A California jury in federal court ruled Tuesday that TransUnion violated the Fair Credit Reporting Act (FCRA) by erroneously linking certain consumers with similarly named terrorists and criminals in the U.S. Department of Treasury’s Office of Foreign Assets Control (OFAC’s) database. The jury awarded statutory and punitive damages in excess of $60 million, which could set a record for the largest FCRA verdict to date.

Initially filed in 2012, plaintiffs alleged that TransUnion willfully violated FCRA by failing to maintain reasonable procedures to assure maximum possible accuracy of the consumer reports it sold, and by failing to provide required disclosures to consumers. TransUnion offers an add-on service to its standard consumer reports whereby it would check consumers against OFAC’s “Specially Designated Nationals and Blocked Persons List” (SDN), which lists terrorists, drug traffickers, and other criminals. Companies that do business with individuals on the SDN face strict liability penalties approaching $290,000 per transaction, so companies have a strong incentive to cross-reference the SDN before undertaking certain transactions – depending on the type of transaction and other factors.

The case arose out of so-called “false positives,” whereby TransUnion would find and report a potential match to the SDN but that match would subsequently be found to be erroneous. For example, lead plaintiff Sergio L. Ramirez was prevented from buying a car in 2011 because TransUnion told lenders that he potentially matched two individuals on the OFAC list. Ramirez and other class members alleged that TransUnion failed to take reasonable steps, such as also cross-referencing date of birth or other information available on the SDN, before reporting the match on the consumer report. TransUnion countered that it did all that was feasible for the time period in question to achieve maximum accuracy, as required by FCRA, while still helping its clients comply with OFAC regulations and avoid criminal penalties.

The case provides an interesting example of the competing legal obligations that a company can face under different statutes, and of the need to stay abreast of constantly evolving technology that informs the relevant legal standard. Determining how to screen potential customers for OFAC compliance and use consumer reports consistent with FCRA depends on a number of factors, including the technology available at the time and the type and scope of transaction at issue.