Skip to main content
Menu Icon Menu Icon
Close

InfoBytes Blog

Financial Services Law Insights and Observations
Section Content

Upcoming Events

Filter

Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.

  • 11th Circuit: No FCRA violation for reporting as delinquent during forbearance plan

    Courts

    On June 27, the U.S. Court of Appeals for the 11th Circuit affirmed summary judgment for a mortgage servicer, concluding that reporting the consumer as delinquent to credit bureaus during a forbearance plan is neither inaccurate nor materially misleading under the Fair Credit Reporting Act (FCRA). According to the opinion, a borrower enrolled in a forbearance plan with her mortgage servicer, which allowed for a “monthly forbearance plan payment” of $25 while the remaining payment balance accrued and became due at the end of the plan. Before the borrower agreed to the plan, a representative for the servicer explained to the borrower that because she was not paying the actual contractual payment under the note, the monthly payments would still be considered late. The mortgage servicer reported the borrower past due for the duration of the plan, and the borrower subsequently filed suit alleging violations of the FCRA. In affirming the lower court’s decision, the appeals court found that while the borrower made timely payments under the forbearance plan, the payments were not the ones she was contractually bound to make under the mortgage note. Additionally, the appeals court found that the borrower did not establish that the forbearance plan legally modified the original note and, therefore, the information the servicer reported to the credit bureaus was not inaccurate and was also not materially misleading “particularly in light of [the servicer’s] additional affirmative statement that [the borrower] was paying under a partial payment agreement.”

    Courts Appellate Eleventh Circuit Mortgage Servicing Credit Reporting Agency

    Share page with AddThis
  • New York regulation requires all credit reporting agencies to register with NYDFS

    State Issues

    On June 25, the New York governor announced the issuance by the New York Department of Financial Services (NYDFS) of a final regulation that requires consumer credit reporting agencies (CRAs) with significant operations in New York to register with NYDFS and to comply with New York’s cybersecurity standard. Specifically, the newly promulgated regulation, entitled “Registration Requirements & Prohibited Practices for Credit Reporting Agencies,” 23 NYCRR 201, requires CRAs that reported on 1,000 or more New York consumers in the preceding year to register annually with NYDFS, beginning on or before September 1, 2018 for 2017 reporting, and by February 1 for every year thereafter. Among other things, the regulation also (i) authorizes the NYDFS superintendent to refuse to renew a CRA’s registration for various reasons, including if the applicant or affiliate of the applicant fails to comply with the cybersecurity regulations; (ii) subjects the CRAs to examination by NYDFS at the superintendent’s discretion; and (iii) prohibits CRAs from engaging in any “unfair, deceptive, or predatory act or practice toward any consumer,” to the extent not preempted by federal law. Additionally, beginning on November 1, the regulation requires every CRA to comply with NYDFS’ cybersecurity regulation, which requires, among other things, covered entities have a cybersecurity program designed to protect consumers’ data and controls and plans to help ensure the safety and soundness of New York’s financial services industry. (Recent InfoBytes coverage on NYDFS’ cybersecurity regulation available here and here.)

    According to Governor Cuomo, the oversight of CRAs will help to ensure New York consumers’ information is less vulnerable to the threat of cyber-attacks, stating, “[a]s the federal government weakens consumer protections, New York is strengthening them with these new standards.”

    State Issues NYDFS Credit Reporting Agency Privacy/Cyber Risk & Data Security

    Share page with AddThis
  • Rhode Island and New Hampshire prohibit security freeze fees

    Privacy, Cyber Risk & Data Security

    On June 14, the governor of Rhode Island signed S2562, which prohibits consumer reporting agencies from charging a fee for security freeze services, including the placement, removal, or temporary lifting of a security freeze for a consumer. The law also prohibits the charging of a fee in connection with issuing or reissuing a personal identification number that is used by a consumer to authorize the use of his or her credit or to remove the freeze. Previously, Rhode Island allowed credit reporting agencies to charge a fee up to $10 dollars for security freeze services and $5 for reissuances of personal identification numbers, although customers were entitled to a free initial reissuance of their personal identification numbers. The law is effective September 1.

    Similarly, on June 8, the governor of New Hampshire signed HB1700, which prohibits a consumer reporting agency from charging a fee to place, remove, or temporarily lift a security freeze. The law also prohibits a consumer reporting agency from charging a fee to issue or replace a consumer’s personal identification number used in connection with the security freeze. The law requires the consumer reporting agencies to place the freeze within three business days after receiving a consumer request, if the consumer makes the request via mail and within 24 hours after receiving a consumer request, if made electronically or by telephone. The law is effective January 1, 2019.

    Privacy/Cyber Risk & Data Security Security Freeze State Issues State Legislation Credit Reporting Agency

    Share page with AddThis
  • House passes bill allowing for reporting of rental, telecom, and utility payments to CRAs

    Federal Issues

    On June 25, the House passed H.R. 435, the “The Credit Access and Inclusion Act of 2017.” The bill would amend the Fair Credit Reporting Act to include a section allowing a person or the Department of Housing and Urban Development to furnish information to credit reporting agencies relating to the payment performance of a residential lease agreement, contract for a utility, or contract for a telecommunications service. The bill does not allow an energy utility to furnish information related to the usage of utility services or information related to an outstanding consumer balance if the consumer has entered into a payment plan and is meeting the obligations of the payment plan. Civil liability for violations of the Consumer Credit Protection Act do not apply to violations of the bill.

    Federal Issues Credit Reporting Agency Information Furnisher FCRA U.S. House Federal Legislation HUD

    Share page with AddThis
  • Illinois, Connecticut, and Hawaii pass security freeze legislation

    Privacy, Cyber Risk & Data Security

    On June 8, the Illinois governor approved HB 4095, which amends the Consumer Fraud and Deceptive Business Practices Act to prohibit consumer reporting agencies (CRAs) from charging consumers a fee for placing, removing, or temporarily lifting a security freeze. The act takes effect immediately.  The Act also permits a consumer to request a security freeze by phone or electronic means, in addition to a request in writing.

    This followed a similar action by the Connecticut governor, who on June 4 signed SB 472 to prohibit CRAs from charging a fee to consumers to place, remove, or temporarily lift a security freeze on a consumer's account. The legislation also, among other things, (i) prohibits CRAs from—as a condition of placing the freeze—requiring that consumers agree to limit their claims against the agency; (ii) increases the length of time that identity theft prevention and mitigation services must be provided to a consumer after a security breach from 12 to 24 months; and (iii) provides that the banking commissioner will adopt regulations that require CRAs to provide it with “dedicated points of contact” to allow the Department of Banking to assist consumers when a data breach occurs. The act takes effect October 1.

    On June 6, the Hawaii governor signed HB 2342 to enhance protection of consumer information by expanding the methods consumers may use to request security freezes, and by prohibiting credit reporting agencies (CRAs) from charging consumers a fee to place, remove, or temporarily lift a security freeze on a consumer's credit report or records. Among other things, the act now permits a consumer or a “protected consumer’s representative” to request a security freeze via first-class mail, a telephone call, or through a CRA’s designated secure website, and also preserves the CRA’s ability to lift a security freeze when the freeze was executed due to material misrepresentation by the consumer. When lifting a security freeze, CRAs are required to send written confirmation to the affected consumer within five business days. The act takes effect July 1.

    Privacy/Cyber Risk & Data Security State Issues State Legislation Security Freeze Data Breach Credit Reporting Agency

    Share page with AddThis
  • 9th Circuit affirms credit reporting agency’s code data did not violate the FCRA

    Courts

    On May 29, the U.S. Court of Appeals for the 9th Circuit affirmed summary judgment for a national credit reporting agency, holding that the company did not violate the Fair Credit Reporting Act (FCRA) in its reporting of short sales executed by the plaintiffs. The decision results from a proposed class action suit alleging that the credit reporting agency violated the FCRA by reporting short sales executed between 2010 and 2011 with code numbers that misreported the data as foreclosures. In September 2016, the lower court found that the credit reporting agency provided creditors with clear instructions on how to interpret the code system and Fannie Mae’s Desktop Underwriter program misinterpreted the “settled” code number “9” as a foreclosure, which was not the credit reporting agency’s fault. In affirming the lower court’s decision, the 9th Circuit held that the credit reporting agency “clearly and accurately disclosed to [consumers] all information that [the company] recorded and retained that might be reflected in a consumer report.” Additionally, the panel noted that the credit reporting agency was not required to report that Fannie Mae mishandled the code data when it became aware of it.

    Courts Ninth Circuit FCRA Credit Reporting Agency Short Sale Foreclosure Fannie Mae Appellate

    Share page with AddThis
  • Minnesota prohibits security freezes fees, authorizes security freezes for protected persons

    State Issues

    On May 19, the Minnesota governor signed HF1243, which, effective immediately, prohibits credit reporting agencies for charging a fee for the placement, removal, or temporary lift of a security freeze. The law previously allowed for a fee of $5.00. Additionally, effective January 1, 2019, the law authorizes the placement of a security freeze for a protected person – defined by the law as an individual under the age of 16 – if a consumer reporting agency receives a request by the protected person’s representative and certain authentication standards are met. The law also outlines the requirements for removing a security freeze for a protected person.

    State Issues Credit Reporting Agency Security Freeze State Legislation Privacy/Cyber Risk & Data Security

    Share page with AddThis
  • Maryland and Georgia prohibit security freeze fees

    State Issues

    On May 15, the Maryland governor signed SB 202, which prohibits consumer reporting agencies from charging consumers, or protected consumers’ representatives, a fee for the placement, removal, or temporary lift of a security freeze. Previously, Maryland allowed for a fee, in most circumstances, of up to $5.00 for each placement, temporary lift, or removal. The law takes effect October 1.

    On May 3, the Georgia governor signed SB 376, which amends Georgia law to prohibit consumer reporting agencies from charging a fee for placing or removing a security freeze on a consumer’s account. Previously, Georgia law allowed for a fee of no more than $3.00 for each security freeze placement, removal, or temporary lift, unless the consumer was a victim of identity theft or over 65 years old. Under SB 376, consumer reporting agencies may not charge a fee to any consumer at any time for the placement or removal of a security freeze. This law takes effect July 1.

    State Issues State Legislation Credit Reporting Agency Security Freeze Privacy/Cyber Risk & Data Security

    Share page with AddThis
  • Maryland expands authority over credit reporting agencies

    State Issues

    On May 8, Maryland governor Larry Hogan signed HB848, which expands Maryland’s authority over Credit Reporting Agencies (CRAs) by requiring CRAs to develop a secure system to process electronic requests for placing, lifting, or removing a security freeze. Additionally, the law expands the definition of “protected consumer” for purposes of free security freezes to include persons age 85 or older, certain members of the military, and incarcerated individuals. The law also (i) codifies an existing requirement that CRAs register with the Office of the Commissioner of Financial Regulation (OCFR); (ii) allows the OCFR to investigate written consumer complaints against CRAs; and (iii) increases the maximum civil monetary penalty to $1,000 for the first violation and $2,500 for each subsequent violation. The law is effective October 1.

    State Issues Credit Reporting Agency Security Freeze Privacy/Cyber Risk & Data Security

    Share page with AddThis
  • 7th Circuit affirms summary judgment for consumers in FDCPA suit

    Courts

    On May 2, the U.S. Court of Appeals for the 7th Circuit affirmed four district court decisions granting summary judgment in favor of consumers who alleged a debt collector violated the Fair Debt Collection Practices Act (FDCPA) by communicating debts to credit reporting agencies without indicating the debts were disputed. According to the opinion, the debt collector sent the four consumers a debt validation notice regarding an alleged credit card debt. More than 30 days later, a local legal aid organization sent the debt collector’s general counsel a notice of representation for each of the four consumers, noting, “the amount reported is not accurate.” After the attorney letters were sent, the debt collector reported the debts to the credit reporting agencies. The consumers each filed a separate action in district court alleging a violation of the FDCPA, and each district court granted the consumer summary judgment, finding the debt collector did not handle the letters properly. In the consolidated appeal, the 7th Circuit agreed with the district courts, holding that the actions of the debt collector were “a clear violation of the statute” as each attorney letter stated the amount was inaccurate and the debt collector still reported the debts without noting they were disputed. While the panel noted that there is no clear definition of “dispute” under the FDCPA, the court concluded, “there is simply no other way to interpret [the] language” of the attorney letter, rejecting the debt collector’s “bona fide error defense.”

    Courts Seventh Circuit Appellate FDCPA Credit Reporting Agency Debt Collection

    Share page with AddThis

Pages