With the release of its examination procedures for credit bureaus and consumer reporting agencies, the CFPB is now one step closer to scheduling examinations for the 30 largest companies that it estimates account for about 94 percent of the market (measured by annual receipts). These are the companies it has deemed, by rule effective September 30, to be the larger participants in this market. (For background, see our prior blog posts from July 11, July 16, and July 19.)
Significantly, the procedures make it clear that CFPB examiners will be assessing these credit bureaus and consumer reporting agencies for compliance not only with the Fair Credit Reporting Act and Regulation V but also with all other applicable federal consumer financial laws, including the Gramm Leech Bliley Act and Regulation P and the provisions of the Dodd Frank Act that prohibit unfair, deceptive and abusive practices (although not, apparently, with the provisions of the Equal Credit Opportunity Act and Regulation B that address the furnishing of information about spouses).
To evaluate compliance, CFPB examiners have been directed to obtain copies of numerous documents, such as furnisher and user audits, sample consumer reports and file disclosures, sample disputes and information about how they were handled, and, as we have cautioned our clients in this and other markets, complaint monitoring procedures, compensation policies, training programs and materials, third party contracts, and even advertisements and marketing research. Examiners have also been encouraged to interview users, furnishers and consumers, when appropriate.
While it has long been known that CFPB examiners would look to see how credit bureaus and consumer reporting agencies are ensuring the accuracy of the information they receive, the accuracy of the information they report, and the fairness of their dispute resolution procedures, the examination procedures group the various requirements of federal consumer financial law into nine discrete areas, or “modules” for analysis and review. And those modules are comprehensive in their scope.
They cover the business model of the entity; the accuracy of its information (and its relations with furnishers); the contents of its reports; the purposes for which its reports are obtained (and other user issues); the consumer file and score disclosures it provides; its handling of inquiries, complaints and disputes (and its reinvestigation process); its compliance with fraud and active duty alert and identity theft requirements; its prescreening reports, employment reports, and investigative consumer reports; and the other products and services it provides to consumers.