FCRA: What's Permissible?
News

FCRA: What’s Permissible?

One of the several components of the Fair Credit Reporting Act (FCRA) is the requirement to establish a permissible purpose before pulling an individual’s credit report

Matt Goble
Blog,
Matt Goble – Vice President – Product Compliance Manager.

One of the several components of the Fair Credit Reporting Act (FCRA) is the requirement to establish a permissible purpose before pulling an individual’s credit report. These requirements are found in Section 604 of the FCRA (15 U.S.C. 1681b), only a few of which are of interest to a financial institution when using a consumer’s report in connection with a request for credit or opening a deposit account.

The first way to establish a permissible purpose is “in accordance with the written instructions of the consumer to whom it relates.” That is, you must get permission from the consumer, in writing, in order to obtain his or her consumer report. In this case, verbal consent from the consumer is not good enough even if documentation of such consent is maintained. So, when you get it in writing, you can’t go wrong.

A permissible purpose is also established when the person obtaining the consumer’s report “intends to use the information in connection with a credit transaction involving the consumer on whom the information is to be furnished and involving the extension of credit to or review or collection of an account of the consumer.” Therefore, at the point in which an individual applies for credit with your institution, your institution has a permissible purpose to obtain that individual’s credit report. In this case, you don’t necessarily need to have “written permission” to establish a permissible purpose; however, it is always best practice to document the consumer’s request for credit with initials on the application, for example, in order to further demonstrate your establishment of a permissible purpose. As I always say, documentation is key to compliance.

The final permissible purpose of importance to financial institutions in order to obtain a consumer’s credit report is when the institution “has a legitimate business need for the information” either

  • in connection with a business transaction that is initiated by the consumer, or
  • to review an account to determine whether the consumer continues to meet the terms of the account.

Now that we understand what it means to establish a permissible purpose in order to obtain a consumer credit report, there is a common misconception among financial institutions regarding whether or not a permissible purpose can be used in connection with subsequent applications for credit. For example, if a consumer applies for a car loan on November 26th, is it permissible for a financial institution to utilize said consumer’s November 26th credit report for a HELOC application on December 3rd? The simple answer is no. Once you establish a permissible purpose to obtain a consumer’s credit report, it is good for only one application and no more, regardless of the amount of time between subsequent applications for credit.

As mentioned previously, a permissible purpose is established when the person obtaining the consumer’s report “intends to use the information in connection with a credit transaction.” This section specifically references a single credit transaction and should not be interpreted to allow for multiple uses in connection with subsequent applications.

Re-using previously pulled credit reports could create problems with FCRA, fair lending, and your ability to repay calculation if you don’t have the individual’s most current credit information. Not to mention, previously obtained credit scores could be inaccurate and lack fraud alerts that were not yet added. Also, in many cases, it is a violation of an institution’s contract with its consumer reporting agency to reuse a credit report previously obtained as there is typically language in the contract with your CRA to prohibit the reuse of credit reports.

Filed under:

Matt Goble
Blog,
Matt Goble – Vice President – Product Compliance Manager.