Download:
pdf |
pdfSUPPORTING STATEMENT
National Credit Union Administration
For the Recordkeeping and Disclosure Requirements
Associated with the Fair Credit Reporting Act (FCRA), 15 U.S.C. 1681 et seq.,
as amended by the Fair and Accurate Credit Transactions Act of 2003,
Pub. L. 108-159, 117 Stat. 1952, and
as implemented by Regulation V, 12 CFR 1022, and by 12 CFR 717
Fair Credit Reporting (FCRA); Regulation V and 12 CFR 7171
OMB No. 3133-0165
A.
JUSTIFICATION
1.
Necessity of Information Collection
The Fair Credit Reporting Act (FCRA) 1 sets standards for the collection, communication, and
use of information bearing on a consumer’s creditworthiness, credit standing, credit capacity,
character, general reputation, personal characteristics, or mode of living. FCRA has been revised
numerous times since it took effect, notably by passage of the Consumer Credit Reporting
Reform Act of 1996, the Gramm-Leach-Bliley Act of 1999, and the Fair and Accurate Credit
Transactions Act of 2003. Historically, rulemaking authority for FCRA has been divided among
the Board of Governors of the Federal Reserve System (FRB), the Federal Deposit Insurance
Corporation (FDIC), the Federal Trade Commission (FTC), NCUA, the Office of the
Comptroller of the Currency (OCC), and the Office of Thrift Supervision.
The Dodd-Frank Wall Street Reform and Consumer Protection Act (DFA) amended a number of
consumer financial protection laws, including most provisions of FCRA. In addition to
substantive amendments, the DFA transferred rulemaking authority for most provisions of FCRA
to the Consumer Financial Protection Bureau (CFPB). Pursuant to the DFA and FCRA, as
amended, CFPB promulgated Regulation V, 12 CFR 1022, to implement those provisions of
FCRA for which CFPB has rulemaking authority.
Regulation V contains several requirements that impose information collection requirements on
federal credit unions:
•
•
•
•
•
•
1
The negative information notice;
Risk-based pricing;
The procedures to enhance the accuracy and integrity of information furnished to
consumer reporting agencies;
The duties upon notice of dispute from a consumer;
The affiliate marketing opt-out notice; and
The prescreened consumer reports opt-out notice.
15 U.S.C. 1681 et seq.
OMB No. 3133-0165
1
�The DFA did not transfer certain rulemaking authority under FCRA. Specifically, the DFA did
not transfer to CFPB the authority to promulgate: 2
•
•
•
The requirement to properly dispose of consumer information;
The rules on identity theft red flags and corresponding interagency guidelines on identity
theft detection, prevention, and mitigation; and
The rules on the duties of card issuers regarding changes of address.
These provisions are promulgated in NCUA’s Fair Credit Reporting regulation, 12 CFR 717,
which applies to federal credit unions.
The collection of information pursuant to Parts 1022 and 717 is triggered by specific events and
disclosures and must be provided to consumers within the time periods established under the
regulation. Regulation V and 12 CFR 717 includes model notices and/or model forms that can
be used to comply with the disclosure requirements of FCRA and the regulation, although the
use of the model notices and forms is not required. See Appendices B, C, D, E, and H of
Regulation V, Appendix C to 12 CFR 717.
2.
Purpose and Use of the Information Collection
Regulation V, 12 CFR 1022: The consumer disclosures included in Regulation V are designed
to alert consumers: (1) that a financial institution has furnished negative information about them
to a consumer reporting agency; (2) that they have a right to opt out of receiving marketing
materials and credit or insurance offers; (3) that their credit report was used in setting the
material terms of credit that may be less favorable than the terms offered to consumers with
better credit histories; (4) that they maintain rights with respect to knowing what is in their
consumer reporting agency file; and (5) that they can request a free credit report. Consumers
then can use the information provided to consider how and when to check and use their credit
reports.
The negative information notice, 15 U.S.C. 1681s-2(a)(7); 12 CFR 1022.1(b)(2)(ii):
FCRA requires a financial institution, including a credit union, that regularly extends
credit to consumers, to provide consumers with a notice either before it provides negative
information to a nationwide consumer reporting agency, or within 30 days after reporting
the negative information. Financial institutions may provide this disclosure on or with
any notice of default, any billing statement, or any other materials provided to the
consumer, if the notice is clear and conspicuous.
Although not required, financial institutions may use the model text, provided in
Appendix B to Part 1022, to provide consumers with a notice either before it provides
negative information to a nationwide consumer reporting agency, see Model B-1, or
within 30 days after reporting the negative information, see Model B-2.
2
The DFA did not transfer rulemaking authority under FCRA over any motor vehicle dealer that is predominantly
engaged in the sale and servicing of motor vehicles, the leasing and servicing of motor vehicles, or both, subject to
certain exceptions. See section 1029 of the DFA.
OMB No. 3133-0165
2
�The risk-based pricing notice, 15 U.S.C. 1681m(h); 12 CFR 1022, Subpart H: FCRA
generally requires a user of consumer reports, such as a credit union, to provide a riskbased pricing notice to a consumer when the user, based on a consumer report, extends
credit on terms that are “materially less favorable” than the terms the person has extended
to other consumers. Exceptions to the risk-based pricing notice requirement include:
1) When a consumer applies for specific terms of credit, and receives them, unless
those terms were specified by the creditor using a consumer report after the
consumer applied for the credit and after the creditor obtained the consumer
report;
2) When a person such as a creditor provides a notice of adverse action;
3) When a person makes a firm offer of credit in a prescreened solicitation even if
the person makes other firm offers of credit to other consumers on more favorable
material terms;
4) When a person generally provides a credit score disclosure to each consumer that
requests a loan that is or will be secured by residential real property;
5) When a person generally provides a credit score disclosure to each consumer that
requests a loan that is not or will not be secured by residential real property; and
6) When a person who otherwise provides credit score disclosures to consumers that
request loans, provides a disclosure about credit scores when no credit is
available.
Appendix H to Part 1022 contains optional model forms that may be used to comply with
the regulatory requirements.
The procedures to enhance the accuracy and integrity of information furnished to
consumer reporting agencies, 15 U.S.C. 1681s-2(e)(1); 12 CFR 1022.42: Each furnisher
must establish written policies and procedures regarding the accuracy and integrity of
consumer information that it furnishes to a consumer reporting agency. The policies and
procedures must be appropriate to the nature, size, complexity, and scope of the
furnisher’s activities. In developing its policies and procedures, a furnisher must consider
the Interagency Guidelines Concerning the Accuracy and Integrity of Information
Furnished to Consumer Reporting Agencies, Appendix E to Part 1022, and may include
its existing policies and procedures that are relevant and appropriate. Each furnisher
must also review its policies and procedures periodically and update them as necessary to
ensure their continued effectiveness.
The duties upon notice of dispute from a consumer, 15 U.S.C. 1681s-2(a)(8); 12 CFR
1022.43: A furnisher must conduct a reasonable investigation of a direct dispute (unless
an exception applies) if the dispute relates to:
1) The consumer’s liability for a credit account or other debt with the furnisher, such
as direct disputes about identity theft or fraud against the consumer, whether there
is individual or joint liability on an account, or whether the consumer is an
authorized user of a credit account;
OMB No. 3133-0165
3
�2) The terms of a credit account or other debt with the furnisher, such as direct
disputes relating to the type of account, principal balance, scheduled payment
amount, or the amount of the credit limit;
3) The consumer’s performance or other conduct concerning an account or other
relationship with the furnisher such as, direct disputes relating to the current
payment status, high balance, payment date, the payment amount, or the date an
account was opened or closed; or
4) Any other information contained in a consumer report regarding an account or
other relationship with the furnisher that bears on the consumer’s
creditworthiness, credit standing credit capacity, character, general reputation,
personal characteristics, or mode of living.
Exceptions to the reasonable investigation requirements apply to:
1) The consumer’s identifying information such as name, date of birth, Social
Security number, telephone number(s), or address(es);
2) The identity of past or present employers;
3) Inquiries or requests for a consumer report;
4) Information derived from public records, such as judgments, bankruptcies, liens,
and other legal matters (unless the information was provided by a furnisher with
an account or other relationship with the consumer);
5) Information related to fraud alerts or active duty alerts;
6) Information provided to a consumer reporting agency by another furnisher; or
7) If the furnisher has a reasonable belief that the direct dispute is submitted by a
credit repair organization; is prepared on behalf of the consumer by a credit repair
organization; or is submitted on a form supplied to the consumer by a credit repair
organization.
A furnisher is not required to investigate a direct dispute if the furnisher has reasonably
determined that the dispute is frivolous or irrelevant. A dispute qualifies as frivolous or
irrelevant if: the consumer did not provide sufficient information to investigate the
disputed information; the direct dispute is substantially the same as a dispute previously
submitted by or on behalf of the consumer and the dispute is one with respect to which
the furnisher has already complied with the statutory or regulatory requirements; or the
furnisher is not required to investigate the direct dispute because one or more of the
exceptions listed in 12 CFR 1022.43(b) applies. Upon a determination that a dispute is
frivolous or irrelevant, the furnisher must notify the consumer not later than five business
days after making the determination, by mail or, if authorized by the consumer for that
purpose, by any other means available to the furnisher.
The affiliate marketing opt-out requirement, 15 U.S.C. 1681s-3; 12 CFR 1022, Subpart
C: FCRA generally prohibits a person from using certain consumer eligibility
information received from an affiliate to make a solicitation to the consumer about its
products or services, unless the consumer is given notice and an opportunity to opt out,
and the consumer does not opt out. Exceptions include a person using eligibility
information:
OMB No. 3133-0165
4
�1) To make solicitations to a consumer with whom the person has a pre-existing
business relationship;
2) To perform services for another affiliate subject to certain conditions;
3) In response to a communication initiated by the consumer; or
4) To make a solicitation that has been authorized or requested by the consumer.
A consumer’s affiliate marketing opt-out election must be effective for a period of at least
five years. Upon expiration of the opt-out period, the consumer must be given a renewal
notice and an opportunity to renew the opt-out before information received from an
affiliate may be used to make solicitations to the consumer.
Appendix C to Part 1022 contains optional model forms that may be used to comply with
the regulatory requirements.
The prescreened consumer reports opt-out notice, 15 U.S.C. 1681b(c) and 15 U.S.C.
1681m(d); 12 CFR 1022.54: FCRA allows persons, including credit unions, to obtain
and use consumer reports in connection with any credit or insurance transaction that the
consumer does not initiate, to make firm offers of credit or insurance. This prescreening
process occurs when a person obtains from a consumer reporting agency a list of
consumers who meet predetermined creditworthiness criteria and who have not elected to
be excluded from prescreened lists. FCRA contains consumer protections and technical
notice requirements concerning prescreened offers of credit or insurance. FCRA requires
nationwide consumer reporting agencies to jointly operate an opt-out system, whereby
consumers can elect to be excluded from prescreened lists by calling a toll-free number.
When a person, such a credit union, obtains and uses these lists, it must provide
consumers with a Prescreened Opt-Out Notice with the offer of credit or insurance. The
notice must also provide the toll-free telephone number operated by the nationwide
consumer reporting agencies for consumers to call to opt out of prescreened lists.
Appendix D to Part 1022 contains optional model forms that may be used to comply with
the regulatory requirements.
NCUA Fair Credit Reporting Regulation, 12 CFR 717:
The requirement to properly dispose of consumer information, 15 U.S.C. 1681w; 12 CFR
717.83: Under Part 717.83(a)-(c), a credit union or other entity must properly dispose of
any consumer information that it maintains or possesses. This must be done consistent
with NCUA’s Guidelines for Safeguarding Member Information, in Appendix A to 12
CFR 748. Examples of how to properly dispose of consumer information include
burning, pulverizing, or shredding papers; or destroying or erasing electronic media.
Regardless of form, the process must ensure that the information cannot practically be
read or reconstructed.
The rules on identity theft red flags and corresponding interagency guidelines on identity
theft detection, prevention, and mitigation, 15 U.S.C. 1681m(e), 12 CFR 717.90: Each
OMB No. 3133-0165
5
�federal credit union must determine periodically whether it offers or maintains “covered
accounts” as defined in Part 717.90(b)(3). As part of this determination, the federal
credit union must conduct a risk assessment to determine whether it offers or maintains
covered accounts taking into consideration: (1) the methods it provides to open its
accounts; (2) the methods it provides to access its accounts; and (3) its previous
experiences with identity theft.
A federal credit union that offers or maintains one or more “covered accounts” must
develop and implement a written program designed to detect, prevent, and mitigate
identity theft in connection with the opening of a “covered account” or any existing
“covered account.” The program must be tailored to the federal credit union’s size and
complexity and the nature and scope of its operations and must contain “reasonable
policies and procedures” to:
1) Identify red flags for the “covered accounts” the federal credit union offers or
maintains and incorporate those red flags into the program;
2) Detect red flags that have been incorporated into the program;
3) Respond appropriately to any red flags that are detected to prevent and mitigate
identity theft; and
4) Ensure that the program, including the red flags determined to be relevant, is
updated periodically, to reflect changes in risks to customers and to the safety and
soundness of the federal credit union from identity theft.
A federal credit union must provide for the continued administration of the program by:
(1) obtaining approval of the initial written program by the board of directors or an
appropriate committee of the board; (2) involving the board of directors, a committee of
the board, or an employee at the level of senior management, in the oversight,
development, implementation, and administration of the program; (3) training staff, as
necessary, to implement the program effective; and (4) exercising appropriate and
effective oversight of service-provider arrangements.
Each federal credit union that is required to implement a program also must consider the
Interagency Guidelines on Identity Theft Detection, Prevention, and Mitigation, available
in Appendix J to Part 717, and include in its program those guidelines that are
appropriate. The guidelines are intended to assist federal credit unions in the formation
and maintenance of a program that satisfies the regulatory requirements. A federal credit
union may determine that a particular guideline is not appropriate for its program;
however, the federal credit union must have policies and procedures that meet the
specific requirements of the rules.
The rules on the duties of card issuers regarding changes of address, 15 U.S.C. 1681m(e);
12 CFR 717.91: A card issuer must establish and implement reasonable policies and
procedures to assess the validity of a change of address if it receives notification of a
change of address for a consumer’s debit or credit card account and, within a short period
of time afterwards, at least the first 30 days after it receives such notification, the card
issuer receives a request for an additional or replacement card for the same account. In
OMB No. 3133-0165
6
�such situations, the card issuer must not issue an additional or replacement card until it
assesses the validity of the change of address in accordance with its policies and
procedures.
The policies and procedures must provide that the card issuer will:
1) Notify the cardholder of the request for an additional or replacement card at the
cardholder’s former address or by any other means of communication that the
card issuer and the cardholder have previously agreed to use; and provide to the
cardholder a reasonable means of promptly reporting incorrect address change; or
2) Assess the validity of the change of address according to the procedures the card
issuer has established as part of its Identity Theft Prevention Program (12 CFR
717.90).
A card issuer may satisfy the requirements of these rules prior to receiving any request
for an additional or replacement card by validating an address when it receives an address
change notification.
Any written or electronic notice that a card issuer provides to satisfy these rules must be
clear and conspicuous and provided separately from its regular correspondence with the
cardholder.
3.
Consideration Given to Information Technology
Credit unions may adopt any existing technology relevant to producing the notices, obtaining the
consumer opt-out determinations, and maintaining records of the notices and opt-out
determinations.
4.
Duplication
There is no duplication. The information is not available from any other source.
5.
Effect on Small Entities
The collection imposes on credit unions, regardless of size, only the minimum burden necessary
for compliance with FCRA. Regulation V and Part 717 include model notices that credit unions
may use to comply with the regulations. Although the use of the model notices is not required,
the use of the model notices should minimize the burden of this collection.
6.
Consequences of Not Conducting Collection
The frequency of the disclosure requirements contained in the regulations are transaction based.
Less frequent disclosures would reduce the protections to consumers that were contemplated by
FCRA.
OMB No. 3133-0165
7
�7.
Inconsistencies with Guidelines in 5 CFR 1320.5(d)(2)
There are no special circumstances. This collection is consistent with the guidelines in 5 CFR
1320.5(d)(2).
8.
Consultations Outside the Agency
The required 60-day Federal Register notice soliciting comments on this collection of
information was published on November 29, 2916, at 81 FR 86021. NCUA did not receive any
comments in response to this notice.
9.
Payment or Gift
There is no intent by NCUA to provide payment or gifts for information collected.
10.
Confidentiality
Credit union examination reports and any documents related thereto are exempt from the
Freedom of Information Act disclosure, pursuant to exemption 8, 5 U.S.C. 552(b)(8).
11.
Sensitive Questions
No questions of a sensitive nature are asked. The information collection does not collect any
Personally Identifiable Information (PII).
12.
Burden of Information Collection
The annual burden is estimated to be 284,346 hours for the 3,764 federal credit unions that are
deemed to be respondents for purposes of PRA. The burden for consumers is estimated to be
19,200 hours. These estimated burdens arise exclusively from the regulations and is shown in
the table below. Total burden hours associated with this information collection are 303,546.
OMB No. 3133-0165
8
�Federal Credit Union Burden
Information Collection Requirement
12 CFR 1022 or 12 CFR 717
Negative Information Notice
(1022.1(b)(2))
Risk-Based Pricing (1022, Subpart
H)
Procedures to Enhance Accuracy &
Integrity of Information Furnished
to Consumer Reporting Agencies
(1022.42):
(1) Develop policies and
procedures
(2) Amend policies and procedures
and training
Notice of Dispute from Consumer
(1022.43)
Prescreened Consumer Reports OptOut Notice (1022.54)
Affiliate Marketing Opt-Out Notice
(1022, Subpart C)
Requirement to Properly Dispose of
Consumer Information (717.83)
Identity Theft Red Flags (717.90):
(1) Develop program and policies
and procedures
(2) Update program, prepare
annual report and training
Card Issuers’ Duties Regarding
Changes of Address (717.91)
Estimated # of
Respondents or
Responses
Estimated
Annual
Frequency
Estimated
Avg. Hours
per Response
Estimated
Annual
Burden
Hours
3,764
1
15 minutes
941
2,567
12
5
154,020
44
1
32
1,408
3,764
1
8
30,112
10,129
1
14 minutes
2,363
2,135
1
15 minutes
534
568
1
18
10,224
3,764
1
4
15,056
44
1
21
924
3,764
1
16
60,224
2,135
1
4
8,540
284,346
Total
Consumer Burden
Prescreened Consumer Reports OptOut Notice
Affiliate Marketing Opt-Out Notice
Total
OMB No. 3133-0165
115,100
1
5 minutes
9,592
115,300
1
5 minutes
9,608
19,200
9
�The annual cost for the 3,764 federal credit union respondents is estimated to be $9,952,110 (at
$35 hourly cost) and is shown in the table below; the annual cost for consumers is estimated to
be $460,800 (at $24 hourly cost) and is also shown in the table below. Total annual cost
associated with this information collection is $10,412,910.
Information Collection Activity
Negative Information Notice
Risk-Based Pricing
Procedures to Enhance Accuracy and
Integrity of Information Furnished to
Consumer Reporting Agencies
(1) Develop policies and procedures
(2) Amend policies and procedures and
training
Notice of Dispute from Consumer
Prescreened Consumer Reports Opt-Out
Notice
Affiliate Marketing Opt-Out Notice
Requirement to Properly Dispose of
Consumer Information
Identity Theft Red Flags:
(1) Develop program and policies and
procedures
(2) Prepare annual report and training
Card Issuers’ Duties Regarding Changes
of Address
Total
Cost to Federal Credit Unions
Annual
Hourly $
Total $
Hourly
Rate per
Amount
Burden
Response
941
$35
$32,935
154,020
$35
$5,390,700
1,408
$35
$49,280
30,112
2,363
$35
$35
$1,053,920
$82,705
534
10,224
$35
$35
$18,690
$357,840
15,056
$35
$526,960
924
60,224
$35
$35
$32,340
$2,107,840
8,540
284,346
$35
$298,900
$9,952,110
Cost to Consumers
Prescreened Consumer Reports Opt-Out
Notice
Affiliate Marketing Opt-Out Notice
Total
13.
9,592
9,608
19,200
$24
$24
$230,200
$230,600
$460,800
Costs to Respondents
There are not capital/start-up or ongoing operations/maintenance costs associated with this
information collection.
14.
Costs to Federal Government
There are no costs to the Federal Government.
OMB No. 3133-0165
10
�15.
Changes in Burden
This is a reinstatement with change of a previously approved collection. This reinstatement
makes adjustments to the burden to capture information collection requirements prescribed by 12
CFR Part 1022 and 717.
16.
Information Collection Planned for Statistical Purposes
Not applicable. The information collection is not used for statistical purposes.
17.
Approval to Omit OMB Expiration Date
Not applicable. Information collection requirements are in the form of recordkeeping and thirdparty disclosure requirements.
18.
Exceptions to Certification for Paperwork Reduction Act Submissions
This collection complies with the requirements in 5 CFR 1320.9.
B.
COLLECTIONS OF INFORMATION EMPLOYING STATISTICAL METHODS
This collection does not involve statistical methods.
OMB No. 3133-0165
11
�
| File Type | application/pdf |
| Author | Lee, Grace H |
| File Modified | 2017-02-08 |
| File Created | 2017-02-08 |