no competent proof of a willful violation of the Act on the part of a consumer reporting agency (CRA). According to the opinion, a consumer brought an action against the CRA and other defendants alleging, among other things, that the CRA “negligently and willfully” violated the FCRA by not reinvestigating an item on his credit report he alleged was reported in error. Approximately 75 days after a small claims debt against the consumer was dismissed with prejudice, the consumer and his attorney ran his credit report and finding the debt still reported, wrote to the CRA with the dismissal order and requested that it reinvestigate the debt listing and remove it. The CRA diverted the letter under its suspicious mail policy for unknown reasons (since the CRA did not have a system to record the reason a letter was marked as suspicious), and sent a letter to the consumer informing him that it had determined the letter was suspicious and was not sent by him, but suggesting he call if he believed his credit report was in error. Less than two months later, the CRA removed the credit line after receiving a communication from the debt holder, but the consumer had already filed the action five days prior to that time. A jury trial found that the CRA’s “negligent failure to reinvestigate” caused harm to the consumer and awarded $5,000 in compensatory damages and further concluded that the violation of the FCRA was willful, assessing $3 million in punitive damages. Subsequently, the magistrate judge remitted the punitive damages to $490,000 on due process principles.
On appeal, the 11th Circuit vacated the magistrate judge’s final judgment on the willfulness claim, noting that the consumer “offered no evidence of a broad or systemic problem with [the CRA]’s suspicious mail policy,” and that the consumer did not establish by clear and convincing evidence that the CRA “ran an unjustifiably high risk of violating its duties under the FCRA.” Moreover, the actions of the CRA “had a foundation in the statutory text,” even if the policy’s application was negligent when applied to the consumer. Because the appellate court concluded the violation was not willful, the punitive damages judgment was eliminated.
On January 13, the U.S. District Court for the Northern District of Virginia issued a final order and judgment in a class action settlement between a class of consumers (plaintiffs) and a large consumer reporting agency (company) to resolve allegations arising from a 2017 cyberattack causing a data breach of the company. After the company announced the breach, many consumers filed suit and were eventually joined into a proposed settlement class. As previously covered by InfoBytes, the plaintiffs alleged that the company (i) failed to provide appropriate security to protect stored personal consumer information; (ii) misled consumers regarding the effectiveness and capacity of its security; and (iii) failed to take proper action when vulnerabilities in their security system became known. The company and the plaintiffs later submitted a proposed settlement order to the court.
According to the final order and judgment, the court certified the settlement class of the approximately 147 million affected consumers, finding the class was adequately represented, and approved the “distribution and allocation plan” as fair and reasonable. In the order granting final approval of the settlement the company agreed to, among other things, pay $380.5 million into a settlement fund and potentially up to $125 million more to cover “certain out-of-pocket losses,” $77.5 million for attorneys’ fees, and approximately $1.4 million for reimbursement of expenses. Class members are eligible for additional benefits including up to 10 years of credit monitoring and identity theft protection services or cash compensation if they already have those services, as well as identity restoration services for seven years. The company also agreed to spend at least $1 billion on data security and technology in the next five years.
On November 27, the CFPB announced that the ceiling on the maximum allowable charge for disclosures by a consumer reporting agency to a consumer pursuant to section 609 of the FCRA will remain unchanged at $12.50 for the 2020 calendar year. The final rule announcing the amount was published the same day in the Federal Register.
On August 29, the U.S. Court of Appeals for the 6th Circuit affirmed a district court’s ruling that a bank was not obligated under the Fair Credit Reporting Act (FCRA) to investigate a credit reporting error because the consumers failed to ever notify a consumer reporting agency. According to the opinion, after plaintiffs paid off their line of credit, the bank (defendant) continued reporting the plaintiff as delinquent on the account. After plaintiffs contacted the bank regarding the reporting error, the bank employee ensured plaintiffs that the defendant submitted amendments to the credit reporting bureaus to correct the situation. However, the plaintiffs claimed the error was not corrected until almost a year later. Plaintiffs also alleged that they did not contact the credit reporting bureau in reliance on the bank employee’s statements. The district court granted summary judgment in favor of the bank, concluding that the FCRA requires that notification of a credit dispute be provided to a consumer reporting agency as a prerequisite for a claim that a furnisher failed to investigate the dispute. Since the plaintiffs failed to trigger the defendant’s FCRA obligations because they never filed a dispute with a consumer reporting agency, the defendant’s responsibility to investigate was never activated.
On appeal, the 6th Circuit agreed with the district court that direct notification to the furnisher of the inaccurate credit report does not meet the FCRA’s prerequisite. Additionally, the plaintiffs’ state common law claims for breach of the duty of good faith and fair dealing and tortious interference with contractual relationships were preempted by the FCRA, and their fraudulent misrepresentation claim was forfeited on appeal.