The CFPB has issued a special edition of its Supervisory Highlights that focuses on compliance with the FCRA and Regulation V. The report contains two main sections, with one devoted to supervisory observations at furnishers and the other devoted to supervisory observations at consumer reporting companies (CRCs). (The report was published in yesterday’s Federal Register.)
Supervisory observations at furnishers included the following:
- Policies and procedures. CFPB examiners found these categories of furnishers had the following deficiencies in their policies and procedures:
- Mortgage servicers did not provide sufficient guidance for responding to disputes in a timely manner or reporting credit reporting changes in furnished accounts when the status of such accounts changed.
- Auto loan furnishers did not provide sufficient guidance for conducting reasonable investigations of indirect disputes that contain allegations of identity theft.
- Debt collection furnishers did not differentiate between FCRA disputes, FDCPA disputes, and validation requests resulting in the handling of these disputes and requests in the same way and without consideration of applicable regulatory requirements. Such furnishers also did not address the regulatory timeframes for conducting investigations of disputes or for reporting the results of disputes to CRCs, and did not provide substantive instructions on how to conduct investigations of disputed accounts.
- Deposit account furnishers to specialty CRCs did not have written policies or procedures for furnishing information to such CRCs or for the validation of such information.
- Prohibition of reporting information with actual knowledge of errors. Furnishers furnished information they knew or had reasonable cause to believe was inaccurate because consumers disputed such information to CRCs and the disputes were forwarded to the furnishers for investigation. (The inaccuracies were attributed to coding errors.) Furnishers also did not clearly and conspicuously specify to consumers an address at which consumers could send notices that furnished information was inaccurate (having provided the address on the last page of a lengthy document, apparently, without otherwise calling attention to it).
- Duty to correct and update information. Auto loan furnishers failed to promptly notify CRCs of their determinations that furnished information was inaccurate because accounts were opened due to identity theft and deposit account furnishers failed to promptly correct and update deposit account information reported to nationwide specialty CRCs that the furnishers determined was not complete or accurate (such as charged-off balances discharged in bankruptcy or payment in full of charged-off balances).
- Duty to provide notice of delinquency of accounts. Furnishers reported the incorrect date of first delinquency.
- Obligations upon notice of dispute. Furnishers failed to investigate disputes submitted by consumers; responded to CRC notices of dispute without verifying the accuracy of the disputed information, instead instructing the CRC to retain the information and have the consumer contact them directly; failed to complete investigations within the required timeframe (with certain of such failures attributed to system design flaws) and; failed to notify consumers when the furnisher determined the consumers’ disputes were frivolous or irrelevant or when the furnisher considered a dispute to be frivolous because the furnisher believed the dispute was from a credit repair organization and/or failed to include required information in frivolousness notices.
Supervisory observations at CRCs included the following:
- Procedures to assume maximum possible accuracy. Nationwide specialty CRCs failed to follow reasonable procedures to ensure maximum possible accuracy by exempting certain furnishers from a data validation testing procedure without a valid basis and not properly processing data files furnished by certain furnishers.
- Duty to limit furnishing of consumer reports to permissible purposes. CRCs did not have procedures to conduct proactive recredentialing reviews of users of reports and failed to monitor users or resellers that requested the CRCs to delete hard inquiry records from consumer reports at higher rates than usual (which might indicate that a user is obtaining reports without a permissible purpose).
- Blocking information resulting from identity theft. CRCs forwarded information to furnishers as to which consumers had made identify theft block requests and relied on the furnishers’ responses without making an independent determination if a permitted basis for declining the block existed.
- Dispute investigations. CRCs failed to (1) initiate investigations after receiving notice of a dispute from a consumer, (2) review and consider all relevant information by relying on the furnisher’s responses and not independently considering information provided by the consumer, (3) complete investigations within the 30-day period by considering disputes filed on weekends, holidays, and after-hours as filed on the next business day, (4) notify furnishers of a consumer’s dispute within 5 business days of receipt (which was caused by inadequate staffing), and (5) send consumers notice of the results of a reinvestigation when the consumer had sent the CRC a dispute without including a consumer identification and certification form. Nationwide specialty CRCs failed to notify furnishers that information from a consumer’s file had been modified or deleted after a reinvestigation and resellers who had determined that disputed information was not incomplete or inaccurate as a result of the reseller’s act or omission failed to convey to the CRCs that provided the information the notice of dispute together with all relevant information provided by the consumer.