A report issued by the Federal Trade Commission (FTC) and a bulletin issued by the Consumer Financial Protection Bureau (CFPB) both highlight the continued federal regulatory interest in endemic identity theft as well as the significant risk to businesses that fail to address complaints related to identity theft.CFPB_2tone_Horiz_RGB

The FTC’s Report on the Top Categories of Consumer Complaints
In a report issued on February 27, 2014, claims of identity theft lead the FTC’s annual list of consumer complaints.  Notably, identity theft has topped the FTC’s list of consumer complaints for the 14th year in a row.

The total number of complaints received in 2013 was down slightly from 2012 but remained significantly elevated from levels first seen in 2001, when fewer than 326,000 complaints were filed.  Several highlights from the FTC’s report include the following:

  • After identity theft, the top categories of complaints involved debt collection, banks and lenders, imposter scams, and telephone and mobile service.
  • More than half of the complaints received by the FTC were related to fraud.  Of those who complained of fraud, 44% claimed to have lost no money.
  • Victims of fraud were contacted most often by phone, followed by e-mail.
  • People ages 50 to 59 submitted the greatest number of fraud complaints. However, identity theft affected people in their 20s the most often.

The FTC’s report contains data complied both on a national level and on a state-by-state basis.

The FTC also explains that the report includes complaint data input into the “Consumer Sentinel Network,” an online database that includes complaints received from the FTC, state law enforcement organizations, federal agencies (including the CFPB), the offices of several state attorneys general, the Better Business Bureau (BBB) and several other non-governmental organizations. The data in the Consumer Sentinel Network is made available to more than 2,000 civil and criminal law enforcement agencies across the country for researching cases, identifying victims and finding potential targets.

Complaints involving identify theft for debt collection complaints accounted for the second highest number of complaints (10%).  These complaints included:

  • Repeated or continuous calls by debt collectors;
  • False representations of the amount or status of debt;
  • Failure to send required written notices of debt;
  • False threats of lawsuits made during the collection process;
  • Collectors’ use of profane language;
  • The caller’s failure to identify himself as a debt collector; and
  • Alleged violations of other provisions of the Fair Debt Collection Practices Act (FDCPA).

The Related Consumer Financial Protection Bureau Bulletin
On February 27, 2014, the CFPB renewed its warning to companies that report credit information that they must investigate consumer complaints thoroughly. The CFPB’s bulletin, which is aimed at so-called data furnishers, clarifies furnishers’ obligations to review and investigate any consumer complaints forwarded to them by credit reporting bureaus.  This bulletin followed up a CFPB bulletin issued on September 4, 2013, with a stated purpose to “‘specifically address furnishers’ obligations to ‘review all relevant information’ they receive in connection with disputes forwarded by CRAs.” In general, for disputes received by furnishers from CRAs, the CFPB stated in its prior bulletin that it expects each furnisher to comply with the FCRA by undertaking and maintaining the following processes:

  • Maintaining a system reasonably capable of receiving from CRAs information regarding disputes, including supporting documentation;
  • Conducting an investigation of the disputed information, including reviewing: (a) “all relevant information” forwarded by the CRA; and (b) the furnisher’s own information with respect to the dispute;
  • Reporting the results of the investigation to the CRA that sent the dispute;
  • Providing corrected information to every nationwide CRA that received the information if the information is inaccurate or incomplete; and
  • Modifying or deleting the disputed information, or permanently blocking the reporting of the information if the information is incomplete or inaccurate, or cannot be verified.

In its most recent bulletin, the CFPB warns that if the CFPB determines that a furnisher has engaged in any acts or practices that violate the FCRA or other federal consumer financial laws and regulations, “it will take appropriate supervisory and enforcement actions to address violations and seek all appropriate corrective measures, possibly including remediation of harm to consumers.”

Implications for Financial Services Companies
The FTC’s report highlights the continued prevalence of claims of identity theft, while the CFPB’s bulletin demonstrates the agency’s keen awareness and focus on the proper investigation of consumer disputes, which often involve claims of identity theft.  Issues of compliance with the FCRA are raised by both the FTC’s report and the CFPB’s bulletin, and both furnishers and consumer reporting agencies must be particularly aware of the sensitive nature of any consumer dispute alleging identity theft and the related problem of identity confusion, also referred to as “mixed files.”

Disputes involving identity theft present heightened risk due to the fact that they are: (a) widespread; (b) most prone to lead to regulatory complaints; (c)  a frequent trigger to litigation, where the prospect of substantial jury awards looms; and (d) subject to extensive regulation under the FCRA and associated state law.

This a reposting of the March 3, 2014 Troutman Sanders Advisory written by David N. AnthonyJohn C. LynchAlan D. WingfieldPaige S. FitzgeraldTim St. GeorgeVirginia Bell Flynn.