Obtaining Credit Reports: When do you need to get permission?

by Mary Beth Guard

Question: When banks rely upon ChexSystems or a similar service to do an OFAC check, this is considered obtaining a credit report; therefore, it falls under the Fair Credit Reporting Act. If a Bank opens a non-risk type product (i.e. Certificate of Deposit or similar product), I don't believe this falls under the "permissible purpose" to obtain a credit report; therefore, the Bank must obtain the customer's written authorization to obtain the ChexSystems report. Is this true? I used to be a consultant to community banks and found that all of them do not obtain a written authorization.

Answer: Under the amended language in the Fair Credit Reporting Act, a consumer reporting agency may provide a consumer report "To a person which it has reason to believe" "otherwise has a legitimate business need for the information (i) in connection with a business transaction that is initiated by the consumer."

The big question, therefore is whether a financial institution whose customer is doing something like purchasing a CD has a "legitimate business need for the information" contained in a credit report. If the institution can somehow successfully argue that it has a legitimate business need for the information, it may obtain the report even without the customer's express written authorization.

Here is a thought about how it might be legitimate. An institution might want to check the financial status of the prospective CD customer to avoid a situation where the customer is subject to garnishments and levies because of the administrative work involved in responding to those types of legal processes.

The original version appeared in the January/February 2002 edition of the Oklahoma Bankers Association Compliance Informer.

First published on BankersOnline.com 6/24/02