The Equal Credit Opportunity Act (ECOA) and its implementing regulation (Federal Reserve Board's Regulation B, 12 C.F.R. Part 202) prohibit discrimination on a number of prohibited bases, including the fact that a consumer has, in good faith, exercised a right under the Consumer Credit Protection Act (CCPA.) The CCPA comprises several consumer protection titles. Title VI of the CCPA is the Fair Credit Reporting Act (FCRA).
The Fair and Accurate Credit Transactions Act of 2003 (FACT Act) amended the FCRA and created several new consumer rights. Among these is the right to place alerts on consumer reports maintained by consumer reporting agencies. Individuals who have been or may be victims of identity theft may place fraud alerts on their consumer reports. Similarly, active duty military consumers or individuals acting on their behalf may request extended alerts.
The goal of these alerts is to protect consumers' information from identity theft and to help prevent new extensions of credit using stolen identities. A component of these alerts is the option for consumers to provide information such as telephone numbers where they may be contacted by subsequent users of the consumer reports.
When a user of a consumer report, such as a bank considering a consumer's application for credit, obtains a consumer report containing one of the alerts discussed above, the user must take steps to verify the identity of the person who has applied for credit. Unless a user of a consumer report uses reasonable policies and procedures to verify the identity of the person making the request, the FCRA prohibits a user of a report containing these alerts from:
- Establishing new credit plans or extension of credit (other than draws on an existing open-end line of credit) in the name of the consumer;
- Issuing an additional card on an existing credit account requested by a consumer; and
- Increasing a credit limit on an existing credit account at the consumer's request.
Pursuant to the FCRA, a user of a consumer report in this situation must contact the consumer by using the telephone number provided in the alert or take reasonable steps to verify the consumer's identity and confirm that the application is not the result of identity theft.
Recently, the FDIC has become aware of situations in which creditors have denied applications for credit based on the presence of fraud or active duty alerts on the applicants' consumer reports. In these cases, no steps were taken to attempt to verify the identity of the applicants before the applications were denied based on the alerts. Financial institutions are reminded that denying credit or taking other adverse actions related to credit because of the presence of a fraud or active duty alert constitutes unlawful discrimination based on the exercise of a right under the CCPA, thus violating the ECOA.
Financial institutions must take reasonable steps to identify applicants when they obtain consumer reports that contain fraud or active duty alerts. FDIC-supervised institutions are encouraged to develop and adopt effective procedures to address these responsibilities. Procedures should ensure that every effort is made to contact the consumer using the information provided by the consumer within the fraud or active duty alert. This step is designed to protect the consumer from being further victimized by identity theft and to protect the financial institution from incurring losses due to fraud.
Questions about the FCRA may be directed to David Lafleur, Policy Analyst-Compliance, at (202) 898-6569 or firstname.lastname@example.org. Questions about the ECOA and Regulation B may be directed to Russ Bailey, Senior Fair Lending Specialist, at (202) 898-6529, or email@example.com.
||Sandra L. Thompson
Division of Supervision and Consumer Protection