Fair Credit Reporting Act
15 U.S.C. §§ 1681-1681x
SUMMARY:
The Act (Title VI of the Consumer Credit Protection Act) protects information collected by consumer reporting agencies such as credit bureaus, medical information companies and tenant screening services. Information in a consumer report cannot be provided to anyone who does not have a purpose specified in the Act. Companies that provide information to consumer reporting agencies also have specific legal obligations, including the duty to investigate disputed information. In addition, users of the information for credit, insurance, or employment purposes must notify the consumer when an adverse action is taken on the basis of such reports. The Fair and Accurate Credit Transactions Act added many provisions to this Act primarily relating to record accuracy and identity theft. The Dodd-Frank Act transferred to the Consumer Financial Protection Bureau most of the rulemaking responsibilities added to this Act by the Fair and Accurate Credit Transactions Act and the Credit CARD Act, but the Commission retains all its enforcement authority.
CITATION:
Electronic Code of Federal Regulations (e-CFR)
Title 16 - Commercial Practices
Chapter I - Federal Trade Commission
Subchapter F - Fair Credit Reporting Act
Part 600 [Reserved]
Part 602 - Fair and Accurate Credit Transactions Act of 2003
§ 602.1 - Effective dates.
Part 603 - Definitions
§ 603.1 - Cross-reference.
Part 604 - Fair Credit Reporting Act Rules
§ 604.1 - Severability.
Part 609 - Free Electronic Credit Monitoring for Active Duty Military
Part 610 - Free Annual File Disclosures
§ 610.1 - Cross-reference.
Part 611 - Prohibition Against Circumventing Treatment as a Nationwide Consumer Reporting Agency
§ 611.1 - Cross-reference.
Part 613 - Duration of Active Duty Alerts
§ 613.1 - Cross-reference.
Part 614 - Appropriate Proof of Identity
§ 614.1 - Cross-reference.
Part 640 - Duties of Creditors Regarding Risk-Based Pricing
Part 641 - Duties of Users of Consumer Reports Regarding Address Discrepancies
§ 641.1 - Duties of users of consumer reports regarding address discrepancies.
Part 642 - Prescreen Opt-out Notice
Part 660 - Duties of Furnishers of Information to Consumer Reporting Agencies
Part 680 - Affiliate Marketing
Part 681 - Identity Theft Rules
Part 682 - Disposal of Consumer Report Information and Records
Part 698 - Model Forms and Disclosures
PART 602 - FAIR AND ACCURATE CREDIT TRANSACTIONS ACT OF 2003
Authority: 15 U.S.C. 1681s; sec. 3, Pub. L. 108-159; 117 Stat. 1953.
§ 602.1 Effective dates.
(a)-(b) [Reserved]
(c) The applicable provisions of the Fair and Accurate Credit Transactions Act of 2003 (FACT Act), Pub. L. 108-159, 117 Stat. 1952, shall be effective in accordance with the following schedule:
(1) Provisions effective December 31, 2003.
(i) Sections 151(a)(2), 212(e), 214(c), 311(b), and 711, concerning the relation to state laws; and
(ii) Each of the provisions of the FACT Act that authorizes an agency to issue a regulation or to take other action to implement the applicable provision of the FACT Act or the applicable provision of the Fair Credit Reporting Act, as amended by the FACT Act, but only with respect to that agency's authority to propose and adopt the implementing regulation or to take such other action.
(2) Provisions effective March 31, 2004.
(i) Section 111, concerning the definitions;
(ii) Section 156, concerning the statute of limitations
(iii) Sections 312(d), (e), and (f), concerning the furnisher liability exception, liability and enforcement, and rule of construction, respectively;
(iv) Section 313(a), concerning action regarding complaints;
(v) Section 611, concerning communications for certain employee investigations; and
(vi) Section 811, concerning clerical amendments.
(3) Provisions effective December 1, 2004.
(i) Section 112, concerning fraud alerts and active duty alerts;
(ii) Section 114, concerning procedures for the identification of possible instances of identity theft;
(iii) Section 115, concerning truncation of the social security number in a consumer report;
(iv) Section 151(a)(1), concerning the summary of rights of identity theft victims;
(v) Section 152, concerning blocking of information resulting from identity theft;
(vi) Section 153, concerning the coordination of identity theft complaint investigations;
(vii) Section 154, concerning the prevention of repollution of consumer reports;
(viii) Section 155, concerning notice by debt collectors with respect to fraudulent information;
(ix) Section 211(c), concerning a summary of rights of consumers;
(x) Section 212(a)-(d), concerning the disclosure of credit scores;
(xi) Section 213(c), concerning duration of elections;
(xii) Section 217(a), concerning the duty to provide notice to a consumer;
(xiii) Section 311(a), concerning the risk-based pricing notice;
(xiv) Section 312(a)-(c), concerning procedures to enhance the accuracy and integrity of information furnished to consumer reporting agencies;
(xv) Section 314, concerning improved disclosure of the results of reinvestigation;
(xvi) Section 315, concerning reconciling addresses;
(xvii) Section 316, concerning notice of dispute through reseller; and
(xviii) Section 317, concerning the duty to conduct a reasonable reinvestigation.
[69 FR 29063, May 20, 2004]
PART 603 - DEFINITIONS
Authority: Pub. L. 108-159, sec. 111; 15 U.S.C. 1681a.
Source: 77 FR 22203, Apr. 13, 2012, unless otherwise noted.
§ 603.1 Cross-reference.
The rules formerly at 16 CFR part 603 have been republished by the Consumer Financial Protection Bureau at 12 CFR 1022.3, “Fair Credit Reporting (Regulation V).”
12 CFR § 1022.3 Definitions.
For purposes of this part, unless explicitly stated otherwise:
(a) Act means the FCRA (15 U.S.C. 1681 et seq.).
(b) Affiliate means any company that is related by common ownership or common corporate control with another company. For example, an affiliate of a Federal credit union is a credit union service corporation, as provided in 12 CFR part 712, that is controlled by the Federal credit union.
(c) [Reserved]
(d) Common ownership or common corporate control means a relationship between two companies under which:
(1) One company has, with respect to the other company:
(i) Ownership, control, or power to vote 25 percent or more of the outstanding shares of any class of voting security of a company, directly or indirectly, or acting through one or more other persons;
(ii) Control in any manner over the election of a majority of the directors, trustees, or general partners (or individuals exercising similar functions) of a company; or
(iii) The power to exercise, directly or indirectly, a controlling influence over the management or policies of a company, as determined by the applicable prudential regulator (as defined in 12 U.S.C. 5481(24)) (a credit union is presumed to have a controlling influence over the management or policies of a credit union service corporation if the credit union service corporation is 67% owned by credit unions) or, where there is no prudential regulator, by the Bureau; or
(2) Any other person has, with respect to both companies, a relationship described in paragraphs (d)(1)(i) through (d)(1)(ii).
(e) Company means any corporation, limited liability company, business trust, general or limited partnership, association, or similar organization.
(f) Consumer means an individual.
(g) Identifying information means any name or number that may be used, alone or in conjunction with any other information, to identify a specific person, including any:
(1) Name, social security number, date of birth, official state or government issued driver's license or identification number, alien registration number, government passport number, employer or taxpayer identification number;
(2) Unique biometric data, such as fingerprint, voice print, retina or iris image, or other unique physical representation;
(3) Unique electronic identification number, address, or routing code; or
(4) Telecommunication identifying information or access device (as defined in 18 U.S.C. 1029(e)).
(h) Identity theft means a fraud committed or attempted using the identifying information of another person without authority.
(i)
(1) Identity theft report means a report:
(i) That alleges identity theft with as much specificity as the consumer can provide;
(ii) That is a copy of an official, valid report filed by the consumer with a Federal, state, or local law enforcement agency, including the United States Postal Inspection Service, the filing of which subjects the person filing the report to criminal penalties relating to the filing of false information, if, in fact, the information in the report is false; and
(iii) That may include additional information or documentation that an information furnisher or consumer reporting agency reasonably requests for the purpose of determining the validity of the alleged identity theft, provided that the information furnisher or consumer reporting agency:
(A) Makes such request not later than fifteen days after the date of receipt of the copy of the report form identified in Paragraph (i)(1)(ii) of this section or the request by the consumer for the particular service, whichever shall be the later;
(B) Makes any supplemental requests for information or documentation and final determination on the acceptance of the identity theft report within another fifteen days after its initial request for information or documentation; and
(C) Shall have five days to make a final determination on the acceptance of the identity theft report, in the event that the consumer reporting agency or information furnisher receives any such additional information or documentation on the eleventh day or later within the fifteen day period set forth in Paragraph (i)(1)(iii)(B) of this section.
(2) Examples of the specificity referenced in Paragraph (i)(1)(i) of this section are provided for illustrative purposes only, as follows:
(i) Specific dates relating to the identity theft such as when the loss or theft of personal information occurred or when the fraud(s) using the personal information occurred, and how the consumer discovered or otherwise learned of the theft.
(ii) Identification information or any other information about the perpetrator, if known.
(iii) Name(s) of information furnisher(s), account numbers, or other relevant account information related to the identity theft.
(iv) Any other information known to the consumer about the identity theft.
(3) Examples of when it would or would not be reasonable to request additional information or documentation referenced in Paragraph (i)(1)(iii) of this section are provided for illustrative purposes only, as follows:
(i) A law enforcement report containing detailed information about the identity theft and the signature, badge number or other identification information of the individual law enforcement official taking the report should be sufficient on its face to support a victim's request. In this case, without an identifiable concern, such as an indication that the report was fraudulent, it would not be reasonable for an information furnisher or consumer reporting agency to request additional information or documentation.
(ii) A consumer might provide a law enforcement report similar to the report in Paragraph (i)(1) of this section but certain important information such as the consumer's date of birth or Social Security number may be missing because the consumer chose not to provide it. The information furnisher or consumer reporting agency could accept this report, but it would be reasonable to require that the consumer provide the missing information. The Bureau's Identity Theft Affidavit is available on the Bureau's Web site (consumerfinance.gov/learnmore). The version of this form developed by the Federal Trade Commission, available on the FTC's Web site (ftc.gov/idtheft), remains valid and sufficient for this purpose.
(iii) A consumer might provide a law enforcement report generated by an automated system with a simple allegation that an identity theft occurred to support a request for a tradeline block or cessation of information furnishing. In such a case, it would be reasonable for an information furnisher or consumer reporting agency to ask that the consumer fill out and have notarized the Bureau's Identity Theft Affidavit or a similar form and provide some form of identification documentation.
(iv) A consumer might provide a law enforcement report generated by an automated system with a simple allegation that an identity theft occurred to support a request for an extended fraud alert. In this case, it would not be reasonable for a consumer reporting agency to require additional documentation or information, such as a notarized affidavit.
(j) [Reserved]
(k) Medical information means:
(1) Information or data, whether oral or recorded, in any form or medium, created by or derived from a health care provider or the consumer, that relates to:
(i) The past, present, or future physical, mental, or behavioral health or condition of an individual;
(ii) The provision of health care to an individual; or
(iii) The payment for the provision of health care to an individual.
(2) The term does not include:
(i) The age or gender of a consumer;
(ii) Demographic information about the consumer, including a consumer's residence address or email address;
(iii) Any other information about a consumer that does not relate to the physical, mental, or behavioral health or condition of a consumer, including the existence or value of any insurance policy; or
(iv) Information that does not identify a specific consumer.
(l) Person means any individual, partnership, corporation, trust, estate cooperative, association, government or governmental subdivision or agency, or other entity.
PART 604 - FAIR CREDIT REPORTING ACT RULES
Authority: Pub. L. 108-159, secs. 3, 111, 112, 114, 151, 153, 211, 212, 213, 214, 216, 311, 315; 15 U.S.C. 1681s.
Source: 69 FR 29063, May 20, 2004, unless otherwise noted.
§ 604.1 Severability.
All parts and subparts of this subchapter are separate and severable from one another. If any part or subpart is stayed or determined to be invalid, the Commission intends that the remaining parts and subparts shall continue in effect.
PART 609 - FREE ELECTRONIC CREDIT MONITORING FOR ACTIVE DUTY MILITARY
Authority: 15 U.S.C. 1681c-1(k).
Source: 84 FR 31191, July 1, 2019, unless otherwise noted.
§ 609.1 Scope of regulations in this part.
This part implements Section 605A(k)(2) of the Fair Credit Reporting Act, 15 U.S.C. 1681c-1(k)(2), which requires consumer reporting agencies that compile and maintain files on consumers on a nationwide basis to provide a free electronic credit monitoring service to active duty military consumers that, at a minimum, notifies them of any material additions or modifications to their files.
§ 609.2 Definitions.
For purposes of this part, the following definitions apply:
(a) Active duty military consumer means:
(1) A consumer in military service as defined in 15 U.S.C. 1681a(q)(1); or
(2) A member of the National Guard as defined in 10 U.S.C. 101(c).
(b) Appropriate proof of identity has the meaning set forth in 12 CFR 1022.123.
(c) Consumer has the meaning provided in 15 U.S.C. 1681a(c).
(d) Consumer report has the meaning provided in 15 U.S.C. 1681a(d).
(e) Contact information means information about a consumer, such as a consumer's first and last name and email address, that is reasonably necessary to collect in order to provide the electronic credit monitoring service.
(f) Credit has the meaning provided in 15 U.S.C. 1681a(r)(5).
(g) Electronic credit monitoring service means a service through which nationwide consumer reporting agencies provide, at a minimum, electronic notification of material additions or modifications to a consumer's file and following a notification, access to all information in the consumer's file at the nationwide consumer reporting agency at the time of the notification, in accordance with 15 U.S.C. 1681g(a).
(h) Electronic notification means:
(1) A notice provided to the consumer via:
(i) Mobile application;
(ii) Email; or
(iii) Text message;
(2) If the notice in paragraph (h)(1) of this section does not inform the consumer of the specific material addition or modification that has been made, such notice must link to a website that provides that information.
(i) File has the meaning provided in 15 U.S.C. 1681a(g).
(j) Firm offer of credit has the meaning provided in 15 U.S.C. 1681a(l).
(k) Free means provided at no cost to the consumer.
(l) Material additions or modifications means significant changes to a consumer's file, including:
(1) New accounts opened in the consumer's name, including new collection accounts;
(2) Inquiries or requests for a consumer report;
(i) However, an inquiry made for a prescreened list obtained for the purpose of making a firm offer of credit or insurance as described in 15 U.S.C. 1681b(c)(1)(B) or for the purpose of reviewing or collecting an account of the consumer shall not be considered a material addition or modification.
(ii) [Reserved]
(3) Material changes to a consumer's address;
(4) Changes to credit account limits of $100 or greater; and
(5) Negative information.
(m) Nationwide consumer reporting agency has the meaning provided in 15 U.S.C. 1681a(p).
(n) Negative information means accounts furnished to the nationwide consumer reporting agencies as more than 30 days delinquent, accounts furnished to the nationwide consumer reporting agencies as being included in bankruptcy petition filings, and new public records, including, but not limited to, bankruptcy filings, civil court judgments, foreclosures, liens, and convictions.
§ 609.3 Requirement to provide free electronic credit monitoring service.
(a) General requirements. Nationwide consumer reporting agencies must provide a free electronic credit monitoring service to active duty military consumers.
(b) Determining whether a consumer must receive electronic credit monitoring service. Nationwide consumer reporting agencies may condition provision of the service required under paragraph (a) of this section upon the consumer providing:
(1) Appropriate proof of identity;
(2) Contact information; and
(3) Appropriate proof that the consumer is an active duty military consumer.
(c) Appropriate proof of active duty military consumer status.
(1) A consumer's status as an active duty military consumer can be verified through:
(i) A method or service approved by the Department of Defense; or
(ii) A certification of active duty military consumer status approved by the nationwide consumer reporting agency.
(2) Provided, however, that the procedures a nationwide consumer reporting agency uses to determine appropriate proof of active duty military consumer status must include methods that allow all eligible consumers to enroll. A nationwide consumer reporting agency shall be deemed in compliance with paragraph (c) of this section if it provides free electronic credit monitoring services to:
(i) Consumers who self-certify active duty status, as defined in 10 U.S.C. 101(d);
(ii) Consumers who self-certify that they are a reservist performing duty under a call or order to active duty under a provision of law referred to in 10 U.S.C. 101(a)(13); and
(iii) Consumers who self-certify that they are a member of the National Guard, as defined in 10 U.S.C. 101(c).
(3) A nationwide consumer reporting agency's verification of active duty military consumer status is valid for two years. After the expiration of the two-year period, the nationwide consumer reporting agency may require the consumer to provide proof that the consumer continues to be an active duty military consumer in accordance with paragraphs (c)(1) and (2) of this section.
(d) Information use and disclosure. Any information collected from consumers as a result of a request to obtain the service required under paragraph (a) of this section, may be used or disclosed by the nationwide consumer reporting agency only:
(1) To provide the free electronic credit monitoring service requested by the consumer;
(2) To process a transaction requested by the consumer at the same time as a request for the free electronic credit monitoring service;
(3) To comply with applicable legal requirements; or
(4) To update information already maintained by the nationwide consumer reporting agency for the purpose of providing consumer reports, provided that the nationwide consumer reporting agency uses and discloses the updated information subject to the same restrictions that would apply, under any applicable provision of law or regulation, to the information updated or replaced.
(e) Communications surrounding enrollment in electronic credit monitoring service.
(1) Once a consumer is in the process of accessing the ability to enroll in the service required under paragraph (a) of this section and only during the enrollment process, any advertising or marketing for products or services, or any communications or instructions that advertise or market any products and services, must be delayed until after the consumer has enrolled in that service.
(2) Any communications, instructions, or permitted advertising or marketing shall not interfere with, detract from, contradict, or otherwise undermine the purpose of providing a free electronic credit monitoring service to active duty military consumers that notifies them of any material additions or modifications to their files.
(3) Examples of interfering, detracting, inconsistent, and/or undermining communications include:
(i) Materials that represent, expressly or by implication, that an active duty military consumer must purchase a paid product or service in order to receive the service required under paragraph (a) of this section; or
(ii) Materials that falsely represent, expressly or by implication, that a product or service offered ancillary to receipt of the free electronic credit monitoring service, such as identity theft insurance, is free, or that fail to clearly and prominently disclose that consumers must cancel a service, advertised as free for an initial period of time, to avoid being charged, if such is the case.
(f) Other prohibited practices. A nationwide consumer reporting agency shall not ask or require an active duty military consumer to agree to terms or conditions in connection with obtaining a free electronic credit monitoring service, other than those terms or conditions required to comply with applicable legal requirements.
§ 609.4 Timing of electronic credit monitoring notices.
The notice required in § 609.3(a) must be provided within 48 hours of any material additions or modifications to a consumer's file.
§ 609.5 Additional information to be included in electronic credit monitoring notices.
(a) The notice required in § 609.3(a), or the first page within the electronic credit monitoring service to which the notice may direct the consumer, shall include a hyperlink to a summary of the consumer's rights under the Fair Credit Reporting Act, as prescribed by the Bureau of Consumer Financial Protection under 15 U.S.C. 1681g(c).
(b) The nationwide consumer reporting agency shall provide to a consumer, with each file disclosure provided in § 609.3(a), the summary of the consumer's rights under the Fair Credit Reporting Act, as prescribed by the Bureau of Consumer Financial Protection under 15 U.S.C. 1681g(c).
§ 609.6 Severability.
The provisions of this part are separate and severable from one another. If any provision is stayed, or determined to be invalid, it is the Commission's intention that the remaining provisions shall continue in effect.
PART 610 - FREE ANNUAL FILE DISCLOSURES
Authority: 15 U.S.C. 1681a, g, and h; sec. 211(a) and (d), Pub. L. 108-159, 117 Stat. 1968 and 1972 (15 U.S.C. 1681j); Pub. L. 111-24.
Source: 77 FR 22203, Apr. 13, 2012, unless otherwise noted.
§ 610.1 Cross-reference.
The rules formerly at 16 CFR part 610 have been republished by the Consumer Financial Protection Bureau at 12 CFR 1022.130, “Fair Credit Reporting (Regulation V).”
12 CFR § 1022.130 Definitions
For purposes of this subpart, the following definitions apply:
(a) Annual file disclosure means a file disclosure that is provided to a consumer, upon consumer request and without charge, once in any twelve month period, in compliance with section 612(a) of the FCRA, 15 U.S.C. 1681j(a).
(b) Associated consumer reporting agency means a consumer reporting agency that owns or maintains consumer files housed within systems operated by one or more nationwide consumer reporting agencies.
(c) Consumer report has the meaning provided in section 603(d) of the FCRA, 15 U.S.C. 1681a(d).
(d) Consumer reporting agency has the meaning provided in section 603(f) of the FCRA, 15 U.S.C. 1681a(f).
(e) Extraordinary request volume occurs when the number of consumers requesting or attempting to request file disclosures during any twenty-four hour period is more than 175 percent of the rolling ninety-day daily average of consumers requesting or attempting to request file disclosures. For example, if over the previous ninety days an average of one hundred consumers per day requested or attempted to request file disclosures, then extraordinary request volume would be any volume greater than 175 percent of one hundred, i.e., 176 or more requests in a single twenty-four hour period.
(f) File disclosure means a disclosure by a consumer reporting agency pursuant to section 609 of the FCRA, 15 U.S.C. 1681g.
(g) High request volume occurs when the number of consumers requesting or attempting to request file disclosures during any twenty-four hour period is more than 125 percent of the rolling ninety-day daily average of consumers requesting or attempting to request file disclosures. For example, if over the previous ninety days an average of one hundred consumers per day requested or attempted to request file disclosures, then high request volume would be any volume greater than 125 percent of one hundred, i.e., 126 or more requests in a single twenty-four hour period.
(h) Nationwide consumer reporting agency means a consumer reporting agency that compiles and maintains files on consumers on a nationwide basis as defined in section 603(p) of the FCRA, 15 U.S.C. 1681a(p).
(i) Nationwide specialty consumer reporting agency has the meaning provided in section 603(w) of the FCRA, 15 U.S.C. 1681a(w).
(j) Request method means the method by which a consumer chooses to communicate a request for an annual file disclosure.
PART 611 - PROHIBITION AGAINST CIRCUMVENTING TREATMENT AS A NATIONWIDE CONSUMER REPORTING AGENCY
Authority: Pub. L. 108-159, sec. 211(b); 15 U.S.C. 1681x.
Source: 77 FR 22203, Apr. 13, 2012, unless otherwise noted.
§ 611.1 Cross-reference.
The rules formerly at 16 CFR part 611 have been republished by the Consumer Financial Protection Bureau at 12 CFR 1022.140, “Fair Credit Reporting (Regulation V).”
12 CFR § 1022.140 Prohibition against circumventing or evading treatment as a consumer reporting agency
(a) A consumer reporting agency shall not circumvent or evade treatment as a “consumer reporting agency that compiles and maintains files on consumers on a nationwide basis,” as defined under section 603(p) of the FCRA, 15 U.S.C. 1681a(p), by any means, including, but not limited to:
(1) Corporate organization, reorganization, structure, or restructuring, including merger, acquisition, dissolution, divestiture, or asset sale of a consumer reporting agency; or
(2) Maintaining or merging public record and credit account information in a manner that is substantially equivalent to that described in Paragraphs (1) and (2) of section 603(p) of the FCRA, 15 U.S.C. 1681a(p).
(b) Examples:
(1) Circumvention through reorganization by data type. XYZ Inc. is a consumer reporting agency that compiles and maintains files on consumers on a nationwide basis. It restructures its operations so that public record information is assembled and maintained only by its corporate affiliate, ABC Inc. XYZ continues operating as a consumer reporting agency but ceases to comply with the FCRA obligations of a consumer reporting agency that compiles and maintains files on consumers on a nationwide basis, asserting that it no longer meets the definition found in FCRA section 603(p), because it no longer maintains public record information. XYZ's conduct is a circumvention or evasion of treatment as a consumer reporting agency that compiles and maintains files on consumers on a nationwide basis, and thus violates this section.
(2) Circumvention through reorganization by regional operations. PDQ Inc. is a consumer reporting agency that compiles and maintains files on consumers on a nationwide basis. It restructures its operations so that corporate affiliates separately assemble and maintain all information on consumers residing in each state. PDQ continues to operate as a consumer reporting agency but ceases to comply with the FCRA obligations of a consumer reporting agency that compiles and maintains files on consumers on a nationwide basis, asserting that it no longer meets the definition found in FCRA section 603(p), because it no longer operates on a nationwide basis. PDQ's conduct is a circumvention or evasion of treatment as a consumer reporting agency that compiles and maintains files on consumers on a nationwide basis, and thus violates this section.
(3) Circumvention by a newly formed entity. Smith Co. is a new entrant in the marketplace for consumer reports that bear on a consumer's credit worthiness, standing and capacity. Smith Co. organizes itself into two affiliated companies: Smith Credit Co. and Smith Public Records Co. Smith Credit Co. assembles and maintains credit account information from persons who furnish that information regularly and in the ordinary course of business on consumers residing nationwide. Smith Public Records Co. assembles and maintains public record information on consumers nationwide. Neither Smith Co. nor its affiliated organizations comply with FCRA obligations of consumer reporting agencies that compile and maintain files on consumers on a nationwide basis. Smith Co.'s conduct is a circumvention or evasion of treatment as a consumer reporting agency that compiles and maintains files on consumers on a nationwide basis, and thus violates this section.
(4) Bona fide, arm's length transaction with unaffiliated party. Foster Ltd. is a consumer reporting agency that compiles and maintains files on consumers on a nationwide basis. Foster Ltd. sells its public record information business to an unaffiliated company in a bona fide, arm's length transaction. Foster Ltd. ceases to assemble, evaluate and maintain public record information on consumers residing nationwide, and ceases to offer reports containing public record information. Foster Ltd.'s conduct is not a circumvention or evasion of treatment as a consumer reporting agency that compiles and maintains files on consumers on a nationwide basis. Foster Ltd.'s conduct does not violate this part.
(c) Limitation on applicability. Any person who is otherwise in violation of paragraph (a) of this section shall be deemed to be in compliance with this part if such person is in compliance with all obligations imposed upon consumer reporting agencies that compile and maintain files on consumers on a nationwide basis under the FCRA, 15 U.S.C. 1681 et seq.
PART 613 - DURATION OF ACTIVE DUTY ALERTS
Authority: Pub. L. 108-159, sec. 112(a); 15 U.S.C. 1681c-1.
Source: 77 FR 22203, Apr. 13, 2012, unless otherwise noted.
§ 613.1 Cross-reference.
The rules formerly at 16 CFR part 613 have been republished by the Consumer Financial Protection Bureau at 12 CFR 1022.121, “Fair Credit Reporting (Regulation V).”
12 CFR § 1022.121 Active duty alerts.
(a) Duration. The duration of an active duty alert shall be twelve months.
PART 614 - APPROPRIATE PROOF OF IDENTITY
Authority: Pub. L. 108-159, sec. 112(b).
Source: 77 FR 22204, Apr. 13, 2012, unless otherwise noted.
§ 614.1 Cross-reference.
The rules formerly at 16 CFR part 614 have been republished by the Consumer Financial Protection Bureau at 12 CFR 1022.123, “Fair Credit Reporting (Regulation V).”
12 CFR § 1022.123 Appropriate proof of identity.
(a) Consumer reporting agencies shall develop and implement reasonable requirements for what information consumers shall provide to constitute proof of identity for purposes of sections 605A, 605B, and 609(a)(1) of the FCRA. In developing these requirements, the consumer reporting agencies must:
(1) Ensure that the information is sufficient to enable the consumer reporting agency to match consumers with their files; and
(2) Adjust the information to be commensurate with an identifiable risk of harm arising from misidentifying the consumer.
(b) Examples of information that might constitute reasonable information requirements for proof of identity are provided for illustrative purposes only, as follows:
(1) Consumer file match. The identification information of the consumer including his or her full name (first, middle initial, last, suffix), any other or previously used names, current and/or recent full address (street number and name, apt. no., city, state, and zip code), full nine digits of Social Security number, and/or date of birth.
(2) Additional proof of identity. Copies of government issued identification documents, utility bills, and/or other methods of authentication of a person's identity which may include, but would not be limited to, answering questions to which only the consumer might be expected to know the answer.
PART 640 - DUTIES OF CREDITORS REGARDING RISK-BASED PRICING
Authority: Pub. L. 108-159, sec. 311; 15 U.S.C. 1681m(h); 12 U.S.C. 5519(d).
Source: 86 FR 51797, Oct. 18, 2021, unless otherwise noted.
§ 640.1 Scope.
(a) Coverage -
(1) In general. This part applies to any motor vehicle dealer as defined in § 640.2 of this part that both -
(i) Uses a consumer report in connection with an application for, or a grant, extension, or other provision of, credit to a consumer that is primarily for personal, family, or household purposes; and
(ii) Based in whole or in part on the consumer report, grants, extends, or otherwise provides credit to the consumer on material terms that are materially less favorable than the most favorable material terms available to a substantial proportion of consumers from or through that motor vehicle dealer.
(2) Business credit excluded. This part does not apply to an application for, or a grant, extension, or other provision of, credit to a consumer or to any other applicant primarily for a business purpose.
(b) Enforcement. The provisions of this part will be enforced in accordance with the enforcement authority set forth in sections 621(a) and (b) of the FCRA.
§ 640.2 Definitions.
For purposes of this part, the following definitions apply:
(a) Adverse action has the same meaning as in 15 U.S.C. 1681a(k)(1)(A).
(b) Annual percentage rate has the same meaning as in 12 CFR 1026.14(b) with respect to an open-end credit plan and as in 12 CFR 1026.22 with respect to closed-end credit.
(c) Closed-end credit has the same meaning as in 12 CFR 1026.2(a)(10).
(d) Consumer has the same meaning as in 15 U.S.C. 1681a(c).
(e) Consummation has the same meaning as in 12 CFR 1026.2(a)(13).
(f) Consumer report has the same meaning as in 15 U.S.C. 1681a(d).
(g) Consumer reporting agency has the same meaning as in 15 U.S.C. 1681a(f).
(h) Credit has the same meaning as in 15 U.S.C. 1681a(r)(5).
(i) Creditor has the same meaning as in 15 U.S.C. 1681a(r)(5).
(j) Credit card has the same meaning as in 15 U.S.C. 1681a(r)(2).
(k) Credit card issuer has the same meaning as in 15 U.S.C. 1681a(r)(1)(A).
(l) Credit score has the same meaning as in 15 U.S.C. 1681g(f)(2)(A).
(m) Firm offer of credit has the same meaning as in 15 U.S.C. 1681a(l).
(n) Material terms means -
(1)
(i) Except as otherwise provided in paragraphs (n)(1)(ii) and (n)(3) of this section, in the case of credit extended under an open-end credit plan, the annual percentage rate required to be disclosed under 12 CFR 226.6(a)(1)(ii) or 12 CFR 226.6(b)(2)(i), excluding any temporary initial rate lower than the rate that will apply after the temporary rate expires, any penalty rate that will apply upon the occurrence of one or more specific events, such as a late payment or an extension of credit that exceeds the credit limit, and any fixed annual percentage rate option for a home equity line of credit;
(ii) In the case of a credit card (other than a credit card used to access a home equity line of credit or a charge card), the annual percentage rate required to be disclosed under 12 CFR 226.6(b)(2)(i) that applies to purchases (“purchase annual percentage rate”) and no other annual percentage rate, or in the case of a credit card that has no purchase annual percentage rate, the annual percentage rate that varies based on information in a consumer report and that has the most significant financial impact on consumers;
(2) In the case of closed-end credit, the annual percentage rate required to be disclosed under 12 CFR 226.17(c) and 226.18(e); and
(3) In the case of credit for which there is no annual percentage rate, the financial term that varies based on information in a consumer report and that has the most significant financial impact on consumers, such as a deposit required in connection with an extension of credit.
(o) Materially less favorable means, when applied to material terms, that the terms granted, extended, or otherwise provided to a consumer differ from the terms granted, extended, or otherwise provided to another consumer from or through the same motor vehicle dealer such that the cost of credit to the first consumer would be significantly greater than the cost of credit granted, extended, or otherwise provided to the other consumer. For purposes of this definition, factors relevant to determining the significance of a difference in cost include the type of credit product, the term of the credit extension, if any, and the extent of the difference between the material terms granted, extended, or otherwise provided to the two consumers.
(p) Motor vehicle dealer means any person excluded from Consumer Financial Protection Bureau jurisdiction as described in 12 U.S.C. 5519.
(q) Open-end credit plan has the same meaning as in 15 U.S.C. 1602(j), as interpreted by the Board in Regulation Z and the Official Staff Commentary to Regulation Z.
(r) Person has the same meaning as in 15 U.S.C. 1681a(b).
§ 640.3 General requirements for risk-based pricing notices.
(a) In general. Except as otherwise provided in this part, a motor vehicle dealer must provide to a consumer a notice (“risk-based pricing notice”) in the form and manner required by this part if the motor vehicle dealer both -
(1) Uses a consumer report in connection with an application for, or a grant, extension, or other provision of, credit to that consumer primarily for personal, family, or household purposes; and
(2) Based in whole or in part on the consumer report, grants, extends, or otherwise provides credit to that consumer on material terms that are materially less favorable than the most favorable material terms available to a substantial proportion of consumers from or through that motor vehicle dealer.
(b) Determining which consumers must receive a notice. A motor vehicle dealer may determine whether paragraph (a) of this section applies by directly comparing the material terms offered to each consumer and the material terms offered to other consumers for a specific type of credit product. For purposes of this section, a “specific type of credit product” means one or more credit products with similar features designed for similar purposes. Examples of a specific type of credit product include new automobile loans and used automobile loans. As an alternative to making this direct comparison, a motor vehicle dealer may make the determination by using one of the following methods:
(1) Credit score proxy method -
(i) In general. A motor vehicle dealer that sets the material terms of credit granted, extended, or otherwise provided to a consumer, based in whole or in part on a credit score, may comply with the requirements of paragraph (a) of this section by -
(A) Determining the credit score (hereafter referred to as the “cutoff score”) that represents the point at which approximately 40 percent of the consumers to whom it grants, extends, or provides credit have higher credit scores and approximately 60 percent of the consumers to whom it grants, extends, or provides credit have lower credit scores; and
(B) Providing a risk-based pricing notice to each consumer to whom it grants, extends, or provides credit whose credit score is lower than the cutoff score.
(ii) Alternative to the 40/60 cutoff score determination. In the case of credit that has been granted, extended, or provided on the most favorable material terms to more than 40 percent of consumers, a motor vehicle dealer may, at its option, set its cutoff score at a point at which the approximate percentage of consumers who historically have been granted, extended, or provided credit on material terms other than the most favorable terms would receive risk-based pricing notices under this section.
(iii) Determining the cutoff score -
(A) Sampling approach. A motor vehicle dealer that currently uses risk-based pricing with respect to the credit products it offers must calculate the cutoff score by considering the credit scores of all or a representative sample of the consumers to whom it has granted, extended, or provided credit for a specific type of credit product.
(B) Secondary source approach in limited circumstances. A motor vehicle dealer that is a new entrant into the credit business, introduces new credit products, or starts to use risk-based pricing with respect to the credit products it currently offers may initially determine the cutoff score based on information derived from appropriate market research or relevant third-party sources for a specific type of credit product, such as research or data from companies that develop credit scores. A motor vehicle dealer that acquires a credit portfolio as a result of a merger or acquisition may determine the cutoff score based on information from the party which it acquired, with which it merged, or from which it acquired the portfolio.
(C) Recalculation of cutoff scores. A motor vehicle dealer using the credit score proxy method must recalculate its cutoff score(s) no less than every two years in the manner described in paragraph (b)(1)(iii)(A) of this section. A motor vehicle dealer using the credit score proxy method using market research, third-party data, or information from a party which it acquired, with which it merged, or from which it acquired the portfolio as permitted by paragraph (b)(1)(iii)(B) of this section generally must calculate a cutoff score(s) based on the scores of its own consumers in the manner described in paragraph (b)(1)(iii)(A) of this section within one year after it begins using a cutoff score derived from market research, third-party data, or information from a party which it acquired, with which it merged, or from which it acquired the portfolio. If such a motor vehicle dealer does not grant, extend, or provide credit to new consumers during that one-year period such that it lacks sufficient data with which to recalculate a cutoff score based on the credit scores of its own consumers, the motor vehicle dealer may continue to use a cutoff score derived from market research, third-party data, or information from a party which it acquired, with which it merged, or from which it acquired the portfolio as provided in paragraph (b)(1)(iii)(B) until it obtains sufficient data on which to base the recalculation. However, the motor vehicle dealer must recalculate its cutoff score(s) in the manner described in paragraph (b)(1)(iii)(A) of this section within two years, if it has granted, extended, or provided credit to some new consumers during that two-year period.
(D) Use of two or more credit scores. A motor vehicle dealer that generally uses two or more credit scores in setting the material terms of credit granted, extended, or provided to a consumer must determine the cutoff score using the same method the motor vehicle dealer uses to evaluate multiple scores when making credit decisions. These evaluation methods may include, but are not limited to, selecting the low, median, high, most recent, or average credit score of each consumer to whom it grants, extends, or provides credit. If a motor vehicle dealer that uses two or more credit scores does not consistently use the same method for evaluating multiple credit scores (e.g., if the motor vehicle dealer sometimes chooses the median score and other times calculates the average score), the motor vehicle dealer must determine the cutoff score using a reasonable means. In such cases, use of any one of the methods that the motor vehicle dealer regularly uses or the average credit score of each consumer to whom it grants, extends, or provides credit is deemed to be a reasonable means of calculating the cutoff score.
(iv) Credit score not available. For purposes of this section, a motor vehicle dealer using the credit score proxy method who grants, extends, or provides credit to a consumer for whom a credit score is not available must assume that the consumer receives credit on material terms that are materially less favorable than the most favorable credit terms offered to a substantial proportion of consumers from or through that motor vehicle dealer and must provide a risk-based pricing notice to the consumer.
(v) Examples.
(A) A motor vehicle dealer engages in risk-based pricing and the annual percentage rates it offers to consumers are based in whole or in part on a credit score. The motor vehicle dealer takes a representative sample of the credit scores of consumers to whom it extended loans within the preceding three months. The motor vehicle dealer determines that approximately 40 percent of the sampled consumers have a credit score at or above 720 (on a scale of 350 to 850) and approximately 60 percent of the sampled consumers have a credit score below 720. Thus, the motor vehicle dealer selects 720 as its cutoff score. A consumer applies to the motor vehicle dealer for a loan. The motor vehicle dealer obtains a credit score for the consumer. The consumer's credit score is 700. Since the consumer's 700 credit score falls below the 720 cutoff score, the motor vehicle dealer must provide a risk-based pricing notice to the consumer.
(B) A motor vehicle dealer engages in risk-based pricing, and the annual percentage rates it offers to consumers are based in whole or in part on a credit score. The motor vehicle dealer takes a representative sample of the consumers to whom it extended loans over the preceding six months. The motor vehicle dealer determines that approximately 80 percent of the sampled consumers received credit at its lowest annual percentage rate, and 20 percent received credit at a higher annual percentage rate. Approximately 80 percent of the sampled consumers have a credit score at or above 750 (on a scale of 350 to 850), and 20 percent have a credit score below 750. Thus, the motor vehicle dealer selects 750 as its cutoff score. A consumer applies to the motor vehicle dealer for an automobile loan. The motor vehicle dealer obtains a credit score for the consumer. The consumer's credit score is 740. Since the consumer's 740 credit score falls below the 750 cutoff score, the motor vehicle dealer must provide a risk-based pricing notice to the consumer.
(C) A motor vehicle dealer engages in risk-based pricing, obtains credit scores from one of the nationwide consumer reporting agencies, and uses the credit score proxy method to determine which consumers must receive a risk-based pricing notice. A consumer applies to the motor vehicle dealer for credit to finance the purchase of an automobile. A credit score about that consumer is not available from the consumer reporting agency from which the lender obtains credit scores. The motor vehicle dealer nevertheless grants, extends, or provides credit to the consumer. The motor vehicle dealer must provide a risk-based pricing notice to the consumer.
(2) Tiered pricing method -
(i) In general. A motor vehicle dealer that sets the material terms of credit granted, extended, or provided to a consumer by placing the consumer within one of a discrete number of pricing tiers for a specific type of credit product, based in whole or in part on a consumer report, may comply with the requirements of paragraph (a) of this section by providing a risk-based pricing notice to each consumer who is not placed within the top pricing tier or tiers, as described below.
(ii) Four or fewer pricing tiers. If a motor vehicle dealer using the tiered pricing method has four or fewer pricing tiers, the motor vehicle dealer complies with the requirements of paragraph (a) of this section by providing a risk-based pricing notice to each consumer to whom it grants, extends, or provides credit who does not qualify for the top tier (that is, the lowest-priced tier). For example, a motor vehicle dealer that uses a tiered pricing structure with annual percentage rates of 8, 10, 12, and 14 percent would provide the risk-based pricing notice to each consumer to whom it grants, extends, or provides credit at annual percentage rates of 10, 12, and 14 percent.
(iii) Five or more pricing tiers. If a motor vehicle dealer using the tiered pricing method has five or more pricing tiers, the motor vehicle dealer complies with the requirements of paragraph (a) of this section by providing a risk-based pricing notice to each consumer to whom it grants, extends, or provides credit who does not qualify for the top two tiers (that is, the two lowest-priced tiers) and any other tier that, together with the top tiers, comprise no less than the top 30 percent but no more than the top 40 percent of the total number of tiers. Each consumer placed within the remaining tiers must receive a risk-based pricing notice. For example, if a motor vehicle dealer has nine pricing tiers, the top three tiers (that is, the three lowest-priced tiers) comprise no less than the top 30 percent but no more than the top 40 percent of the tiers. Therefore, a motor vehicle dealer using this method would provide a risk-based pricing notice to each consumer to whom it grants, extends, or provides credit who is placed within the bottom six tiers.
(c) Application to credit card issuers -
(1) In general. A credit card issuer subject to the requirements of paragraph (a) of this section may use one of the methods set forth in paragraph (b) of this section to identify consumers to whom it must provide a risk-based pricing notice. Alternatively, a credit card issuer may satisfy its obligations under paragraph (a) of this section by providing a risk-based pricing notice to a consumer when -
(i) A consumer applies for a credit card either in connection with an application program, such as a direct-mail offer or a take-one application, or in response to a solicitation under 12 CFR 226.5a, and more than a single possible purchase annual percentage rate may apply under the program or solicitation; and
(ii) Based in whole or in part on a consumer report, the credit card issuer provides a credit card to the consumer with an annual percentage rate referenced in § 640.2(n)(1)(ii) that is greater than the lowest annual percentage rate referenced in § 640.2(n)(1)(ii) available in connection with the application or solicitation.
(2) No requirement to compare different offers. A credit card issuer is not subject to the requirements of paragraph (a) of this section and is not required to provide a risk-based pricing notice to a consumer if -
(i) The consumer applies for a credit card for which the card issuer provides a single annual percentage rate referenced in § 640.2(n)(1)(ii), excluding a temporary initial rate lower than the rate that will apply after the temporary rate expires and a penalty rate that will apply upon the occurrence of one or more specific events, such as a late payment or an extension of credit that exceeds the credit limit; or
(ii) The credit card issuer offers the consumer the lowest annual percentage rate referenced in § 640.2(n)(1)(ii) available under the credit card offer for which the consumer applied, even if a lower annual percentage rate referenced in § 640.2(n)(1)(ii) is available under a different credit card offer issued by the card issuer.
(3) Examples.
(i) A credit card issuer sends a solicitation to the consumer that discloses several possible purchase annual percentage rates that may apply, such as 10, 12, or 14 percent, or a range of purchase annual percentage rates from 10 to 14 percent. The consumer applies for a credit card in response to the solicitation. The card issuer provides a credit card to the consumer with a purchase annual percentage rate of 12 percent based in whole or in part on a consumer report. Unless an exception applies under § 640.5, the card issuer may satisfy its obligations under paragraph (a) of this section by providing a risk-based pricing notice to the consumer because the consumer received credit at a purchase annual percentage rate greater than the lowest purchase annual percentage rate available under that solicitation.
(ii) The same facts as in the example in paragraph (c)(3)(i) of this section, except that the card issuer provides a credit card to the consumer at a purchase annual percentage rate of 10 percent. The card issuer is not required to provide a risk-based pricing notice to the consumer even if, under a different credit card solicitation, that consumer or other consumers might qualify for a purchase annual percentage rate of 8 percent.
(d) Account review -
(1) In general. Except as otherwise provided in this part, a motor vehicle dealer is subject to the requirements of paragraph (a) of this section and must provide a risk-based pricing notice to a consumer in the form and manner required by this part if the motor vehicle dealer -
(i) Uses a consumer report in connection with a review of credit that has been extended to the consumer; and
(ii) Based in whole or in part on the consumer report, increases the annual percentage rate (the annual percentage rate referenced in § 640.2(n)(1)(ii) in the case of a credit card).
(2) Example. A credit card issuer periodically obtains consumer reports for the purpose of reviewing the terms of credit it has extended to consumers in connection with credit cards. As a result of this review, the credit card issuer increases the purchase annual percentage rate applicable to a consumer's credit card based in whole or in part on information in a consumer report. The credit card issuer is subject to the requirements of paragraph (a) of this section and must provide a risk-based pricing notice to the consumer.
§ 640.4 Content, form, and timing of risk-based pricing notices.
(a) Content of the notice -
(1) In general. The risk-based pricing notice required by § 640.3(a) or (c) must include:
(i) A statement that a consumer report (or credit report) includes information about the consumer's credit history and the type of information included in that history;
(ii) A statement that the terms offered, such as the annual percentage rate, have been set based on information from a consumer report;
(iii) A statement that the terms offered may be less favorable than the terms offered to consumers with better credit histories;
(iv) A statement that the consumer is encouraged to verify the accuracy of the information contained in the consumer report and has the right to dispute any inaccurate information in the report;
(v) The identity of each consumer reporting agency that furnished a consumer report used in the credit decision;
(vi) A statement that federal law gives the consumer the right to obtain a copy of a consumer report from the consumer reporting agency or agencies identified in the notice without charge for 60 days after receipt of the notice;
(vii) A statement informing the consumer how to obtain a consumer report from the consumer reporting agency or agencies identified in the notice and providing contact information (including a toll-free telephone number, where applicable) specified by the consumer reporting agency or agencies;
(viii) A statement directing consumers to the websites of the Consumer Financial Protection Bureau and Federal Trade Commission to obtain more information about consumer reports; and
(ix) If a credit score of the consumer to whom a motor vehicle dealer grants, extends, or otherwise provides credit is used in setting the material terms of credit:
(A) A statement that a credit score is a number that takes into account information in a consumer report, that the consumer's credit score was used to set the terms of credit offered, and that a credit score can change over time to reflect changes in the consumer's credit history;
(B) The credit score used by the motor vehicle dealer in making the credit decision;
(C) The range of possible credit scores under the model used to generate the credit score;
(D) All of the key factors that adversely affected the credit score, which shall not exceed four key factors, except that if one of the key factors is the number of enquiries made with respect to the consumer report, the number of key factors shall not exceed five;
(E) The date on which the credit score was created; and
(F) The name of the consumer reporting agency or other person that provided the credit score.
(2) Account review. The risk-based pricing notice required by § 640.3(d) must include:
(i) A statement that a consumer report (or credit report) includes information about the consumer's credit history and the type of information included in that credit history;
(ii) A statement that the credit card issuer has conducted a review of the account using information from a consumer report;
(iii) A statement that as a result of the review, the annual percentage rate on the account has been increased based on information from a consumer report;
(iv) A statement that the consumer is encouraged to verify the accuracy of the information contained in the consumer report and has the right to dispute any inaccurate information in the report;
(v) The identity of each consumer reporting agency that furnished a consumer report used in the account review;
(vi) A statement that federal law gives the consumer the right to obtain a copy of a consumer report from the consumer reporting agency or agencies identified in the notice without charge for 60 days after receipt of the notice;
(vii) A statement informing the consumer how to obtain a consumer report from the consumer reporting agency or agencies identified in the notice and providing contact information (including a toll-free telephone number, where applicable) specified by the consumer reporting agency or agencies;
(viii) A statement directing consumers to the websites of the Consumer Financial Protection Bureau and Federal Trade Commission to obtain more information about consumer reports; and
(ix) If a credit score of the consumer whose extension of credit is under review is used in increasing the annual percentage rate:
(A) A statement that a credit score is a number that takes into account information in a consumer report, that the consumer's credit score was used to set the terms of credit offered, and that a credit score can change over time to reflect changes in the consumer's credit history;
(B) The credit score used by the credit card issuer in making the credit decision;
(C) The range of possible credit scores under the model used to generate the credit score;
(D) All of the key factors that adversely affected the credit score, which shall not exceed four key factors, except that if one of the key factors is the number of enquiries made with respect to the consumer report, the number of key factors shall not exceed five;
(E) The date on which the credit score was created; and
(F) The name of the consumer reporting agency or other person that provided the credit score.
(b) Form of the notice -
(1) In general. The risk-based pricing notice required by § 640.3(a), (c), or (d) must be:
(i) Clear and conspicuous; and
(ii) Provided to the consumer in oral, written, or electronic form.
(2) Model forms. Model forms of the risk-based pricing notice required by Sec. 640.3(a) and (c) are contained in appendices A-1 and A-6 of 16 CFR part 698. Appropriate use of Model form A-1 or A-6 is deemed to comply with the requirements of § 640.3(a) and (c). Model forms of the risk-based pricing notice required by § 640.3(d) are contained in appendices A-2 and A-7 of 16 CFR part 698. Appropriate use of Model form A-2 or A-7 is deemed to comply with the requirements of § 640.3(d). Use of the model forms is optional.
(c) Timing -
(1) General. Except as provided in paragraph (c)(3) of this section, a risk-based pricing notice must be provided to the consumer -
(i) In the case of a grant, extension, or other provision of closed-end credit, before consummation of the transaction, but not earlier than the time the decision to approve an application for, or a grant, extension, or other provision of, credit, is communicated to the consumer by the motor vehicle dealer required to provide the notice;
(ii) In the case of credit granted, extended, or provided under an open-end credit plan, before the first transaction is made under the plan, but not earlier than the time the decision to approve an application for, or a grant, extension, or other provision of, credit is communicated to the consumer by the motor vehicle dealer required to provide the notice; or
(iii) In the case of a review of credit that has been extended to the consumer, at the time the decision to increase the annual percentage rate (annual percentage rate referenced in § 640.2(n)(1)(ii) in the case of a credit card) based on a consumer report is communicated to the consumer by the motor vehicle dealer required to provide the notice, or if no notice of the increase in the annual percentage rate is provided to the consumer prior to the effective date of the change in the annual percentage rate (to the extent permitted by law), no later than five days after the effective date of the change in the annual percentage rate.
(2) Application to certain automobile lending transactions. When a person to whom a credit obligation is initially payable grants, extends, or provides credit to a consumer for the purpose of financing the purchase of an automobile from a motor vehicle dealer or other party not affiliated with the person, any requirement to provide a risk-based pricing notice pursuant to this part is satisfied if the person:
(i) Provides a notice described in § 640.3(a), 640.5(e), or 640.5(f) to the consumer within the time periods set forth in paragraph (c)(1)(i) of this section, § 640.5(e)(3), or 640.5(f)(4), as applicable; or
(ii) Arranges to have the motor vehicle dealer or other party provide a notice described in §§ 640.3(a), 640.5(e), or 640.5(f) to the consumer on its behalf within the time periods set forth in paragraph (c)(1)(i) of this section, § 640.5(e)(3), or § 640.5(f)(4), as applicable, and maintains reasonable policies and procedures to verify the motor vehicle dealer or other party provides such notice to the consumer within the applicable time periods. If the person arranges to have the motor vehicle dealer or other party provide a notice described in § 640.5(e), the person's obligation is satisfied if the consumer receives a notice containing a credit score obtained by the dealer or other party, even if a different credit score is obtained and used by the person on whose behalf the notice is provided.
(3) Timing requirements for contemporaneous purchase credit. When credit under an open-end credit plan is granted, extended, or provided to a consumer in person or by telephone for the purpose of financing the contemporaneous purchase of goods or services, any risk-based pricing notice required to be provided pursuant to this part (or the disclosures permitted under § 640.5(e) or (f)) may be provided at the earlier of:
(i) The time of the first mailing by the motor vehicle dealer to the consumer after the decision is made to approve the grant, extension, or other provision of open-end credit, such as in a mailing containing the account agreement or a credit card; or
(ii) Within 30 days after the decision to approve the grant, extension, or other provision of credit.
(d) Multiple credit scores -
(1) In general. When a motor vehicle dealer obtains or creates two or more credit scores and uses one of those credit scores in setting the material terms of credit, for example, by using the low, middle, high, or most recent score, the notices described in paragraphs (a)(1) and (2) of this section must include that credit score and information relating to that credit score required by paragraphs (a)(1)(ix) and (a)(2)(ix) of this section. When a motor vehicle dealer obtains or creates two or more credit scores and uses multiple credit scores in setting the material terms of credit by, for example, computing the average of all the credit scores obtained or created, the notices described in paragraphs (a)(1) and (2) of this section must include one of those credit scores and information relating to credit scores required by paragraphs (a)(1)(ix) and (a)(2)(ix) of this section. The notice may, at the motor vehicle dealer's option, include more than one credit score, along with the additional information specified in paragraphs (a)(1)(ix) and (a)(2)(ix) of this section for each credit score disclosed.
(2) Examples.
(i) A motor vehicle dealer that uses consumer reports to set the material terms of automobile loans granted, extended, or provided to consumers regularly requests credit scores from several consumer reporting agencies and uses the low score when determining the material terms it will offer to the consumer. That motor vehicle dealer must disclose the low score in the notices described in paragraphs (a)(1) and (2) of this section.
(ii) A motor vehicle dealer that uses consumer reports to set the material terms of automobile loans granted, extended, or provided to consumers regularly requests credit scores from several consumer reporting agencies, each of which it uses in an underwriting program in order to determine the material terms it will offer to the consumer. That motor vehicle dealer may choose one of these scores to include in the notices described in paragraph (a)(1) and (2) of this section.
§ 640.5 Exceptions.
(a) Application for specific terms -
(1) In general. A motor vehicle dealer is not required to provide a risk-based pricing notice to the consumer under § 640.3(a) or (c) if the consumer applies for specific material terms and is granted those terms, unless those terms were specified by the motor vehicle dealer using a consumer report after the consumer applied for or requested credit and after the motor vehicle dealer obtained the consumer report. For purposes of this section, “specific material terms” means a single material term, or set of material terms, such as an annual percentage rate of 10 percent, and not a range of alternatives, such as an annual percentage rate that may be 8, 10, or 12 percent, or between 8 and 12 percent.
(2) Example. A consumer receives a firm offer of credit from a motor vehicle dealer. The terms of the firm offer are based in whole or in part on information from a consumer report the motor vehicle dealer obtained under the FCRA's firm offer of credit provisions. The solicitation offers the consumer a loan with an annual percentage rate of 12 percent. The consumer applies for and receives a loan with an annual percentage rate of 12 percent. Other customers of the motor vehicle dealer have an annual percentage rate of 10 percent. The exception applies because the consumer applied for specific material terms and was granted those terms. Although the motor vehicle dealer specified the annual percentage rate in the firm offer of credit based in whole or in part on a consumer report, the motor vehicle dealer specified that material term before, not after, the consumer applied for or requested credit.
(b) Adverse action notice. A motor vehicle dealer is not required to provide a risk-based pricing notice to the consumer under § 640.3(a), (c), or (d) if the motor vehicle dealer provides an adverse action notice to the consumer under section 615(a) of the FCRA.
(c) Prescreened solicitations -
(1) In general. A motor vehicle dealer is not required to provide a risk-based pricing notice to the consumer under § 640.3(a) or (c) if the motor vehicle dealer:
(i) Obtains a consumer report that is a prescreened list as described in section 604(c)(2) of the FCRA; and
(ii) Uses the consumer report for the purpose of making a firm offer of credit to the consumer.
(2) More favorable material terms. This exception applies to any firm offer of credit offered by a motor vehicle dealer to a consumer, even if the motor vehicle dealer makes other firm offers of credit to other consumers on more favorable material terms.
(3) Example. A motor vehicle dealer obtains two prescreened lists from a consumer reporting agency. One list includes consumers with high credit scores. The other list includes consumers with low credit scores. The motor vehicle dealer mails a firm offer of credit to the high credit score consumers with an annual percentage rate of 10 percent. The motor vehicle dealer also mails a firm offer of credit to the low credit score consumers with an annual percentage rate of 14 percent. The motor vehicle dealer is not required to provide a risk-based pricing notice to the low credit score consumers who receive the 14 percent offer because use of a consumer report to make a firm offer of credit does not trigger the risk-based pricing notice requirement.
(d) Loans secured by residential real property - credit score disclosure -
(1) In general. A motor vehicle dealer is not required to provide a risk-based pricing notice to a consumer under § 640.3(a) or (c) if:
(i) The consumer requests from the motor vehicle dealer an extension of credit that is or will be secured by one to four units of residential real property; and
(ii) The motor vehicle dealer provides to each consumer described in paragraph (d)(1)(i) of this section a notice that contains the following -
(A) A statement that a consumer report (or credit report) is a record of the consumer's credit history and includes information about whether the consumer pays his or her obligations on time and how much the consumer owes to creditors;
(B) A statement that a credit score is a number that takes into account information in a consumer report and that a credit score can change over time to reflect changes in the consumer's credit history;
(C) A statement that the consumer's credit score can affect whether the consumer can obtain credit and what the cost of that credit will be;
(D) The information required to be disclosed to the consumer pursuant to section 609(g) of the FCRA;
(E) The distribution of credit scores among consumers who are scored under the same scoring model that is used to generate the consumer's credit score using the same scale as that of the credit score that is provided to the consumer, presented in the form of a bar graph containing a minimum of six bars that illustrates the percentage of consumers with credit scores within the range of scores reflected in each bar or by other clear and readily understandable graphical means, or a clear and readily understandable statement informing the consumer how his or her credit score compares to the scores of other consumers. Use of a graph or statement obtained from the person providing the credit score that meets the requirements of this paragraph (d)(1)(ii)(E) is deemed to comply with this requirement;
(F) A statement that the consumer is encouraged to verify the accuracy of the information contained in the consumer report and has the right to dispute any inaccurate information in the report;
(G) A statement that federal law gives the consumer the right to obtain copies of his or her consumer reports directly from the consumer reporting agencies, including a free report from each of the nationwide consumer reporting agencies once during any 12-month period;
(H) Contact information for the centralized source from which consumers may obtain their free annual consumer reports; and
(I) A statement directing consumers to the websites of the Board and Federal Trade Commission to obtain more information about consumer reports.
(2) Form of the notice. The notice described in paragraph (d)(1)(ii) of this section must be:
(i) Clear and conspicuous;
(ii) Provided on or with the notice required by section 609(g) of the FCRA;
(iii) Segregated from other information provided to the consumer, except for the notice required by section 609(g) of the FCRA; and
(iv) Provided to the consumer in writing and in a form that the consumer may keep.
(3) Timing. The notice described in paragraph (d)(1)(ii) of this section must be provided to the consumer at the time the disclosure required by section 609(g) of the FCRA is provided to the consumer, but in any event at or before consummation in the case of closed-end credit or before the first transaction is made under an open-end credit plan.
(4) Multiple credit scores -
(i) In general. When a motor vehicle dealer obtains two or more credit scores from consumer reporting agencies and uses one of those credit scores in setting the material terms of credit granted, extended, or otherwise provided to a consumer, for example, by using the low, middle, high, or most recent score, the notice described in paragraph (d)(1)(ii) of this section must include that credit score and the other information required by that paragraph. When a motor vehicle dealer obtains two or more credit scores from consumer reporting agencies and uses multiple credit scores in setting the material terms of credit granted, extended, or otherwise provided to a consumer, for example, by computing the average of all the credit scores obtained, the notice described in paragraph (d)(1)(ii) of this section must include one of those credit scores and the other information required by that paragraph. The notice may, at the motor vehicle dealer's option, include more than one credit score, along with the additional information specified in paragraph (d)(1)(ii) of this section for each credit score disclosed.
(ii) Examples.
(A) A motor vehicle dealer that uses consumer reports to set the material terms of credit granted, extended, or provided to consumers regularly requests credit scores from several consumer reporting agencies and uses the low score when determining the material terms it will offer to the consumer. That motor vehicle dealer must disclose the low score in the notice described in paragraph (d)(1)(ii) of this section.
(B) A motor vehicle dealer that uses consumer reports to set the material terms of mortgage credit granted, extended, or provided to consumers regularly requests credit scores from several consumer reporting agencies, each of which it uses in an underwriting program in order to determine the material terms it will offer to the consumer. That motor vehicle dealer may choose one of these scores to include in the notice described in paragraph (d)(1)(ii) of this section.
(5) Model form. A model form of the notice described in paragraph (d)(1)(ii) of this section consolidated with the notice required by section 609(g) of the FCRA is contained in 16 CFR part 698, appendix A. Appropriate use of Model Form A-3 is deemed to comply with the requirements of § 640.5(d). Use of the model form is optional.
(e) Other extensions of credit - credit score disclosure -
(1) In general. A motor vehicle dealer is not required to provide a risk-based pricing notice to a consumer under § 640.3(a) or (c) if:
(i) The consumer requests from the motor vehicle dealer an extension of credit other than credit that is or will be secured by one to four units of residential real property; and
(ii) The motor vehicle dealer provides to each consumer described in paragraph (e)(1)(i) of this section a notice that contains the following -
(A) A statement that a consumer report (or credit report) is a record of the consumer's credit history and includes information about whether the consumer pays his or her obligations on time and how much the consumer owes to creditors;
(B) A statement that a credit score is a number that takes into account information in a consumer report and that a credit score can change over time to reflect changes in the consumer's credit history;
(C) A statement that the consumer's credit score can affect whether the consumer can obtain credit and what the cost of that credit will be;
(D) The current credit score of the consumer or the most recent credit score of the consumer that was previously calculated by the consumer reporting agency for a purpose related to the extension of credit;
(E) The range of possible credit scores under the model used to generate the credit score;
(F) The distribution of credit scores among consumers who are scored under the same scoring model that is used to generate the consumer's credit score using the same scale as that of the credit score that is provided to the consumer, presented in the form of a bar graph containing a minimum of six bars that illustrates the percentage of consumers with credit scores within the range of scores reflected in each bar, or by other clear and readily understandable graphical means, or a clear and readily understandable statement informing the consumer how his or her credit score compares to the scores of other consumers. Use of a graph or statement obtained from the person providing the credit score that meets the requirements of this paragraph (e)(1)(ii)(F) is deemed to comply with this requirement;
(G) The date on which the credit score was created;
(H) The name of the consumer reporting agency or other person that provided the credit score;
(I) A statement that the consumer is encouraged to verify the accuracy of the information contained in the consumer report and has the right to dispute any inaccurate information in the report;
(J) A statement that federal law gives the consumer the right to obtain copies of his or her consumer reports directly from the consumer reporting agencies, including a free report from each of the nationwide consumer reporting agencies once during any 12-month period;
(K) Contact information for the centralized source from which consumers may obtain their free annual consumer reports; and
(L) A statement directing consumers to the websites of the Federal Reserve Board and Federal Trade Commission to obtain more information about consumer reports.
(2) Form of the notice. The notice described in paragraph (e)(1)(ii) of this section must be:
(i) Clear and conspicuous;
(ii) Segregated from other information provided to the consumer; and
(iii) Provided to the consumer in writing and in a form that the consumer may keep.
(3) Timing. The notice described in paragraph (e)(1)(ii) of this section must be provided to the consumer as soon as reasonably practicable after the credit score has been obtained, but in any event at or before consummation in the case of closed-end credit or before the first transaction is made under an open-end credit plan.
(4) Multiple credit scores -
(i) In General. When a motor vehicle dealer obtains two or more credit scores from consumer reporting agencies and uses one of those credit scores in setting the material terms of credit granted, extended, or otherwise provided to a consumer, for example, by using the low, middle, high, or most recent score, the notice described in paragraph (e)(1)(ii) of this section must include that credit score and the other information required by that paragraph. When a motor vehicle dealer obtains two or more credit scores from consumer reporting agencies and uses multiple credit scores in setting the material terms of credit granted, extended, or otherwise provided to a consumer, for example, by computing the average of all the credit scores obtained, the notice described in paragraph (e)(1)(ii) of this section must include one of those credit scores and the other information required by that paragraph. The notice may, at the motor vehicle dealer's option, include more than one credit score, along with the additional information specified in paragraph (e)(1)(ii) of this section for each credit score disclosed.
(ii) Examples. The manner in which multiple credit scores are to be disclosed under this section are substantially identical to the manner set forth in the examples contained in paragraph (d)(4)(ii) of this section.
(5) Model form. A model form of the notice described in paragraph (e)(1)(ii) of this section is contained in 16 CFR part 698, appendix A. Appropriate use of Model Form A-4 is deemed to comply with the requirements of § 640.5(e). Use of the model form is optional.
(f) Credit score not available -
(1) In general. A motor vehicle dealer is not required to provide a risk-based pricing notice to a consumer under § 640.3(a) or (c) if the motor vehicle dealer:
(i) Regularly obtains credit scores from a consumer reporting agency and provides credit score disclosures to consumers in accordance with paragraphs (d) or (e) of this section, but a credit score is not available from the consumer reporting agency from which the motor vehicle dealer regularly obtains credit scores for a consumer to whom the motor vehicle dealer grants, extends, or provides credit;
(ii) Does not obtain a credit score from another consumer reporting agency in connection with granting, extending, or providing credit to the consumer; and
(iii) Provides to the consumer a notice that contains the following -
(A) A statement that a consumer report (or credit report) includes information about the consumer's credit history and the type of information included in that history;
(B) A statement that a credit score is a number that takes into account information in a consumer report and that a credit score can change over time in response to changes in the consumer's credit history;
(C) A statement that credit scores are important because consumers with higher credit scores generally obtain more favorable credit terms;
(D) A statement that not having a credit score can affect whether the consumer can obtain credit and what the cost of that credit will be;
(E) A statement that a credit score about the consumer was not available from a consumer reporting agency, which must be identified by name, generally due to insufficient information regarding the consumer's credit history;
(F) A statement that the consumer is encouraged to verify the accuracy of the information contained in the consumer report and has the right to dispute any inaccurate information in the consumer report;
(G) A statement that federal law gives the consumer the right to obtain copies of his or her consumer reports directly from the consumer reporting agencies, including a free consumer report from each of the nationwide consumer reporting agencies once during any 12-month period;
(H) The contact information for the centralized source from which consumers may obtain their free annual consumer reports; and
(I) A statement directing consumers to the websites of the Board and Federal Trade Commission to obtain more information about consumer reports.
(2) Example. A motor vehicle dealer that uses consumer reports to set the material terms of credit granted, extended, or provided to consumers regularly requests credit scores from a particular consumer reporting agency and provides those credit scores and additional information to consumers to satisfy the requirements of paragraph (e) of this section. That consumer reporting agency provides to the motor vehicle dealer a consumer report on a particular consumer that contains one trade line, but does not provide the motor vehicle dealer with a credit score on that consumer. If the motor vehicle dealer does not obtain a credit score from another consumer reporting agency and, based in whole or in part on information in a consumer report, grants, extends, or provides credit to the consumer, the motor vehicle dealer may provide the notice described in paragraph (f)(1)(iii) of this section. If, however, the motor vehicle dealer obtains a credit score from another consumer reporting agency, the motor vehicle dealer may not rely upon the exception in paragraph (f) of this section, but may satisfy the requirements of paragraph (e) of this section.
(3) Form of the notice. The notice described in paragraph (f)(1)(iii) of this section must be:
(i) Clear and conspicuous;
(ii) Segregated from other information provided to the consumer; and
(iii) Provided to the consumer in writing and in a form that the consumer may keep.
(4) Timing. The notice described in paragraph (f)(1)(iii) of this section must be provided to the consumer as soon as reasonably practicable after the motor vehicle dealer has requested the credit score, but in any event not later than consummation of a transaction in the case of closed-end credit or when the first transaction is made under an open-end credit plan.
(5) Model form. A model form of the notice described in paragraph (f)(1)(iii) of this section is contained in 16 CFR part 698, appendix A. Appropriate use of Model Form A-5 is deemed to comply with the requirements of § 640.5(f). Use of the model form is optional.
§ 640.6 Rules of Construction.
For purposes of this part, the following rules of construction apply:
(a) One notice per credit extension. A consumer is entitled to no more than one risk-based pricing notice under § 640.3(a) or (c), or one notice under § 640.5(d), (e), or (f), for each grant, extension, or other provision of credit. Notwithstanding the foregoing, even if a consumer has previously received a risk-based pricing notice in connection with a grant, extension, or other provision of credit, another risk-based pricing notice is required if the conditions set forth in § 640.3(d) have been met.
(b) Multi-party transactions -
(1) Initial creditor. The motor vehicle dealer to whom a credit obligation is initially payable must provide the risk-based pricing notice described in § 640.3(a) or (c), or satisfy the requirements for and provide the notice required under one of the exceptions in § 640.5(d), (e), or (f), even if that motor vehicle dealer immediately assigns the credit agreement to a third party and is not the source of funding for the credit.
(2) Purchasers or assignees. A purchaser or assignee of a credit contract with a consumer is not subject to the requirements of this part and is not required to provide the risk-based pricing notice described in § 640.3(a) or (c), or satisfy the requirements for and provide the notice required under one of the exceptions in § 640.5(d), (e), or (f).
(3) Examples.
(i) A consumer obtains credit to finance the purchase of an automobile. If the motor vehicle dealer is the person to whom the loan obligation is initially payable, such as where the motor vehicle dealer is the original creditor under a retail installment sales contract, the motor vehicle dealer must provide the risk-based pricing notice to the consumer (or satisfy the requirements for and provide the notice required under one of the exceptions noted above), even if the motor vehicle dealer immediately assigns the loan to a bank or finance company. The bank or finance company, which is an assignee, has no duty to provide a risk-based pricing notice to the consumer.
(ii) A consumer obtains credit to finance the purchase of an automobile. If a bank or finance company is the person to whom the loan obligation is initially payable, the bank or finance company must provide the risk-based pricing notice to the consumer (or satisfy the requirements for and provide the notice required under one of the exceptions noted above) based on the terms offered by that bank or finance company only. The motor vehicle dealer has no duty to provide a risk-based pricing notice to the consumer. However, the bank or finance company may comply with this rule if the motor vehicle dealer has agreed to provide notices to consumers before consummation pursuant to an arrangement with the bank or finance company, as permitted under § 640.4(c).
(c) Multiple consumers -
(1) Risk-based pricing notices. In a transaction involving two or more consumers who are granted, extended, or otherwise provided credit, a motor vehicle dealer must provide a notice to each consumer to satisfy the requirements of § 640.3(a) or (c). Whether the consumers have the same address or not, the motor vehicle dealer must provide a separate notice to each consumer if a notice includes a credit score(s). Each separate notice that includes a credit score(s) must contain only the credit score(s) of the consumer to whom the notice is provided, and not the credit score(s) of the other consumer. If the consumers have the same address, and the notice does not include a credit score(s), a motor vehicle dealer may satisfy the requirements by providing a single notice addressed to both consumers.
(2) Credit score disclosure notices. In a transaction involving two or more consumers who are granted, extended, or otherwise provided credit, a motor vehicle dealer must provide a separate notice to each consumer to satisfy the exceptions in § 640.5(d), (e), or (f). Whether the consumers have the same address or not, the motor vehicle dealer must provide a separate notice to each consumer. Each separate notice must contain only the credit score(s) of the consumer to whom the notice is provided, and not the credit score(s) of the other consumer.
(3) Examples.
(i) Two consumers jointly apply for credit with a creditor. The creditor obtains credit scores on both consumers. Based in part on the credit scores, the creditor grants credit to the consumers on material terms that are materially less favorable than the most favorable terms available to other consumers from the creditor. The creditor provides risk-based pricing notices to satisfy its obligations under this subpart. The creditor must provide a separate risk-based pricing notice to each consumer whether the consumers have the same address or not. Each risk-based pricing notice must contain only the credit score(s) of the consumer to whom the notice is provided.
(ii) Two consumers jointly apply for credit with a creditor. The two consumers reside at the same address. The creditor obtains credit scores on each of the two consumer applicants. The creditor grants credit to the consumers. The creditor provides credit score disclosure notices to satisfy its obligations under this part. Even though the two consumers reside at the same address, the creditor must provide a separate credit score disclosure notice to each of the consumers. Each notice must contain only the credit score of the consumer to whom the notice is provided.
PART 641 - DUTIES OF USERS OF CONSUMER REPORTS REGARDING ADDRESS DISCREPANCIES
Authority: Pub. L. 108-159, sec. 315; 15 U.S.C. 1681c(h); 12 U.S.C. 5519(d).
Source: 74 FR 22644, May 14, 2009, unless otherwise noted.
§ 641.1 Duties of users of consumer reports regarding address discrepancies.
(a) Scope. This section applies to users of consumer reports that are motor vehicle dealers excluded from Consumer Financial Protection Bureau jurisdiction as described in 12 U.S.C. 5519.
(b) Definition. For purposes of this section, a notice of address discrepancy means a notice sent to a user by a consumer reporting agency described in 15 U.S.C. 1681a(p) pursuant to 15 U.S.C. 1681c(h)(1), that informs the user of a substantial difference between the address for the consumer that the user provided to request the consumer report and the address(es) in the agency's file for the consumer.
(c) Reasonable belief -
(1) Requirement to form a reasonable belief. A user must develop and implement reasonable policies and procedures designed to enable the user to form a reasonable belief that a consumer report relates to the consumer about whom it has requested the report, when the user receives a notice of address discrepancy.
(2) Examples of reasonable policies and procedures.
(i) Comparing the information in the consumer report provided by the consumer reporting agency with information the user:
(A) Obtains and uses to verify the consumer's identity in accordance with the requirements of the Customer Identification Program (CIP) rules implementing 31 U.S.C. 5318(l) (31 CFR 103.121);
(B) Maintains in its own records, such as applications, change of address notifications, other customer account records, or retained CIP documentation; or
(C) Obtains from third-party sources; or
(ii) Verifying the information in the consumer report provided by the consumer reporting agency with the consumer.
(d) Consumer's address -
(1) Requirement to furnish consumer's address to a consumer reporting agency. A user must develop and implement reasonable policies and procedures for furnishing an address for the consumer that the user has reasonably confirmed is accurate to the consumer reporting agency described in 15 U.S.C. 1681a(p) from whom it received the notice of address discrepancy when the user:
(i) Can form a reasonable belief that the consumer report relates to the consumer about whom the user requested the report;
(ii) Establishes a continuing relationship with the consumer; and
(iii) Regularly and in the ordinary course of business furnishes information to the consumer reporting agency from which the notice of address discrepancy relating to the consumer was obtained.
(2) Examples of confirmation methods. The user may reasonably confirm an address is accurate by:
(i) Verifying the address with the consumer about whom it has requested the report;
(ii) Reviewing its own records to verify the address of the consumer;
(iii) Verifying the address through third-party sources; or
(iv) Using other reasonable means.
(3) Timing. The policies and procedures developed in accordance with paragraph (d)(1) of this section must provide that the user will furnish the consumer's address that the user has reasonably confirmed is accurate to the consumer reporting agency described in 15 U.S.C. 1681a(p) as part of the information it regularly furnishes for the reporting period in which it establishes a relationship with the consumer.
[74 FR 22644, May 14, 2009, as amended at 86 FR 51819, Sept. 17, 2021]
PART 642 - PRESCREEN OPT-OUT NOTICE
Authority: Pub. L. 108-159, sec. 311; 15 U.S.C. 1681m(d); 12 U.S.C. 5519(d).
Source: 70 FR 5032, Jan. 31, 2005, unless otherwise noted.
§ 642.1 Purpose and scope.
(a) Purpose. This part implements section 213(a) of the Fair and Accurate Credit Transactions Act of 2003, which requires the Federal Trade Commission to establish the format, type size, and manner of the notices to consumers, required by section 615(d) of the Fair Credit Reporting Act (“FCRA”), regarding the right to prohibit (“opt out” of) the use of information in a consumer report to send them solicitations of credit or insurance.
(b) Scope. This part applies to any motor vehicle dealer as defined in § 642.2 of this part that uses a consumer report on any consumer in connection with any credit or insurance transaction that is not initiated by the consumer, and that is provided to that motor vehicle dealer under section 604(c)(1)(B) of the FCRA (15 U.S.C. 1681b(c)(1)(B)).
[70 FR 5032, Jan. 31, 2005, as amended at 86 FR 50850, Sept. 13, 2021]
§ 642.2 Definitions.
As used in this part:
(a) Simple and easy to understand means:
(1) A layered format as described in § 642.3 of this part;
(2) Plain language designed to be understood by ordinary consumers; and
(3) Use of clear and concise sentences, paragraphs, and sections.
(i) Examples. For purposes of this part, examples of factors to be considered in determining whether a statement is in plain language and uses clear and concise sentences, paragraphs, and sections include:
(A) Use of short explanatory sentences;
(B) Use of definite, concrete, everyday words;
(C) Use of active voice;
(D) Avoidance of multiple negatives;
(E) Avoidance of legal and technical business terminology;
(F) Avoidance of explanations that are imprecise and reasonably subject to different interpretations; and
(G) Use of language that is not misleading.
(ii) [Reserved]
(b) Motor vehicle dealer means any person excluded from Consumer Financial Protection Bureau jurisdiction as described in 12 U.S.C. 5519.
(c) Principal promotional document means the document designed to be seen first by the consumer, such as the cover letter.
[70 FR 5032, Jan. 31, 2005, as amended at 86 FR 50850, Sept. 13, 2021]
§ 642.3 Prescreen opt-out notice.
Any motor vehicle dealer that uses a consumer report on any consumer in connection with any credit or insurance transaction that is not initiated by the consumer, and that is provided to that person under section 604(c)(1)(B) of the FCRA (15 U.S.C. 1681b(c)(1)(B)), shall, with each written solicitation made to the consumer about the transaction, provide the consumer with the following statement, consisting of a short portion and a long portion, which shall be in the same language as the offer of credit or insurance:
(a) Short notice. The short notice shall be a clear and conspicuous, and simple and easy to understand statement as follows:
(1) Content. The short notice shall state that the consumer has the right to opt out of receiving prescreened solicitations, and shall provide the toll-free number the consumer can call to exercise that right. The short notice also shall direct the consumer to the existence and location of the long notice, and shall state the heading for the long notice. The short notice shall not contain any other information.
(2) Form. The short notice shall be:
(i) In a type size that is larger than the type size of the principal text on the same page, but in no event smaller than 12-point type, or if provided by electronic means, then reasonable steps shall be taken to ensure that the type size is larger than the type size of the principal text on the same page;
(ii) On the front side of the first page of the principal promotional document in the solicitation, or, if provided electronically, on the same page and in close proximity to the principal marketing message;
(iii) Located on the page and in a format so that the statement is distinct from other text, such as inside a border; and
(iv) In a type style that is distinct from the principal type style used on the same page, such as bolded, italicized, underlined, and/or in a color that contrasts with the color of the principal text on the page, if the solicitation is in more than one color.
(b) Long notice. The long notice shall be a clear and conspicuous, and simple and easy to understand statement as follows:
(1) Content. The long notice shall state the information required by section 615(d) of the Fair Credit Reporting Act (15 U.S.C. 1681m(d)). The long notice shall not include any other information that interferes with, detracts from, contradicts, or otherwise undermines the purpose of the notice.
(2) Form. The long notice shall:
(i) Appear in the solicitation;
(ii) Be in a type size that is no smaller than the type size of the principal text on the same page, and, for solicitations provided other than by electronic means, the type size shall in no event be smaller than 8-point type;
(iii) Begin with a heading in capital letters and underlined, and identifying the long notice as the “PRESCREEN & OPT-OUT NOTICE”;
(iv) Be in a type style that is distinct from the principal type style used on the same page, such as bolded, italicized, underlined, and/or in a color that contrasts with the color of the principal text on the page, if the solicitation is in more than one color; and
(v) Be set apart from other text on the page, such as by including a blank line above and below the statement, and by indenting both the left and right margins from other text on the page.
[70 FR 5032, Jan. 31, 2005, as amended at 86 FR 50850, Sept. 13, 2021]
§ 642.4 Effective date.
This part is effective on August 1, 2005.
PART 660 - DUTIES OF FURNISHERS OF INFORMATION TO CONSUMER REPORTING AGENCIES
Authority: Pub. L. 108-159, sec. 311; 15 U.S.C. 1681s-2; 12 U.S.C. 5519(d).
Source: 74 FR 31525, July 1, 2009, unless otherwise noted.
§ 660.1 Scope.
This part applies to furnishers of information to consumer reporting agencies that are motor vehicle dealers as defined by § 660.2 of this part (referred to as “furnishers”).
[86 FR 51821, Sept. 17, 2021]
§ 660.2 Definitions.
For purposes of this part and appendix A of this part, the following definitions apply:
(a) Accuracy means that information that a furnisher provides to a consumer reporting agency about an account or other relationship with the consumer correctly:
(1) Reflects the terms of and liability for the account or other relationship;
(2) Reflects the consumer's performance and other conduct with respect to the account or other relationship; and
(3) Identifies the appropriate consumer.
(b) Direct dispute means a dispute submitted directly to a furnisher (including a furnisher that is a debt collector) by a consumer concerning the accuracy of any information contained in a consumer report and pertaining to an account or other relationship that the furnisher has or had with the consumer.
(c) Furnisher means an entity that furnishes information relating to consumers to one or more consumer reporting agencies for inclusion in a consumer report. An entity is not a furnisher when it:
(1) Provides information to a consumer reporting agency solely to obtain a consumer report in accordance with sections 604(a) and (f) of the Fair Credit Reporting Act;
(2) Is acting as a “consumer reporting agency” as defined in section 603(f) of the Fair Credit Reporting Act;
(3) Is a consumer to whom the furnished information pertains; or
(4) Is a neighbor, friend, or associate of the consumer, or another individual with whom the consumer is acquainted or who may have knowledge about the consumer, and who provides information about the consumer's character, general reputation, personal characteristics, or mode of living in response to a specific request from a consumer reporting agency.
(d) Identity theft has the same meaning as in 12 CFR 1022.3(h).
(e) Integrity means that information that a furnisher provides to a consumer reporting agency about an account or other relationship with the consumer:
(1) Is substantiated by the furnisher's records at the time it is furnished;
(2) Is furnished in a form and manner that is designed to minimize the likelihood that the information may be incorrectly reflected in a consumer report; and
(3) Includes the information in the furnisher's possession about the account or other relationship that the Commission has:
(i) Determined that the absence of which would likely be materially misleading in evaluating a consumer's creditworthiness, credit standing, credit capacity, character, general reputation, personal characteristics, or mode of living; and
(ii) Listed in section I.(b)(2)(iii) of Appendix A of this part.
(f) Motor vehicle dealer means any person excluded from Consumer Financial Protection Bureau jurisdiction as described in 12 U.S.C. 5519.
[74 FR 31525, July 1, 2009, as amended at 86 FR 51821, Sept. 17, 2021]
§ 660.3 Reasonable policies and procedures concerning the accuracy and integrity of furnished information.
(a) Policies and procedures. Each furnisher must establish and implement reasonable written policies and procedures regarding the accuracy and integrity of the information relating to consumers that it furnishes to a consumer reporting agency. The policies and procedures must be appropriate to the nature, size, complexity, and scope of each furnisher's activities.
(b) Guidelines. Each furnisher must consider the guidelines in Appendix A of this part in developing its policies and procedures required by this section, and incorporate those guidelines that are appropriate.
(c) Reviewing and updating policies and procedures. Each furnisher must review its policies and procedures required by this section periodically and update them as necessary to ensure their continued effectiveness.
§ 660.4 Direct disputes.
(a) General rule. Except as otherwise provided in this section, a furnisher must conduct a reasonable investigation of a direct dispute if it relates to:
(1) The consumer's liability for a credit account or other debt with the furnisher, such as direct disputes relating to whether there is or has been identity theft or fraud against the consumer, whether there is individual or joint liability on an account, or whether the consumer is an authorized user of a credit account;
(2) The terms of a credit account or other debt with the furnisher, such as direct disputes relating to the type of account, principal balance, scheduled payment amount on an account, or the amount of the credit limit on an open-end account;
(3) The consumer's performance or other conduct concerning an account or other relationship with the furnisher, such as direct disputes relating to the current payment status, high balance, date a payment was made, the amount of a payment made, or the date an account was opened or closed; or
(4) Any other information contained in a consumer report regarding an account or other relationship with the furnisher that bears on the consumer's creditworthiness, credit standing, credit capacity, character, general reputation, personal characteristics, or mode of living.
(b) Exceptions. The requirements of paragraph (a) of this section do not apply to a furnisher if:
(1) The direct dispute relates to:
(i) The consumer's identifying information (other than a direct dispute relating to a consumer's liability for a credit account or other debt with the furnisher, as provided in paragraph (a)(1) of this section) such as name(s), date of birth, Social Security number, telephone number(s), or address(es);
(ii) The identity of past or present employers;
(iii) Inquiries or requests for a consumer report;
(iv) Information derived from public records, such as judgments, bankruptcies, liens, and other legal matters (unless provided by a furnisher with an account or other relationship with the consumer);
(v) Information related to fraud alerts or active duty alerts; or
(vi) Information provided to a consumer reporting agency by another furnisher; or
(2) The furnisher has a reasonable belief that the direct dispute is submitted by, is prepared on behalf of the consumer by, or is submitted on a form supplied to the consumer by, a credit repair organization, as defined in 15 U.S.C. 1679a(3), or an entity that would be a credit repair organization, but for 15 U.S.C. 1679a(3)(B)(i).
(c) Direct dispute address. A furnisher is required to investigate a direct dispute only if a consumer submits a dispute notice to the furnisher at:
(1) The address of a furnisher provided by a furnisher and set forth on a consumer report relating to the consumer;
(2) An address clearly and conspicuously specified by the furnisher for submitting direct disputes that is provided to the consumer in writing or electronically (if the consumer has agreed to the electronic delivery of information from the furnisher); or
(3) Any business address of the furnisher if the furnisher has not so specified and provided an address for submitting direct disputes under paragraphs (c)(1) or (2) of this section.
(d) Direct dispute notice contents. A dispute notice must include:
(1) Sufficient information to identify the account or other relationship that is in dispute, such as an account number and the name, address, and telephone number of the consumer, if applicable;
(2) The specific information that the consumer is disputing and an explanation of the basis for the dispute; and
(3) All supporting documentation or other information reasonably required by the furnisher to substantiate the basis of the dispute. This documentation may include, for example: a copy of the relevant portion of the consumer report that contains the allegedly inaccurate information; a police report; a fraud or identity theft affidavit; a court order; or account statements.
(e) Duty of furnisher after receiving a direct dispute notice. After receiving a dispute notice from a consumer pursuant to paragraphs (c) and (d) of this section, the furnisher must:
(1) Conduct a reasonable investigation with respect to the disputed information;
(2) Review all relevant information provided by the consumer with the dispute notice;
(3) Complete its investigation of the dispute and report the results of the investigation to the consumer before the expiration of the period under section 611(a)(1) of the Fair Credit Reporting Act (15 U.S.C. 1681i(a)(1)) within which a consumer reporting agency would be required to complete its action if the consumer had elected to dispute the information under that section; and
(4) If the investigation finds that the information reported was inaccurate, promptly notify each consumer reporting agency to which the furnisher provided inaccurate information of that determination and provide to the consumer reporting agency any correction to that information that is necessary to make the information provided by the furnisher accurate.
(f) Frivolous or irrelevant disputes.
(1) A furnisher is not required to investigate a direct dispute if the furnisher has reasonably determined that the dispute is frivolous or irrelevant. A dispute qualifies as frivolous or irrelevant if:
(i) The consumer did not provide sufficient information to investigate the disputed information as required by paragraph (d) of this section;
(ii) The direct dispute is substantially the same as a dispute previously submitted by or on behalf of the consumer, either directly to the furnisher or through a consumer reporting agency, with respect to which the furnisher has already satisfied the applicable requirements of the Act or this section; provided, however, that a direct dispute is not substantially the same as a dispute previously submitted if the dispute includes information listed in paragraph (d) of this section that had not previously been provided to the furnisher; or
(iii) The furnisher is not required to investigate the direct dispute because one or more of the exceptions listed in paragraph (b) of this section applies.
(2) Notice of determination. Upon making a determination that a dispute is frivolous or irrelevant, the furnisher must notify the consumer of the determination not later than five business days after making the determination, by mail or, if authorized by the consumer for that purpose, by any other means available to the furnisher.
(3) Contents of notice of determination that a dispute is frivolous or irrelevant. A notice of determination that a dispute is frivolous or irrelevant must include the reasons for such determination and identify any information required to investigate the disputed information, which notice may consist of a standardized form describing the general nature of such information.
Appendix A to Part 660 - Interagency Guidelines Concerning the Accuracy and Integrity of Information Furnished to Consumer Reporting Agencies
The Commission encourages voluntary furnishing of information to consumer reporting agencies. Section 660.3 of this part requires each furnisher to establish and implement reasonable written policies and procedures concerning the accuracy and integrity of the information it furnishes to consumer reporting agencies. Under § 660.3(b), a furnisher must consider the guidelines set forth below in developing its policies and procedures. In establishing these policies and procedures, a furnisher may include any of its existing policies and procedures that are relevant and appropriate. Section 660.3(c) requires each furnisher to review its policies and procedures periodically and update them as necessary to ensure their continued effectiveness.
I. Nature, Scope, and Objectives of Policies and Procedures
(a) Nature and Scope. Section 660.3(a) of this part requires that a furnisher's policies and procedures be appropriate to the nature, size, complexity, and scope of the furnisher's activities. In developing its policies and procedures, a furnisher should consider, for example:
(1) The types of business activities in which the furnisher engages;
(2) The nature and frequency of the information the furnisher provides to consumer reporting agencies; and
(3) The technology used by the furnisher to furnish information to consumer reporting agencies.
(b) Objectives. A furnisher's policies and procedures should be reasonably designed to promote the following objectives:
(1) To furnish information about accounts or other relationships with a consumer that is accurate, such that the furnished information:
(i) Identifies the appropriate consumer;
(ii) Reflects the terms of and liability for those accounts or other relationships; and
(iii) Reflects the consumer's performance and other conduct with respect to the account or other relationship;
(2) To furnish information about accounts or other relationships with a consumer that has integrity, such that the furnished information:
(i) Is substantiated by the furnisher's records at the time it is furnished;
(ii) Is furnished in a form and manner that is designed to minimize the likelihood that the information may be incorrectly reflected in a consumer report; thus, the furnished information should:
(A) Include appropriate identifying information about the consumer to whom it pertains; and
(B) Be furnished in a standardized and clearly understandable form and manner and with a date specifying the time period to which the information pertains; and
(iii) Includes the credit limit, if applicable and in the furnisher's possession;
(3) To conduct reasonable investigations of consumer disputes and take appropriate actions based on the outcome of such investigations; and
(4) To update the information it furnishes as necessary to reflect the current status of the consumer's account or other relationship, including, for example:
(i) Any transfer of an account (e.g., by sale or assignment for collection) to a third party; and
(ii) Any cure of the consumer's failure to abide by the terms of the account or other relationship.
II. Establishing and Implementing Policies and Procedures
In establishing and implementing its policies and procedures, a furnisher should:
(a) Identify practices or activities of the furnisher that can compromise the accuracy or integrity of information furnished to consumer reporting agencies, such as by:
(1) Reviewing its existing practices and activities, including the technological means and other methods it uses to furnish information to consumer reporting agencies and the frequency and timing of its furnishing of information;
(2) Reviewing its historical records relating to accuracy or integrity or to disputes; reviewing other information relating to the accuracy or integrity of information provided by the furnisher to consumer reporting agencies; and considering the types of errors, omissions, or other problems that may have affected the accuracy or integrity of information it has furnished about consumers to consumer reporting agencies;
(3) Considering any feedback received from consumer reporting agencies, consumers, or other appropriate parties;
(4) Obtaining feedback from the furnisher's staff; and
(5) Considering the potential impact of the furnisher's policies and procedures on consumers.
(b) Evaluate the effectiveness of existing policies and procedures of the furnisher regarding the accuracy and integrity of information furnished to consumer reporting agencies; consider whether new, additional, or different policies and procedures are necessary; and consider whether implementation of existing policies and procedures should be modified to enhance the accuracy and integrity of information about consumers furnished to consumer reporting agencies.
(c) Evaluate the effectiveness of specific methods (including technological means) the furnisher uses to provide information to consumer reporting agencies; how those methods may affect the accuracy and integrity of the information it provides to consumer reporting agencies; and whether new, additional, or different methods (including technological means) should be used to provide information to consumer reporting agencies to enhance the accuracy and integrity of that information.
III. Specific Components of Policies and Procedures
In developing its policies and procedures, a furnisher should address the following, as appropriate:
(a) Establishing and implementing a system for furnishing information about consumers to consumer reporting agencies that is appropriate to the nature, size, complexity, and scope of the furnisher's business operations.
(b) Using standard data reporting formats and standard procedures for compiling and furnishing data, where feasible, such as the electronic transmission of information about consumers to consumer reporting agencies.
(c) Maintaining records for a reasonable period of time, not less than any applicable recordkeeping requirement, in order to substantiate the accuracy of any information about consumers it furnishes that is subject to a direct dispute.
(d) Establishing and implementing appropriate internal controls regarding the accuracy and integrity of information about consumers furnished to consumer reporting agencies, such as by implementing standard procedures and verifying random samples of information provided to consumer reporting agencies.
(e) Training staff that participates in activities related to the furnishing of information about consumers to consumer reporting agencies to implement the policies and procedures.
(f) Providing for appropriate and effective oversight of relevant service providers whose activities may affect the accuracy or integrity of information about consumers furnished to consumer reporting agencies to ensure compliance with the policies and procedures.
(g) Furnishing information about consumers to consumer reporting agencies following mergers, portfolio acquisitions or sales, or other acquisitions or transfers of accounts or other obligations in a manner that prevents re-aging of information, duplicative reporting, or other problems that may similarly affect the accuracy or integrity of the information furnished.
(h) Deleting, updating, and correcting information in the furnisher's records, as appropriate, to avoid furnishing inaccurate information.
(i) Conducting reasonable investigations of disputes.
(j) Designing technological and other means of communication with consumer reporting agencies to prevent duplicative reporting of accounts, erroneous association of information with the wrong consumer(s), and other occurrences that may compromise the accuracy or integrity of information provided to consumer reporting agencies.
(k) Providing consumer reporting agencies with sufficient identifying information in the furnisher's possession about each consumer about whom information is furnished to enable the consumer reporting agency properly to identify the consumer.
(l) Conducting a periodic evaluation of its own practices, consumer reporting agency practices of which the furnisher is aware, investigations of disputed information, corrections of inaccurate information, means of communication, and other factors that may affect the accuracy or integrity of information furnished to consumer reporting agencies.
(m) Complying with applicable requirements under the Fair Credit Reporting Act and its implementing regulations.
PART 680 - AFFILIATE MARKETING
Authority: 12 U.S.C. 5519(d); 15 U.S.C. 1681s-3; 15 U.S.C. 1681s-3 note.
Source: 72 FR 61455, Oct. 30, 2007, unless otherwise noted.
§ 680.1 Purpose and scope.
(a) Purpose. The purpose of this part is to implement section 214 of the Fair and Accu-rate Credit Transactions Act of 2003, which (by adding section 624 to Fair Credit Reporting Act) regulates the use, for marketing solicitation purposes, of consumer information provided by persons affiliated with the person making the solicitation.
(b) Scope. This part applies to any motor vehicle dealer as defined in § 680.3 that uses information from its affiliates for the purpose of marketing solicitations, or provides information to its affiliates for that purpose.
[72 FR 61455, Oct. 30, 2007, as amended at 86 FR 51610, Sept. 16, 2021]
§ 680.2 Examples.
The examples in this part are not exclusive. Compliance with an example, to the extent applicable, constitutes compliance with this part. Examples in a paragraph illustrate only the issue described in the paragraph and do not illustrate any other issue that may arise in this part.
§ 680.3 Definitions.
As used in this part:
(a) Act. The term “Act” means the Fair Credit Reporting Act (15 U.S.C. 1681 et seq.).
(b) Affiliate. The term “affiliate” means any company that is related by common ownership or common corporate control with another company.
(c) Clear and conspicuous. The term “clear and conspicuous” means reasonably under-standable and designed to call attention to the nature and significance of the information presented.
(d) Common ownership or common corporate control. The term “common ownership or common corporate control” means a relationship between two companies under which:
(1) One company has, with respect to the other company:
(i) Ownership, control, or the power to vote 25 percent or more of the outstanding shares of any class of voting security of a company, directly or indirectly, or acting through one or more other persons;
(ii) Control in any manner over the election of a majority of the directors, trustees, or general partners (or individuals exercising similar functions) of a company; or
(iii) The power to exercise, directly or indirectly, a controlling influence over the management or policies of a company, as the Commission determines; or
(2) Any person has, with respect to both companies, a relationship described in paragraphs (d)(1)(i) through (d)(1)(iii) of this section.
(e) Company. The term “company” means any corporation, limited liability company, business trust, general or limited partnership, association, or similar organization.
(f) Concise -
(1) In general. The term “concise” means a reasonably brief expression or statement.
(2) Combination with other required disclosures. A notice required by this part may be concise even if it is combined with other disclosures required or authorized by federal or state law.
(g) Consumer. The term “consumer” means an individual.
(h) Eligibility information. The term “eligibility information” means any information the communication of which would be a consumer report if the exclusions from the definition of “consumer report” in section 603(d)(2)(A) of the Act did not apply. Eligibility information does not include aggregate or blind data that does not contain personal identifiers such as account numbers, names, or addresses.
(i) Motor vehicle dealer. The term “motor vehicle dealer” means any person excluded from Consumer Financial Protection Bureau jurisdiction as described in 12 U.S.C. 5519.
(j) Person. The term “person” means any individual, partnership, corporation, trust, estate, cooperative, association, government or governmental subdivision or agency, or other entity.
(k) Pre-existing business relationship -
(1) In general. The term “pre-existing business relationship” means a relationship between a person, or a person's licensed agent, and a consumer based on -
(i) A financial contract between the person and the consumer which is in force on the date on which the consumer is sent a solicitation covered by this part;
(ii) The purchase, rental, or lease by the consumer of the persons' goods or services, or a financial transaction (including holding an active account or a policy in force or having another continuing relationship) between the consumer and the person, during the 18-month period immediately preceding the date on which the consumer is sent a solicitation covered by this part; or
(iii) An inquiry or application by the consumer regarding a product or service offered by that person during the three-month period immediately preceding the date on which the consumer is sent a solicitation covered by this part.
(2) Examples of pre-existing business relationships.
(i) If a consumer has an existing loan account with a creditor, the creditor has a pre-existing business relationship with the consumer and can use eligibility information it receives from its affiliates to make solicitations to the consumer about its products or services.
(ii) If a consumer obtained a mortgage from a mortgage lender, but refinanced the mortgage loan with a different lender when the mortgage loan came due, the first mortgage lender has a pre-existing business relationship with the consumer and can use eligibility information it receives from its affiliates to make solicitations to the consumer about its products or services for 18 months after the date the outstanding balance of the loan is paid and the loan is closed.
(iii) If a consumer obtains a mortgage, the mortgage lender has a pre-existing business relationship with the consumer. If the mortgage lender sells the consumer's entire loan to an investor, the mortgage lender has a pre-existing business relationship with the consumer and can use eligibility information it receives from its affiliates to make solicitations to the consumer about its products or services for 18 months after the date it sells the loan, and the investor has a pre-existing business relationship with the consumer upon purchasing the loan. If, however, the mortgage lender sells a fractional interest in the consumer's loan to an investor but also retains an ownership interest in the loan, the mortgage lender continues to have a pre-existing business relationship with the consumer, but the investor does not have a pre-existing business relationship with the consumer. If the mortgage lender retains ownership of the loan, but sells ownership of the servicing rights to the consumer's loan, the mortgage lender continues to have a pre-existing business relationship with the consumer. The purchaser of the servicing rights also has a pre-existing business relationship with the consumer as of the date it purchases ownership of the servicing rights, but only if it collects payments from or otherwise deals directly with the consumer on a continuing basis.
(iv) If a consumer applies to a creditor for a product or service that it offers, but does not obtain a product or service from or enter into a financial contract or transaction with the creditor, the creditor has a pre-existing business relationship with the consumer and can therefore use eligibility information it receives from an affiliate to make solicitations to the consumer about its products or services for three months after the date of the application.
(v) If a consumer makes a telephone inquiry to a creditor about its products or services and provides contact information to the creditor, but does not obtain a product or service from or enter into a financial contract or transaction with the creditor, the creditor has a pre-existing business relationship with the consumer and can therefore use eligibility information it receives from an affiliate to make solicitations to the consumer about its products or services for three months after the date of the inquiry.
(vi) If a consumer makes an inquiry to a creditor by e-mail about its products or services, but does not obtain a product or service from or enter into a financial contract or transaction with the creditor, the creditor has a pre-existing business relationship with the consumer and can therefore use eligibility information it receives from an affiliate to make solicitations to the consumer about its products or services for three months after the date of the inquiry.
(vii) If a consumer has an existing relationship with a creditor that is part of a group of affiliated companies, makes a telephone call to the centralized call center for the group of affiliated companies to inquire about products or services offered by the insurance affiliate, and provides contact information to the call center, the call constitutes an inquiry to the insurance affiliate that offers those products or services. The insurance affiliate has a pre-existing business relationship with the consumer and can therefore use eligibility information it receives from its affiliated creditor to make solicitations to the consumer about its products or services for three months after the date of the inquiry.
(3) Examples where no pre-existing business relationship is created.
(i) If a consumer makes a telephone call to a centralized call center for a group of affiliated companies to inquire about the consumer's existing account with a creditor, the call does not constitute an inquiry to any affiliate other than the creditor that holds the consumer's account and does not establish a pre-existing business relationship between the consumer and any affiliate of the account-holding creditor.
(ii) If a consumer who has a loan account with a creditor makes a telephone call to an af-filiate of the creditor to ask about the affiliate's retail locations and hours, but does not make an inquiry about the affiliate's products or services, the call does not constitute an inquiry and does not establish a pre-existing business relationship between the consumer and the affiliate. Also, the affiliate's capture of the consumer's telephone number does not constitute an inquiry and does not establish a pre-existing business relationship between the consumer and the affiliate.
(iii) If a consumer makes a telephone call to a creditor in response to an advertisement that offers a free promotional item to consumers who call a toll-free number, but the advertisement does not indicate that creditor's products or services will be marketed to consumers who call in response, the call does not create a pre-existing business relationship between the consumer and the creditor because the consumer has not made an inquiry about a product or service offered by the creditor, but has merely responded to an offer for a free promotional item.
(l) Solicitation -
(1) In general. The term “solicitation” means the marketing of a product or service initiated by a person to a particular consumer that is -
(i) Based on eligibility information communicated to that person by its affiliate as described in this part; and
(ii) Intended to encourage the consumer to purchase or obtain such product or service.
(2) Exclusion of marketing directed at the general public. A solicitation does not include marketing communications that are directed at the general public. For example, television, general circulation magazine, and billboard advertisements do not constitute solicitations, even if those communications are intended to encourage consumers to purchase products and services from the person initiating the communications.
(3) Examples of solicitations. A solicitation would include, for example, a telemarketing call, direct mail, e-mail, or other form of marketing communication directed to a particular consumer that is based on eligibility information received from an affiliate.
(m) You means a person described in § 680.1(b).
[72 FR 61455, Oct. 30, 2007, as amended at 86 FR 51610, Sept. 16, 2021]
§§ 680.4-680.20 [Reserved]
§ 680.21 Affiliate marketing opt-out and exceptions.
(a) Initial notice and opt-out requirement -
(1) In general. You may not use eligibility information about a consumer that you receive from an affiliate to make a solicitation for marketing purposes to the consumer, unless -
(i) It is clearly and conspicuously disclosed to the consumer in writing or, if the consumer agrees, electronically, in a concise notice that you may use eligibility information about that consumer received from an affiliate to make solicitations for marketing purposes to the consumer;
(ii) The consumer is provided a reasonable opportunity and a reasonable and simple method to “opt out,” or prohibit you from using eligibility information to make solicitations for marketing purposes to the consumer; and
(iii) The consumer has not opted out.
(2) Example. A consumer has a homeowner's insurance policy with an insurance company. The insurance company furnishes eligibility information about the consumer to its affiliated creditor. Based on that eligibility information, the creditor wants to make a solicitation to the consumer about its home equity loan products. The creditor does not have a pre-existing business relationship with the consumer and none of the other exceptions apply. The creditor is prohibited from using eligibility information received from its insurance affiliate to make solicitations to the consumer about its home equity loan products unless the consumer is given a notice and opportunity to opt out and the consumer does not opt out.
(3) Affiliates who may provide the notice. The notice required by this paragraph (a) must be provided:
(i) By an affiliate that has or has previously had a pre-existing business relationship with the consumer; or
(ii) As part of a joint notice from two or more members of an affiliated group of companies, provided that at least one of the affiliates on the joint notice has or has previously had a pre-existing business relationship with the consumer.
(b) Making solicitations -
(1) In general. For purposes of this part, you make a solicitation for marketing purposes if -
(i) You receive eligibility information from an affiliate;
(ii) You use that eligibility information to do one or more of the following:
(A) Identify the consumer or type of consumer to receive a solicitation;
(B) Establish criteria used to select the consumer to receive a solicitation; or
(C) Decide which of your products or services to market to the consumer or tailor your solicitation to that consumer; and
(iii) As a result of your use of the eligibility information, the consumer is provided a solicitation.
(2) Receiving eligibility information from an affiliate, including through a common database. You may receive eligibility information from an affiliate in various ways, including when the affiliate places that information into a common database that you may access.
(3) Receipt or use of eligibility information by your service provider. Except as provided in paragraph (b)(5) of this section, you receive or use an affiliate's eligibility information if a service provider acting on your behalf (whether an affiliate or a nonaffiliated third party) receives or uses that information in the manner described in paragraphs (b)(1)(i) or (b)(1)(ii) of this section. All relevant facts and circumstances will determine whether a person is acting as your service provider when it receives or uses an affiliate's eligibility information in connection with marketing your products and services.
(4) Use by an affiliate of its own eligibility information. Unless you have used eligibility information that you receive from an affiliate in the manner described in paragraph (b)(1)(ii) of this section, you do not make a solicitation subject to this part if your affiliate:
(i) Uses its own eligibility information that it obtained in connection with a pre-existing business relationship it has or had with the consumer to market your products or services to the consumer; or
(ii) Directs its service provider to use the affiliate's own eligibility information that it obtained in connection with a pre-existing business relationship it has or had with the consumer to market your products or services to the consumer, and you do not communicate directly with the service provider regarding that use.
(5) Use of eligibility information by a service provider -
(i) In general. You do not make a solicitation subject to this part if a service provider (including an affiliated or third-party service provider that maintains or accesses a common database that you may access) receives eligibility information from your affiliate that your affiliate obtained in connection with a pre-existing business relationship it has or had with the consumer and uses that eligibility information to market your products or services to the consumer, so long as -
(A) Your affiliate controls access to and use of its eligibility information by the service provider (including the right to establish the specific terms and conditions under which the service provider may use such information to market your products or services);
(B) Your affiliate establishes specific terms and conditions under which the service provider may access and use the affiliate's eligibility information to market your products and services (or those of affiliates generally) to the consumer, such as the identity of the affiliated companies whose products or services may be marketed to the consumer by the service provider, the types of products or services of affiliated companies that may be marketed, and the number of times the consumer may receive marketing materials, and periodically evaluates the service provider's compliance with those terms and conditions;
(C) Your affiliate requires the service provider to implement reasonable policies and procedures designed to ensure that the service provider uses the affiliate's eligibility information in accordance with the terms and conditions established by the affiliate relating to the marketing of your products or services;
(D) Your affiliate is identified on or with the marketing materials provided to the consumer; and
(E) You do not directly use your affiliate's eligibility information in the manner described in paragraph (b)(1)(ii) of this section.
(ii) Writing requirements.
(A) The requirements of paragraphs (b)(5)(i)(A) and (C) of this section must be set forth in a written agreement between your affiliate and the service provider; and
(B) The specific terms and conditions established by your affiliate as provided in paragraph (b)(5)(i)(B) of this section must be set forth in writing.
(6) Examples of making solicitations.
(i) A consumer has a loan account with a creditor, which is affiliated with an insurance company. The insurance company receives eligibility information about the consumer from the creditor. The insurance company uses that eligibility information to identify the consumer to receive a solicitation about insurance products, and, as a result, the insurance company provides a solicitation to the consumer about its insurance products. Pursuant to paragraph (b)(1) of this section, the insurance company has made a solicitation to the consumer.
(ii) The same facts as in the example in paragraph (b)(6)(i) of this section, except that after using the eligibility information to identify the consumer to receive a solicitation about insurance products, the insurance company asks the creditor to send the solicitation to the consumer and the creditor does so. Pursuant to paragraph (b)(1) of this section, the insurance company has made a solicitation to the consumer because it used eligibility information about the consumer that it received from an affiliate to identify the consumer to receive a solicitation about its products or services, and, as a result, a solicitation was provided to the consumer about the insurance company's products.
(iii) The same facts as in the example in paragraph (b)(6)(i) of this section, except that eligibility information about consumers that have loan accounts with the creditor is placed into a common database that all members of the affiliated group of companies may independently access and use. Without using the creditor's eligibility information, the insurance company develops selection criteria and provides those criteria, marketing materials, and related instructions to the creditor. The creditor reviews eligibility information about its own consumers using the selection criteria provided by the insurance company to determine which consumers should receive the insurance company's marketing materials and sends marketing materials about the insurance company's products to those consumers. Even though the insurance company has received eligibility information through the common database as provided in paragraph (b)(2) of this section, it did not use that information to identify consumers or establish selection criteria; instead, the creditor used its own eligibility information. Therefore, pursuant to paragraph (b)(4)(i) of this section, the insurance company has not made a solicitation to the consumer.
(iv) The same facts as in the example in paragraph (b)(6)(iii) of this section, except that the creditor provides the insurance company's criteria to the creditor's service provider and directs the service provider to use the creditor's eligibility information to identify creditor consumers who meet the criteria and to send the insurance company's marketing materials to those consumers. The insurance company does not communicate directly with the service provider regarding the use of the creditor's information to market its products to the creditor's consumers. Pursuant to paragraph (b)(4)(ii) of this section, the insurance company has not made a solicitation to the consumer.
(v) An affiliated group of companies includes a creditor, an insurance company, and a service provider. Each affiliate in the group places information about its consumers into a common database. The service provider has access to all information in the common database. The creditor controls access to and use of its eligibility information by the service provider. This control is set forth in a written agreement between the creditor and the service provider. The written agreement also requires the service provider to establish reasonable policies and procedures designed to ensure that the service provider uses the creditor's eligibility information in accordance with specific terms and conditions established by the creditor relating to the marketing of the products and services of all affiliates, including the insurance company. In a separate written communication, the creditor specifies the terms and conditions under which the service provider may use the creditor's eligibility information to market the insurance company's products and services to the creditor's consumers. The specific terms and conditions are: a list of affiliated companies (including the insurance company) whose products or services may be marketed to the creditor's consumers by the service provider; the specific products or types of products that may be marketed to the creditor's consumers by the service provider; the categories of eligibility information that may be used by the service provider in marketing products or services to the creditor's consumers; the types or categories of the creditor's consumers to whom the service provider may market products or services of creditor affiliates; the number and/or types of marketing communications that the service provider may send to the creditor's consumers; and the length of time during which the service provider may market the prod-ucts or services of the creditor's affiliates to its consumers. The creditor periodically evaluates the service provider's compliance with these terms and conditions. The insurance company asks the service provider to market insurance products to certain consumers who have loan accounts with the creditor. Without using the creditor's eligibility information, the insurance company develops selection criteria and provides those criteria, marketing materials, and related instructions to the service provider. The service provider uses the creditor's eligibility information from the common database to identify the creditor's consumers to whom insurance products will be marketed. When the insurance company's marketing materials are provided to the identified consumers, the name of the creditor is displayed on the insurance marketing materials, an introductory letter that accompanies the marketing materials, an account statement that accompanies the marketing materials, or the envelope containing the marketing materials. The re-quirements of paragraph (b)(5) of this section have been satisfied, and the insurance company has not made a solicitation to the consumer.
(vi) The same facts as in the example in paragraph (b)(6)(v) of this section, except that the terms and conditions permit the service provider to use the creditor's eligibility information to market the products and services of other affiliates to the creditor's consumers whenever the service provider deems it appropriate to do so. The service provider uses the creditor's eligibility information in accordance with the discretion af-forded to it by the terms and conditions. Because the terms and conditions are not specific, the requirements of paragraph (b)(5) of this section have not been satisfied.
(c) Exceptions. The provisions of this part do not apply to you if you use eligibility information that you receive from an affiliate:
(1) To make a solicitation for marketing purposes to a consumer with whom you have a pre-existing business relationship;
(2) To facilitate communications to an individual for whose benefit you provide employee benefit or other services pursuant to a contract with an employer related to and arising out of the current employment relationship or status of the individual as a participant or beneficiary of an employee benefit plan;
(3) To perform services on behalf of an affiliate, except that this paragraph shall not be construed as permitting you to send solicitations on behalf of an affiliate if the affiliate would not be permitted to send the solicitation as a result of the election of the consumer to opt out under this part;
(4) In response to a communication about your products or services initiated by the consumer;
(5) In response to an authorization or request by the consumer to receive solicitations; or
(6) If your compliance with this part would prevent you from complying with any provision of State insurance laws pertaining to unfair discrimination in any State in which you are lawfully doing business.
(d) Examples of exceptions -
(1) Example of the pre-existing business relationship exception. A consumer has a loan account with a creditor. The consumer also has a relationship with the creditor's securities affiliate for management of the consumer's securities portfolio. The creditor receives eligibility information about the consumer from its securities affiliate and uses that information to make a solicitation to the consumer about the creditor's wealth management services. The creditor may make this solicitation even if the consumer has not been given a notice and opportunity to opt out because the creditor has a pre-existing business relationship with the consumer.
(2) Examples of service provider exception.
(i) A consumer has an insurance policy issued by an insurance company. The insurance company furnishes eligibility information about the consumer to an affiliated creditor. Based on that eligibility information, the creditor wants to make a solicitation to the consumer about its credit products. The creditor does not have a pre-existing business relationship with the consumer and none of the other exceptions in para-graph (c) of this section apply. The consumer has been given an opt-out notice and has elected to opt out of receiving such solicitations. The creditor asks a service provider to send the solicitation to the consumer on its behalf. The service provider may not send the solicitation on behalf of the creditor because, as a result of the consumer's opt-out election, the creditor is not permitted to make the solicitation.
(ii) The same facts as in paragraph (d)(2)(i) of this section, except the consumer has been given an opt-out notice, but has not elected to opt out. The creditor asks a service provider to send the solicitation to the consumer on its behalf. The service provider may send the solicitation on behalf of the creditor because, as a result of the consumer's not opting out, the creditor is permitted to make the solicitation.
(3) Examples of consumer-initiated communications.
(i) A consumer who has a consumer loan account with a finance company initiates a communication with the creditor's mortgage lending affiliate to request information about a mortgage. The mortgage lender affiliate may use eligibility information about the consumer it obtains from the finance company or any other affiliate to make solicitations regarding mortgage products in response to the consumer-initiated communication.
(ii) A consumer who has a loan account with a creditor contacts the creditor to request information about how to save and invest for a child's college education without specifying the type of product in which the consumer may be interested. Information about a range of different products or services offered by the creditor and one or more affiliates of the creditor may be responsive to that communication. Such products or services may include the following: mutual funds offered by the creditor's mutual fund affil-iate; section 529 plans offered by the creditor, its mutual fund affiliate, or another securities affiliate; or trust services offered by a different creditor in the affiliated group. Any affiliate offering investment products or services that would be responsive to the consumer's request for information about saving and investing for a child's college education may use eligibility information to make solicitations to the consumer in response to this communication.
(iii) A credit card issuer makes a marketing call to the consumer without using eligibility information received from an affiliate. The issuer leaves a voice-mail message that invites the consumer to call a toll-free number to apply for the issuer's credit card. If the consumer calls the toll-free number to inquire about the credit card, the call is a consumer-initiated communication about a product or service and the credit card issuer may now use eligibility information it receives from its affiliates to make solicitations to the consumer.
(iv) A consumer calls a creditor to ask about retail locations and hours, but does not request information about products or services. The creditor may not use eligibility information it receives from an affiliate to make solicitations to the consumer about its products or services because the consumer-initiated communication does not relate to the creditor's products or services. Thus, the use of eligibility information received from an affiliate would not be responsive to the communication and the exception does not apply.
(v) A consumer calls a creditor to ask about office locations and hours. The customer service representative asks the consumer if there is a particular product or service about which the consumer is seeking information. The consumer responds that the consumer wants to stop in and find out about second mortgage loans. The customer service representative offers to provide that information by telephone and mail additional information and application materials to the consumer. The consumer agrees and provides or confirms contact information for receipt of the materials to be mailed. The creditor may use eligibility information it receives from an affiliate to make solicitations to the consumer about mortgage loan products because such solicitations respond to the consumer-initiated communication about products or services.
(4) Examples of consumer authorization or request for solicitations.
(i) A consumer who obtains a mortgage from a mortgage lender authorizes or requests information about homeowner's insurance offered by the mortgage lender's insurance affiliate. Such authorization or request, whether given to the mortgage lender or to the insurance affiliate, would permit the insurance affiliate to use eligibility information about the consumer it obtains from the mortgage lender or any other affiliate to make solicitations to the consumer about homeowner's insurance.
(ii) A consumer completes an online application to apply for a credit card from a department store. The store's online application contains a blank check box that the consumer may check to authorize or request information from the store's affiliates. The consumer checks the box. The consumer has authorized or requested solicitations from store's affiliates.
(iii) A consumer completes an online application to apply for a credit card from a department store. The store's online application contains a pre-selected check box indicating that the consumer authorizes or requests information from the store's affiliates. The consumer does not deselect the check box. The consumer has not authorized or requested solicitations from the store's affiliates.
(iv) The terms and conditions of a credit account agreement contain preprinted boilerplate language stating that by applying to open an account the consumer authorizes or requests to receive solicitations from the creditor's affiliates. The consumer has not authorized or requested solicitations from the creditor's affiliates.
(e) Relation to affiliate-sharing notice and opt-out. Nothing in this part limits the responsibility of a person to comply with the notice and opt-out provisions of section 603(d)(2)(A)(iii) of the Act where applicable.
§ 680.22 Scope and duration of opt-out.
(a) Scope of opt-out -
(1) In general. Except as otherwise provided in this section, the consumer's election to opt out prohibits any affiliate covered by the opt-out notice from using eligibility information received from another affiliate as described in the notice to make solicitations to the consumer.
(2) Continuing relationship -
(i) In general. If the consumer establishes a continuing relationship with you or your affiliate, an opt-out notice may apply to eligibility information obtained in connection with -
(A) A single continuing relationship or multiple continuing relationships that the consumer establishes with you or your affiliates, including continuing relationships established subsequent to delivery of the opt-out notice, so long as the notice adequately describes the continuing relationships covered by the opt-out; or
(B) Any other transaction between the consumer and you or your affiliates as described in the notice.
(ii) Examples of continuing relationships. A consumer has a continuing relationship with you or your affiliate if the consumer -
(A) Opens a credit account with you or your affiliate;
(B) Obtains a loan for which you or your affiliate owns the servicing rights;
(C) Purchases an insurance product from you or your affiliate;
(D) Holds an investment product through you or your affiliate, such as when you act or your affiliate acts as a custodian for securities or for assets in an individual retirement arrangement;
(E) Enters into an agreement or understanding with you or your affiliate whereby you or your affiliate undertakes to arrange or broker a home mortgage loan for the consumer;
(F) Enters into a lease of personal property with you or your affiliate; or
(G) Obtains financial, investment, or economic advisory services from you or your affiliate for a fee.
(3) No continuing relationship -
(i) In general. If there is no continuing relationship between a consumer and you or your affiliate, and you or your affiliate obtain eligibility information about a consumer in connection with a transaction with the consumer, such as an isolated transaction or a credit application that is denied, an opt-out notice provided to the consumer only applies to eligibility information obtained in connection with that transaction.
(ii) Examples of isolated transactions. An isolated transaction occurs if -
(A) The consumer uses your or your affiliate's ATM to withdraw cash from an account at a financial institution; or
(B) You or your affiliate sells the consumer a money order, airline tickets, travel insurance, or traveler's checks in isolated transactions.
(4) Menu of alternatives. A consumer may be given the opportunity to choose from a menu of alternatives when electing to prohibit solicitations, such as by electing to prohibit solicitations from certain types of affiliates covered by the opt-out notice but not other types of affiliates covered by the notice, electing to prohibit solicitations based on certain types of eligibility information but not other types of eligibility information, or electing to prohibit solicitations by certain methods of delivery but not other methods of delivery. However, one of the alternatives must allow the consumer to prohibit all solicitations from all of the affiliates that are covered by the notice.
(5) Special rule for a notice following termination of all continuing relationships -
(i) In general. A consumer must be given a new opt-out notice if, after all continuing relationships with you or your affiliate(s) are terminated, the consumer subsequently establishes another continuing relationship with you or your affiliate(s) and the consumer's eligibility information is to be used to make a solicitation. The new opt-out notice must apply, at a minimum, to eligibility information obtained in connection with the new continuing relationship. Consistent with paragraph (b) of this section, the consumer's decision not to opt out after receiving the new opt-out notice would not override a prior opt-out election by the consumer that applies to eligibility information obtained in connection with a terminated relationship, regardless of whether the new opt-out notice applies to eligibility information obtained in connection with the terminated relationship.
(ii) Example. A consumer has an automobile loan account with a creditor that is part of an affiliated group. The consumer pays off the loan. After paying off the loan, the consumer subsequently obtains a second mortgage loan from the creditor. The consumer must be given a new notice and opportunity to opt out before the creditor's affiliates may make solicitations to the consumer using eligibility information obtained by the creditor in connection with the new mortgage relationship, regardless of whether the consumer opted out in connection with the automobile loan account.
(b) Duration of opt-out. The election of a consumer to opt out must be effective for a period of at least five years (the “opt-out period”) beginning when the consumer's opt-out election is received and implemented, unless the consumer subsequently revokes the opt-out in writing or, if the consumer agrees, electronically. An opt-out period of more than five years may be established, including an opt-out period that does not expire unless revoked by the consumer.
(c) Time of opt-out. A consumer may opt out at any time.
§ 680.23 Contents of opt-out notice; consolidated and equivalent notices.
(a) Contents of opt-out notice -
(1) In general. A notice must be clear, conspicuous, and concise, and must accurately disclose:
(i) The name of the affiliate(s) providing the notice. If the notice is provided jointly by multiple affiliates and each affiliate shares a common name, such as “ABC,” then the notice may indicate that it is being provided by multiple companies with the ABC name or multiple companies in the ABC group or family of companies, for example, by stating that the notice is provided by “all of the ABC companies,” “the ABC banking, credit card, insurance, and securities companies,” or by listing the name of each affiliate providing the notice. But if the affiliates providing the joint notice do not all share a common name, then the notice must either separately identify each affiliate by name or identify each of the common names used by those affiliates, for example, by stating that the notice is provided by “all of the ABC and XYZ companies” or by “the ABC banking and credit card companies and the XYZ insurance companies;”
(ii) A list of the affiliates or types of affiliates whose use of eligibility information is covered by the notice, which may include companies that become affiliates after the notice is provided to the consumer. If each affiliate covered by the notice shares a common name, such as “ABC,” then the notice may indicate that it applies to multiple companies with the ABC name or multiple companies in the ABC group or family of companies, for example, by stating that the notice is provided by “all of the ABC companies,” “the ABC banking, credit card, insurance, and securities companies,” or by listing the name of each affiliate providing the notice. But if the affiliates covered by the notice do not all share a common name, then the notice must either separately identify each covered affiliate by name or identify each of the common names used by those affiliates, for example, by stating that the notice applies to “all of the ABC and XYZ companies” or to “the ABC banking and credit card companies and the XYZ insurance companies;”
(iii) A general description of the types of eligibility information that may be used to make solicitations to the consumer;
(iv) That the consumer may elect to limit the use of eligibility information to make solicitations to the consumer;
(v) That the consumer's election will apply for the specified period of time stated in the notice and, if applicable, that the consumer will be allowed to renew the election once that period expires;
(vi) If the notice is provided to consumers who may have previously opted out, such as if a notice is provided to consumers annually, that the consumer who has chosen to limit solicitations does not need to act again until the consumer receives a renewal notice; and
(vii) A reasonable and simple method for the consumer to opt out.
(2) Joint relationships.
(i) If two or more consumers jointly obtain a product or service, a single opt-out notice may be provided to the joint consumers. Any of the joint consumers may exercise the right to opt out.
(ii) The opt-out notice must explain how an opt-out direction by a joint consumer will be treated. An opt-out direction by a joint consumer may be treated as applying to all of the associated joint consumers, or each joint consumer may be permitted to opt out separately. If each joint consumer is permitted to opt out separately, one of the joint consumers must be permitted to opt out on behalf of all of the joint consumers and the joint consumers must be permitted to exercise their separate rights to opt out in a single response.
(iii) It is impermissible to require all joint consumers to opt out before implementing any opt-out direction.
(3) Alternative contents. If the consumer is afforded a broader right to opt out of receiving marketing than is required by this part, the requirements of this section may be satisfied by providing the consumer with a clear, conspicuous, and concise notice that accurately discloses the consumer's opt-out rights.
(4) Model notices. Model notices are provided in appendix B of part 698 of this chapter.
(b) Coordinated and consolidated notices. A notice required by this part may be coordinated and consolidated with any other notice or disclosure required to be issued under any other provision of law by the entity providing the notice, including but not limited to the notice de-scribed in section 603(d)(2)(A)(iii) of the Act and the Gramm-Leach-Bliley Act privacy notice.
(c) Equivalent notices. A notice or other disclosure that is equivalent to the notice required by this part, and that is provided to a consumer together with disclosures required by any other provision of law, satisfies the requirements of this section.
[72 FR 61455, Oct. 30, 2007, as amended at 84 FR 23473, May 22, 2019]
§ 680.24 Reasonable opportunity to opt out.
(a) In general. You must not use eligibility information about a consumer that you receive from an affiliate to make a solicitation to the consumer about your products or services, unless the consumer is provided a reasonable opportunity to opt out, as required by
§ 680.21(a)(1)(ii) of this part.
(b) Examples of a reasonable opportunity to opt out. The consumer is given a reasonable opportunity to opt out if:
(1) By mail. The opt-out notice is mailed to the consumer. The consumer is given 30 days from the date the notice is mailed to elect to opt out by any reasonable means.
(2) By electronic means.
(i) The opt-out notice is provided electronically to the consumer, such as by posting the notice at an Internet Web site at which the consumer has obtained a product or service. The consumer acknowledges receipt of the electronic notice. The consumer is given 30 days after the date the consumer acknowledges receipt to elect to opt out by any reasonable means.
(ii) The opt-out notice is provided to the consumer by e-mail where the consumer has agreed to receive disclosures by e-mail from the person sending the notice. The consumer is given 30 days after the e-mail is sent to elect to opt out by any reasonable means.
(3) At the time of an electronic transaction. The opt-out notice is provided to the consumer at the time of an electronic transaction, such as a transaction conducted on an Internet Web site. The consumer is required to decide, as a necessary part of proceeding with the transaction, whether to opt out before completing the transaction. There is a simple process that the consumer may use to opt out at that time using the same mechanism through which the transaction is conducted.
(4) At the time of an in-person transaction. The opt-out notice is provided to the consumer in writing at the time of an in-person transaction. The consumer is required to decide, as a necessary part of proceeding with the transaction, whether to opt out before completing the transaction, and is not permitted to complete the transaction without making a choice. There is a simple process that the consumer may use during the course of the in-person transaction to opt out, such as completing a form that requires consumers to write a “yes” or “no” to indicate their opt-out preference or that requires the consumer to check one of two blank check boxes - one that allows consumers to indicate that they want to opt out and one that allows consumers to indicate that they do not want to opt out.
(5) By including in a privacy notice. The opt-out notice is included in a Gramm-Leach-Bliley Act privacy notice. The consumer is allowed to exercise the opt-out within a reasonable period of time and in the same manner as the opt-out under that privacy notice.
§ 680.25 Reasonable and simple methods of opting out.
(a) In general. You must not use eligibility information about a consumer that you receive from an affiliate to make a solicitation to the consumer about your products or services, unless the consumer is provided a reasonable and simple method to opt out, as required by § 680.21(a)(1)(ii) of this part.
(b) Examples -
(1) Reasonable and simple opt-out methods. Reasonable and simple methods for exercising the opt-out right include -
(i) Designating a check-off box in a prominent position on the opt-out form;
(ii) Including a reply form and a self-addressed envelope together with the opt-out notice;
(iii) Providing an electronic means to opt out, such as a form that can be electronically mailed or processed at an Internet Web site, if the consumer agrees to the electronic delivery of information;
(iv) Providing a toll-free telephone number that consumers may call to opt out; or
(v) Allowing consumers to exercise all of their opt-out rights described in a consolidated opt-out notice that includes the privacy opt-out under the Gramm-Leach-Bliley Act, 15 U.S.C. 6801 et seq., the affiliate sharing opt-out under the Act, and the affiliate marketing opt-out under the Act, by a single method, such as by calling a single toll-free telephone number.
(2) Opt-out methods that are not reasonable and simple. Reasonable and simple methods for exercising an opt-out right do not include -
(i) Requiring the consumer to write his or her own letter;
(ii) Requiring the consumer to call or write to obtain a form for opting out, rather than including the form with the opt-out notice;
(iii) Requiring the consumer who receives the opt-out notice in electronic form only, such as through posting at an Internet Web site, to opt out solely by paper mail or by visiting a different Web site without providing a link to that site.
(c) Specific opt-out means. Each consumer may be required to opt out through a specific means, as long as that means is reasonable and simple for that consumer.
§ 680.26 Delivery of opt-out notices.
(a) In general. The opt-out notice must be provided so that each consumer can reasonably be expected to receive actual notice. For opt-out notices provided electronically, the notice may be provided in compliance with either the electronic disclosure provisions in this part or the provisions in section 101 of the Electronic Signatures in Global and National Commerce Act, 15 U.S.C. 7001 et seq.
(b) Examples of reasonable expectation of actual notice. A consumer may reasonably be expected to receive actual notice if the affiliate providing the notice:
(1) Hand-delivers a printed copy of the notice to the consumer;
(2) Mails a printed copy of the notice to the last known mailing address of the consumer;
(3) Provides a notice by e-mail to a consumer who has agreed to receive electronic disclosures by e-mail from the affiliate providing the notice; or
(4) Posts the notice on the Internet Web site at which the consumer obtained a product or service electronically and requires the consumer to acknowledge receipt of the notice.
(c) Examples of no reasonable expectation of actual notice. A consumer may not reasonably be expected to receive actual notice if the affiliate providing the notice:
(1) Only posts the notice on a sign in a branch or office or generally publishes the notice in a newspaper;
(2) Sends the notice via e-mail to a consumer who has not agreed to receive electronic disclosures by e-mail from the affiliate providing the notice; or
(3) Posts the notice on an Internet Web site without requiring the consumer to acknowledge receipt of the notice.
§ 680.27 Renewal of opt-out.
(a) Renewal notice and opt-out requirement -
(1) In general. After the opt-out period expires, you may not make solicitations based on eligibility information you receive from an affiliate to a consumer who previously opted out, unless:
(i) The consumer has been given a renewal notice that complies with the requirements of this section and §§ 680.24 through 680.26 of this part, and a reasonable opportunity and a reasonable and simple method to renew the opt-out, and the consumer does not renew the opt-out; or
(ii) An exception in § 680.21(c) of this part applies.
(2) Renewal period. Each opt-out renewal must be effective for a period of at least five years as provided in § 680.22(b) of this part.
(3) Affiliates who may provide the notice. The notice required by this paragraph must be provided:
(i) By the affiliate that provided the previous opt-out notice, or its successor; or
(ii) As part of a joint renewal notice from two or more members of an affiliated group of companies, or their successors, that jointly provided the previous opt-out notice.
(b) Contents of renewal notice. The renewal notice must be clear, conspicuous, and concise, and must accurately disclose:
(1) The name of the affiliate(s) providing the notice. If the notice is provided jointly by multiple affiliates and each affiliate shares a common name, such as “ABC,” then the notice may indicate that it is being provided by multiple companies with the ABC name or multiple companies in the ABC group or family of companies, for example, by stating that the notice is provided by “all of the ABC companies,” “the ABC banking, credit card, insurance, and securities companies,” or by listing the name of each affiliate providing the notice. But if the affiliates providing the joint notice do not all share a common name, then the notice must either separately identify each affiliate by name or identify each of the common names used by those affiliates, for example, by stating that the notice is provided by “all of the ABC and XYZ companies” or by “the ABC banking and credit card companies and the XYZ insurance companies;”
(2) A list of the affiliates or types of affiliates whose use of eligibility information is covered by the notice, which may include companies that become affiliates after the notice is provided to the consumer. If each affiliate covered by the notice shares a common name, such as “ABC,” then the notice may indicate that it applies to multiple companies with the ABC name or multiple companies in the ABC group or family of companies, for example, by stating that the notice is provided by “all of the ABC companies,” “the ABC banking, credit card, insurance, and securities companies,” or by listing the name of each affiliate providing the notice. But if the affiliates covered by the notice do not all share a common name, then the notice must either separately identify each covered affiliate by name or identify each of the common names used by those affiliates, for example, by stating that the notice applies to “all of the ABC and XYZ companies” or to “the ABC banking and credit card companies and the XYZ insurance companies;”
(3) A general description of the types of eligibility information that may be used to make solicitations to the consumer;
(4) That the consumer previously elected to limit the use of certain information to make solicitations to the consumer;
(5) That the consumer's election has expired or is about to expire;
(6) That the consumer may elect to renew the consumer's previous election;
(7) If applicable, that the consumer's election to renew will apply for the specified period of time stated in the notice and that the consumer will be allowed to renew the election once that period expires; and
(8) A reasonable and simple method for the consumer to opt out.
(c) Timing of the renewal notice -
(1) In general. A renewal notice may be provided to the consumer either -
(i) A reasonable period of time before the expiration of the opt-out period; or
(ii) Any time after the expiration of the opt-out period but before solicitations that would have been prohibited by the expired opt-out are made to the consumer.
(2) Combination with annual privacy notice. If you provide an annual privacy notice under the Gramm-Leach-Bliley Act, 15 U.S.C. 6801 et seq., providing a renewal notice with the last annual privacy notice provided to the consumer before expiration of the opt-out period is a reasonable period of time before expiration of the opt-out in all cases.
(d) No effect on opt-out period. An opt-out period may not be shortened by sending a renewal notice to the consumer before expiration of the opt-out period, even if the consumer does not renew the opt out.
§ 680.28 Effective date, compliance date, and prospective application.
(a) Effective date. This part is effective January 1, 2008.
(b) Mandatory compliance date. Compliance with this part is required not later than October 1, 2008.
(c) Prospective application. The provisions of this part shall not prohibit you from using eligibility information that you receive from an affiliate to make solicitations to a consumer if you receive such information prior to October 1, 2008. For purposes of this section, you are deemed to receive eligibility information when such information is placed into a common database and is accessible by you.
PART 681 - IDENTITY THEFT RULES
Authority: 15 U.S.C. 1681m(e); 15 U.S.C. 1681m(e)(4); 15 U.S.C. 1681c(h).
Source: 72 FR 63771, Nov. 9, 2007, unless otherwise noted.
§ 681.1 Duties regarding the detection, prevention, and mitigation of identity theft.
(a) Scope. This section applies to financial institutions and creditors that are subject to administrative enforcement of the FCRA by the Federal Trade Commission pursuant to 15 U.S.C. 1681s(a)(1).
(b) Definitions. For purposes of this section, and Appendix A, the following definitions apply:
(1) Account means a continuing relationship established by a person with a financial institution or creditor to obtain a product or service for personal, family, household or business purposes. Account includes:
(i) An extension of credit, such as the purchase of property or services involving a deferred payment; and
(ii) A deposit account.
(2) The term board of directors includes:
(i) In the case of a branch or agency of a foreign bank, the managing official in charge of the branch or agency; and
(ii) In the case of any other creditor that does not have a board of directors, a designated employee at the level of senior management.
(3) Covered account means:
(i) An account that a financial institution or creditor offers or maintains, primarily for personal, family, or household purposes, that involves or is designed to permit multiple payments or transactions, such as a credit card account, mortgage loan, automobile loan, margin account, cell phone account, utility account, checking account, or savings account; and
(ii) Any other account that the financial institution or creditor offers or maintains for which there is a reasonably foreseeable risk to customers or to the safety and soundness of the financial institution or creditor from identity theft, including financial, operational, compliance, reputation, or litigation risks.
(4) Credit has the same meaning as in 15 U.S.C. 1681a(r)(5).
(5) Creditor has the same meaning as in 15 U.S.C. 1681m(e)(4).
(6) Customer means a person that has a covered account with a financial institution or creditor.
(7) Financial institution has the same meaning as in 15 U.S.C. 1681a(t).
(8) Identity theft has the same meaning as in 16 CFR 603.2(a).
(9) Red Flag means a pattern, practice, or specific activity that indicates the possible existence of identity theft.
(10) Service provider means a person that provides a service directly to the financial institution or creditor.
(c) Periodic Identification of Covered Accounts. Each financial institution or creditor must periodically determine whether it offers or maintains covered accounts. As a part of this determination, a financial institution or creditor must conduct a risk assessment to determine whether it offers or maintains covered accounts described in paragraph (b)(3)(ii) of this section, taking into consideration:
(1) The methods it provides to open its accounts;
(2) The methods it provides to access its accounts; and
(3) Its previous experiences with identity theft.
(d) Establishment of an Identity Theft Prevention Program -
(1) Program requirement. Each financial institution or creditor that offers or maintains one or more covered accounts must develop and implement a written Identity Theft Prevention Program (Program) that is designed to detect, prevent, and mitigate identity theft in connection with the opening of a covered account or any existing covered account. The Program must be appropriate to the size and complexity of the financial institution or creditor and the nature and scope of its activities.
(2) Elements of the Program. The Program must include reasonable policies and procedures to:
(i) Identify relevant Red Flags for the covered accounts that the financial institution or creditor offers or maintains, and incorporate those Red Flags into its Program;
(ii) Detect Red Flags that have been incorporated into the Program of the financial institution or creditor;
(iii) Respond appropriately to any Red Flags that are detected pursuant to paragraph (d)(2)(ii) of this section to prevent and mitigate identity theft; and
(iv) Ensure the Program (including the Red Flags determined to be relevant) is updated periodically, to reflect changes in risks to customers and to the safety and soundness of the financial institution or creditor from identity theft.
(e) Administration of the Program. Each financial institution or creditor that is required to implement a Program must provide for the continued administration of the Program and must:
(1) Obtain approval of the initial written Program from either its board of directors or an appropriate committee of the board of directors;
(2) Involve the board of directors, an appropriate committee thereof, or a designated employee at the level of senior management in the oversight, development, implementation and administration of the Program;
(3) Train staff, as necessary, to effectively implement the Program; and
(4) Exercise appropriate and effective oversight of service provider arrangements.
(f) Guidelines. Each financial institution or creditor that is required to implement a Program must consider the guidelines in appendix A of this part and include in its Program those guidelines that are appropriate.
[74 FR 22645, May 14, 2009, as amended at 77 FR 72715, Dec. 6, 2012]
§ 681.2 Duties of card issuers regarding changes of address.
(a) Scope. This section applies to a person described in § 681.1(a) that issues a debit or credit card (card issuer).
(b) Definitions. For purposes of this section:
(1) Cardholder means a consumer who has been issued a credit or debit card.
(2) Clear and conspicuous means reasonably understandable and designed to call attention to the nature and significance of the information presented.
(c) Address validation requirements. A card issuer must establish and implement reasonable policies and procedures to assess the validity of a change of address if it receives notification of a change of address for a consumer's debit or credit card account and, within a short period of time afterwards (during at least the first 30 days after it receives such notification), the card issuer receives a request for an additional or replacement card for the same account. Under these circumstances, the card issuer may not issue an additional or replacement card, until, in accordance with its reasonable policies and procedures and for the purpose of assessing the validity of the change of address, the card issuer:
(1)
(i) Notifies the cardholder of the request:
(A) At the cardholder's former address; or
(B) By any other means of communication that the card issuer and the cardholder have previously agreed to use; and
(ii) Provides to the cardholder a reasonable means of promptly reporting incorrect address changes; or
(2) Otherwise assesses the validity of the change of address in accordance with the policies and procedures the card issuer has established pursuant to § 681.1 of this part.
(d) Alternative timing of address validation. A card issuer may satisfy the requirements of paragraph (c) of this section if it validates an address pursuant to the methods in paragraph (c)(1) or (c)(2) of this section when it receives an address change notification, before it receives a request for an additional or replacement card.
(e) Form of notice. Any written or electronic notice that the card issuer provides under this paragraph must be clear and conspicuous and provided separately from its regular correspondence with the cardholder.
[74 FR 22645, May 14, 2009]
Appendix A to Part 681 - Interagency Guidelines on Identity Theft Detection, Prevention, and Mitigation
Section 681.1 of this part requires each financial institution and creditor that offers or maintains one or more covered accounts, as defined in § 681.1(b)(3) of this part, to develop and provide for the continued administration of a written Program to detect, prevent, and mitigate identity theft in connection with the opening of a covered account or any existing covered account. These guidelines are intended to assist financial institutions and creditors in the formulation and maintenance of a Program that satisfies the requirements of § 681.1 of this part.
I. The Program
In designing its Program, a financial institution or creditor may incorporate, as appropriate, its existing policies, procedures, and other arrangements that control reasonably foreseeable risks to customers or to the safety and soundness of the financial institution or creditor from identity theft.
II. Identifying Relevant Red Flags
(a) Risk Factors. A financial institution or creditor should consider the following factors in identifying relevant Red Flags for covered accounts, as appropriate:
(1) The types of covered accounts it offers or maintains;
(2) The methods it provides to open its covered accounts;
(3) The methods it provides to access its covered accounts; and
(4) Its previous experiences with identity theft.
(b) Sources of Red Flags. Financial institutions and creditors should incorporate relevant Red Flags from sources such as:
(1) Incidents of identity theft that the financial institution or creditor has experienced;
(2) Methods of identity theft that the financial institution or creditor has identified that reflect changes in identity theft risks; and
(3) Applicable supervisory guidance.
(c) Categories of Red Flags. The Program should include relevant Red Flags from the following categories, as appropriate. Examples of Red Flags from each of these categories are appended as supplement A to this appendix A.
(1) Alerts, notifications, or other warnings received from consumer reporting agencies or service providers, such as fraud detection services;
(2) The presentation of suspicious documents;
(3) The presentation of suspicious personal identifying information, such as a suspicious address change;
(4) The unusual use of, or other suspicious activity related to, a covered account; and
(5) Notice from customers, victims of identity theft, law enforcement authorities, or other persons regarding possible identity theft in connection with covered accounts held by the financial institution or creditor.
III. Detecting Red Flags
The Program's policies and procedures should address the detection of Red Flags in connection with the opening of covered accounts and existing covered accounts, such as by:
(a) Obtaining identifying information about, and verifying the identity of, a person opening a covered account, for example, using the policies and procedures regarding identification and verification set forth in the Customer Identification Program rules implementing 31 U.S.C. 5318(l) (31 CFR 103.121); and
(b) Authenticating customers, monitoring transactions, and verifying the validity of change of address requests, in the case of existing covered accounts.
IV. Preventing and Mitigating Identity Theft
The Program's policies and procedures should provide for appropriate responses to the Red Flags the financial institution or creditor has detected that are commensurate with the degree of risk posed. In determining an appropriate response, a financial institution or creditor should consider aggravating factors that may heighten the risk of identity theft, such as a data security incident that results in unauthorized access to a customer's account records held by the financial institution, creditor, or third party, or notice that a customer has provided information related to a covered account held by the financial institution or creditor to someone fraudulently claiming to represent the financial institution or creditor or to a fraudulent website. Appropriate responses may include the following:
(a) Monitoring a covered account for evidence of identity theft;
(b) Contacting the customer;
(c) Changing any passwords, security codes, or other security devices that permit access to a covered account;
(d) Reopening a covered account with a new account number;
(e) Not opening a new covered account;
(f) Closing an existing covered account;
(g) Not attempting to collect on a covered account or not selling a covered account to a debt collector;
(h) Notifying law enforcement; or
(i) Determining that no response is warranted under the particular circumstances.
V. Updating the Program
Financial institutions and creditors should update the Program (including the Red Flags determined to be relevant) periodically, to reflect changes in risks to customers or to the safety and soundness of the financial institution or creditor from identity theft, based on factors such as:
(a) The experiences of the financial institution or creditor with identity theft;
(b) Changes in methods of identity theft;
(c) Changes in methods to detect, prevent, and mitigate identity theft;
(d) Changes in the types of accounts that the financial institution or creditor offers or maintains; and
(e) Changes in the business arrangements of the financial institution or creditor, including mergers, acquisitions, alliances, joint ventures, and service provider arrangements.
VI. Methods for Administering the Program
(a) Oversight of Program. Oversight by the board of directors, an appropriate committee of the board, or a designated employee at the level of senior management should include:
(1) Assigning specific responsibility for the Program's implementation;
(2) Reviewing reports prepared by staff regarding compliance by the financial institution or creditor with § 681.1 of this part; and
(3) Approving material changes to the Program as necessary to address changing identity theft risks.
(b) Reports.
(1) In general. Staff of the financial institution or creditor responsible for development, implementation, and administration of its Program should report to the board of directors, an appropriate committee of the board, or a designated employee at the level of senior management, at least annually, on compliance by the financial institution or creditor with § 681.1 of this part.
(2) Contents of report. The report should address material matters related to the Program and evaluate issues such as: The effectiveness of the policies and procedures of the financial institution or creditor in addressing the risk of identity theft in connection with the opening of covered accounts and with respect to existing covered accounts; service provider arrangements; significant incidents involving identity theft and management's response; and recommendations for material changes to the Program.
(c) Oversight of service provider arrangements. Whenever a financial institution or creditor engages a service provider to perform an activity in connection with one or more covered accounts the financial institution or creditor should take steps to ensure that the activity of the service provider is conducted in accordance with reasonable policies and procedures designed to detect, prevent, and mitigate the risk of identity theft. For example, a financial institution or creditor could require the service provider by contract to have policies and procedures to detect relevant Red Flags that may arise in the performance of the service provider's activities, and either report the Red Flags to the financial institution or creditor, or to take appropriate steps to prevent or mitigate identity theft.
VII. Other Applicable Legal Requirements
Financial institutions and creditors should be mindful of other related legal requirements that may be applicable, such as:
(a) For financial institutions and creditors that are subject to 31 U.S.C. 5318(g), filing a Suspicious Activity Report in accordance with applicable law and regulation;
(b) Implementing any requirements under 15 U.S.C. 1681c-1(h) regarding the circumstances under which credit may be extended when the financial institution or creditor detects a fraud or active duty alert;
(c) Implementing any requirements for furnishers of information to consumer reporting agencies under 15 U.S.C. 1681s-2, for example, to correct or update inaccurate or incomplete information, and to not report information that the furnisher has reasonable cause to believe is inaccurate; and
(d) Complying with the prohibitions in 15 U.S.C. 1681m on the sale, transfer, and placement for collection of certain debts resulting from identity theft.
Supplement A to Appendix A
In addition to incorporating Red Flags from the sources recommended in section II.b. of the Guidelines in appendix A of this part, each financial institution or creditor may consider incorporating into its Program, whether singly or in combination, Red Flags from the following illustrative examples in connection with covered accounts:
Alerts, Notifications or Warnings from a Consumer Reporting Agency
1. A fraud or active duty alert is included with a consumer report.
2. A consumer reporting agency provides a notice of credit freeze in response to a request for a consumer report.
3. A consumer reporting agency provides a notice of address discrepancy, as defined in § 641.1(b) of this part.
4. A consumer report indicates a pattern of activity that is inconsistent with the history and usual pattern of activity of an applicant or customer, such as:
a. A recent and significant increase in the volume of inquiries;
b. An unusual number of recently established credit relationships;
c. A material change in the use of credit, especially with respect to recently established credit relationships; or
d. An account that was closed for cause or identified for abuse of account privileges by a financial institution or creditor.
Suspicious Documents
5. Documents provided for identification appear to have been altered or forged.
6. The photograph or physical description on the identification is not consistent with the appearance of the applicant or customer presenting the identification.
7. Other information on the identification is not consistent with information provided by the person opening a new covered account or customer presenting the identification.
8. Other information on the identification is not consistent with readily accessible information that is on file with the financial institution or creditor, such as a signature card or a recent check.
9. An application appears to have been altered or forged, or gives the appearance of having been destroyed and reassembled.
Suspicious Personal Identifying Information
10. Personal identifying information provided is inconsistent when compared against external information sources used by the financial institution or creditor. For example:
a. The address does not match any address in the consumer report; or
b. The Social Security Number (SSN) has not been issued, or is listed on the Social Security Administration's Death Master File.
11. Personal identifying information provided by the customer is not consistent with other personal identifying information provided by the customer. For example, there is a lack of correlation between the SSN range and date of birth.
12. Personal identifying information provided is associated with known fraudulent activity as indicated by internal or third-party sources used by the financial institution or creditor. For example:
a. The address on an application is the same as the address provided on a fraudulent application; or
b. The phone number on an application is the same as the number provided on a fraudulent application.
13. Personal identifying information provided is of a type commonly associated with fraudulent activity as indicated by internal or third-party sources used by the financial institution or creditor. For example:
a. The address on an application is fictitious, a mail drop, or a prison; or
b. The phone number is invalid, or is associated with a pager or answering service.
14. The SSN provided is the same as that submitted by other persons opening an account or other customers.
15. The address or telephone number provided is the same as or similar to the address or telephone number submitted by an unusually large number of other persons opening accounts or by other customers.
16. The person opening the covered account or the customer fails to provide all required personal identifying information on an application or in response to notification that the application is incomplete.
17. Personal identifying information provided is not consistent with personal identifying information that is on file with the financial institution or creditor.
18. For financial institutions and creditors that use challenge questions, the person opening the covered account or the customer cannot provide authenticating information beyond that which generally would be available from a wallet or consumer report.
Unusual Use of, or Suspicious Activity Related to, the Covered Account
19. Shortly following the notice of a change of address for a covered account, the institution or creditor receives a request for a new, additional, or replacement card or a cell phone, or for the addition of authorized users on the account.
20. A new revolving credit account is used in a manner commonly associated with known patterns of fraud. For example:
a. The majority of available credit is used for cash advances or merchandise that is easily convertible to cash (e.g., electronics equipment or jewelry); or
b. The customer fails to make the first payment or makes an initial payment but no subsequent payments.
21. A covered account is used in a manner that is not consistent with established patterns of activity on the account. There is, for example:
a. Nonpayment when there is no history of late or missed payments;
b. A material increase in the use of available credit;
c. A material change in purchasing or spending patterns;
d. A material change in electronic fund transfer patterns in connection with a deposit account; or
e. A material change in telephone call patterns in connection with a cellular phone account.
22. A covered account that has been inactive for a reasonably lengthy period of time is used (taking into consideration the type of account, the expected pattern of usage and other relevant factors).
23. Mail sent to the customer is returned repeatedly as undeliverable although transactions continue to be conducted in connection with the customer's covered account.
24. The financial institution or creditor is notified that the customer is not receiving paper account statements.
25. The financial institution or creditor is notified of unauthorized charges or transactions in connection with a customer's covered account.
Notice from Customers, Victims of Identity Theft, Law Enforcement Authorities, or Other Persons Regarding Possible Identity Theft in Connection With Covered Accounts Held by the Financial Institution or Creditor
26. The financial institution or creditor is notified by a customer, a victim of identity theft, a law enforcement authority, or any other person that it has opened a fraudulent account for a person engaged in identity theft.
[72 FR 63771, Nov. 9, 2007, as amended at 74 FR 22646, May 14, 2009]
PART 682 - DISPOSAL OF CONSUMER REPORT INFORMATION AND RECORDS
Authority: Pub. L. 108-159, sec. 216.
Source: 69 FR 68697, Nov. 24, 2004, unless otherwise noted.
§ 682.1 Definitions.
(a) In general. Except as modified by this part or unless the context otherwise requires, the terms used in this part have the same meaning as set forth in the Fair Credit Reporting Act, 15 U.S.C. 1681 et seq.
(b) “Consumer information” means any record about an individual, whether in paper, electronic, or other form, that is a consumer report or is derived from a consumer report. Consumer information also means a compilation of such records. Consumer information does not include information that does not identify individuals, such as aggregate information or blind data.
(c) “Dispose,” “disposing,” or “disposal” means:
(1) The discarding or abandonment of consumer information, or
(2) The sale, donation, or transfer of any medium, including computer equipment, upon which consumer information is stored.
§ 682.2 Purpose and scope.
(a) Purpose. This part (“rule”) implements section 216 of the Fair and Accurate Credit Transactions Act of 2003, which is designed to reduce the risk of consumer fraud and related harms, including identity theft, created by improper disposal of consumer information.
(b) Scope. This rule applies to any person over which the Federal Trade Commission has jurisdiction, that, for a business purpose, maintains or otherwise possesses consumer information.
§ 682.3 Proper disposal of consumer information.
(a) Standard. Any person who maintains or otherwise possesses consumer information for a business purpose must properly dispose of such information by taking reasonable measures to protect against unauthorized access to or use of the information in connection with its disposal.
(b) Examples. Reasonable measures to protect against unauthorized access to or use of consumer information in connection with its disposal include the following examples. These examples are illustrative only and are not exclusive or exhaustive methods for complying with the rule in this part.
(1) Implementing and monitoring compliance with policies and procedures that require the burning, pulverizing, or shredding of papers containing consumer information so that the information cannot practicably be read or reconstructed.
(2) Implementing and monitoring compliance with policies and procedures that require the destruction or erasure of electronic media containing consumer information so that the information cannot practicably be read or reconstructed.
(3) After due diligence, entering into and monitoring compliance with a contract with another party engaged in the business of record destruction to dispose of material, specifically identified as consumer information, in a manner consistent with this rule. In this context, due diligence could include reviewing an independent audit of the disposal company's operations and/or its compliance with this rule, obtaining information about the disposal company from several references or other reliable sources, requiring that the disposal company be certified by a recognized trade association or similar third party, reviewing and evaluating the disposal company's information security policies or procedures, or taking other appropriate measures to determine the competency and integrity of the potential disposal company.
(4) For persons or entities who maintain or otherwise possess consumer information through their provision of services directly to a person subject to this part, implementing and monitoring compliance with policies and procedures that protect against unauthorized or unintentional disposal of consumer information, and disposing of such information in accordance with examples (b)(1) and (2) of this section.
(5) For persons subject to the Gramm-Leach-Bliley Act, 15 U.S.C. 6081 et seq., and the Federal Trade Commission's Standards for Safeguarding Customer Information, 16 CFR part 314 (“Safeguards Rule”), incorporating the proper disposal of consumer information as required by this rule into the information security program required by the Safeguards Rule.
§ 682.4 Relation to other laws.
Nothing in the rule in this part shall be construed:
(a) To require a person to maintain or destroy any record pertaining to a consumer that is not imposed under other law; or
(b) To alter or affect any requirement imposed under any other provision of law to maintain or destroy such a record.
§ 682.5 Effective date.
The rule in this part is effective on June 1, 2005.
PART 698 - MODEL FORMS AND DISCLOSURES
Authority: 12 U.S.C. 5519; 15 U.S.C. 1681m(h); 15 U.S.C. 1681s-3; 15 U.S.C. 1681s-3 note.
Source: 69 FR 35500, June 24, 2004, unless otherwise noted.
§ 698.1 Authority and purpose.
(a) Authority. This part is issued by the Commission pursuant to the provisions of the Fair Credit Reporting Act (15 U.S.C. 1681 et seq.), as amended by the Consumer Credit Reporting Reform Act of 1996 (Title II, Subtitle D, Chapter 1, of the Omnibus Consolidated Appropriations Act for Fiscal Year 1997), Public Law 104-208, 110 Stat. 3009-426 (Sept. 30, 1996), the Fair and Accurate Credit Transactions Act of 2003, Public Law 108-159, 117 Stat. 1952 (Dec. 4, 2003), and the Dodd-Frank Wall Street Reform and Consumer Protection Act, Public Law 111-203, 124 Stat. 1376-2223 (July 21, 2010).
(b) Purpose. The purpose of this part is to comply with sections 615(h) and 624 of the Fair Credit Reporting Act, as amended by the Fair and Accurate Credit Transactions Act of 2003, and section 214(b) of the Fair and Accurate Credit Transactions Act of 2003.
[84 FR 23473, May 22, 2019]
§ 698.2 Legal effect.
The model forms and disclosures prescribed by the FTC in this part do not constitute a trade regulation rule. The issuance of the model forms and disclosures set forth in appendices A, B, and C of this part carry out the directive in the statute that the FTC prescribe these forms and disclosures. Use or distribution of the model forms and disclosures in this part will constitute compliance with any section or subsection of the FCRA requiring that such forms and disclosures be used by any motor vehicle dealer subject to the FTC's rulemaking authority.
[86 FR 50850, Sept. 13, 2021]
§ 698.3 Definitions.
As used in this part, unless otherwise provided:
(a) Substantially similar means that all information in the Commission's prescribed model is included in the document that is distributed, and that the document distributed is formatted in a way consistent with the format prescribed by the Commission. The document that is distributed shall not include anything that interferes with, detracts from, or otherwise undermines the information contained in the Commission's prescribed model.
[69 FR 69784, Nov. 30, 2004]
Appendix A to Part 698 - Model Forms for Risk-Based Pricing and Credit Score Disclosure Exception Notices
1. This appendix contains four model forms for risk-based pricing notices and three model forms for use in connection with the credit score disclosure exceptions. Each of the model forms is designated for use in a particular set of circumstances as indicated by the title of that model form.
2. Model form A-1 is for use in complying with the general risk-based pricing notice requirements in § 640.3 if a credit score is not used in setting the material terms of credit. Model form A-2 is for risk-based pricing notices given in connection with account review if a credit score is not used in increasing the annual percentage rate. Model form A-3 is for use in connection with the credit score disclosure exception for loans secured by residential real property. Model form A-4 is for use in connection with the credit score disclosure exception for loans not secured by residential real property. Model form A-5 is for use in connection with the credit score disclosure exception when no credit score is available for a consumer. Model form A-6 is for use in complying with the general risk-based pricing notice requirements in § 640.3 if a credit score is used in setting the material terms of credit. Model form A-7 is for risk-based pricing notices given in connection with account review if a credit score is used in increasing the annual percentage rate. All forms contained in this appendix are models; their use is optional.
3. A person may change the forms by rearranging the format or by making technical modifications to the language of the forms, in each case without modifying the substance of the disclosures. Any such rearrangement or modification of the language of the model forms may not be so extensive as to materially affect the substance, clarity, comprehensibility, or meaningful sequence of the forms. Persons making revisions with that effect will lose the benefit of the safe harbor for appropriate use of the model forms in this appendix. A person is not required to conduct consumer testing when rearranging the format of the model forms.
a. Acceptable changes include, for example:
i. Corrections or updates to telephone numbers, mailing addresses, or website addresses that may change over time.
ii. The addition of graphics or icons, such as the person's corporate logo.
iii. Alteration of the shading or color contained in the model forms.
iv. Use of a different form of graphical presentation to depict the distribution of credit scores.
v. Substitution of the words “credit” and “creditor” or “finance” and “finance company” for the terms “loan” and “lender.”
vi. Including pre-printed lists of the sources of consumer reports or consumer reporting agencies in a “check-the-box” format.
vii. Including the name of the consumer, transaction identification numbers, a date, and other information that will assist in identifying the transaction to which the form pertains.
viii. Including the name of an agent, such as an motor vehicle dealer or other party, when providing the “Name of the Entity Providing the Notice.”
b. Unacceptable changes include, for example:
i. Providing model forms on register receipts or interspersed with other disclosures.
ii. Eliminating empty lines and extra spaces between sentences within the same section.
4. Optional language in model forms A-6 and A-7 may be used to direct the consumer to the entity (which may be a consumer reporting agency or the creditor itself, for a proprietary score that meets the definition of a credit score) that provided the credit score for any questions about the credit score, along with the entity's contact information. Creditors may use or not use the additional language without losing the safe harbor, since the language is optional.
A-1 Model form for risk-based pricing notice.
A-2 Model form for account review risk-based pricing notice.
A-3 Model form for credit score disclosure exception for loans secured by one to four units of residential real property.
A-4 Model form for credit score disclosure exception for loans not secured by residential real property.
A-5 Model form for credit score disclosure exception for loans where credit score is not available.
A-6 Model form for risk-based pricing notice with credit score information.
A-7 Model form for account review risk-based pricing notice with credit score information.
[86 FR 51805, Sept. 17, 2021]
Appendix B to Part 698 - Model Forms for Affiliate Marketing Opt-Out Notices
A. Although use of the model forms is not required, use of the model forms in this Appendix (as applicable) complies with the requirement in section 624 of the Act for clear, conspicuous, and concise notices.
B. Certain changes may be made to the language or format of the model forms without losing the protection from liability afforded by use of the model forms. These changes may not be so extensive as to affect the substance, clarity, or meaningful sequence of the language in the model forms. Persons making such extensive revisions will lose the safe harbor that this Appendix provides. Acceptable changes include, for example:
1. Rearranging the order of the references to “your income,” “your account history,” and “your credit score.”
2. Substituting other types of information for “income,” “account history,” or “credit score” for accuracy, such as “payment history,” “credit history,” “payoff status,” or “claims history.”
3. Substituting a clearer and more accurate description of the affiliates providing or covered by the notice for phrases such as “the [ABC] group of companies,” including without limitation a statement that the entity providing the notice recently purchased the consumer's account.
4. Substituting other types of affiliates covered by the notice for “credit card,” “insurance,” or “securities” affiliates.
5. Omitting items that are not accurate or applicable. For example, if a person does not limit the duration of the opt-out period, the notice may omit information about the renewal notice.
6. Adding a statement informing consumers how much time they have to opt out before shared eligibility information may be used to make solicitations to them.
7. Adding a statement that the consumer may exercise the right to opt out at any time.
8. Adding the following statement, if accurate: “If you previously opted out, you do not need to do so again.”
9. Providing a place on the form for the consumer to fill in identifying information, such as his or her name and address.
B-1 Model Form for Initial Opt-out notice (Single-Affiliate Notice)
B-2 Model Form for Initial Opt-out notice (Joint Notice)
B-3 Model Form for Renewal Notice (Single-Affiliate Notice)
B-4 Model Form for Renewal Notice (Joint Notice)
B-5 Model Form for Voluntary “No Marketing” Notice
B-1 Model Form for Initial Opt-Out Notice (Single-Affiliate Notice)
[Your Choice To Limit Marketing]/[Marketing Opt-Out]
• [Name of Affiliate] is providing this notice.
• [Optional: Federal law gives you the right to limit some but not all marketing from our affiliates. Federal law also requires us to give you this notice to tell you about your choice to limit marketing from our affiliates.]
• You may limit our affiliates in the [ABC] group of companies, such as our [credit card, insurance, and securities] affiliates, from marketing their products or services to you based on your personal information that we collect and share with them. This information includes your [income], your [account history with us], and your [credit score].
• Your choice to limit marketing offers from our affiliates will apply [until you tell us to change your choice]/[for x years from when you tell us your choice]/[for at least 5 years from when you tell us your choice]. [Include if the opt-out period expires.] Once that period expires, you will receive a renewal notice that will allow you to continue to limit marketing offers from our affiliates for [another x years]/[at least another 5 years].
• [Include, if applicable, in a subsequent notice, including an annual notice, for consumers who may have previously opted out.] If you have already made a choice to limit marketing offers from our affiliates, you do not need to act again until you receive the renewal notice.
To limit marketing offers, contact us [include all that apply]:
• By telephone: 1-877-###-####
• On the web: www. - .com
• By mail: Check the box and complete the form below, and send the form to:
[Company name]
[Company address]
____Do not allow your affiliates to use my personal information to market to me.
B-2 Model Form for Initial Opt-Out Notice (Joint Notice)
[Your Choice To Limit Marketing]/[Marketing Opt-Out]
• The [ABC group of companies] is providing this notice.
• [Optional: Federal law gives you the right to limit some but not all marketing from the [ABC] companies. Federal law also requires us to give you this notice to tell you about your choice to limit marketing from the [ABC] companies.]
• You may limit the [ABC companies], such as the [ABC credit card, insurance, and securities] affiliates, from marketing their products or services to you based on your personal information that they receive from other [ABC] companies. This information includes your [income], your [account history], and your [credit score].
• Your choice to limit marketing offers from the [ABC] companies will apply [until you tell us to change your choice]/[for x years from when you tell us your choice]/[for at least 5 years from when you tell us your choice]. [Include if the opt-out period expires.] Once that period expires, you will receive a renewal notice that will allow you to continue to limit marketing offers from the [ABC] companies for [another x years]/[at least another 5 years].
• [Include, if applicable, in a subsequent notice, including an annual notice, for consumers who may have previously opted out.] If you have already made a choice to limit marketing offers from the [ABC] companies, you do not need to act again until you receive the renewal notice.
To limit marketing offers, contact us [include all that apply]:
• By telephone: 1-877-###-####
• On the web: www. - .com
• By mail: Check the box and complete the form below, and send the form to:
[Company name]
[Company address]
____Do not allow any company [in the ABC group of companies] to use my personal information to market to me.
B-3 Model Form for Renewal Notice (Single-Affiliate Notice)
[Renewing Your Choice To Limit Marketing]/[Renewing Your Marketing Opt-Out]
• [Name of Affiliate] is providing this notice.
• [Optional: Federal law gives you the right to limit some but not all marketing from our affiliates. Federal law also requires us to give you this notice to tell you about your choice to limit marketing from our affiliates.]
• You previously chose to limit our affiliates in the [ABC] group of companies, such as our [credit card, insurance, and securities] affiliates, from marketing their products or services to you based on your personal information that we share with them. This information includes your [income], your [account history with us], and your [credit score].
• Your choice has expired or is about to expire.
To renew your choice to limit marketing for [x] more years, contact us [include all that apply]:
• By telephone: 1-877-###-####
• On the web: www. - .com
• By mail: Check the box and complete the form below, and send the form to:
[Company name]
[Company address]
____Renew my choice to limit marketing for [x] more years.
B-4 Model Form for Renewal Notice (Joint Notice)
[Renewing Your Choice To Limit Marketing]/[Renewing Your Marketing Opt-Out]
• The [ABC group of companies] is providing this notice.
• [Optional: Federal law gives you the right to limit some but not all marketing from the [ABC] companies. Federal law also requires us to give you this notice to tell you about your choice to limit marketing from the [ABC] companies.]
• You previously chose to limit the [ABC companies], such as the [ABC credit card, insurance, and securities] affiliates, from marketing their products or services to you based on your personal information that they receive from other [ABC] companies. This information includes your [income], your [account history], and your [credit score].
• Your choice has expired or is about to expire.
To renew your choice to limit marketing for [x] more years, contact us [include all that apply]:
• By telephone: 1-877-###-####
• On the web: www. - .com
• By mail: Check the box and complete the form below, and send the form to:
[Company name]
[Company address]
____Renew my choice to limit marketing for [x] more years.
B-5 Model Form for Voluntary “No Marketing” Notice
Your Choice To Stop Marketing
• [Name of Affiliate] is providing this notice.
• You may choose to stop all marketing from us and our affiliates.
• [Your choice to stop marketing from us and our all affiliates will apply until you tell us to change your choice.]
To stop all marketing offers, contact us [include all that apply]:
• By telephone: 1-877-###-####
• On the web: www. - .com
• By mail: check the box and complete the form below, and send the form to:
[Company name]
[Company address]
____Do not market to me.
[84 FR 23485, May 22, 2019]
Appendix C to Part 698 - Model Prescreen Opt-Out Notices
In order to comply with 16 CFR part 642, the following model notices may be used:
(a) English language model notice -
(1) Short notice.
(2) Long notice.
(b) Spanish language model notice -
(1) Short notice.
(2) Long notice.
[86 FR 50850, Sept. 13, 2021]
For more information, see here: https://www.ftc.gov/legal-library/browse/statutes/fair-credit-reporting-act
AND
https://www.ecfr.gov/current/title-16/chapter-I/subchapter-F
These materials were obtained directly from the Federal Government public website and are posted here for your review and reference only. No Claim to Original U.S. Government Works. This may not be the most recent version. The U.S. Government may have more current information. We make no guarantees or warranties about the accuracy or completeness of this information, or the information linked to. Please check the linked sources directly.
Download:
| Attachment | Size |
|---|---|
 the_fair_credit_reporting_act_parts_600-698.pdf | 5.77 MB |
| 545a_fair-credit-reporting-act-0918.pdf | 659.69 KB |
| fair_credit_reporting_act_15_u.s.c._sec._1681.pdf | 188.64 KB |