The Equal Credit Opportunity Act (ECOA) and its implementing regulation
(Federal Reserve Board's Regulation B, 12 C.F.R. Part 202) prohibit
discrimination on a number of prohibited bases, including the fact that a
consumer has, in good faith, exercised a right under the Consumer Credit
Protection Act (CCPA.) The CCPA comprises several consumer protection
titles. Title VI of the CCPA is the Fair Credit Reporting Act (FCRA).
The Fair and Accurate Credit Transactions Act of 2003 (FACT Act) amended the
FCRA and created several new consumer rights. Among these is the right to
place alerts on consumer reports maintained by consumer reporting agencies.
Individuals who have been or may be victims of identity theft may place
fraud alerts on their consumer reports. Similarly, active duty military
consumers or individuals acting on their behalf may request extended alerts.
The goal of these alerts is to protect consumers' information from identity
theft and to help prevent new extensions of credit using stolen identities.
A component of these alerts is the option for consumers to provide
information such as telephone numbers where they may be contacted by
subsequent users of the consumer reports.
When a user of a consumer report, such as a bank considering a consumer's
application for credit, obtains a consumer report containing one of the
alerts discussed above, the user must take steps to verify the identity of
the person who has applied for credit. Unless a user of a consumer report
uses reasonable policies and procedures to verify the identity of the person
making the request, the FCRA prohibits a user of a report containing these
alerts from:
- Establishing new credit plans or extension of credit (other than draws
on an existing open-end line of credit) in the name of the consumer;
- Issuing an additional card on an existing credit account requested by a
consumer; and
- Increasing a credit limit on an existing credit account at the
consumer's request.
Pursuant to the FCRA, a user of a consumer report in this situation must
contact the consumer by using the telephone number provided in the alert or
take reasonable steps to verify the consumer's identity and confirm that the
application is not the result of identity theft.
Guidance
Recently, the FDIC has become aware of situations in which creditors have
denied applications for credit based on the presence of fraud or active duty
alerts on the applicants' consumer reports. In these cases, no steps were
taken to attempt to verify the identity of the applicants before the
applications were denied based on the alerts. Financial institutions are
reminded that denying credit or taking other adverse actions related to
credit because of the presence of a fraud or active duty alert constitutes
unlawful discrimination based on the exercise of a right under the CCPA,
thus violating the ECOA.
Financial institutions must take reasonable steps to identify applicants when
they obtain consumer reports that contain fraud or active duty alerts.
FDIC-supervised institutions are encouraged to develop and adopt effective
procedures to address these responsibilities. Procedures should ensure that
every effort is made to contact the consumer using the information provided
by the consumer within the fraud or active duty alert. This step is designed
to protect the consumer from being further victimized by identity theft and
to protect the financial institution from incurring losses due to fraud.
Questions about the FCRA may be directed to David Lafleur, Policy
Analyst-Compliance, at (202) 898-6569 or dlafleur@fdic.gov. Questions about
the ECOA and Regulation B may be directed to Russ Bailey, Senior Fair
Lending Specialist, at (202) 898-6529, or rbailey@fdic.gov.
|
Sandra L.
Thompson
Acting Director
Division of Supervision and Consumer Protection
|