InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
FTC Settles Charges Related to Sale and Use of Consumer Mortgage Payment Data
On October 10, the FTC announced that a major consumer reporting agency (CRA) agreed to settle charges that it improperly sold lists of consumers who were late on their mortgage payments. The CRA will pay $393,000 to resolve allegations that it violated the FTC Act by failing to implement procedures to prevent the sale of lists of consumer information to firms that should not have received them. In a separate but related case, which the DOJ pursued under a referral from the FTC, a data reseller and its affiliates settled charges that the companies violated the FTC Act and FCRA by (i) obtaining prescreened lists without having a permissible purpose, (ii) reselling the reports without disclosing to the consumer reporting agency that provided them who the end users would be, (iii) failing to maintain reasonable procedures to ensure that prospective users had a permissible purpose to get them, (iv) to the extent that firm offers of credit were made, failing to maintain a record of the criteria used to select consumers for these offers, and (v) failing to control access to sensitive consumer financial information. The resellers agreed to pay a $1.2 million civil penalty and will be barred from using or selling prescreened lists without a permissible purpose, or in connection with solicitations for debt relief or mortgage assistance relief products or services.
Sixth Circuit Allows Private FCRA Action To Proceed Against Bank
On September 27, the U.S. Court of Appeals for the Sixth Circuit revived an individual’s private action under FCRA against a bank, alleging that the bank failed to adequately investigate and respond to notices it received from several consumer reporting agencies regarding disputed car loan. Boggio v. USAA Fed. Savings Bank, No 11-4040, slip op. (6th Cir. Sep. 27, 2012). After experiencing credit problems caused by his ex-wife’s failure to make payments on a car she purchased during their marriage by signing both of their names to a check, the plaintiff wrote to several consumer reporting agencies to dispute his responsibility for the loan in light of the forgery, as well as the parties’ separation and divorce agreements that stated the ex-wife would be responsible for the car payments. The plaintiff alleges that the reporting agencies notified the bank of the dispute, which the bank refused to investigate without a police report or fraud affidavit from the plaintiff, as required by the bank’s fraud policy. The district court granted summary judgment in favor of the bank, holding that the bank reasonably investigated the notices it received from credit reporting agencies, and that the plaintiff had ratified the debt. On appeal, the circuit court reversed and remanded the district court’s decision, holding that there is a genuine dispute of material fact with regard to the sufficiency of the bank’s investigation. The court added that the plaintiff’s failure to comply with the bank’s fraud policy does not alter its finding of a genuine dispute of material fact, holding that FCRA does not permit the bank to require independent confirmation of the reporting agencies’ notices before conducting an investigation. The court also held that the dispute over ratification requires resolution by a trier of fact given the ambiguity of the separation agreement, among other issues.
Ninth Circuit Holds Reporting Fraudulent Accounts As Lost or Stolen May Violate FCRA
On August 7, the U.S. Court of Appeals for the Ninth Circuit revived a consumer’s suit against his bank and a consumer reporting agency (CRA) in which he alleges that the bank and CRA violated FCRA in connection with a fraudulent account opened in the consumer’s name. Drew v. Equifax Info. Servs. LLC, No. 11-15008, 2012 WL 3186110 (9th Cir. Aug. 7, 2012). The consumer claims that though his account was actually fraudulent, the bank reported it as lost or stolen. He alleges the bank violated FCRA when, after receiving a “fraud block notification” from the CRA, the bank (i) failed to conduct a sufficient investigation, (ii) continued to report the fraudulent account as belonging to the consumer, and (iii) reported the fraudster’s address as the consumer’s address. The district court granted summary judgment on these claims in favor of the bank and granted summary judgment to the CRA based on its argument that the consumer’s claims exceeded the statute of limitations. The appeals court agreed that the bank’s investigation was legally sufficient, but held that material issues of fact remained with regard to the consumer’s other claims. The court reasoned that a jury could find (i) that reporting a fraudulently opened account as a lost or stolen account belonging to the consumer was untrue or facially inaccurate in violation of FCRA and (ii) that reporting the fraudster’s address as the consumer’s address violated FCRA’s requirement to correct inaccurate information. The court also found that the consumer presented evidence of emotional distress sufficient to allege emotional damages, and that such damages are cognizable under FCRA. Finally, the court held that facts regarding the timing of the consumer’s knowledge remain in dispute and overturned the district court’s holding that the consumer’s suit exceeded the statute of limitations.
Tenth Circuit Overturns Heightened Pleading Standard for TILA Rescission Cases
On July 30, the U.S. Court of Appeals for the Tenth Circuit overturned a district court ruling that would have required borrowers seeking rescission under TILA to state their ability to repay in the initial complaint. Sanders v. Mountain Am. Fed. Credit Union, No. 11-4008, 2012 WL 3064741 (10th Cir. Jul. 30, 2012). The borrowers timely sued to compel rescission of their mortgage loan, claiming that the lender failed to provide disclosures required under TILA. The district court held that the borrowers were not entitled to rescission because they failed to plead their ability to repay. On appeal the court held that, while TILA recognizes that a court may entertain a creditor’s petition for an order equitably modifying the rescission procedure, in this case the district court impermissibly altered that procedure and created a pleading standard that would require all borrowers seeking TILA rescission to plead their ability to repay. The court reasoned that such a standard would add a condition not supported by TILA or Regulation Z, and that categorical relief is outside of the district court’s equitable powers. However, the court maintained that a district court still may use its equitable powers to protect a creditor’s interest during the rescission process. The appellate court also reversed the district court’s dismissal of the borrowers’ ECOA claim related to a separate refinance transaction because the district court made factual assumptions about the refinance process in violation of its obligation to draw all reasonable inferences in favor of the plaintiff borrowers. While the TILA and ECOA claims were remanded for further proceedings, the court upheld the district court’s dismissal of the borrowers’ claims that the lender also violated FCRA when it reported false information to consumer reporting agencies, holding that FCRA does not provide a private right of action against the furnisher of credit information.
FTC Settles FCRA Charges Against Data Broker
On June 12, the FTC announced that a data broker agreed to settle charges that it marketed and sold consumer profiles to companies engaged in human resources, background screening, and recruiting without taking steps to protect consumer information as required by FCRA. The FTC claimed that the data broker operated as a consumer reporting agency and violated FCRA when it failed to ensure that the information it compiled and sold would be used only for permissible purposes. The broker also allegedly failed to ensure that consumer information it sold was accurate and failed to inform buyers of their FCRA obligations. Among other things, the settlement requires the data broker to pay an $800,000 civil penalty and prohibits the firm from any future violations of FCRA.
D.C. Federal Court Holds FCRA Credit Report Notice Requirements Apply to Auto Dealers Engaging in Third Party Financing Transactions
On May 22, the U.S. District Court for the District of Columbia rejected the National Automobile Dealer's Association's (NADA) challenge to an FTC determination that an automobile dealer that executes a credit contract based on a third party financing source "uses a consumer report" under FCRA, and, thus, must provide prospective buyers with a risk-based pricing notice. National Automobile Dealers Assoc. v. Federal Trade Commission, No. 11-cv-01711, 2012 WL 1854088 (D.D.C. May 22, 2012). A risk-based pricing notice must be provided to buyers who, based upon information contained in their consumer reports, are offered credit at terms materially less favorable than the most favorable terms available to a substantial proportion of consumers. The notice is intended to alert buyers to the existence of negative information in their credit reports to enable them to correct any inaccuracies. The FTC's 2011 amendments to the Fair Credit Risk-Based Pricing Regulations clarified that even in the context of a third-party transactionwhere the auto dealer is not the ultimate source of financing and does not physically obtain a consumer's credit reportthe auto dealer must provide a risk-based pricing notification. According to NADA, the FTCs interpretation placed an unreasonable burden on auto dealers who outsource financing to banks or other entities. NADA also argued that the interpretation was arbitrary and capricious and that it was not entitled to Chevron deference. In its ruling, the court rejected these challenges, stating, among other things, that the FTC's determination was "eminently reasonable" and consistent with the overall regulatory scheme of FCRA because auto dealers are able to obtain credit report information and are best suited to convey that information to consumers. NADA intends to appeal the decision.
FTC, CFPB, DOJ File Brief in Suit Challenging FCRA Constitutionality
On May 8, the FTC announced that it had joined the CFPB and the DOJ to file a brief supporting the constitutionality of the Fair Credit Reporting Act (FCRA). The brief was filed in a lawsuit in the U.S. District Court for the Eastern District of Pennsylvania in which a consumer alleged that a consumer reporting agency (CRA) violated FCRA by reporting on arrest records that were more than seven years’ old. Responding to these allegations, the CRA argued that the Supreme Court’s decision in Sorell v. IMS Health, Inc., 131 S. Ct. 2653 (2011), rendered FCRA’s seven-year limitation unconstitutional under the First Amendment. The federal entities’ brief counters that Sorell does not alter the test for commercial speech restrictions established in Central Hudson Gas and Electric Corp. v. Public Service Commission of New York, 447 U.S. 557 (1980). It goes on to argue that, under this test, the government has a substantial interest in protecting individuals’ privacy and that FCRA protects this interest while accommodating businesses’ competing interest in obtaining complete information about potential borrowers.
Tenth Circuit Permits Trade Group Challenge to New Mexico Fair Credit Reporting Act
On May 7, the U.S. Court of Appeals for the Tenth Circuit published an opinion that a trade group has standing to sue the Attorney General of New Mexico over that state’s credit reporting and identify theft requirements. Consumer Data Industry Assoc. v. King, No. 11-2085, 2012 WL 1573563 (10th Cir. May 7, 2012). In 2010, New Mexico enacted the Fair Credit Reporting and Identity Security Act, which, among other things, requires consumer reporting agencies (CRAs) to oblige a consumer’s request to remove credit report information resulting from identify theft until told otherwise by a court or the requesting consumer. The Consumer Data Industry Association challenged the law on behalf of its members, arguing that the state law is preempted by the federal Fair Credit Reporting Act (FCRA). Under FCRA, a CRA can deny a consumer request to remove information based on identify theft if the CRA reasonably determines that the request is fraudulent or erroneous. The district court held that the CDIA failed to prove redressability and therefore lacked constitutional standing to sue. The Tenth Circuit vacated the district court holding and ordered further proceedings. It found that federal courts consistently have found a case or controversy in suits between private parties subject to enforcement and the state entity responsible for enforcement and that if a plaintiff faces a credible threat of enforcement, redressability is established. Here, the court held, the threat of enforcement faced by the CDIA members is sufficient to provide standing to sue for both injunctive and declaratory relief.
Federal Appeals Court Limits Review of FTC Interpretation of FCRA
Recently, the U.S. Court of Appeals for the District of Columbia Circuit held that the FTCs interpretation of a Fair Credit Reporting Act (FCRA) provision is not subject to direct review by the federal appeals court. Natl Auto. Dealers Assoc. v. FTC, 670 F.3d 268 (D.C. Cir. 2012). In July 2011, the FTC promulgated a rule to implement changes made by the Dodd-Frank Act to FCRAs risk-based pricing protections. Those protections entitle consumers to a notice when they are offered credit at materially less favorable terms based on information contained in their credit reports. As part of the July 2011 rule, the FTC provided supplementary information that included an interpretation of the scope and applicability of the rule, stating that automobile dealers are subject to the rule, even when dealers rely on third-party financing sources and not directly on credit reports obtained from a consumer reporting agency. The National Association of Automobile Dealers (NADA) filed a petition asking the appeals court to review the FTCs interpretation. NADA concurrently filed a complaint in district court seeking a review of the rule under the Administrative Procedures Act. The appeals court held that direct appellate review of an agency action is only permissible when a statute unambiguously grants such a review. In this case, the direct review provision of the FTC Act is not ambiguous and clearly does not apply to the FCRA interpretation at issue. Under the FTC Act, direct review is only available for challenges to trade regulation rules and substantive amendments thereto. NADA is not challenging a substantive amendment, but rather an interpretation, and in any case the FCRA interpretive statement is not related to a trade regulation rule. Therefore, the appeals court dismissed the petition without prejudice to the parallel district court action.
FTC Warns That Mobile Background Screening Apps May Violate FCRA
On February 7, the FTC announced that it had warned three mobile application marketers that their mobile background screening applications may be violating the Fair Credit Reporting Act (FCRA). The FTC described some of the six applications at issue as including criminal record histories, which are a type of information typically used in employment and tenant screening. While the FTC has not made a determination as to whether these firms are violating FCRA, it reminded the companies that if they have reason to believe the mobile applications include information about individuals’ character, reputation, or personal characteristics that is used or expected to be used for purposes such as employment, housing or credit, the marketers and their customers must comply with FCRA. Under FCRA, firms that assemble or evaluate such information to provide to third parties qualify as consumer reporting agencies and are required to (i) take reasonable steps to ensure the user of each report has a “permissible purpose” to use the report, (ii) take reasonable steps to ensure the maximum possible accuracy of the information conveyed in its reports, and (iii) provide users of its reports with information about their obligations under the FCRA.