The Fair Credit Reporting Act Flashcards
What are the three principal purposes the Fair Credit Reporting Act was enacted to serve?
he Fair Credit Reporting Act was enacted to: (1) regulate the consumer reporting industry and to ensure that the issuers of consumer reports provide information that is fair and equitable to members and fair and accurate to report users; (2) prohibit consumer-reporting agencies from taking actions that are unfair or that adversely affect a member’s credit and ability to obtain credit; and 3) restrict the availability and use of consumer reports.
What are the permissible uses for consumer reports under the FCRA?
Permissible uses of consumer reports include: (1) determining an applicant’s eligibility for credit, insurance, or to open a deposit account or in connection with a review or collection of a member’s account; (2) in response to a court order; (3) prescreening a list of members to solicit for credit services; and 4) in accordance with written instructions of the member to whom the report relates.
When information obtained from a credit bureau has any bearing on a credit decision, what information must be disclosed to the member?
When information obtained from a credit bureau has bearing on a credit decision, you must disclose orally or in writing: (1) that information from a credit bureau was used in the credit decision; (2) the name, address, and telephone number (toll free if a nationwide bureau) of the credit bureau used; (3) statement that the credit bureau did not make the decision to take the adverse action; (4) notice of the member’s right to get a free copy of his or her credit report from the bureau upon written request within 60 days; and (5) notice of the member’s right to dispute with the bureau the accuracy or completeness of any information in his or her report. You do not have to include the nature of the information in the report.
Under what circumstances would your credit union become a consumer-reporting agency?
Your credit union could become a consumer-reporting agency if you report to others information you gather from sources other than through your own experience with the member.
What is the duty of a credit union upon discovering that incorrect information has been given to consumer-reporting agencies?
The credit union must: (1) provide the complete and accurate information to the CRA; and (2) notify each CRA to whom the incorrect or incomplete information was given to.
If you use a prescreened list of members to offer credit, you must make that offer to all members who pass the selection process. List two of the five disclosures that must be made to those members.
The credit union must disclose: (1) information from the member’s consumer report was used in connection with the offer; (2) that the member satisfied the criteria to determine creditworthiness; (3) that the member may still not qualify for the credit if it is determined after receipt of acceptance of the offer that he or she no longer qualifies; (4) the member has the right to prohibit the information obtained from the CRA from being used in connection with the credit transaction the member did not initiate; and (5) the member may contract the CRA to prohibit the use of the information.
Both the Gramm-Leach-Bliley Act and the Fair Credit Reporting Act set
standards for the types of nonpublic personal information that credit unions can disclose to third parties. What is the only type of information the FCRA allows credit unions to disclose without limitation?
Credit unions can only share “experience” information without limitations.
When should you notify your member that negative information would be reported to a credit bureau?
The notice must be provided either prior to, or no later than 30 days after the negative information is furnished to the credit bureau. It may be combined with any notice of default, any billing statement, or any other materials provided to the member, as long as the notice is “clear and conspicuous.” The credit union may not, however, combine the notice with the initial Truth in Lending disclosures.
What is the credit union required to provide loan applicants if it uses credit scores in connection with making mortgage loans?
The credit union must provide a “Notice to Home Loan Applicants” and the credit score (along with key factors associated with the score).
What are the identity theft requirements?
Have reasonable procedures in place to respond to any notification from a credit bureau that the information furnished was the result of identity theft and to prevent refurnishing that same information in the future.
Do not furnish information the member has identified as resulting from ID theft unless the credit union knows or is informed by the member that the information is correct. If the credit union learns that it has furnished inaccurate information due to ID theft, each consumer-reporting agency that received that information must be notified that it is incorrect and then report only complete and accurate information.
If the credit union is notified that a debt was a result of identity theft, the loan cannot be sold, transferred, or placed for collection. (However, there are very limited exceptions, for example, if a debt is transferred as a result of a merger or repurchased because the credit union found out the debt resulted from ID theft).
What requirements must be met before a credit union obtains and uses medical information in determining credit eligibility?
Under the “financial information exception,” credit unions may obtain and use medical information in determining credit eligibility if the following three requirements are met:
* The information relates to debts, expenses, income, benefits, assets,
collateral, or the purpose of the loan, including the use of the proceeds.
* The credit union uses the information in a manner and to an extent no less favorable than it would use comparable information that is not medical information in a credit transaction. (Medical expenses or income may be treated more favorably.)
* The credit union does not take the consumer’s physical, mental, or behavioral, condition or history, type of treatment, or prognosis into account as part of any credit eligibility determination.
How should a credit union respond when it finds a fraud alert on the member’s credit report?
For initial active-duty alerts, if the consumer has specified a telephone number in the alert, the credit union cannot extend any credit until it contacts the consumer using that number or takes other reasonable steps to verify the person’s identity and confirm that the application for credit is not the result of ID theft. For extended alerts, the credit union must contact the consumer in person, at the telephone number indicated in the alert, or other reasonable contact method specified by the consumer before credit is granted, additional cards are sent, etc.
What are the key elements of an ID theft prevention program?
Every program must contain “reasonable policies and procedures” to:
* Identify relevant red flags and incorporate them into the program,
* Detect red flags that have been incorporated into the program.
* Respond appropriately to any red flags that are detected to prevent and mitigate identity theft.
* Ensure the program is updated periodically to reflect changes in risks to members or to the safety and soundness of the credit union from ID theft.
The initial program must be approved by the credit union’s board of directors or a board committee. In addition, credit unions must involve the board, any appropriate committees, or a designated a senior management employee in the oversight, development, implementation and continued administration of the program; train staff as necessary to effectively implement the program; and exercise appropriate oversight of any service provider arrangements to ensure that vendors have policies and procedures in place to detect, prevent and mitigate the risk of ID theft.
The red flag regulations also require credit and debit card issuers to assess the validity of change of address request. What steps can the card issuer take to assess whether the change of address is valid?
The card issuer can:
* Notify the cardholder at the old address.
* Notify the cardholder through some other means of communication that the cardholder has previously agreed to; or
* Use another method of assessing the validity of the change of address that the credit union has included in its red flag program.
Under the affiliate marketing rules, an affiliate cannot use shared member information for marketing purposes unless 3 conditions are met. What are those conditions?
Under the affiliate marketing rules, if a credit union shares eligibility information with an affiliated entity, the affiliate cannot use that information to make a solicitation for marketing purposes unless the consumer is:
* provided with a notice that the information may be used for marketing solicitations.
* given a reasonable opportunity to “opt-out” of these solicitations; and
* the consumer does not “opt-out.”