Banking law and the Foreign Account Tax Compliance Act

Banking Law - Fair and Accurate Credit Transactions Act (FACTA)

Memorandum of Law

Bank's Responsibilities under the Fair and Accurate Credit Transactions Act (FACTA)

The purpose of this memorandum is to provide the bank's chief compliance officer with the background and an overview of the FACTA and its implications for the bank for compliance purposes. The Federal Deposit Insurance Corporation (FDIC) and other federal financial institution regulatory agencies and the Federal Trade Commission (FTC) have jointed published rules related to compliance with the Fair and Accurate Credit Transactions Act (FACTA). This memorandum of law provides a definition of what FACTA (hereinafter alternatively "the Act" or "FACTA") is and to whom the law applies and describes what commercial banks must do to comply with FACTA and any regulations promulgated thereunder. To this end, a description of the general provisions of the Act is followed by a discussion of FACTA as it applies to banks in general and to state-chartered banks doing business in Tennessee in particular. A summary of the research related to FACTA and salient conclusions follow.

General Provisions of the Fair and Accurate Credit Transactions Act.

In response to the growing threat of identity theft, the federal government has made sweeping changes and additions to the Fair Credit Reporting Act (FCRA). Signed into law Dececember 14, 2003, the new Fair and Accurate Credit Transactions Act of 2003 (FACTA) has added provisions to enhance the accuracy of credit reports, gives consumers more access to their credit information, and puts systems in place that will combat identity theft; however, FACTA does not replace the FRCA but supplements its provisions (Royal, 2004). For the purposes of compliance with the FACTA, "identity theft report" has been defined by the FTC to include any report a consumer filed with federal, state, or local law enforcement, including the U.S. Postal Service and the FTC if filing a false report subjects them to criminal penalties; however, institutions may request additional information to verify the validity of the claim (Feddis, 2005). In sum, beginning December 1, 2004, American consumers are able to request one free credit report per year, an initiative intended to allow consumers to maintain oversight of their credit rating without having to pay a fee to a consumer reporting agency (Royal, 2004). As a result of the Act, consumers will also be able to place fraud alerts on their credit files if they believe they have been the victims of identity theft. Once the alert is there, creditors will not be permitted to open new accounts in a consumer's name without first contacting the consumer (Royal, 2004). Prior to the passage of the FACTA, American consumers were forced to contact the three major credit bureaus (i.e., Equifax, Experian, and TransUnion) to alert them that incidents of fraud may have taken place; while these administrative processes were taking their course, an identity thief have additional opportunities to obtain even more credit in the consumer's name. In this regard, Sovern (2004) reports that, "Consumers complain that even after they place fraud alerts in their credit files, identity thieves are still able to borrow in their names. Identity thieves have obtained loans despite applications containing obvious errors. Victims report that consumer reporting agencies -- known colloquially as credit bureaus -- have automated telephone answering systems that make it impossible for victims to reach a human being for aid" (p. 233). The FACTA also contains provisions that allow consumers that become active duty military to place a special notice on their credit file to prevent becoming victims of fraud while they are assigned abroad (Royal, 2004).

According to a recent Interagency Advance Notice of Proposed Rulemaking: Procedures to Enhance the Accuracy and Integrity of Information Furnished to Consumer Reporting Agencies" (2006), Section 312 of the amended the FCRA to enhance the ability of consumers to combat identity theft, increase the accuracy of consumer reports, restrict the use of medical information in credit eligibility determinations, and allow consumers to exercise greater control regarding the type and amount of solicitations they receive. Section 312 of the FACT Act amends section 623 of the FCRA and generally requires the Agencies to issue guidelines for use by furnishers regarding the accuracy and integrity of the information that they furnish to consumer reporting agencies and prescribe regulations requiring furnishers to establish reasonable policies and procedures for implementing the guidelines. Section 312 also requires the Agencies to issue regulations identifying the circumstances under which a furnisher must reinvestigate disputes about the accuracy of information contained in consumer reports based on a direct request from a consumer (Interagency advance notice, 2006).

The Act established uniform national standards in key areas of regulation concerning consumer report information. For example, Section 217 of the Act requires that if any financial institution (1) extends credit and regularly and in the ordinary course of business furnishes information to a nationwide consumer reporting agency, and (2) furnishes negative information to such an agency regarding credit extended to a customer, the institution must provide a clear and conspicuous notice about furnishing negative information, in writing, to the customer. Section 217 defines the term "negative information" to mean information concerning a customer's delinquencies, late payments, insolvency, or any form of default.

The term "credit" is defined under the FACT Act to have the same meaning as in section 702 of the Equal Credit Opportunity Act, which defines "credit" to mean "the right granted by a creditor to a debtor to defer payment of debt or to incur debt and defer its payment or to purchase property or services and defer payment therefor." 15 U.S.C. 1691a. The provisions in Section 217 became effective December 1, 2004 (69 FR 6526, February 11, 2004) (DeLargy, 2004). Section 217 specifies that an institution must provide the required notice to the customer prior to, or no later than 30 days after, furnishing the negative information to a nationwide consumer reporting agency. After providing the notice, the institution may submit additional negative information to a nationwide consumer reporting agency with respect to the same transaction, extension of credit, account, or customer without providing additional notice to the customer. If a financial institution has provided a customer with a notice prior to the furnishing of negative information, the institution is not required to furnish negative information about the customer to a nationwide consumer reporting agency. A financial institution generally may provide the notice about furnishing negative information on or with any notice of default, any billing statement, or any other materials provided to the customer, so long as the notice is clear and conspicuous. Section 217 specifically provides, however, that the notice may not be included in the initial disclosures provided under section 127(a) of the Truth in Lending Act (15 U.S.C. 1637(a)) (DeLargy, 2004). A complete copy of the Act is available for your review at http://www.federalreserve.gov/boarddocs/caletters/2004/0412/CA04-12Attach3.pdf

While the foregoing provisions of the Act are straightforward enough for compliance purposes, the legal waters become somewhat muddier thereafter. According to Feddis (2005), "Consumer creditors around the country have been looking over and working with the act since its passage late last year. Passed with some urgency, with the January 2004 sunset of certain federal preemption provisions looming, there was little time for refinement, let alone consistency. The result makes compliance with the statute a challenge" (p. 57). Compliance with the Act has been further exacerbated by the convoluted rulemaking procedures used. According to Feddis, the majority of the statutes with which banks are familiar, a single regulator, usually the Federal Reserve Board, implements a single regulation covering the entire statute; however, the FACTA involves numerous agencies which must promulgate regulations but only concerning specific provisions of the Act. This author reports that, "In some instances, the regulations are promulgated by a single agency for all institutions; at other times, various agencies promulgate regulations either "jointly," "in consultation with," or "in coordination with'" (Feddis, 2005, p. 57). Not surprisingly, these terms have introduced some problems in interpolation in real-world applications and the resulting delays have caused the banking industry to speculate about how and when to comply with some of the provisions of the Act (Feddis, 2005).

Specific Provisions of the Act as they Apply to the Bank.

To help clarify the primary responsibilities of the bank pursuant to the Act, Table 1 below provides an overview of some of the salient issues and responsibilities that affect state-chartered banks across the country today by virtue of the Act.

Table 1.

Overview of Salient FACTA Issues and Responsibilities Affecting State-Chartered Banks.

Issue

Discussion/Implications

Effective dates

Certain provisions which are not subject to specific rulemaking, went into effect before or on December 1, 2004, including the provisions related to:

Credit score disclosures

Fraud and "active duty" alerts

Blocking reporting of information claimed to be the result of identity theft

Prevention of re-reporting information that a consumer reporting agency has, found to be inaccurate, incomplete, or unverifiable

Consumer notification of reports of negative information

Other provisions subject to specific rulemaking, however, will not be effective until after rules are adopted. Final rules will determine the effective date. In response to a request by ABA and other trade associations, on November 24, 2004, the banking agencies and the Federal Trade Commission wrote that institutions do not have to comply with those FACTA provisions which must be implemented by rulemaking until after adoption of final rules. Those provisions include those related to: risk-based pricing notices; affiliate marketing; medical information sharing; red flag guidelines and regulations; notice of opt out from prescreened solicitations; disposal of consumer report information; accuracy and integrity guidelines and regulations; ability of consumer to dispute information with furnisher); and reconciling addresses.

Credit scores

The FACTA requires mortgage lenders to provide credit scores along with other information to mortgage loan applicants. The credit score and other information must be provided when a credit score is used for an application for a consumer loan that is secured by one to four units of residential property; this requirement includes purchase money residential loans, mortgage refinances, home equity loans, and loans secured by vacation homes (the provision does not apply if the loan is used for a business purpose). In addition, the credit score and other information must be provided for all applicants for whom a credit score is used, not just those denied. The Act requires that the score be provided if the lender used a score of a consumer who "initiated or sought" a covered mortgage; consequently, co-applicants would also be included. While this issue remains unclear, this analyst recommends that guarantors should also be provided with the credit score if a score was 'used,' given that if the credit had a permissible purpose to retrieve the credit score in the first place, the guarantor is likely entitled to receive it as well. Furthermore, although automated underwriting systems are excluded from the definition of credit score, Section 609(g)(1)(B) of the Act stipulates that mortgage lenders using automated underwriting systems, "may satisfy the obligation to provide a credit score" by disclosing a credit score and associated key factors supplied by a consumer reporting agency; however, if a proprietary credit scoring system is used, the lender has a choice and may supply either its own score or a score provided by a consumer reporting agency.

Information required with credit score

Unfortunately, the Act is nebulous in this area; under existing guidance, though, mortgage lenders that use a credit score should likely provide, together with the statutory notice, any information contained in the credit score report listed in Section 609(f), including specifically: (1) the credit score; (2) the range of possible credit scores for that model; (3) up to four key adverse factors, plus number of inquiries, if adverse factor; (4) the date the credit score was created; and (5) the name of the credit score maker. Under 609(g)(1)(D), covered credit score users must provide a copy of a statutory notice that explains credit scores. In addition, Section 609(g)(1)(a) requires covered credit score users to provide the five items listed above that are "obtained from a consumer reporting agency." In most cases, this information (except for the range, and the number of inquiries), is contained in the credit score report; in some instances, though, credit score users "obtained" the ranges from the credit score maker, so this information should likely be included as well. It should be pointed out, though, that the foregoing two provisions are incongruent with Section 609(g)(1)(E) that stipulates, "This subsection shall not require any person to... ii) disclose any information other than a credit score or key factors..." A strictly literal interpretation of this stipulation would mean that the credit score user would not have to even provide the statutory notice. Further complicating this subsection is 609(g)(1)(F) that provides that covered credit score users need only provide a "copy of the information that was received from the consumer reporting agency," suggesting that information not contained in the credit score report need not be disclosed to the applicant. There clearly appears to be a congressional intent to require credit score users only to provide information provided in the credit score report; therefore, a "give what you get" approach is most likely appropriate. Some score makers will provide "compliant" notices, frequently for a price; otherwise, covered credit score users can provide information themselves. Finally, the disclosures are only required if the institution "uses" the credit score; however, leaders that do not use credit scores they receive should consider obtaining reports that omit scores or, in the alternative, providing the disclosures anyway. Otherwise, they may be vulnerable to challenges questioning why they obtain credit scores if they do not use them.

Credit score users and applicant signature requirements

There is no requirement to obtain the applicants' signature; appropriate procedures should provide sufficient proof of compliance.

Notice about negative information

Section 623(a)(7) requires creditors to notify their customers if negative information may or will be reported by them to a nationwide consumer reporting agency; however, the Act does not specifically direct any agency to promulgate regulations but only requires the Federal Reserve Board to adopt model disclosures. Those disclosures are available on the Federal Reserve Board's website (www.federalreserve.gov) or the June 15 Federal Register. Institutions had to begin complying by December 1, 2004. This provision also likely applies if the institution furnishes information about charged-off deposit accounts; however, this requirement would only be applicable in those cases where the information is being provided to one of the "nationwide" consumer reporting agencies noted above (e.g., Transunion, Equifax, or Experian and excludes ChexSystems).

Timing of notices

Notices must be provided prior to, or no later than, 30 days after furnishing the negative information; they may be included on or with other documents, such as a periodic statement or late payment notice and they may also be included with welcome packages, provided they are not in the Regulation Z. initial disclosures.

Provision of notice to co-applicants and guarantors

Co-applicants and guarantors must be provided notice if the lender is furnishing negative information about them; the notice may be delivered to the address as the mortgage agreement provides.

Provision of notice to all existing customers concerning negative information

The bank may choose to deliver the notice to all customers, new and existing, but complies so long as the customer receives it no later than 30 days after the creditor has actually reported negative information. For this purpose, the Federal Reserve Board provided two models: one suitable if the notice is sent in advance of reporting negative information and a second one if it is sent afterwards. Although model disclosures are not stipulated, the bank is deemed in compliance when they are used.