Add to collection(s) Add to saved
  1. Business
  2. Management
  3. Business Law

Internal Audit Programs

advertisement 
Fair Credit Reporting Act Compliance Audit
As a user of consumer reports, the bank must comply with certain responsibilities of users of reports set
forth in the Fair Credit Reporting Act (FCRA) (15 USC 1681).
The Consumer Financial Protection Bureau (CFPB) is generally authorized to issue regulations as
necessary or appropriate to administer and carry out the purposes and objectives of the FCRA. However,
they do not have rulemaking authority for FCRA sections 615(e) ("Red Flag Guidelines and Regulations
Required") and 628 ("Disposal of Records"). Therefore, the CFPB's Regulation V (12 CFR 1022) does
not include parallel provisions to the other federal agencies' rules on the disposal of consumer
information; the rules on identity theft red flags and corresponding interagency guidelines on identity
theft detection, prevention, and mitigation; and the rules on the duties of card issuers regarding changes of
address.
To ensure compliance, actual procedures should be checked against any formal or informal procedures,
and interviews should be conducted with the personnel responsible for compliance to ensure adequate
knowledge of regulatory requirements. Please see the Identity Theft Red Flags and Address Discrepancies
Compliance Audit and the Marketing Compliance Audit for a review of requirements for identity theft
prevention and affiliate marketing opt-out rules.
The following checklist should be modified to fit the specifics of your institution.
FAIR CREDIT REPORTING ACT
Yes, No
N/A
1. Does the bank have procedures in place to ensure
that consumer reports are only obtained for reasons
outlined in the regulation? (15 USC 1681b, 15 USC
1681d)
2. When adverse action is based on a credit bureau
report, does the institution disclose the following
requirements of 15 USC 1681m:
•
The name, street address, and telephone number
of the consumer reporting agency (including a
toll-free telephone number, if it is a nationwide
consumer reporting agency) that provided the
report?
•
A statement that the consumer reporting agency
did not make the adverse decision and is not
able to explain why the decision was made?
Work
Paper
Reference
Comments
•
A statement setting forth the consumer's right to
obtain a free disclosure of the consumer's file
from the consumer reporting agency if the
consumer requests the report within 60 days?
•
A statement setting forth the consumer's right to
dispute directly with the consumer reporting
agency the accuracy or completeness of any
information provided by the consumer reporting
agency?
•
If the action is based on a credit score, does the
notice contain the following information about
the score:
— The current credit score of the consumer or
the most recent credit score of the consumer
that was previously calculated by the credit
reporting agency for a purpose related to the
extension of credit?
— The range of possible credit scores under the
model used?
— All of the key factors that adversely affected
the credit score of the consumer in the
model used, except that the total number
must not exceed four (4)*?
— The date on which the credit score was
created?
— The name of the person or entity that
provided the credit score or credit file upon
which the credit score was created?
* If a key factor that adversely affects the
credit score of a consumer consists of the
number of inquiries made with respect to a
consumer report, that factor must be
included in the disclosure even if there are
four other factors. So in this case, the
maximum number of key factors may be
five (5).
3. Does the institution provide a notice to all parties to
a loan that adverse information may be reported to
the credit bureau (15 USC 1681s-2(a) of the Fair and
Accurate Credit Transactions Act (FACT ACT) (15
USC 1681s, 12 CFR 1022))?
4. Does the institution provide the required disclosure
to the consumer if the institution takes adverse
action concerning credit, wholly or partly based on
information contained in a consumer report, even if
the information is not derogatory?
5. When adverse action is based on other outside
information, does the institution disclose the
consumer’s right to know the nature of the
information? (15 USC 1681m(b))
6. Does the institution have procedures in place to
provide the nature of the other outside information
on request? (15 USC 1681m(b))
7. Are these disclosures made to the comaker,
guarantor, or surety to whom the information
relates? (Note: Although Regulation B (12 CFR
1002) requires that notice be given only to the
primary applicant, the FCRA requires that notice be
given to all parties to the credit if they are denied
based on information in the consumer report or a
third-party report.)
8. If the institution engages in “prescreening,” does
each consumer whose name is on the prescreened
list receive an offer of credit?
9. Does the institution provide both the long and short
notice to each consumer as required by 12 CFR
1022.54?
10. Is the institution a consumer reporting agency as
defined in 12 CFR 1022.3(f) (15 USC 1681a(f)) and
if so, does it comply with the requirements imposed
by the act?
11. Does the institution disclose to affiliates information
beyond its transactions and experiences with
consumers? (12 CFR 1022.3(d), 15 USC 1681a(d))
12. If so, does the bank offer consumers an opportunity
to opt out of the sharing agreement? (12 CFR
1022.3(d), 15 USC 1681a(d))
13. Does the institution report credit history to a credit
bureau? (15 USC 1681s-2)
14. If so, does the institution have procedures in place to
ensure that it provides information that:
•
Reflects the terms of and liability for the account
or other relationship
•
Reflects the consumer's performance and other
conduct with respect to the account or other
relationship
•
Identifies the appropriate consumer
(12 CFR 1022, Appendix E)
15. Are the policies and procedures for reporting
accurate information appropriate to the nature, size,
complexity, and scope of the bank's activities?
Note: In establishing these procedures, management
must consider, as appropriate, agency guidance.
16. Does the bank have procedures in place to respond to
disputes about the accuracy of information from
consumers as required by the regulation within 30
days of the request?
17. Does the bank have procedures in place to respond to
disputes about the accuracy of information from a
credit reporting agency within 30 days of the
request?
18. Does the institution disclose its disclosure of
information to affiliates in its privacy policy as well
as in the initial disclosures when a consumer opens
an account?
19. Does the institution request credit bureau reports as
a requirement for employment? (15 USC 1681d)
20. If so, does the institution properly notify applicants
of this requirement in writing? (15 USC 1681d)
21. Before employment is declined based on
information from a consumer reporting agency, does
the institution send an adverse action notice and
provide a copy of the report and their consumer
rights to the applicant? (15 USC 1681d)
22. Does the institution have procedures in place to
properly dispose of consumer information from a
credit reporting agency? (15 USC 1681w)
23. Does the institution have procedures in place to
provide the negative information notice to a
consumer? (15 USC 1681s-2) Note: Model forms
are available in Appendix B of 12 CFR 1022.
24. Does the institution have adequate procedures and
internal controls in place if a consumer/customer
claims a bank account has been used in an identity
theft scheme? (15 USC 1681m, 15 USC 1681g(e),
and 15 USC 1681c-1(h)(2)(B))
25. Does the institution have procedures in place to
ensure that delinquent credit as a result of identity
theft is not reported to the credit reporting agency?
(15 USC 1681s-2)
26. Does the institution have procedures in place to
ensure that electronic receipts will not have more
than five digits of the consumer’s account number?
(15 USC 1681c(g))
27. Does the institution have procedures in place to
avoid collecting or using medical information in
violation of 12 CFR 1022.30?
28. Does the bank not issue a replacement card on a
debit or credit card if they have received an address
change in the preceding 30 days unless they have
taken reasonable steps to verify the address as
outlined in the regulation?
29. Does the bank have procedures in place to ensure
that they are reporting accurate information to
consumer reporting agencies, taking into
consideration the guidance offered by the agencies?
Note: Accurate information means information that
correctly:
•
Reflects the terms of and liability for the account
or other relationship;
•
Reflects the consumer's performance and other
conduct with respect to the account or other
relationship; and
•
Identifies the appropriate consumer.
30. If the bank receives a direct dispute from a
consumer, does it have procedures in place to:
•
Conduct a reasonable investigation with respect
to the disputed information?
•
Review all relevant information provided by the
consumer with the dispute notice?
•
Complete its investigation of the dispute and
report the results of the investigation to the
consumer within 30 days from the date on which
it received the notice of the dispute from the
consumer?
•
If the investigation finds that the information
reported was inaccurate, promptly notify each
consumer reporting agency to which it provided
inaccurate information of that determination and
provide to the consumer reporting agency any
correction to that information that is necessary
to make the information accurate?
31. If the bank determines that the dispute is frivolous,
does it respond to the consumer within five business
days?
32. Does the bank have policies and procedures in
place to send appropriate risk-based pricing notices,
as required by 12 CFR 1022.70?
33. If the bank uses the credit score proxy method for
determining to whom to send the notice, is the
method it uses to determine and recalculate the cutoff score accurate according to the requirements in
12 CFR 1022.72?
34. If the bank uses the tiered rate method for
determining to whom to send the notice, are they
correctly identifying the consumers who should get
the notice as required by 12 CFR 1022.72?
35. If the bank determines who should get the notice by
a direct comparison method, does it select a sample
of the comparison and determine if their method
seems reasonable?
36. Does the bank use the appropriate model form for
the notice?
Note: Appendix H of Regulation V (12 CFR 1022)
contains all model forms, including the credit score
disclosure required when a credit score is used as a
basis for risk pricing.
37. Does the bank select a sample of notices provided
and compares them to the requirements in the
regulation and the model forms? (12 CFR 1022.73)
38. Does the bank send a separate notice to each
consumer on a loan if:
•
They live at separate addresses?
•
The notice includes a credit score disclosure?
39. Does the bank send a notice for each loan
transaction even if the consumer has received a
notice for a previous transaction? (12 CFR 1022.75)
40. If the bank is the first creditor in a multi-creditor
transaction, such as a secondary market mortgage
transaction, does it send a risk-based notice, if
appropriate? (12 CFR 1022.75)
41. If the bank chooses to provide a credit score
disclosure instead of a risk-based disclosure, does it
send the notice as soon as practical after it has
received the credit score from the consumer
reporting agency?
Related documents
Checklist 2.3: Denial of Deposit Account Applicant's Name Method
Checklist 2.3: Denial of Deposit Account Applicant's Name Method
The USC Viterbi School of Engineering seeks outstanding faculty
The USC Viterbi School of Engineering seeks outstanding faculty
USC CHEMISTRY DEPARTMENT
USC CHEMISTRY DEPARTMENT
File - Sarah S. M. Townsend
File - Sarah S. M. Townsend
The USC IGM Art Gallery - Sister Cities of Los Angeles
The USC IGM Art Gallery - Sister Cities of Los Angeles
god and allah need to talk
god and allah need to talk
Diversity Brochure - USC School of Social Work
Diversity Brochure - USC School of Social Work
Values Based Ethics
Values Based Ethics
Download
advertisement