January 15, 2016

CFPB Consent Order Highlights FCRA Requirements for Users and CRAs

2 min

A consumer reporting company and its CEO entered into a consent order with the CFPB over alleged violations of the Fair Credit Reporting Act (FCRA). According to the Bureau, Clarity, a nationwide credit reporting company, compiles and sells credit reports to financial service providers with a focus on the subprime lending market. The CFPB alleged that Clarity used a number of the consumer reports it purchased in marketing materials for potential clients.

The violations alleged by the CFPB include:

  • Failing to investigate consumer credit reporting disputes: The CFPB alleges that Clarity failed to investigate consumer disputes, including disputes relating to credit inquiries, as required under FCRA. The CFPB found that Clarity would not reinvestigate unless the consumer provided specific documentation and did not investigate disputes related to identity theft. The CFPB also found that Clarity often failed to provide information to furnishers about consumer disputes.
  • Obtaining consumer reports without permission: The CFPB alleged that Clarity used personal consumer information without a permissible purpose when it used consumer reports to help market its products. According to the CFPB, Clarity obtained over 190,000 consumer reports from another credit reporting company, which then incorrectly reflected a permissible inquiry by a lender.

Under the consent order, Clarity and its CEO are required to:

  • Halt any violative credit reporting practices, including pulling consumer reports and selling them to third parties that lack a permissible purpose;
  • Create or revise policies and procedures to ensure users of consumer credit reports have a permissible purpose—including through the development of enhanced employee training;
  • Create or revise policies and procedures, including employee training, to ensure that complete investigations are conducted when they are notified of consumer disputes, including disputes regarding unauthorized access to credit reports; and
  • Pay an $8 million civil money penalty to the CFPB.