III. Common Claims Against FCRA Players
Common Claims Against Employers: Adverse Action Notices
Claims against employers have been on the rise, affecting all industries including retailers, restaurant chains, manufacturers, and financial institutions. Rejected applicants often allege violations of the FCRA’s background-screening requirements on behalf of themselves and putative class members. Although the FCRA specifically authorizes employers to obtain and use a consumer report (such as criminal background checks and credit reports) for employment decisions, including those related to hiring, retention, and promotion, the FCRA imposes a specific and a surprisingly technical three-step requirement on such use.
Disclosure forms. Before obtaining a report, the employer must provide a “clear and conspicuous” written disclosure to the consumer in a document that consists “solely” of the disclosure that a consumer report may be obtained. The employer must also obtain the consumer’s written authorization. Recent litigation has revolved around the interpretation of the term “solely.”
Preadverse action notices. Before making a final employment decision based in whole or even in part on the results of a report, the employer must provide a preadverse action notice to the individual, which includes a copy of the applicant’s consumer report and the CFPB’s Summary of Rights. The concept of “adverse action” is broad and generally includes any employment-related decision that negatively affects the employee. The purpose of a preadverse action notice is to allow the applicant or employee the opportunity to discuss the report with the employer before becoming subject to any adverse action. Although the timeframe is not specifically defined, the employer is required to wait a minimum amount of time (typically interpreted as at least five business days) before taking the adverse action.
Post-adverse action notices. In the final step, the employer is required to provide a post-adverse action notice to the individual, which includes:
- the name and contact information of the CRA that provided the background check on which the adverse employment decision was based;
- a statement advising the individual that the CRA did not make the adverse employment decision and therefore cannot provide any reasons why the adverse action was taken; and
- notification that the applicant or employee is entitled to receive a free copy of the background check or consumer report on which the adverse action was based within a 60-day period.
On their face, these three requirements are relatively clear and specific; however, they quickly become convoluted because:
- different kinds of background checks require different kinds of initial disclosures;
- several states have additional requirements affecting the disclosure, consent, and adverse action procedures;
- the trucking industry has its own special procedures under the FCRA;
- recent court decisions have suggested additional, unwritten requirements on the process, particularly with respect to electronic employment application processes; and
- compliance with “ban the box” statutes, which require the removal of questions related to criminal conviction history on a job application, and ordinances may require deferral of employment background checks in the employment process, leading to delays in the hiring process, additional paperwork, and a more unfriendly application process.
Indeed, the staggering number of recent class actions against employers, which have resulted in many multimillion-dollar settlements across the country, illustrate how intricate these requirements actually are. For example, the interpretation of the word “solely” has resulted in numerous, nationwide class actions. In March 2015, a class of job applicants requested that the U.S. District Court for the Middle District of North Carolina approve a nearly $3 million settlement they had reached with Delhaize America LLC, Food Lion’s parent company, for the company’s failure to include a stand-alone disclosure. The named plaintiff was joined by 59,000 others who had applied to Delhaize-owned stores in the preceding two years.
Food Lion was not the only company hit with such a class action, however. Three putative, nationwide class actions against Michaels stores were also filed, alleging that the company buried its disclosure among blank spaces on its employment application form. Whole Foods Market Group, Inc. agreed to pay $803,000 in October 2015 to settle claims that it improperly disclosed to job applications that they would undergo background checks. That putative class action included approximately 20,000 class members. Publix Super Markets likewise settled a class action for $6.8 million in October 2014 for the supermarket’s alleged failure to provide a stand-alone disclosure informing job applicants that a background check would be performed.
Common Claims Against CRAs: Failure to Maintain Reasonable Procedures
The FCRA requires CRAs to “follow reasonable procedures to assure maximum possible accuracy of the information concerning the individual about whom the [consumer] report relates.” Importantly, the FCRA is not a strict-liability statute. The mere existence of an error in a consumer report does not, in and of itself, constitute a violation. Rather, a CRA’s liability hinges on the failure to follow reasonable procedures. According to the FTC, “[a] CRA must accurately transcribe, store and communicate consumer information received from a source that it reasonably believes to be reputable, in a manner that is logical on its face.” FTC, 40 Years of Experience with the Fair Credit Reporting Act: An FTC Staff Report with Summary of Interpretations 67, § 2 (2011). The reasonableness of a CRA’s procedures typically is a question of fact for the jury.
This reasonable-procedure requirement similarly applies to resellers under the FCRA. A reseller is a type of CRA that assembles and merges information contained in another CRA’s database into a “tri-merge report.” A reseller does not maintain its own database of the assembled or merged information from which new consumer reports are produced. In other words, a reseller acts as a middleman between the CRA and the user of the consumer information. Although a reseller’s role is limited, given that the FCRA imposes liability on “[a]ny person” who fails to comply with the statute’s requirements regarding credit information, plaintiffs have named resellers as codefendants alongside CRAs. In turn, courts have held that a reseller is subject to the same reasonable-procedure requirements as imposed on CRAs, even though resellers typically have no ability to investigate, judge, or evaluate the decisions made by CRAs.
Besides the numerous individual and class-action lawsuits that have been filed pursuant to this reasonable-procedure requirement, the CFPB has also exercised its enforcement power under this provision. In October 2015, for example, the CFPB announced a $13 million settlement of an enforcement action against General Information Services, Inc. (GIS) and e-Backgroundchecks.com, Inc., two of the largest background-screening companies, for their alleged failure to assure maximum possible accuracy of the data provided to employers.
The companies provided public-record background information – such as criminal records and civil judgment data – to employers who were conducting screenings on job applicants and current employees. The CFPB’s order focused on the following four alleged deficiencies:
- failure to have written procedures for researching public records for consumers with common names or who use nicknames;
- failure to require employers to provide middle names for applicants for purposes of matching criminal records to consumers, resulting in the reporting of mismatched criminal record information about consumers;
- failure to track consumer disputes in a manner that would allow for identification and remedy of reporting error trends, and failure of the internal departments to meet on a regular basis to discuss errors; and
- failure to conduct sufficient testing of nondisputed records.
With regard to the first alleged deficiency, the CFPB’s order appeared to conclude that matching should be done by requiring an exact match based on first, middle, and last name in addition to one additional identifier, such as date of birth or Social Security number. By this order, therefore, the CFPB in effect attempted to create a detailed standard of conduct in matching data, but one that likely does not recognize the realities of the market. For example, few, if any, courts provide a Social Security number of the defendant, making a match on this element impossible for some criminal records. Similarly, with respect to the order’s focus on the companies’ internal compliance procedures, the CFPB sought to establish a detailed standard for internal compliance procedures down to the level of detail of how often internal meetings should occur to discuss consumer complaints.
In addition to the stiff monetary penalty, which requires $10.5 million in relief to harmed customers and a $2.5 million civil penalty, the CFPB’s order also required the background-screening companies to revise their procedures to assure reporting accuracy.
IV. Emerging Trends: Increased Scrutiny on Furnishers
Anyone who provides consumer information to a CRA, even those who only occasionally report information, is a furnisher under the FCRA. Creditors, insurers, employers, landlords, and debt collectors are all potentially subject to the FCRA’s furnisher requirements. Furnishers were once an unregulated group, but today furnisher compliance has become a top federal regulatory priority, as evidenced by the increased number of supervisory and enforcement actions brought by the CFPB and FTC.
The Furnisher Rule (Regulation V promulgated by the CFPB under the FCRA) requires furnishers to: (1) furnish information that is accurate and complete; and (2) investigate consumer disputes about the accuracy of the information they provide. With regard to this latter requirement, the Furnisher Rule requires furnishers to respond to consumer disputes that a consumer directly reports to the furnisher. The FCRA also requires furnishers to respond to “indirect” disputes, or disputes that consumers first lodge with a CRA but then are passed along to the furnisher by the CRA.
Whether submitted directly or indirectly, the furnisher must then undertake a reasonable reinvestigation of the dispute, which some courts have interpreted as some degree of a careful inquiry. During the reinvestigation process, the furnisher has an obligation to:
- investigate the dispute and review all relevant information provided by the CRA about the dispute;
- report the results of the investigation to the CRA;
- provide corrected information to every CRA that received information if the investigation shows the information is incomplete or inaccurate; and
- modify the information, delete it, or permanently block its reporting if the information turns out to be inaccurate or incomplete or cannot be verified.
Furnishers have four response options: (1) verify the account as accurate; (2) modify the account tradeline information as indicated; (3) delete the tradeline because the information cannot be verified; or (4) delete the tradeline due to fraud. Each of these steps must be completed within 30 days after the CRA receives the dispute.
The Furnisher Rule additionally requires furnishers to establish and maintain reasonable written policies and procedures designed to implement the FCRA requirements, to ensure that the information furnishers report to CRAs is accurate, and to allow consumers to dispute, directly with the furnisher, information they believe is inaccurate. More than one furnisher has been surprised by Regulation V’s written-policy requirement.
Through their advisory bulletins and hard-hitting enforcement actions, the FTC and CFPB have signaled their priority in holding all players in the credit reporting market accountable for ensuring the accuracy of data in credit reports, with a particular focus on furnisher compliance obligations. For example, in December 2014, the CFPB announced that it will require CRAs to provide regular reports to the CFPB identifying by name potentially problematic furnishers of information, including furnishers with the most overall disputes and those with particularly high disputes relative to their industry peers. This active monitoring for compliance has the potential to result in more enforcement actions against furnishers.
Enforcement actions brought by the FTC and CFPB have set a clear precedent for noncomplying furnishers, given that these actions often impose stiff penalties on companies that do not live up to its duties under the Furnisher Rule. Recent examples of FTC enforcement actions against furnishers include:
- FTC v. Tricolor Auto Acceptance Corp., LLC, which was fined $82,777 for failing to maintain written policies and procedures regarding the accuracy of reported credit information, and for failing to properly investigate disputed consumer credit information. The FTC action can be found here.
Similarly, the CFPB has recently entered into consent orders with the following furnishers after investigations of FCRA violations:
- EOS CCA, a Massachusetts debt-collection firm that was required to refund at least $743,000 to consumers and pay a $1.85 million civil penalty for providing inaccurate information to credit-reporting agencies and failing to correct reported information that it had determined was inaccurate;
- First Investors Financial Services Group, Inc., an auto finance company that was required to pay a $2.75 million fine for failure to establish reasonable written policies and procedures regarding the accuracy and integrity of information furnished;
- DriveTime Automotive Group, Inc., the nation’s largest “buy-here, pay-here” auto dealer, which was required to pay an $8 million penalty for having inadequate written policies governing the furnishing of information to CRAs.
Attorney generals nationwide have also stepped up enforcement in the furnisher arena. The 2015 multistate attorneys general settlement with the three national CRAs enlists the CRAs as part of the enforcement mechanism. Although the settlement only directly applies to changes to CRA business practices, many of the required changes will also impact furnishers. For example, CRAs are now required to:
- review and update the terms of use agreed to by furnishers using e-Oscar;
- establish a working group to share best practices for monitoring furnishers;
- take corrective action when necessary with respect to furnishers that fail to comply with furnisher obligations and reinvestigation requirements; and
- maintain information about problem furnishers and provide a list of those furnishers to the states upon request.
This regulatory focus on furnishers shows no signs of slowing down, as illustrated by the CFPB’s first bulletin of 2016, which warns furnishers yet again of the need to have adequate policies and procedures. The CFPB notes that a furnisher’s “policies and procedures must be appropriate to the nature, size, complexity, and scope of each furnisher’s activities.” In other words, “if an institution furnishes both credit information to nationwide CRAs and deposit account information to nationwide specialty CRAs, that institution must consider the appropriate approach to each type of furnishing in its policies and procedures in order to comply with Regulation V.” The bulletin concludes with a warning to furnishers to have such policies and procedures in place with respect to all types of consumer information furnished to each of the CRAs: “If the CFPB determines that a furnisher has engaged in any acts or practices that violate Regulation V or other federal consumer financial laws and regulations, it will take appropriate supervisory and enforcement actions to address violations and seek all appropriate remedial measures, including redress to consumers.”
In addition to the harsh consequences of regulatory enforcement, furnishers have also now found themselves subject to a new world of civil liability pursuant to the U.S. Bankruptcy Code. Plaintiffs’ lawyers have begun experimenting with bankruptcy laws in an attempt to certify previously uncertifiable classes against furnishers. Section 524 of the Bankruptcy Code, known as the “discharge injunction” provision, prohibits any attempt to collect a discharged debt. The injunction is intended to give complete effect to the discharge and to eliminate any doubt concerning the effect of the discharge. Class actions have now been filed based on a furnisher’s systematic violation of the discharge injunction for refusal to correct a plaintiff’s credit report by showing that the plaintiff’s debts had been discharged. Courts have denied motions to dismiss when plaintiffs allege that the failure to update a credit report is a veiled attempt to collect the debt.
Furnishers should take note that they have become a central focus for regulatory supervision as well as a key target of the plaintiffs’ bar. Complying with the Furnisher Rule (Regulation V) has never been more important than it is today.
Conclusion
FCRA litigation is here to stay, at least for the foreseeable future. If your client’s business is involved in FCRA-regulated activities, compliance with the highly technical FCRA requirements is a necessity. Otherwise, failure to comply exposes the company to civil liability, including class actions and regulatory attention by the CFPB and FTC.