A recent Federal Trade Commission (FTC) enforcement action highlights the need for merchants that provide credit to consumers to review their policies and procedures for compliance with the Risk-Based Pricing Rule under the Fair Credit Reporting Act (FCRA). This Rule requires a creditor—defined to include a merchant that bills on a deferred basis—to provide consumers with a risk-based pricing notice if the creditor offers the consumer credit on less favorable terms based on information from the consumer's credit report or score.
On October 21, 2015, the FTC announced a proposed settlement with Sprint concerning allegations that the company had failed to provide consumers with risk-based pricing notices in connection with wireless phone contracts as required by the Risk-Based Pricing Rule. Thus, while the Risk-Based Pricing Rule applies broadly to traditional creditors like banks, credit card companies, and mortgage and auto lenders, the Sprint settlement underscores that the Rule also applies to merchants that provide credit by billing for services after they are used (such as through monthly billing for services rendered). In this regard, the Rule potentially applies to a broad spectrum of merchants, including public utilities, cable and satellite television providers, wireless phone providers, gyms, security companies, lawn service providers, and any other merchant that charges on a periodic basis for services provided (e.g., monthly bills).
This article summarizes the Risk-Based Pricing Rule, reviews the FTC's recent enforcement action, and provides guidance to help merchants that engage in risk-based pricing minimize the risk of violating the Rule.
What Is the Risk-Based Pricing Rule?
The Fair and Accurate Credit Transactions Act of 2003 (FACT Act) amended the FCRA to address risk-based pricing, defined as the practice of setting or adjusting the price and other terms of credit to reflect the risk of nonpayment by a specific consumer. Creditors that engage in risk-based pricing generally offer materially less favorable terms to consumers with poor credit histories or scores. Following the FACT Act, the Dodd-Frank Wall Street Reform and Consumer Protection Act (Dodd-Frank Act) further amended the FCRA to require risk-based pricing notices to disclose information relating to a consumer's credit score if such information was used in making a credit decision. The purpose of the Risk-Based Pricing Rule is to inform consumers of negative information in their consumer reports so that consumers have the ability to review and correct any inaccurate information in their consumer reports.
On January 15, 2010, the Federal Reserve and FTC issued regulations implementing the FACT Act requirements for risk-based pricing. Under the regulations, a creditor must provide a risk-based pricing notice to a consumer with specific disclosures when the creditor, based in whole or in part on a consumer report, extends credit to the consumer on terms that are materially less favorable than the most favorable terms available to a substantial proportion of consumers. "Materially less favorable terms" generally means a higher annual percentage rate (APR); however, when there is no APR, the material term is the one that has the most significant financial impact on the consumer and varies based on information in a consumer report—and includes a periodic fee requirement. See 12 C.F.R. § 1022.71(n)(3).
Importantly, the term "credit" is defined as "the right granted by a creditor to a debtor to defer payment of debt or to incur debts and defer its payment or to purchase property or services and defer payment therefor." Id. § 1022.71(h). Thus, the Risk-Based Pricing Rule applies to a much broader class of persons than traditional creditors or financial institutions. In particular, merchants that allow customers to be billed for services after they are used are subject to the Rule if they condition service or price service less favorably for consumers based on information in a consumer report or credit score.
Why Is the Sprint Consent Decree Important?
As explained in the complaint, Sprint advertised, marketed, distributed, and sold mobile phone and data plans to consumers whereby consumers incurred charges for voice, data, text, and third-party services for payment on a later date (e.g., at the end of the billing month). According to the FTC complaint, Sprint placed consumers with lower credit scores in an Account Spending Limit (ASL) program that required the consumers to pay a monthly fee of $7.99 in addition to the charges for cell phone and data services. Sprint, however, "failed to give many consumers required information about why they were placed in a more costly program, and when they did, the notice often came too late for consumers to choose another mobile carrier," according to the FTC press release announcing the settlement.
The proposed settlement requires Sprint to pay a $2.95 million penalty and requires the company to comply with the Risk-Based Pricing Rule in the future. In addition, Sprint is required to provide the required notices to consumers within five days of signing up for Sprint service or by a date that gives consumers the ability to avoid recurring charges like those in the ASL program. Finally, Sprint must send corrected risk-based pricing notices to consumers who received incomplete notices from the company.
The Sprint action underscores the need for merchants that bill on a deferred basis to comply with the Risk-Based Pricing Rule if they rely on consumer reports or credit scores when offering services to consumers. Under the Rule, requiring consumers with lower credit scores to pay additional fees for service or submit a deposit would qualify as offering credit on materially less favorable terms. Although not an issue in the Sprint action, the FCRA and Equal Credit Opportunity Act also include "adverse action" notice requirements that are triggered when an application for credit is denied or revoked based on information in a consumer report. These requirements also apply to merchants that provide services on a deferred-payment basis.
What Can Merchants Do to Minimize Risk?
The FTC's proposed settlement with Sprint shines a light on the need for merchants that allow customers to be billed for services after they are used to review their practices for compliance with the Risk-Based Pricing Rule (as well as adverse action requirements). Such merchants should review the Rule, as well as the guidance that the FTC has issued, to ensure that appropriate notices are provided to consumers who receive services on less favorable terms. In particular, as demonstrated by the Sprint matter, it is important for merchants to provide notices that include all of the information required under the Risk-Based Pricing Rule.
To minimize potential gaps or oversights, merchants should implement policies and procedures for risk-based pricing and adverse action notices, and such policies and procedures, including training and testing programs, should be reviewed periodically as part of the merchant's compliance management system.
Finally, the Sprint consent decree demonstrates that federal agencies are targeting the FCRA as an enforcement priority. The CFPB, for example, has brought several enforcement actions against data furnishers that allegedly provided inaccurate information to credit reporting agencies or failed to investigate consumer disputes forwarded by consumer reporting agencies. As with risk-based pricing, the data furnisher rules are focused on ensuring that consumers have access to accurate information about their credit histories.
Together, recent FTC and CFPB enforcement actions demonstrate that the agencies will continue to monitor users and furnishers of consumer data for compliance with the FCRA and its implementing regulations, including the Risk-Based Pricing Rule. To prepare for future scrutiny, any merchant or lender that provides credit to consumers—including billing on a deferred basis—should review its policies and procedures for compliance with the FCRA and its implementing regulations.
- How-to guide Source of Wealth and Source of Funds: navigating the challenges
- How-to guide How-to guide: How to protect your organization from third party liability under the FCPA (USA)
- How-to guide How-to guide: How to comply with due diligence requirements for financial institutions determined to be of primary money laundering concern (USA)