Notes on FACTA, Red Flags Rule, and Identity Theft Prevention (BACDA context)

Identity theft prevention and credit history restoration

  • FACTA enhances the Fair Credit Reporting Act (FCRA) by adding identity theft protections and reporting accuracy requirements.

  • Purpose: ensure appropriate proof of identity is used to block fraudulent information from being added to a consumer’s credit report; lenders/creditors must have a proper customer identification process policy and follow it to verify the applicant is the actual consumer.

  • Fraud alerts: borrowers must be able to place or remove fraud alerts on their credit reports; this helps reduce fraud and identity theft.

  • Social Security Number (SSN) truncation: disclosures in file reports should truncate SSNs to reduce exposure.

  • Matching accuracy requirements: credit reporting agencies must develop reasonable requirements to ensure that the consumer is correctly matched with their file, which is crucial given the vast amount of data (billions of files).

  • Ongoing accuracy and completeness studies: FACTA requires ongoing assessment of the accuracy and completeness of consumer reports and methods to improve them; this relates to earlier observations about bureau accuracy.

  • Risk-based pricing notices (RBPN): if a lender uses a credit report to decide and the decision results in a higher interest rate due to risk evidenced in the report, the consumer must be informed that their credit report contributed to a higher rate; this gives the borrower an opportunity to review the report for errors.

  • Early dispute study insights (historical reference): a study (referred to in the transcript as FAFDA) examined dispute processes and found:

    • 20%20\% of consumers disputed errors and had modifications to at least one credit report;

    • 13%13\% of consumers experienced a change in score due to their dispute;

    • 5%5\% of consumers had errors on their credit report that could affect credit access or terms.

  • The Red Flags Rule (Section 114 of the Fair and Accurate Credit Transactions Act, implemented 02/200702/2007):

    • Requires businesses to create written identity theft prevention programs; the program is sized and scoped to the business’s operations.

    • Purpose: detect red flags of identity theft, prevent crime, mitigate damage, and respond to incidents.

    • Enforcement: Federal Trade Commission (FTC) along with the Consumer Financial Protection Bureau (CFPB) and state agencies.

    • Scope: applies to any institution that collects personally identifying information from consumers, not just banks; includes all creditors with direct/indirect access to consumer reports in credit transactions.

    • Accreditor concept: a creditor defined in the Equal Credit Opportunity Act (ECOA) that regularly uses consumer reports in credit transactions (e.g., mortgage brokers, mortgage lenders, mortgage banks).

    • Practical framing: replace “account” with “business practice” or “policy” to emphasize that any business practice handling consumer PI requires a written identity theft prevention program.

    • Program requirements: must detect red flags, respond to red flags, and be updated periodically to reflect changes and risks to customers and the institution’s safety and soundness.

    • What counts as a red flag:

    • An alert or warning from a consumer reporting agency (CRA) including fraud or active-duty alerts, or a notice of a credit freeze.

    • A notice of an address discrepancy or identity discrepancy on a CRA report.

    • An unusual number of recently opened credit accounts.

    • A material change in the use of credit, especially with recently opened accounts showing delinquency.

    • An account closed for cause or identified for abuse of account privileges by a financial institution or creditor.

    • Suspicious documents:

    • Documents appear altered or forged (e.g., driver’s license with someone else’s photo).

    • Identification details not consistent with the applicant or with information provided for the application.

    • Information inconsistent with other available information (signature cards, recent checks, loan applications).

    • Application appears altered, forged, or reassembled (e.g., white-out).

    • Personal identifying information (PII) inconsistent with other PII (e.g., Social Security number range vs. date of birth).

    • PIIs associated with non-fraudulent activity (humorous examples like fictional names) or a prison address on the application.

    • Practical advice for Mortgage Loan Originators (MLOs): ensure input in loan origination software, the application, the credit report, and all documentation are consistent; this consistency supports AML efforts and reduces fraud risk.

    • Summary takeaway: as MLOs and financial professionals, you are part of an anti-money-laundering framework that emphasizes matching information across documents and entries to detect fraud.

  • Connections to broader themes:

    • Emphasizes data accuracy, identity verification, and consumer rights in credit reporting.

    • Illustrates practical steps lenders must take to minimize fraud risk and protect consumers.

    • Highlights ethical and practical implications of data handling, privacy, and the need for ongoing policy updates.

Improvements in the use of and consumer access of credit information

  • Focus on expanding consumer access to their own credit information and making it easier to understand.

  • Emphasis on transparency in how credit information is used to make lending decisions.

  • Relationships to sections on RBPN and identity verification from FACTA.

Enhancing the accuracy of consumer credit report information

  • Ongoing accuracy checks by bureaus; mechanisms to improve data quality.

  • Address known accuracy concerns tied to risk-based pricing and score computations.

  • Reiterate the importance of correct data input by lenders and consumers.

Limiting the use and sharing of medical information in the financial system

  • Policies restricting how medical information is used or shared in financial decision-making.

  • Safeguards to protect sensitive health-related information when evaluating credit or loan applications.

Financial literacy and education improvement

  • Initiatives to improve consumer understanding of credit, credit reports, and how lending decisions are made.

  • Education on rights under FCRA/FACTA and how to correct errors.

Protecting employee misconduct investigations

  • Protections around handling investigations into employee misconduct and related financial transactions.

  • Safeguards to ensure integrity of investigations and protection of sensitive information.

Relation to state laws

  • Interaction between federal rules (FCRA/FACTA/Red Flags Rule) and state statutes.

  • Considerations for state-level enforcement and additional protections.

Everything else, miscellaneous

  • Other topics and clarifications that didn’t fit neatly into the above categories but are relevant to the broader framework of credit reporting, identity theft protection, and financial information security.