An article that appeared yesterday on Yahoo News details the war between merchants, consumers and credit bureaus when credit bureaus supply information to merchants indicating that the merchant’s customer is on the Office of Foreign Assets Control’s List of Specially Designated Nationals and Blocked Persons, more commonly known as the SDN list. We’ve discussed the issue before but there are a number of names on the SDN list that are common names that are likely shared by a large number of people and the bad guy. The credit bureaus have been sending reports to their customers that indicate hits based on the name alone, without respect to other information in the SDN listing such as date of birth, leading to consumers being denied credit or services.

Not surprisingly, when denied consumers howl, the credit bureaus say it is the merchant’s obligation to determine if the customer is one the SDN list, and the merchants and customers are saying it’s the credit bureau’s obligation to do further investigation before simply sending the name match as part of its report. Moreover, some credit bureaus are claiming that the OFAC information isn’t part of the credit report, but a separate product, and is therefore not subject to the Fair Credit Reporting Act.

In one case, Cortez v. Transunion, 617 F. 3d 688 (3d Cir. 2010), the Third Circuit sent such an argument packing, holding that the FCRA does apply to the OFAC information and that Transunion breached its duty under the act by failing to maintain adequate procedures to guarantee the accuracy of the reports it supplies to merchants and lenders. The Court also held that Transunion violated its obligations under the FCRA to provide, upon request, a notice to the consumer of the OFAC information and the opportunity to contest it. Since the consumer has no right, at least according to OFAC, to have OFAC clarify that he or she is on the SDN list, it becomes doubly important that consumers at least have the right to contest the appearance of the misleading OFAC information on their credit reports.

I can’t post something on this new story without commenting on this passage early on the story:

Lenders are supposed to check the list each time they receive a new application for credit and face steep penalties of up to $10 million if they don’t. The rule went into effect in 2003 as part of the USA Patriot Act’s broader efforts to kneecap terrorists’ ability to finance a life in the U.S.

To state that the obligation to check the SDN list was first imposed in 2003 by the PATRIOT Act is, of course, utter hogwash. Everyone has been required to check the SDN list for long before that or face penalties if they engaged in transactions with persons or entities on the list. The article is presumably referring to section 326 of the PATRIOT Act, which required Treasury to adopt rules for financial institutions compelling them to adopt a procedure to determine customer identity and to check that identity against the SDN list and similar government lists. Section 326, which applies only to financial institutions, thus, requires those institutions to establish procedures to fulfill their existing obligations to check these lists, an obligation that has been in place for financial institutions and all U.S. persons since at least 1994.