Credit Reporting + Data Brokers

On February 8, the U.S. Supreme Court issued a unanimous decision in Department of Agriculture Rural Development Rural Housing Service (USDA) v. Kirtz, holding that the Fair Credit Reporting Act’s (FCRA) clear statutory text indicates a government agency can be sued for a FCRA violation. The decision resolved a circuit split. The D.C., Third, and Seventh Circuits have allowed FCRA litigation against government agencies, but the Fourth and Ninth Circuits have found governmental immunity prevents such suits.

A federal district court judge in Nevada recently denied competing motions for summary judgment in a Fair Credit Reporting Act (FCRA) furnisher investigation case, demonstrating the challenges FCRA litigants often face in convincing courts to decide cases on matters of law.

We are pleased to share our annual review of regulatory and legal developments in the consumer financial services industry. With active federal and state legislatures, consumer financial services providers faced a challenging 2023. Courts across the country issued rulings that will have immediate and lasting impacts on the industry. Our team of more than 140 professionals has prepared this concise, yet thorough analysis of the most important issues and trends throughout our industry. We not only examined what happened in 2023, but also what to expect — and how to prepare — for the months ahead.

On January 11, the Consumer Financial Protection Bureau (CFPB or Bureau) issued two “advisory opinions” addressing the CFPB’s views of the obligations of consumer reporting agencies (CRAs) under the Fair Credit Reporting Act (FCRA). The advisory opinions are interpretive rules issued under the Bureau’s authority to interpret the FCRA pursuant to § 1022(b)(1) of the Consumer Financial Protection Act of 2010.

On December 8, the Consumer Financial Protection Bureau (CFPB) and Federal Trade Commission (FTC) (collectively, the agencies) filed an amici curiae brief urging the U.S. Court of Appeals for the Fourth Circuit to reverse a district court’s decision finding that furnishers need not investigate indirect disputes involving purely legal questions under the Fair Credit Reporting Act (FCRA).

On December 15, the Consumer Financial Protection Bureau (CFPB) announced it had reached a settlement with medical debt collector Commonwealth Financial Systems, Inc. (Commonwealth) in its lawsuit over alleged illegal debt collection practices. Specifically, the CFPB alleged that Commonwealth failed to conduct reasonable investigations of disputes and violated the Fair Debt Collection Practices Act (FDCPA) by attempting to collect disputed debt without obtaining substantiating documentation. Under the settlement agreement, Commonwealth is banned from debt collection activities, must request CRAs to delete all consumer accounts to which it had previously furnished information, and must pay a $95,000 penalty to the CFPB’s victims relief fund.

On December 13, New York Governor Kathy Hochul signed into law S4907A, which prohibits hospitals, medical providers, or ambulance services from providing negative information about medical debt to consumer reporting agencies (CRAs). The law also requires that these entities include a provision in their contracts with collection agencies prohibiting the reporting of any portion of a medical debt to a CRA. Any debt that is reported to a CRA will be deemed void. The law became effective immediately after it was signed.

A U.S. District Court in the Southern District of California recently held that a Federal Rule of Civil Procedure 68 offer of judgment must clearly state that attorneys’ fees and costs are limited or waived, as Arvest Central Mortgage Company (Arvest) learned to its detriment. The plaintiff had a mortgage with Arvest, entered into a forbearance agreement, and made the payments on the property, but claimed Arvest inaccurately reported that he was late on his October 2020 payment. The plaintiff sued Arvest and nine other defendants for violations of the Fair Credit Reporting Act and California’s Consumer Credit Reporting Agencies Act, ultimately resolving his claims against all defendants except Arvest.

On November 9, a magistrate judge in the Northern District of Georgia issued a Report & Recommendation to grant a motion to dismiss because the plaintiff’s Fair Debt Collection Practices Act (FDCPA) claims were time-barred and the cause of action under the Fair Credit Reporting Act (FCRA) failed to state a claim.

On October 30, President Biden issued a sweeping Executive Order calling on Congress to enact privacy laws and directing federal agencies to review existing rules and potentially explore new rulemakings governing the use of artificial intelligence (AI) across various sectors of the U.S. economy. Among other things, the Executive Order will require AI system developers to submit safety test results to the federal government, establish standards for detecting AI-generated content to fight consumer fraud, and develop AI tools to identify and fix vulnerabilities in critical software. According to the White House fact sheet, the stated goal of the Executive Order is to “ensure that America leads the way in seizing the promise and managing the risks of [AI].” To that end, the Executive Order focuses on national security, privacy, discrimination and bias, healthcare safety, workplace surveillance, innovation, and global leadership.