How can a bank achieve assured compliance given the constrained information security budgets today?
When granting open-end credit card accounts is it necessary for the bank to call the applicant (if the phone number is provided in the bureau statement) in the event that they have an extended fraud alert on their bureau or can the bank leave a message and accept a return call from the applicant and verify the applicant's bureau contact phone number from the bank's caller ID? Does the bank have to call the bureau contact number of a card holder (with an extended fraud alert on the bureau) who requests a credit line increase or to have an account reactivated and new plastic sent or are these two scenarios exempt from FACTA verification compliance?
What individual risk assessments is a bank expected to perform? How do the individual risk assessments fit together with an "enterprise risk assessment"?
We are currently providing a FACT Act negative information notice to our second mortgage applicants. This notice also includes the member's current credit score and the corresponding CRA. Are we required to provide this notice to our consumer loan applicants as well?
Do the FACTA provisions only apply to consumer loans? If not, what other type of loans are affected by the FACTA?
I am a new compliance officer and in the process of developing a procedure pertaining to ID theft. How do some institutions handle holds on accounts for customers that are a victim of identity theft (FACT ACT)? I know that we could close the deposit account that is affected by the ID theft and reopen a new one, but what about the other deposit accounts the customer has with our institution?
I have read the FACT and FCRA guidelines, but find them confusing when it comes to sharing information with affiliates. I find reference to a proposal that would cause the need for a privacy notice with an opt out provision, but cannot find that it actually went into effect. Here is my scenario. Bank A and Mortgage Co. B are owned by the same holding company. Bank A receives a loan application. In order to provide the customer/consumer with the best loan product, Bank A would like to share the application and credit bureau information with Mortgage Co. B. Does Bank A have to provide a privacy notice with an opt out provision or would the sharing of information be considered exempt under the marketing exemption?
I understand according to FACTA, a notice to the Home Loan Applicant disclosing credit score information is required, if a consumer applicant applies for an open or closed end credit that will be secured by 1 to 4 family residential real property. Our Bank automatically acquires this notice through our credit bureau reporting agency when credit is pulled. However, our procedures allow a Lender to utilize a credit report that has previously been pulled for some other transaction, as long as it is not older than a designated time frame. This may present a problem for us, since we do not need to pull credit on that customer to make a credit decision on this new real estate transaction. But, as part of our underwriting tool we are taking into consideration the contents and credit score of the previously pulled credit report. If we did not pull a new credit report, and obtain a new credit score to underwrite this new real estate transaction, are we still required to give the FACTA notice to the applicants?
When sending a negative information disclosure for FACTA Section 212, does a notice need to be sent to each individual on the account? A compliance source stated that a negative disclosure needs to be sent to each individual on the account, in separate envelopes.