Financial Flashcards

4-6 questions

You may prefer our related Brainscape-certified flashcards:
1
Q

What entities does the FCRA regulate?

A
  • any consumer reporting agency (CRA) that furnishes a consumer report
  • users of consumer reports: lenders, insurers, employers and others that use consumer reports
  • furnishers: lenders, retailers and others that furnish credit history or other personal information to the CRAs
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Define:

consumer reporting agency

FCRA

A

any person or entity that compiles or evaluates personal information for the purpose of furnishing consumer reports to third parties for a fee

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Define:

consumer report

A

any witten, oral, or other communication of any information by a CRA related to an individual that pertains to the person’s credit worthiness, credit standing, credit capacity, character, general reputation, personal characteristics or mode of living which is used in whole or in part for the purpose of serving as a factor in establishing a consumer’s eligibility for credit, insurance, employment or other business purpose

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are the five main requirements under the FCRA for CRAs?

A
  • CRAs must provide consumers access to the information contained in their consumer reports as well as the opportunity to dispute any inaccurate information
  • CRAs must take reasonable steps to ensure the maximum possible accuracy of information in the consumer report
  • CRAs must not report negative information that is outdated
  • CRAs must maintain records regarding entities that received consumer reports
  • CRAs must provide consumer assistance
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What information is “outdated” under the FCRA?

A

typically account data > 7yo or bankruptcies > 10yo

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What are the main requirements for users under the CRA?

A
  1. must have permissible purpose
  2. must certify the purpose and that the report won’t be used for any other purpose
  3. must provide certain notice of adverse action to the consumer
  4. must obtain consent if obtaining for employment purposes; if obtaining investigative consumer report; if medical info
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What are “permissible purposes” under the FCRA for a user to obtain a recredit report?

A
  • as instructed by consumer in writing
  • for extension of credit as a result of an application from a consumer, or the review or collection of a consumer’s account
  • for employment purposes where consumer has given written permission
  • for underwriting of insurance as result of application from consumer
  • when there is a legitimate business need, in connection with a business transaction that is initiated by the consumer
  • to review a consumer’s account to determine whether the consumer continues to meet the terms of the account
  • to determine a consumer’s eligibility for benefit granted by a governmental instrumentality required by law to consider an applicant’s financial responsibility or status
  • for use by a potential investor or servicer, or current insurer, in assessment of the credit or prepayment risks associated with an existing credit obligation
  • for use by state and local officials in connection with determination of child support payments
  • in response to court order or subpoena
  • for purpose of making “prescreened” unsolicited offers of credit or insurance
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Define:

adverse action

under FCRA

A

includes all business, credit and employment actions affecting consumers that can be considered to have a negative impact

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What are three types of “adverse actions”?

under FCRA

A
  • adverse actions based on info obtained from CRA
  • adverse actions based on info obtained from 3Ps that are not consumer reporting agencies
  • adverse actions based on info obtained from affiliates
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is a user required to do if taking an adverse action based on info obtained from a CRA?

under FCRA

A

must notify the consumer in writing, orally or by electronic means, and contain following elements:

  • name, address and phone # of CRA that provided report
  • statement that CRA did not make the adverse decision and can’t explain why decision was made
  • statement setting forth consumer’s right to obtain a free disclosure of the consumer’s file from the CRA if the consumer makes a request within 60 days
  • statement setting forth the consumer’s right to dispute directly with the CRA the accuracy or completeness of any information provided by the CRA
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is a user required to do if taking an adverse action based on info obtained from 3Ps that are not CRAs?

under FCRA

A

if info is covered by the FCRA, user required to clearly and accurately disclose to the consumer their right to be informed of the nature of the information that was relied upon if the consumer makes a written request within 60 days of notification

  • user must then respond within reasonable period of time
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is a user required to do if taking an adverse action based on info obtained from affiliates?

A

if info is covered by the FCRA and info obtained from an entity affiliated with the user of the information by common control or ownership, user required to clearly and accurately disclose to the consumer their right to be informed of the nature of the information that was relied upon if the consumer makes a written request within 60 days of notification

  • user must then respond within 30 days after receiving request
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What are the main requirements for a furnisher under FCRA (Furnisher Rule)?

A
  • must provide accurate info
  • must correct and update info by notifying CRA
  • must notify CRA of consumer dispute of information to CRA
  • must respond to a CRA report related to information resulting from identity theft info
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Define:

Risk-Based Pricing Rule

under FCRA

A
  • requires those offering credit to notify customers if they are receiving less favorable terms because of their credit report, and if less favorable than what is available to a substantial proportion of consumers acquiring loans from or through that person, then must also provide a risk-based pricing notice in accordance with regulations jointly prescribed by the CFPB and Fed
  • requires disclosure by all persons who use credit scores in making or arranging loans secured by residential real property to provide credit scores and other information about credit scores to applicants
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What requirements apply if an organization intends to use consumer report information for employment purposes?

A
  • make clear and conspicuous written notification to the consumer before the report is obtained, in a document that consists solely of the disclosure, that a consumer report may be obtained by the employer
  • obtain prior written consumer authorization in order to obtain a consumer report
  • authorization to access reports during term of employment may be obtained at time of employment
  • certify to CRA that above and following steps have been followed, that info being obtained won’t be used in violation of any federal or state equal opportunity law or regulation
  • before taking an adverse action, provide a copy of the report + summary of consumer’s rights (from CRA) to the consumer
  • provide adverse action notice safter adverse action taken
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is the exception to the notice/consent requirements under the FCRA if obtaining a consumer report for employment purposes?

A

investigations of:
1. suspected misconduct by an employee
2. compliance with federal, state or local laws or rules of a self-regulatory organization or
3. compliance with written policies of the employer

employer must:
1. comply with procedures set forth in the act
2. not use any credit information
3. provide a summary describing the nature and scope of the inquiry to the employee if adverse action is taken based on the investigation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Define:

investigative consumer reports

under FCRA

A
  • contain information about a consumer’s character, general reputation, personal characteristics, and mode of living
  • info obtained through personal interviews by entity or person that is a CRA
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What is the requirement for investigative consumer reports under the FCRA?

A

if a user intends to obtain an investigative consumer report, must disclose use to the consumer and the disclosure is subject to following requirements:

  • consumer must be informed that an investigative consumer report may be obtained
  • disclosure must be made in writing and must be mailed/otherwise delivered to consumer some time before report is obtained, but no later than five days after the date on which the report was first requested
  • disclosure must include statement informing consumer of their right to request additional disclosures of the nature and scope of the investigation, and the summary of consumer rights required by the FCRA
  • user must certify to CRA re disclosures
  • upon written request of consumer made w/in reasonable period of time after required disclosures, user must make complete disclosure of nature and scope of investigation
  • nature and scope disclosure must be made in written statement that is mailed/delivered to consumer no later than 5 days after the later of (i) date on which request was received from consumer and (ii) date on which report was first requested
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What limits does the FRCA place on use of medical information obtained from CRAs?

A

consumer must provide consent if:

  • medical info is to be used for an insurance transaction
  • if report to be used for employment purposes or in connection with a credit transaction (and medical info must be relevant)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Define:

prescreening

under FCRA

A

creditors and insurers obtaining limited consumer report information for use in connection with firm unsolicited offers of credit or insurance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What are the requirements under the FCRA for a user that intends to use prescreened lists?

A
  • before offer is made, establish the criteria that will be relied upon to make the offer and grant credit or insurance
  • maintains such criteria on file for 3-year period from date of offer to each consumer
  • include with each written solicitation a clear and conspicuous statement that states:
    1. info contained in a consumer’s CRA file was used in connection with the transaction
    2. consumer received the offer because they satisfied criteria for creditworthiness or insurability used to screen for the offer
    3. credit or insurance may not be extended if, after the consumer responds, it is determined that the consumer does not meet the criteria used for screening or any applicable criteria bearing on creditworthiness or insurability, or the consumer does not furnish required collateral
    4. consumer may prohibit the use of info in their file in connection with future prescreened offers of credit or insurance by contacting the notification system established by the CRA that provided the report (+ address and phone # of appropriate notification system)
    5. easy-to-understand language explaining that consumer can opt out of receiving such offers
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

How can the FCRA be enforced by consumers?

A
  • dispute resolution
  • private right of action
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

How does dispute resolution under the FCRA work?

A

consumer can fill a request with the CRA to dispute the accuracy of information and then require the CRA to investigate the consumer’s complaint

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

How does the private right of action under the FCRA work?

A
  • civil penalties: actual damages + statutory damages of $1k per violation, a max penalty of $4705 per willful violation
  • criminal penalties: officer or employer of CRA who, both knowingly and willingly, provides info concerning an individual from the company’s files to someone who isn’t authorized to receive that info can face criminal penalties and imprisonment
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Who can bring government actions under FCRA?

A
  • can be brought by FTC, CFPB and state AG
  • state AGs have had concurrent enforcement authority but are generally required to give notice to FTC prior to filing suit and the FTC retains authority to intervene
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

Define:

Fair and Accurate Credit Transactions Act

A

FACTA (2003) amended FCRA

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

Does FACTA preempt state law?

A

yes except in area of identity theft

28
Q

What consumer protections did FACTA enact?

A
  • required truncation of credit and debit card numbers
  • gave consumers new rights to explanation of their credit scores
  • gave individuals right to request a free annual credit report from each of three national consumer credit agencies, Equifax, Experian and Transunion
  • added identity theft protections
  • required regulators to promulgate a Disposal Rule and Red Flags Rule
29
Q

Define:

Disposal Rule

under FACTA

A

requires any individual or entity that uses a consumer report (or info derived from one) for a business purpose to dispose of that consumer info in a way that prevents unauthorized access and misuse of the data

  • standard = practices “reasonable” to protect against unauthorized access and misuse of the data
30
Q

Define:

disposal

under FACTA

A

any discarding, abandonment, donation, sale or transfer of information

31
Q

Who enforces the Disposal Rule?

under FACTA

A

FTC, federal banking regulators and CFPB

32
Q

Define:

Red Flags Rule

under FACTA

A

requires agencies that regulate financial institutions and creditors to develop and implement written identity theft detection programs that can identify and respond to the “red flags” that signal identity theft

33
Q

Who has rulemaking and enforcement authority over the Red Flags Rule?

under FACTA

A

CFPB

34
Q

Define:

Red Flag Clarification Act of 2010

A
  • passed in response to concern that definition of creditor extended to implicate unintended entities, such as attorneys and health providers, simply because they allow customers to pay their bills after the time of service
  • eliminates entities that extend credit only “for expenses incidental to a service”
35
Q

What types of entities does the Red Flags Rule apply to?

A

entities that, regularly and in the course of business:

  • obtain or use consumer reports in connection with a credit transaction
  • furnish information to consumer reporting agencies in connection with a credit transaction
  • advance funds to or on behalf of someone, except for expenses incidental to a service provided by the creditor to that person (e.g., attorney)
  • businesses with accounts that should be “subject to a reasonably foreseeable risk of identity theft”
36
Q

What are the requirements for an identity theft protection program under the Red Flags Rule?

under FACTA

A

program should generally identify relevant patterns, practices and specific forms of activity that are red flags of possible identity theft, incorporate these flags into the program, and update the program regularly to reflect changes in risks

37
Q

Who does GLBA apply to?

A

financial institutions: defined broadly as any U.S. company that is “significantly engaged” in financial activities

consumer: individual who obtain financial products or services from a financial institution to be used primarily for personal, family or household purposes

38
Q

What does the GLBA regulate?

A

financial institution management of nonpublic personal information: personally identifiable financial information (i) provided by a consumer to a financial relationship, (ii) resulting from a transaction or service performed for the consumer, or (iii) otherwise obtained by the financial institution

39
Q

Who has rulemaking and enforcement power under the GLBA?

A

rule-making: CFPB with exceptions for the SEC and Commodity Future Trading Commission (CFTC)
enforcement: federal financial regulators for institutions in their jurisdiction (like the Fed); otherwise by CFPB (and state AGs can also enforce)

40
Q

What are the key obligations of GLBA?

A
  • Privacy Rule
  • Safeguards Rule
41
Q

Does GLBA preempt state laws?

A

stricter state laws are NOT preempted under GLBA

42
Q

Is there a private right of action under the GLBA?

A

no

43
Q

What are the major components of the GLBA Privacy Rule?

A

financial institutions must:

  • provide customer with initial and annual privacy notices
  • clearly provide customers right to opt out of having their nonpublic personal information shared with nonaffiliated third parties and process opt-outs within 30 days
  • refrain from disclosing to any nonaffiliated third-party marketer, other than a CRA, an account number or similar form of access code to a consumer’s credit card, deposit or transaction account
  • comply with regulatory standards established by certain government authorities to protect the security and confidentiality of customer records and information, and protect against security threats and unauthorized access to or certain uses of such records or information
44
Q

What should the privacy notice contain?

under GLBA

A
  • what info the financial institution collects about its consumers and customers
  • with whom it shares nonpublic personal information
  • how it protects or safeguards such information
  • an explanation of how a consumer may opt out of having their info shared through a reasonable opt-out process
45
Q

Who can financial institutions share nonpublic personal information with?

A

if it meets the notice standard, with affiliated companies and joint marketing partners: other financial institutions with whom the entity jointly markets a financial product or service

if it meets the notice standard and provides opportunity to op-out, with non-affilaited companies and other third parties

46
Q

Financial institutions are prohibited from disclosing, even if they give consumers the right to opt out…

under GLBA

A

disclosing consumer account numbers to nonaffiliated companies for purposes of telemarketing and direct mail marketing

47
Q

Consumer cannot opt out of sharing of their information with nonaffiliated third parties by a financial institution if…

under GLBA

A
  • financial institution shares info with outside companies that provide essential services like data processing or servicing accounts
  • disclosure is legally required
  • financial institution shares customer data with outside service providers that market the financial company’s products or services
48
Q

Define:

GLBA Safeguards Rule

A
  • requires financial institutions to develop and implement a comprehensive information security program: program that contains administrative, technical and physical safeguards to protect the security, confidentiality and integrity of customer information
49
Q

What are the three levels of security for consumer information?

under GLBA

A
  • administrative security which includes program definition, management of workforce risks, employee training, vendor oversight
  • technical security which covers computer systems, networks and applications in addition to access controls and encryption
  • physical security which includes facilities, environmental safeguards, business continuity and disaster recovery
50
Q

Safeguards must be…

under GLBA

A

reasonably designed to:
1. ensure the security and confidentiality of customer information
2. protect against any anticipated threats or hazards to the security or integrity of the information and
3. protect against unauthorized access to or use of the information that could result in substantial harm or inconvenience to any customer

51
Q

What basic elements must the information security program contain?

under GLBA

A
  • designate employee to coordinate safeguards
  • ID and make a written assessment of the risks to customer information in each relevant area of the company’s operation and evaluate effectiveness for controlling those risks
  • design and implement safeguard program and regularly monitor and test it
  • select appropriate service providers and enter into agreements with them to implement safeguards
  • evaluate and adjust the program in light of relevant circumstances, including changes in business arrangements or operations, or results of testing and monitoring of safeguards
52
Q

Define:

California Financial Information Privacy Act (CFIPA)

A

expands financial privacy protections under GLBA by increasing disclosure requirements of financial institutions and granting consumers increased rights w.r.t. sharing of information

  • written opt-in consent required for a financial institution to share personal information with nonaffiliated third parties
  • consumers can opt out of information sharing between their financial institutions and affiliates not in the same line of business
53
Q

Define

NY regulations on financial privacy and security

A
  • impose cybersecurity mandates on all covered financial institutions in line with NIST Cybersecurity Framework
  • definition of nonpublic information broader than GLBA
  • has key requirements not in GLBA on personnel, reporting obligations, documentation obligations and third-party service providers
54
Q

Define

CFPB

A

independent bureau within the Federal Reserve that oversees relationship between consumers and providers of financial products and services

55
Q

What does CFPB have broad authority over?

A
  • holds broad authority to examine, write regulations and bring enforcement actions concerning businesses that provide financial products or services, including service providers
  • has rulemaking authority for specific laws such as FCRA, GLBA
  • has enforcement authority over all nondepository financial institutions and all depository financial institutions with more than $10 billion in assets
  • for depository institutions with assets of $10b or less, CFPB promulgates rules but banking regulators retain enforcement power
  • can also bring enforcement actions for unfairness and deception + power to enforce against “abusive acts and practices”
56
Q

Define

abusive act or practice

CFPB

A

abusive act or practice (1) materially interferes with the ability of a consumer to understand a term or condition of a consumer financial product or service or (2) takes unreasonable advantage of

  • a lack of understanding on the part of the consumer of the material risks, costs or conditions of the product or service;
  • the inability of the consumer to protect its interests in selecting or using a consumer financial product or service; or
  • the reasonable reliance by the consumer on a covered person to act in the interests of the consumer
57
Q

Define:

Electronic Fund Transfer Act (EFTA) (1978)

A
  • enacted to establish rights of consumers as well as responsibilities of companies involved in electronic fund transferred
  • enforced by CFPB
58
Q

Define:

electronic fund transfer (EFT)

A

any transfer of funds that is initiated through an electronic terminal, telephone, computer or magnetic tape for the purpose of ordering, instructing or authorizing a financial institution to debit or credit a consumer’s account (including person-to-person payments like Zelle and Venmo)

59
Q

Define

financial institution

under Electronic Fund Transfer Act

A
  • banks, savings associations, credit unions
  • any person that directly or indirectly holds an account belonging to a consumer
  • any person that issues an access device and agrees with a consumer to provide EFT services
60
Q

What is the goal of anti-money-laundering laws?

A

to “follow the money” to help detect and deter illegal activity and provide evidence for proving illegality

61
Q

Define

Bank Secrecy Act / Currency and Foreign Transaction Reporting Act of 1970

A

financial institutions must keep records and file reports on certain financial transactions which may be relevant to criminal, tax or regulatory proceedings

62
Q

Define:

financial institutions

under Bank Secrecy Act

A

banks, securities brokers and dealers, money services businesses (including financial institutions handling cryptocurrencies), casinos, card clubs and other entities subject to supervision by any state or federal bank supervisory authority

63
Q

What kind of transactions does the BSA regulate?

A
  • currency transactions (wire transfers, direct deposits)
  • transportation of monetary instruments (traveler’s checks, money orders, etc.)
  • purchase of currency-like instruments (like CDs)
  • extensions of credit in excess of $10k (excluding credit secured by real property)
64
Q

When does a financial institution need to file a suspicoius activity report?

under Bank Secrecy Act

A
  • financial institution suspects that an insider is committing a crime, regardless of $ amount
  • when entity detects possible crime involving $5k or more and has substantial basis for identifying a suspect
  • when entity detects possible crime involving $25k or more even if no substantial basis for identifying a suspect
  • when entity suspects currency transactions aggregating $5k or more that involve potential money laundering or a violation of the act
65
Q

Define:

The International Money-Laundering Abatement and Anti-Terrorist Financing Act of 2001

A
  • part of PATRIOT Act and expanded reach of BSA, including new reporting and recordkeeping requirements for different industries (e.g., broker-dealers) and currency transactions
  • gave U.S. treasury secretary ability to promulgate broad rules to implement Know Your Customer (KYC) requirements and to otherwise deter money laundering
66
Q

Define:

Foreign Act Tax Compliance Act of 2010

A

targets non compliance with U.S. tax laws for U.S. taxpayers with foreign accounts

67
Q

Define:

Anti-Money Laundering Act of 2020 (AML ACT)

A

expanded key definitions to explicitly include virtual currencies in scope of BSA, updated whistleblower incentives and protections, and extended subpoena authority for foreign banks with U.S. correspondent accounts