On February 3, 2016, in conjunction with a Field Hearing held the same day concerning deposit accounts, the Consumer Financial Protection Bureau (CFPB) issued a compliance bulletin on the duties of furnishers of information to maintain adequate policies and procedures that comply with the Fair Credit Reporting Act (FCRA) (15 U.S.C. 1681, et seq.) and its implementing regulation, Regulation V (12 CFR Part 2022.1, et seq.). CFPB Compliance Bulletin 2016-01 warns financial institutions of the systems they must have in place to ensure the accuracy and integrity of the information they furnish to all Credit Reporting Agencies (CRAs). While the bulletin was issued in response to a perceived failure by certain institutions to accurately and consistently report checking account information to specialty CRAs, the scope of the guidance extends more broadly.
Under Regulation V, a furnisher of information must establish and implement reasonable written policies and procedures to ensure the accuracy and integrity of the information it furnishes to CRAs that is “appropriate to the nature, size, complexity, and scope of each furnisher’s activities.” 12 C.F.R. 1022.42(a). Under the bulletin, those policies and procedures must be appropriately tailored not only to the institution’s overall business and product offerings, but also to the specific CRAs to which the furnisher reports information. As explained by the CFPB, because an institution submits different information and codes in different formats and frequencies to different CRAs, institutions must have reasonable policies and procedures that address “all types of information” “furnished to each of the CRAs to which it furnishes.” The bulletin comes approximately three months after the CFPB issued its Fall 2015 Supervisory Highlights Report, which identified similar perceived failures by entities to maintain adequate FCRA policies and procedures across product lines.
There are two key points for industry to take away from the guidance. First, the policies and procedures implemented by an institution to ensure the integrity and accuracy of the information it reports to CRAs should, as appropriate to the business, include distinctions on the type of product being reported and the CRA to whom it is furnished. Catch-all policies and procedures applicable across product lines and all CRAs may no longer be sufficient. Second, the bulletin is a warning to the industry to tighten its existing policies and procedures for ensuring the integrity and accuracy of the information it reports. Institutions should revisit their written policies and procedures to ensure compliance with the Interagency Guidelines set forth in Appendix E to Regulation V, and update as necessary.
At the Field Hearing, CFPB Director Richard Cordray voiced his concern that consumers are being “inappropriately sidelined” from the opportunity to maintain a deposit account. To address this concern, that same day the CFPB also issued letters to the top 25 retail banking companies, urging the industry to offer “no-overdraft” and other low-risk deposit account options to its customers. For institutions that already offer such products, the letter urges the institutions to feature the products more prominently in their branches and online.
The bulletin is the latest signal from the CFPB indicating its increased interest in the credit reporting space. Over the past year the CFPB and other state and federal agencies have ramped up enforcement actions against both CRAs and furnishers of information for alleged FCRA violations, with the CFPB bringing three enforcement actions within the past three months alone, including a recent action previously reported on by LenderLaw Watch against a non-bank auto lender. In its most recent rulemaking agenda, the CFPB’s Office of Regulations also identified credit reporting as a potential long-term action item. The industry should expect this trend to continue and for the CFPB and other regulators to increasingly scrutinize institutions’ compliance with FCRA.