We are in the middle of converting our core database over to an entirely new software package. As part of that conversion, we sent a test file to the credit reporting agencies. The test file has data from April so it was older. Someone at one of the credit reporting agencies uploaded the test file into their actual production database by mistake. Immediately, a number of our customers were alerted by their Identity Theft Protection providers that there were late counters reporting on their credit reports and we began receiving calls. We immediately addressed the issue with the credit reporting agency at fault but with very little helpful response. We had Vice-Presidents and Executive Vice-Presidents making phone calls, asking for the problem to be escalated, only to be told that there was nothing the credit reporting agency could do until they did their normal upload of data two days later. We were told they'd upload the correct file at that time and the problem would be corrected. As you have probably guessed by now, I have VP's who are extremely upset and are asking me to verify what requirements must credit reporting agencies adhere to in situations like this, i.e., how quickly are they required to fix the problem, etc. and what recourse do we have as a financial institution?

I believe a phone call to our attorneys is the next possible step depending on the answers to these questions. Any insights would be great. Thanks!

This appears to be somewhat of a sticky situation and I am unable to find any guidance in the Regulations on it. While you may be correct in your assumption it is the credit reporting agency's error, I am sure they will claim that you should not have been sending a "test" file to them in the first place. This could be yet another situation where the regs. have not caught up to the times/technology. This definately seems like an issue to discuss with Bank's Counsel. However, this is only my opinion. Maybe Dan or one of the "Compliance is my Life" experts have a more definitive answer for you.

We had a similar issue at my former bank when we converted computer systems. In our case, putting the actual data into production required more than one test and of course one of the tests went live with one of the bureaus.

We didn't get a lot of cooperation from the bureaus and also had to wait for their next regular upload. Calls and disputes we received were handled via a polite "form letter" response which indicated the bureau had inadvertently posted incorrect information and we were diligently working to correct the problem. In addition, we submitted manual corrections via E-OSCAR for disputes received in order to comply with FCRA dispute resolution requirements. Did we have an issue with "knowingly reporting inaccurate information"? I feel like the argument could be made that we didn't intend to report the incorrect data and were taking every feasible measure to correct the errors once we became aware fo the situation.

Call the Federal Trade Commission's Division of Credit Practices. The enforce FCRA for credit bureaus and should be sensitive to your concern.