September 21, 2022
The Consumer Financial Protection Bureau (“CFPB”) recently sent shockwaves through the consumer financial services industry by announcing a public enforcement action against an auto finance company totaling $19.2 million in penalties and customer redress,1 representing a significant amount per impacted customer. This enforcement action marks the first time the CFPB has required customer redress to individuals impacted by credit furnishing errors. For entities that furnish consumer credit information, the stakes of furnishing inaccurate information are higher than ever before.
Furnishing consumer credit reporting data – whether via Metro 2®, Automated Universal Dataform (“AUD”), or Automated Credit Dispute Verification (“ACDV”) – poses its own unique set of challenges. Some of these difficulties include:
Financial institutions and other entities that furnish consumer credit information should view the recent enforcement action by the CFPB as a wake-up call to consider reviewing the following key areas against industry best practices and regulatory guidance. Remediating gaps in these areas can assist in reducing potential consumer harm, regulatory risk, and possible litigation.
Review Policies, Procedures and Training
It is essential for data furnishers to understand the required components for Fair Credit Reporting Act (“FCRA”) related policies and procedures under Section III of Appendix E to Part 1022 – Interagency Guidelines Concerning the Accuracy and Integrity of Information Furnished to Consumer Reporting Agencies (“Appendix E”). This Section lists 13 separate components that should be addressed, including use of standard data formats, record retention, deletion of records and periodic evaluation of a company’s own practices.2 Additionally, there are other obligations for both furnishers of consumer credit report information and users of credit reports found in the FCRA that should be mapped to one or more corporate policies and procedures.3, 4
Organizations can benefit from an assessment of existing policies and procedures against the requirements detailed in the FCRA and Appendix E, including confirmation of compliance during the normal course of business. Policies and procedures should also be reinforced through proper training and the use of job aids or similar tools to help guide employees.
Data Furnishing Quality Control
Another important component of Appendix E is implementation of quality control processes pertaining to the data that is sent to the CRAs.5, 6 The CFPB’s most recent and previous enforcement actions related to credit reporting set a clear expectation that furnishers will perform self-audits and monitoring to ensure the accuracy and integrity of data transmitted to CRAs. Controls should be in place for both pre- and post-transmission of credit reporting data.
For pre-transmission quality control, there are a range of third-party tools including FTI Consulting’s EvaluData7 that can be deployed to compare fields within the furnishing file and identify illogical conditions (e.g., accounts with an amount past due but a current account status). Whether conducted internally, or through the use of a third-party tool, this type of monitoring can be a very effective way to perform some level of quality control on every single account furnished.
For post-transmission quality control, it is highly recommended to review a sample of reported accounts and recalculate each data field reported for that month. Discrepancies between the recalculated data fields and the furnished data fields for each tradeline should be identified, reconciled and an investigation performed to determine the root cause. If the root cause is a potential system, technology or process issue that could lead to other accounts being impacted, those issues should be prioritized and resolved accordingly. If it is a one-off item, such as a manual processing error, this can be addressed through training and the development or enhancement of controls.
Credit Reporting Change Management
Finally, given that organizations undergo constant change, it is important to develop processes to determine the downstream impact to credit reporting and accommodate through updates to policies and procedures, technology, staffing, and training. Changes that have downstream impacts on credit reporting include changes to technology (e.g., new servicing system, tools for credit reporting, new vendors, etc.), new product offerings or business rules requiring changes to how consumer data is furnished in certain scenarios, and changes to the credit reporting guidance and regulatory requirements. When these types of changes are expected, it is highly recommended to engage with key stakeholders early and often to avoid negative outcomes.
Taking it a step further, there should also be thorough testing and monitoring around change management activities including before and after the impacted change, to understand the effectiveness and update change management processes as needed. Given the complexity, change management activities often have unintended negative consequences, so process improvement in this area can be highly beneficial.
Maintaining an end-to-end FCRA business requirements document (“BRD”) is also a key best practice as organizations address more complex credit reporting situations such as bankruptcy, charge-offs and account transfers. In addition to providing insight when evaluating the impact of changes, a BRD provides transparency around furnishing logic and business rules for regulators and other third parties such as external auditors.
Data furnishers should prioritize reviewing these key areas and engaging with a third party consultant for more specialized assistance when needed, such as when conducting an in-depth review of accounts to help identify root causes of system logic and data discrepancies. Such a review also would yield recommendations on process improvements and controls to reduce future furnishing errors.
Compliance with the FCRA has become a high-risk issue for data furnishers of all sizes due to increased regulatory scrutiny around furnishing consumer credit report information. The CFPB’s decision to require redress to individual customers impacted by credit furnishing errors sets the precedent for additional costly enforcement actions. All data furnishers should consider themselves on notice that the CFPB is closely scrutinizing areas of weakness in credit reporting processes and is elevating the issue with a new level of enforcement.
Footnotes:
1: Hyundai Capital America, Consumer Financial Protection Bureau, (July 26, 2022), https://www.consumerfinance.gov/enforcement/actions/hyundai-capital-america/.
2: 12 C.F.R. Appendix E to Part 1022 (2012).
3: 15 U.S. Code § 1681b – Permissible purposes of consumer reports
4: 15 U.S. Code § 1681s–2 – Responsibilities of furnishers of information to consumer reporting agencies
5: CFPB Supervisory Highlights: Spring 2022, Section 2.2.7, Consumer Financial Protection Bureau, (May 2022), https://files.consumerfinance.gov/f/documents/cfpb_supervisory-highlights_issue-26_2022-04.pdf.
6: Enforcement actions, Consumer Financial Protection Bureau, (accessed August 23, 2022), https://www.consumerfinance.gov/enforcement/actions/?title=data&from_date=&to_date= (search “data” in the “Search by keyword(s)” dialogue box under the heading “Filter enforcement actions”).
7: Credit Reporting Data Analytics Service Sheet, FTI Consulting, Inc., (June 17, 2022), https://www.fticonsulting.com/insights/service-sheets/credit-reporting-data-analytics-service-sheet.
September 21, 2022
David King
Senior Managing Director
Badri Sridhar
Managing Director
Troy Kubes
Managing Director
Forensic & Litigation Consulting
© 2022 FTI Consulting, Inc., including its subsidiaries and affiliates, is a consulting firm and is not a certified public accounting firm or a law firm. All Rights Reserved.