It used to be that when credit was denied, all you had to do was follow the rule in Regulation B's 202.9(f) which stated that you may send one adverse action notice to the primary applicant. The notice contained the information required by Regulation B: creditor's name and address, a statement of the action taken, a summary of the applicant's credit rights, and either the reasons for the adverse action or a statement that the applicant may request them.
This design, together with the permission to send only one notice when multiple applicants are involved, represents the Federal Reserve Board's efforts to minimize regulatory burden. The FRB believed that providing creditors with choices and requiring only one notice to be sent was the most effective way to keep the requirement's burden to a minimum.
Also in the spirit of minimizing burden, the FRB issued a model denial form that contained the adverse action notices required by Regulation B and also by the Fair Credit Reporting Act. In theory, this made things simpler. And that tended to be the case - until the Federal Trade Commission issued two staff interpretations in the summer of 2000 that turned the adverse action world upside down.
The first was the Tatelbaum letter in which FTC staff opined that a creditor could not obtain a credit report on individuals participating in a business loan application because the "consumer" to whom the report was relevant had not applied for credit and had not therefore given the creditor a legitimate business purpose to obtain the report. A request for credit from a business did not give rise to a legitimate business purpose for obtaining a report about a consumer, even if that consumer was the owner of the business and signed the application request.
This went straight to the question of safety and soundness. Regulatory concerns ran so high in the financial supervisory agencies that the general counsels of those agencies requested FTC to reconsider and revise its interpretation.
What the FTC staff wrote in the Tatelbaum letter is that FCRA rights are consumer rights - rights specific to the individual consumer. The FCRA protects information about that consumer from use except under specific circumstances, such as an application from the consumer for credit. In its response to the general counsels, the FTC agreed that if a consumer would be individually liable on the business credit, then the creditor would have a legitimate business purpose to obtain the individual's credit report. This method of bringing in guarantors begins the new confusion with ECOA.
It got worse with the second letter (which was actually issued a few weeks before the Tatelbaum letter.) The Stinneford letter explained which consumers had a right to an FCRA adverse action notice and under what circumstances. And this is the bombshell that created the adverse action problem.
In the Stinneford letter, the FTC staff explained that the consumer's right to an adverse action notification is based on the creditor's use of the consumer's credit report rather than on the consumer's role in the application. The fact that a consumer's report was used is the trigger for the right to the FCRA notice. The consumer's role in the application - primary applicant, co-signer, guarantor or the like - is not a relevant consideration.
Every consumer whose report is used has specific FCRA rights. One of those rights is to be notified if information in that report was used to deny the application. Because FCRA is a privacy law, this notice can't go to just anyone; it has to go to the consumer to whom it relates. Who must receive the notice depends on the consumer's status as an applicant or guarantor. In the Stinneford letter, FTC staff explains how this works.
The FCRA applies to "consumers." The act requires the creditor to give a notice to "any consumer" with respect to whom adverse action is taken. However, for purposes of determining what adverse action is, FTC staff followed the mandate in FCRA to look to the ECOA. The FCRA defines adverse action by referring to the definition in ECOA.
Here is where it gets both interesting and complicated. By looking at ECOA, a consumer can only experience adverse action by being an "applicant." Regulation B defines applicant to include the individuals requesting credit. However, applicant only includes guarantors for the purposes of the signature rules in 202.9(d). Therefore, guarantors do not have status to receive adverse action notices as denied applicants because they are not applicants.
Co-applicants, however, are defined as applicants by Regulation B. Each co-applicant, therefore, has the right to an individual FCRA adverse action notice when credit is denied using information in their credit report(s).
The result is not a reduction in regulatory burden. Neither is it regulatory simplification. The result is a complicated mess. The lender must find a workable balance between regulatory compliance and privacy protections for each applicant or guarantor. In doing so, the lender should remember that it may be better to send more notices - e.g., to guarantors - than are actually required as a method of ensuring compliance.
Audit adverse action notices and compare notices to applications to find out whether co-applicants were given appropriate FCRA notices.
Review procedures and any other instructions for preparation of ECOA and FCRA adverse action notices. Be sure they are consistent with these requirements.
Review training programs for content to be sure these issues are covered.
BankersOnline is a free service made possible by the generous support of our advertisers and sponsors. Advertisers and sponsors are not responsible for site content. Please help us keep BankersOnline FREE to all banking professionals. Support our advertisers and sponsors by clicking through to learn more about their products and services.