The FACT Act amended the FCRA. In my policy book, should I still have an FCRA policy or just FACTA?
FACTA describes certain requirements as it relates to consumer health records/reports. How does the Fed usually define "consumer"?
Where can I find a summary of the entire FACTA in all the different parts as they have been released since 2003?
Does the FACTA (Notice to Home Loan Applicants) disclosure require the customer to sign and date that they received it? The disclosure that is part of the credit report has a line on acknowledgment asking to sign and date.
Our bank routinely pulls credit bureau reports for all new loan requests. Although credit scores are only one of the criteria used to make a decision on a loan request, a poor score would weigh heavily on a credit decision. With regard to the FACTA provision of providing Credit Score Disclosures to residential mortgage loan applicants, a question arises about those applicants whose credit bureau we request and the report is returned without a credit score. The lack of a score is sometimes a factor in determining the decisioning of an application, the need for a co-signer, or even the interest rate that may be charged. Should a customer with a credit bureau history, but no score, be supplied with the notice?
During a recent FDIC exam, we were advised it would be a violation to use medical collections as a negative basis for a credit decision since that constituted "use of medical information." I reviewed the FACTA and commentary from the FTC which does not seem to support the statement from the examiner. As a general rule we would not view a few small medical collections as significant credit issues. However, if there are many unpaid medical collections or they are large amounts, it could negatively affect a credit decision in the same manner as any other non-medical collection would. It is hard for us to accept that evaluating an unpaid medical collection constitutes "use of medical information." What is your opinion?
How are banks impacted by the FACT Act?
How can a bank achieve assured compliance given the constrained information security budgets today?
When granting open-end credit card accounts is it necessary for the bank to call the applicant (if the phone number is provided in the bureau statement) in the event that they have an extended fraud alert on their bureau or can the bank leave a message and accept a return call from the applicant and verify the applicant's bureau contact phone number from the bank's caller ID? Does the bank have to call the bureau contact number of a card holder (with an extended fraud alert on the bureau) who requests a credit line increase or to have an account reactivated and new plastic sent or are these two scenarios exempt from FACTA verification compliance?
What individual risk assessments is a bank expected to perform? How do the individual risk assessments fit together with an "enterprise risk assessment"?