At times, our loan officers pull credit without obtaining a written authorization from the consumer? Is this acceptable or do we need written authorization prior to pulling credit? What are the penalties for noncompliance?
Although it is always best to obtain a written authorization, a consumer reporting agency may furnish a credit report “to a person which it has reason to believe—(A) intends to use the information in connection with a credit transaction involving the consumer on whom the information is to be furnished and involving the extension of credit to, or review or collection of an account of, the consumer.”
[15 USC §1681b(a)(3)(A)]
Absent a written authorization (or a documented verbal authorization), the issue is whether this permissible purpose existed. If the consumer applied for credit, whether in person, by phone, by mail, or electronically, the creditor has a permissible purpose to obtain a consumer report on the applicant, and thus does not need specific authorization from the applicant. That being said, it is always best to obtain a written authorization from the consumer so that you are protected in case the consumer asserts, especially in instances of phone applications, that he did not apply for credit. If verbal authorization was provided, the loan officer should document the file and confirm such verbal authorization as soon as practical with the customer such as through an e-mail confirmation.
The private enforcement provisions of the Fair Credit Reporting Act (FCRA) permit a consumer to bring civil suit against a credit reporting agency for willful noncompliance with the FCRA, for actual damages in an amount of at least $100 but not more than $1,000 per violation. If a natural person obtains a consumer report through false pretenses or without a permissible purpose, the consumer will be entitled to the greater of $1,000 or actual damages.
Additionally, the consumer can seek punitive damages (there is no ceiling on the amount that may be awarded) and, if successful, the consumer will be awarded attorney’s fees and cost of suit.
[15 USC §1681n]
If a business or natural person obtains a consumer report from a consumer reporting agency through false pretenses or without a permissible purpose, the business or consumer will be liable to the consumer reporting agency for the greater of $1,000 or actual damages sustained by the agency. In the case of negligent noncompliance, the consumer may bring suit for actual damages, and if the consumer prevails, obtain an award of attorney’s fees and costs of suit. [15 USC §1681o]
The FCRA also outlines administrative enforcement consequences facing businesses and individuals who intentionally and continuously persist in violating the FCRA regulations. Repeat offenders are subject to a fine of up to $2,500 per infraction. In determining the amount of the fine, consideration is given to the history of the business’ or individual’s prior conduct, the degree to which they are culpable, and their ability to pay, among other factors. [15 USC 1681s] An individual using false pretenses to obtain a consumer report may also be subject to criminal charges.
In addition to the federal Fair Credit Reporting Act, a creditor must be cognizant of state laws as some states, such as Vermont, require the consumer’s authorization prior to pulling credit. Other states do not have such a requirement.
Joyce Wilkins Pollison
Director/Legal & Regulatory Compliance
Lenders Compliance Group