Fair Credit Reporting: 16 C.F.R. § 682.5 Effective date.
The rule in this part is effective on June 1, 2005.
[69 Fed. Reg. 35,496 (June 24, 2004); 69 Fed. Reg. 68,697 (Nov. 24, 2004); 84 Fed. Reg. 31,191 (July 1, 2019)]
The rule in this part is effective on June 1, 2005.
[69 Fed. Reg. 35,496 (June 24, 2004); 69 Fed. Reg. 68,697 (Nov. 24, 2004); 84 Fed. Reg. 31,191 (July 1, 2019)]
Under the Dodd-Frank Act, the CFPB was prohibited from issuing any rules that govern motor vehicle dealers. Thus, the FTC’s existing FCRA regulations regarding users govern them. The following a table of citations for FTC regulations that parallel the CFPB regulations, but apply to motor vehicle dealers. In 2021, the FTC amended several of these rules to make clear that their scope is specifically limited to motor vehicle dealers.5
Section 681.1 of this part requires each financial institution and creditor that offers or maintains one or more covered accounts, as defined in § 681.1(b)(3) of this part, to develop and provide for the continued administration of a written Program to detect, prevent, and mitigate identity theft in connection with the opening of a covered account or any existing covered account. These guidelines are intended to assist financial institutions and creditors in the formulation and maintenance of a Program that satisfies the requirements of § 681.1 of this part.
In designing its Program, a financial institution or creditor may incorporate, as appropriate, its existing policies, procedures, and other arrangements that control reasonably foreseeable risks to customers or to the safety and soundness of the financial institution or creditor from identity theft.
(a) Risk Factors. A financial institution or creditor should consider the following factors in identifying relevant Red Flags for covered accounts, as appropriate:
(1) The types of covered accounts it offers or maintains;
(2) The methods it provides to open its covered accounts;
(3) The methods it provides to access its covered accounts; and
(4) Its previous experiences with identity theft.
The Program’s policies and procedures should address the detection of Red Flags in connection with the opening of covered accounts and existing covered accounts, such as by:
(a) Obtaining identifying information about, and verifying the identity of, a person opening a covered account, for example, using the policies and procedures regarding identification and verification set forth in the Customer Identification Program rules implementing 31 U.S.C. 5318(l) (31 C.F.R. 103.121); and
The Program’s policies and procedures should provide for appropriate responses to the Red Flags the financial institution or creditor has detected that are commensurate with the degree of risk posed.
Financial institutions and creditors should update the Program (including the Red Flags determined to be relevant) periodically, to reflect changes in risks to customers or to the safety and soundness of the financial institution or creditor from identity theft, based on factors such as:
(a) The experiences of the financial institution or creditor with identity theft;
(b) Changes in methods of identity theft;
(c) Changes in methods to detect, prevent, and mitigate identity theft;
(a) Oversight of Program. Oversight by the board of directors, an appropriate committee of the board, or a designated employee at the level of senior management should include:
(1) Assigning specific responsibility for the Program’s implementation;
(2) Reviewing reports prepared by staff regarding compliance by the financial institution or creditor with § 681.1 of this part; and
Financial institutions and creditors should be mindful of other related legal requirements that may be applicable, such as:
(a) For financial institutions and creditors that are subject to 31 U.S.C. 5318(g), filing a Suspicious Activity Report in accordance with applicable law and regulation;
(b) Implementing any requirements under 15 U.S.C. 1681c-1(h) regarding the circumstances under which credit may be extended when the financial institution or creditor detects a fraud or active duty alert;
In addition to incorporating Red Flags from the sources recommended in section II.b. of the Guidelines in appendix A of this part, each financial institution or creditor may consider incorporating into its Program, whether singly or in combination, Red Flags from the following illustrative examples in connection with covered accounts:
Alerts, Notifications or Warnings from a Consumer Reporting Agency
1. A fraud or active duty alert is included with a consumer report.
[69 Fed. Reg. 35,496 (June 24, 2004); 72 Fed. Reg. 63,773, 63,774 (Nov. 9, 2007); 74 Fed. Reg. 22,645 (May 14, 2009); 77 Fed. Reg. 72,715 (Dec. 6, 2012); 84 Fed. Reg. 31,191 (July 1, 2019)]
The Office of Comptroller of Currency (OCC), Federal Deposit Insurance Corporation (FDIC), National Credit Union Administration (NCUA), and Federal Reserve Board (FRB) (in its role as a banking regulator) had all promulgated FCRA regulations prior to the Dodd-Frank Act. These include regulations that parallel the FTC version for the red flag guidelines and disposal rule, which are still effective.
This appendix collects useful web addresses for mortgage-related organizations and topics. The organizations are listed first and are sometimes followed by specific resources hosted by the organization. If any of those links do not work, practitioners should search for the resource from the homepage of the organization that hosts it.
Live weblinks are included in the version of this appendix available online and will be updated when possible.
The Credit Repair Organizations Act was passed by Congress as part of the Omnibus Consolidated Appropriations Act of 1996, Pub. L. No. 104-208, § 2451, 110 Stat. 3009 (1996).
The Act as codified at 15 U.S.C. § 1679 is set out below.
(a) Findings. The Congress makes the following findings:
(1) Consumers have a vital interest in establishing and maintaining their credit worthiness and credit standing in order to obtain and use credit. As a result, consumers who have experienced credit problems may seek assistance from credit repair organizations which offer to improve the credit standing of such consumers.
For purposes of this subchapter, the following definitions apply:
(1) Consumer. The term “consumer” means an individual.
(2) Consumer credit transaction. The term “consumer credit transaction” means any transaction in which credit is offered or extended to an individual for personal, family, or household purposes.
(3) Credit repair organization. The term “credit repair organization”—
(a) In general. No person may—
(1) make any statement, or counsel or advise any consumer to make any statement, which is untrue or misleading (or which, upon the exercise of reasonable care, should be known by the credit repair organization, officer, employee, agent, or other person to be untrue or misleading) with respect to any consumer’s credit worthiness, credit standing, or credit capacity to—
(a) Disclosure Required. Any credit repair organization shall provide any consumer with the following written statement before any contract or agreement between the consumer and the credit repair organization is executed:
“Consumer Credit File Rights Under State and Federal Law
(a) Written contracts required. No services may be provided by any credit repair organization for any consumer—
(1) unless a written and dated contract (for the purchase of such services) which meets the requirements of subsection (b) has been signed by the consumer; or
(2) before the end of the 3-business-day period beginning on the date the contract is signed.
(a) In general. Any consumer may cancel any contract with any credit repair organization without penalty or obligation by notifying the credit repair organization of the consumer’s intention to do so at any time before midnight of the 3d business day which begins after the date on which the contract or agreement between the consumer and the credit repair organization is executed or would, but for this subsection, become enforceable against the parties.