State Farm Bank Failed to Implement Compliance Policies
Yesterday the Bureau of Consumer Financial Protection (“Bureau”, formally CFPB) announced in a press release that State Farm Bank settled for Violation of Fair Credit Reporting Act and Consumer Financial Protection Act. State Farm will be subject to a comprehensive compliance plan with record keeping and compliance monitoring. The press release described that State Farm Bank,
“violated the Fair Credit Reporting Act, Regulation V, and the Consumer Financial Protection Act of 2010 by obtaining consumer reports without a permissible purpose; furnishing to credit-reporting agencies (CRAs) information about consumers’ credit that the bank knew or had reasonable cause to believe was inaccurate; failing to promptly update or correct information furnished to CRAs; furnishing information to CRAs without providing notice that the information was disputed by the consumer; and failing to establish and implement reasonable written policies and procedures regarding the accuracy and integrity of information provided to CRAs.”
List of Violations Committed by State Farm Bank
The consent order signed by Acting Director Mick Mulvaney outlines how State Farm Bank (Respondent) violated FCRA and CFPA by not implementing appropriate policies for using and procuring consumer info until 2017. Violations in clude:
In certain instances, Respondent obtained consumer reports of consumers who were not seeking an extension of credit from or involved in any form of credit transaction, account review, or account collection with Respondent, and Respondent had no other permissible purpose for the consumer reports it obtained
In some instances, Respondent’s Agents and Team Members initiated credit applications for the wrong consumer by incorrectly inputting consumer information into Respondent’s application system or by selecting the wrong consumer from a list of possible consumers identified in the system. When Agents and Team Members initiated applications in error, Respondent obtained a consumer report and generated a credit inquiry for the wrong consumer—not the consumer who had applied for the credit product.
In certain instances when the consumer had neither applied for a loan nor authorized Respondent to obtain a consumer credit report, Agents and Team Members initiated vehicle-loan applications for consumers for the purpose of soliciting those consumers, thereby triggering a credit inquiry.
Prior to September 2016, Respondent did not have appropriate policies and procedures about permissible purposes for using or obtaining consumer reports, particularly with respect to Agents and Team Members, and Respondent provided inadequate training and oversight to Agents and Team Members with respect to FCRA and the permissible use and obtaining of consumer reports. Around September 2016, Respondent implemented a written policy regarding disciplinary practices for FCRA violations and improved its FCRA training for Agents and Team Members.
In 2017, Respondent developed and implemented a Consumer Report Consent Management System to reduce the likelihood of obtaining or using a consumer report without a permissible purpose.
Under the terms of the consent order, State Farm Bank must not violate the Fair Credit Reporting Act or Regulation V and must implement and maintain reasonable written policies, procedures, and processes to address the practices at issue in the consent order and prevent future violations.
The original consent order can be found here.