Businesses face many regulations, which can become confusing and overwhelming. The FCRA has specific requirements that apply to most companies. It's crucial that you understand the law and how it applies to your business.
Read our FCRA 101 article below to learn about the FCRA, the most common FCRA regulations, and why it’s essential for businesses to pay attention to consumer and employee rights.
What Is the FCRA?
The Fair Credit Reporting Act (FCRA) was created to protect consumer information that credit bureaus, medical information companies, and property owners collect to screen individuals for various purposes.
The FCRA regulates the following:
- Who can collect consumer information
- The processes for collecting and providing consumer information
- How consumers can access their information
- The procedures for disputes and identity theft
Before the FCRA was enacted, a person’s credit report was more likely to include inaccurate records. Unfortunately, some people became victims of wrong information, resulting in lost opportunities. In addition, people didn’t have the right to view their reports.
The FCRA gave more rights to consumers and created more rules for businesses.
FCRA Requirements Checklist
FCRA requirements primarily come into play when businesses use consumer information for various decision-making purposes or provide consumer information to credit reporting agencies (CRAs). Ask yourself the following questions.
- Do you obtain consumer information for any reason?
- Do you provide consumer information to CRAs or other third-parties?
- Do you market credit or insurance products?
- Are you hiring or making other employment decisions?
If you answered yes to any of the questions above, you must comply with the following FCRA overview of requirements.
The FCRA allows businesses to use consumer information for the following:
- Credit transactions, such as lending or collecting credit
- Underwriting insurance
- Employment decisions
- Housing decisions
- Investing decisions
- Other business needs, such as reviewing accounts
- To determine eligibility for licenses that require financial responsibility
If your business is using consumer information for any of the above, you must have systems in place to ensure that you are meeting your legal obligations outlined in the FCRA. If you are using consumer information for any other reason not listed above, you could already be in noncompliance with the FCRA and could face penalties.
Disclosures & Consent
You must provide individuals with a disclosure form that informs them of your intent to obtain consumer information. The disclosure form must be a standalone form that isn’t integrated into a packet of paperwork.
You also have to receive consent from the individual to obtain the consumer’s information. The FCRA has requirements for the authorization form’s wording and formatting, so it can be helpful to use the FCRA’s model forms. Some states may also have additional requirements.
Adverse Action Notice
You must follow the FCRA’s adverse action procedure if you consider taking negative action based on consumer information. Adverse action may include not approving a loan, denying a request for credit increases, or closing an account.
First, you must send notice of the action you are considering. You should also include a copy of the individual’s federal summary of rights and the report used to screen the individual. Then, you must give the consumer time to dispute the information. There is no requirement for how long to provide them, but five days is generally acceptable.
After the waiting period, you can make your final decision. You must provide a second notice of this action. You must also include contact information for the CRA that provided the report and a statement that the CRA is not responsible for your decision. You should also inform the individual that they can get another copy of the report and still make disputes with the CRA.
If your business uses algorithms to make automatic decisions based on consumer information, you must be extra cautious with FCRA requirements. It is especially important that your business ensures that the consumer information is accurate and that your algorithm is fair and effective.
Algorithms may not be able to discern inaccurate information, so consumers must have the opportunity to correct the information, which is why businesses must follow regulations for adverse action notices. In addition, some algorithms can cause discrimination against protected classes.
It’s essential that businesses test algorithms and artificial intelligence (AI) before using them in their business operations.
Why Should You Take It Seriously?
If you violate the FCRA, your business could face costly penalties. Let’s take a look at some below:
- Negligent violation: If you unknowingly violate the FCRA, your business could face civil penalties, such as fines.
- Multiple negligent violations: If you commit more than one violation, you could get fined an additional $100 for each subsequent violation.
- Willful violation: If you knowingly violate the FCRA, your business may need to pay fines, and the court may choose to impose additional penalties based on the amount of damage that you caused.
- Obtaining consumer information without a permissible reason: If you obtain consumer information without a permissible reason, you can receive up to two years in federal prison.
On top of the fines and penalties listed above, violating the FCRA can damage your business. You may waste time and money on lawsuits, or your brand name and reputation could suffer. Following your legal requirements shows customers, applicants, and employees that you care about their rights.
Your business should do its best to comply with the FCRA requirements. Fortunately, many resources can help you complete your duties outlined in the FCRA’s regulatory requirements. For example, legal counsel may be able to give you an “FCRA for dummies” plan that is easy to implement.
If you need help or have questions about your FCRA requirements, contact us here at Bloom Credit.