On December 3, the Consumer Financial Protection Bureau (CFPB) entered a consent order with a national credit reporting company, resolving allegations that the company violated the Fair Credit Reporting Act (FCRA).
The credit reporting company is in the business of compiling and reselling consumer credit reports to financial service providers, such as payday lenders. According to the consent order, the company allegedly pulled consumers’ current credit reports for the unauthorized purpose of compiling marketing presentations for its lending institution clients. In one instance, the company allegedly pulled 190,000 credit reports from a third-party credit reporting agency for this purpose, over objections by its own staff. The client for whom this data was gathered allegedly asked the company about this practice, prompting the company to contact the third party agency and request that the credit inquiries be deleted.
The order further alleges that the company failed to investigate consumers’ requests for reinvestigation of consumer disputes, including in circumstances where consumers claimed that they were victims of identity theft. When the company claimed to have performed a reinvestigation, it often did not provide notice to furnishers, as required by FCRA.
The company and its owner denied liability and the facts alleged by the CFPB. The order requires that the company cease selling any consumer credit report to a user without a permissible purpose. The company must also implement certain new policies and procedures, such as how it investigates consumer disputes. The company and its owner must pay a civil penalty of $8 million to the CFPB.