Today lenders gain more flexibility in using credit information to reach new customers, but face new burdens in making sure the data are accurate.
Changes to the Fair Credit Reporting Act, enacted last year but effective Sept. 30, allow bank holding company affiliates to pool credit information into a central data base.
Previously, each affiliate was required to maintain separate customer information files. To tap information from sister companies, a firm was required to make a separate request of each affiliate.
A host of new consumer protection rules is the price lenders are paying for the added flexibility. For instance, banks and businesses that provide information to credit bureaus must investigate and correct any errors within 30 days of a customer's complaint.
"Consumers no longer need to wait for months to get a response," said Griffith L. Garwood, director of the division of consumer and community affairs at the Federal Reserve Board.
However, none of the consumer protections apply to holding company affiliates that share credit information as long consumers are notified when the data are used to deny credit. In addition, if a customer asks, the company must specify which information caused a credit application to be rejected.
Consumer activists complained about this loophole Monday. "This is one of the areas that we hope to change," said Michelle Meier, banking counsel for Consumers Union.
Industry representatives said the changes also help lenders curb credit risk by permitting them to withdraw credit offers made through pre-screened lists provided by credit bureaus.
"Congress believed the ability to ensure that consumers actually meet established credit criteria is an important factor in protecting the safety and soundness of banks," said L. Richard Fischer, a Morrison & Foerster attorney representing MasterCard International and Visa U.S.A.
Previously, lenders were required to make good on all pre-screened loan solicitations, even if the customer's name was mistakenly included on a credit bureau's list or the individual's credit history deteriorated after being included on the list.
The changes also allow pre-screened lists to include credit scores, which lenders may use to set limits on credit card accounts or to establish collateral requirements.
Beyond the 30-day deadline for fixing credit report mistakes, other consumer protection measures require:
- Lenders to notify consumers when credit bureau information is used to deny credit.
- Businesses to notify credit bureaus when information they have provided is disputed.
- Credit solicitations to include a toll-free number that customers may call to remove their names from future mailing lists for two years. Individuals who notify credit bureaus in writing may have their names permanently removed from mailing lists.
- Individuals to receive free copies of their credit reports if they make a request within 60 days of being denied credit.
- Employers to obtain written permission before obtaining the credit report of a job applicant or employee.
Banking regulators will enforce the new credit reporting requirements at financial institutions, while the Federal Trade Commission will oversee compliance at credit bureaus and other businesses.
Businesses that violate the law's restrictions may be fined up to $2,500 and sued for damages by individuals.
Fines will be assessed based on the severity of the transgression and the violator's ability to pay, said David Medine, FTC associate director of credit practices.