Dueling Regulations: FCRA v. Crime

The bank compliance industry is about to face another example of dueling regulations.

To prevent crimes in your bank, you need the ability to investigate your employees. Obtaining a credit bureau report is a standard phase of any internal investigation. In order to obtain a copy of a consumer's or employee's report, the Fair Credit Reporting Act requires you to have a legitimate business purpose. Investigating possible crime is such a purpose. Here's the catch. You need the employee's permission to obtain a copy of their report.

Most banks have a blanket permission on file. It is a general procedure in bringing in new employees to obtain the permission. However, the new FCRA, which will take final effect this September 30, tightens the permission requirement. As a result, the permissions your bank has on file may not be sufficient to comply with the new act.

To make matters more complicated, the FTC takes seriously its responsibility under the act to protect the privacy of consumers. That agency has qualms about encouraging or allowing banks to use blanket ongoing permissions to obtain reports.

Because of the changes, this is a good time to collect new permissions from all employees. Review the permission form, distribute it to all employees, get the permission back, and hope it works.

Copyright © 1997 Compliance Action. Originally appeared in Compliance Action, Vol. 2, No. 9, 8/97