top of page

Laws & Notices

The Fair Credit Reporting Act (“FCRA”) became effective on April 25, 1971. The FCRA is a group of acts contained in the Federal Consumer Credit Protection act, such as the Truth in Lending Act and the Fair Debt Collection Practices Act.

Congress substantively amended the FCRA upon the passage of the Fair and Accurate Credit Transactions Act of 2003 (“FACT Act”). The FACT Act created many new responsibilities for consumer reporting agencies and users of consumer reports. It contained many new consumer disclosure requirements as well as provisions to address identity theft. In addition, it provided free annual consumer report rights for consumers and improved access to consumer report information to help increase the accuracy of data in the consumer reporting system.

The identity theft rights summary includes the identity theft rights granted to consumers by FACTA, including the right to place fraud alerts on their credit reports, to block businesses and credit bureaus from reporting information in their credit files that is a result of identity theft, and to obtain from businesses information about accounts or transactions in their name that result from identity theft. The identity theft rights summary will be provided by consumer reporting companies to consumers who contact the agencies because they believe they are victims of fraud or identity theft.

The general consumer rights summary includes, among other things, consumers' right to see their credit files and know when they have been used against them, to correct inaccuracies, and to opt-out of unsolicited offers. The summary also notes that, in addition to identity theft victims, active-duty military personnel have additional rights under the FCRA and FACTA. This general summary of rights updates the current summary, which credit reporting companies provide to consumers with their credit reports. The furnisher and user notices explain to businesses their duties under the FCRA.

The FCRA contains significant responsibilities for business entities that are consumer reporting agencies and lesser responsibilities for those that are not. Generally, financial institutions are not consumer reporting agencies.

In addition to the requirements related to financial institutions acting as consumer reporting agencies, FCRA requirements also apply to financial institutions that operate in any of the following capacities:

  • Procurers and users of information (for example, as credit grantors, purchasers of dealer paper, or when opening deposit accounts).

  • Furnishers and transmitters of information (by reporting information to consumer reporting agencies, other third parties, or to affiliates).

  • Marketers of credit or insurance products.

  • Employers.


Financial institutions are subject to a number of different requirements under the FCRA. The statute contains some of the requirements, while others are in regulations issued jointly by the FFIEC agencies or in regulations issued by the Federal Reserve Board and/or the Federal Trade Commission.

The Dodd-Frank Act granted rulemaking authority under the FCRA (except for §615(e) (identity theft) and §628 (disposal)) to the Consumer Financial Protection Bureau (“CFPB”) and, with respect to entities under its jurisdiction, granted authority to the CFPB to supervise for and enforce compliance with the provisions of the FCRA and the implementing regulations.

The CFPB structured the examination procedures as a series of modules, grouping similar requirements together. The modules contain general information about each of the requirements:

  • Module 1 Obtaining Consumer Reports.

  • Module 2 Obtaining Information and Sharing Among Affiliates.

  • Module 3 Disclosures to Consumers and Miscellaneous Requirements.

  • Module 4 Financial Institutions as Furnishers of Information.

  • Module 5 Consumer Alerts and Identity Theft Protections.



In October 2016, the Federal Trade Commission (“FTC”) issued guidance applicable to background screening companies and landlords who engage in tenant screening. The FTC highlights four key responsibilities of such background screening companies (considered consumer reporting agencies) covered by the Fair Credit Reporting Act (“FCRA”), specifically:

  • “Follow reasonable procedures to ensure accuracy

  • Get certifications from your clients.

  • Provide your clients with information about the FCRA.

  • Honor the rights of applicants and tenants.”


The FTC opines on what “reasonable procedures to ensure accuracy” are (and those should be read to apply to employment screening as well). The FTC maintains: “certain practices may be indicators that a background screening company isn’t following reasonable procedures. For example, if a report lists criminal convictions for people other than the applicant or tenant – for instance, a person with a middle name or date of birth different from the applicant’s – that raises FCRA compliance concerns. Other examples that raise FCRA compliance concerns include screening reports with multiple entries for the same offense or that list criminal records that have been expunged or otherwise sealed. Another indication that a company’s procedures might not be reasonable are reports that list housing court actions, but do not include the outcome of the action – for instance, that a case was resolved in the tenant’s favor.”

Background screeners should also note that the FTC calls out reports with multiple entries for the same offense, the reporting of expunged or sealed records, reports with no dispositions, and finally, the failure to use a middle name to ensure accuracy.

Please see the following materials from the FTC:


Employers - Criminal Background Check Policy

Employers should be aware that in 2012 guidance on the use of criminal history records in employment, the Equal Employment Opportunity Commission made clear that blanket prohibitions on employment based on criminal history are frowned upon due to the potential for discrimination.

A federal district court judge recently granted class certification in litigation against the Washington Metropolitan Area Transit Authority (WMATA) challenging WMATA’s criminal background check policy. The case is Little et al. v. Washington Metro Area Transit Authority et al., filed in U.S. District Court in the District of Columbia in 2014. The claim being that WMATA’s criminal background check policy is racially discriminatory in part because it is overly broad, permanently barring applicants with certain convictions from employment without considering length of time since the conviction and whether the offense was related to the position at hand.

bottom of page