CFPB Issues Advisory Opinion Affirming Obligations of Consumer Report Providers and Users Under FCRA
On July 7, the CFPB issued an advisory opinion affirming that section 604 of the FCRA requires credit reporting agencies (CRAs) to maintain adequate procedures and have a reason to believe that all of the consumer report information they include in a consumer report pertains to the consumer, who is the subject of the user’s request and to not provide possible matches or reports on multiple individuals where the requester only has a permissible purpose to obtain a report on one individual. The CFPB noted that disclaimers by a CRA will not cure a failure to take reasonable steps to ensure the information contained in a credit report is only about the individual for whom the user has a permissible purpose. In addition, the CFPB affirmed that users of background screenings or credit reports must have a legally permissible purpose to use or share a consumer’s data. The CFPB also warned that failure to protect consumer data privacy in compliance with the FCRA can result in criminal liability, including imprisonment.
“While Congress and regulators must do more to protect our privacy, the CFPB will be taking steps to use the Fair Credit Reporting Act to combat misuse and abuse of personal data on background screening and credit reports.”
- CFPB Director Rohit Chopra
Joint Statement on the Risk-Based Approach to Assessing Customer Relationships and Conducting Customer Due Diligence
On July 6, the FDIC, the Federal Reserve, FinCEN, the NCUA, and the OCC (collectively, the Agencies), issued a joint statement to remind banks of the risk-based approach to assessing customer relationships and conducting CDD. The Agencies reiterated their longstanding position that no customer type presents a single level of uniform risk or a particular risk profile related to money laundering (ML), terrorist financing (TF) or other illicit financial activity. Instead, banks should remember that customer relationships present varying levels of ML, TF and other illicit financial activity risks, and the potential risk to a bank depends on the presence or absence of numerous factors, including facts and circumstances specific to the customer relationship. Banks must apply a risk-based approach to CDD when developing the risk profiles of their customers and the Agencies continue to encourage banks to manage customer relationships and mitigate risks based on customer relationships, rather than decline to provide banking services to entire categories of customers.
Is the SEC’s Expansion of the “Exchange” and “Dealer” Definitions Part of the Agency’s Crypto and DeFi Strategy?
In March 2022, the SEC proposed rules that would greatly expand the Exchange Act definition of “dealer” and essentially kill the distinction between dealers and traders long-recognized by the SEC. The likely outcome is that most proprietary trading firms will need to register with the SEC as dealers and become members of FINRA or a national securities exchange. However, the scope of the proposal is vast and includes considerations and consequences for other players in the cryptocurrency and DeFi space.
Read the client alert to learn more about the SEC’s approach to and recent steps in regulating crypto and DeFi activity.
Check Out Goodwin’s Latest Industry Insights
FinReg + Policy Watch Blog
Stay on top of developments affecting the financial services community.
LenderLaw Watch Blog
Stay on top of news and legal issues in the consumer finance industry.
Consumer Finance Enforcement Watch Blog
Stay on top of enforcement actions, trends and issues.
Digital Currency + Blockchain Perspectives Blog
Stay on top of digital currency industry news, regulatory developments and issues.