Commercial Transactions Due Diligence

CFPB’s takeover of FCRA enforcement requires new notices by January 1, 2013

In July 2012, the newly-created Consumer Financial Protection Bureau (“CFPB”) under the Dodd-Frank Wall Street Reform and Consumer Protection Act assumed rulemaking and enforcement authority of the Fair Credit Reporting Act (“FCRA”) from the Federal Trade Commission (“FTC”).

Although more changes are likely to come, beginning January 1, 2013, businesses, including employers, and consumer reporting agencies, will be required to provide a new version of the “Summary of Rights” form to individuals before taking any adverse action based on the contents of a consumer report. Notably, the adverse action process that must be followed under the FCRA has not changed; the revisions are generally stylistic and substitute “CFPB” for references to the FTC. There is also an updated and expanded list of contacts included at the end of the form.

To download the PDF versions of the updated Summary of Rights, and forms regarding the obligations of users and furnishers of consumer reports, click on the links below.

Summary of Rights under the FCRA.pdf

Obligations of Users of Consumer Reports under the FCRA.pdf

Obligations of Furnishers of Consumer Reports.pdf

January 7th, 2013|Categories: Commercial Transactions Due Diligence|Tags: , |

FTC’s civil rights testimony recaps FCRA obligations and aggressive enforcement

On December 7, 2012, the Federal Trade Commission (the “FTC”), submitted its written testimony to the U.S. Civil Rights Commission on the use of criminal background checks in employment decisions. The Commission intends to apply the testimony in reviewing the EEOC’s guidance that an employer’s use of an individual’s criminal history in making employment decisions may, in some instances, violate the prohibition against employment discrimination under Title VII of the Civil Rights Act of 1964. The EEOC suggests that minorities are disproportionately likely to have criminal records, which means that when employers use criminal background reports, minorities are possibly affected more than other groups.

Notably, in its testimony, the FTC, which shares the authority for enforcing the Fair Credit Reporting Act (“FCRA”) with other federal agencies, including the Consumer Financial Protection Bureau (“CFPB”) does not say anything substantial about civil rights.

The testimony does, however, provide a good recap of the legal rights and obligations prescribed by the FCRA when consumer reports are used for employment purposes, and highlights the FTC’s law enforcement efforts in this area. As its starting point, the testimony reminds that the FCRA imposes several requirements on consumer reporting agencies (“CRAs”) that provide consumer reports to employers, which include ensuring that the employer is in fact using the report for a permissible purpose. In the employment context, permissible purposes are limited to “employment, promotion, reassignment, or retention.” Thus, employers may only obtain a consumer report about applicants or employees, and may not simply use their status as employers to get information about competitors, opposing parties in litigation, or anyone else. Relatedly, under the permissible purpose requirement, CRAs must have reasonable procedures in place to ensure that the consumer report users are who they claim.

The CRAs also must comply with certain procedural requirements, such as giving all users of consumer reports a notice that informs them of their duties under the FCRA. The CRAs must obtain certifications from the employer that: (1) it is in compliance with the FCRA; and (2) it will not use consumer report information in violation of any federal or state equal employment opportunity laws or regulations.

Further, the FCRA mandates that CRAs follow “reasonable procedures to assure maximum possible accuracy of the information

[15 U.S.C. § 1681e(b)].” It does not establish, however, a requirement of absolute accuracy and does not require that the CRAs guarantee that the reports are error-free.

If a CRA provides a report that has negative information about an applicant or employee that is based on public records — for example, tax liens, outstanding judgments, or criminal convictions — that CRA either has to notify the applicant or employee directly that it has provided the information to the employer, or has to adopt strict procedures to ensure that the information is complete and up to date [15 U.S.C. § 1681k(a)(1)-(2)]. Regardless of whether a CRA opts to provide the notice or adopt strict procedures, FCRA § 1681e(b), as noted above, requires CRAs to have “reasonable procedures to assure maximum possible accuracy.”]

The FCRA also places specific obligations upon employers to provide certain disclosures to the applicants or employees, and obtain their written authorization before using consumer reports. If an employer intends to take an adverse action based either in whole or in part on the information in a consumer report, such as denying a job application, reassigning or terminating an employee, or denying a promotion, the employer must provide the applicant or employee with a pre-adverse action notice before taking the action. The pre-adverse action notice must include a copy of the consumer report on which the employer is relying and a summary of rights under the FCRA. The form, which recently was reissued by the CFPB, describes the consumers’ rights under the FCRA, including the right to obtain copies of their consumer reports and dispute information.

Once the employer has taken the adverse action, it must give the applicant or employee a notice that the action was based on information in the consumer report.  This adverse action notice must include the name, address, and phone number of the CRA that supplied the report, and must inform the applicant or employee of his or her right to dispute the accuracy or completeness of any information in the report, and the right to obtain a free report from the CRA upon request within 60 days. Even though a consumer has the right to dispute errors, the CRAs and furnishers of information to the CRAs typically are allowed thirty days to investigate the consumer’s dispute, and the information may not be corrected in time to affect the consumer’s consideration for a particular job.

The FTC points out that it has pursued an aggressive law enforcement program to ensure that CRAs, furnishers, and consumer report users (including employers) comply with their responsibilities under the FCRA, providing details of recent lawsuits for FCRA violations that resulted in civil penalties against CRAs ranging from $800,000 to $2.6 million. Its recent actions against employers included charges against railroad contractors for failing to provide pre-adverse action and adverse action notices to employees who were fired and job applicants who were rejected based on information in their consumer reports. Under negotiated settlement orders, the companies were required to pay penalties in the amount of $1,000 per violation, and are subject to specific injunctive, record-keeping, and reporting requirements to ensure compliance with the FCRA.

The FTC’s enforcement actions and the latest wave of class action lawsuits enforce that FCRA compliance must be a priority for employers, CRAs and furnishers of information alike.

January 7th, 2013|Categories: Commercial Transactions Due Diligence|Tags: , |

Broker-dealers fall short in knowing their clients

It looks like broker-dealers are failing in their due diligence efforts on clients, as required by FINRA’s new Rule 2090. (FINRA is the largest non-governmental regulator of all securities firms doing business in the United States, and handles nearly every aspect of securities-related matters, from registering and educating industry participants, to writing and enforcing rules and the federal securities laws.)

According to several industry reports, the most violated rule this year has been a failure by broker-dealers to comply with FINRA’s know-your-customer obligations, now under Rule 2090 issued in July 2012. The rule, which is generally modeled after the former NYSE Rule 405(1), requires firms to use reasonable diligence regarding the opening and maintenance of every account in order to “know the essential facts concerning every customer.” The rule explains that “essential facts” are those required to:

  • effectively service the customer’s account;
  • act in accordance with any special handling instructions for the account;
  • understand the authority of each person acting on behalf of the customer; and
  • comply with applicable laws, regulations, and rules.

The know-your-customer requirements arise at the beginning of the relationship and do not depend on whether the broker has made a recommendation. Unlike the former NYSE Rule 405, Rule 2090 does not specifically address orders, supervision or account opening, which are areas that are explicitly covered by other rules.

In conjunction with this know-your-customer rule, FINRA has adopted transaction suitability Rule 2111, framed after the former NASD Rule 2310, which requires that a firm or associated person “have a reasonable basis to believe that a recommended transaction or investment strategy involving a security or securities is suitable for the customer, based on the information obtained through the reasonable diligence of the member or associated person to ascertain the customer’s investment profile.” According to FINRA, the measures constituting a reasonable diligence will vary depending on, among other factors, the complexity of and risks associated with the security or investment strategy and the firm’s or associated person’s familiarity with the security or investment strategy.

Rule 2111 further defines a customer’s investment profile, specifying that it includes, but is not limited to, the customer’s age, other investments, financial situation and needs, tax status, investment objectives, investment experience, investment time horizon, liquidity needs, risk tolerance, and any other information the customer may disclose to the member or associated person in connection with such recommendation. Accordingly, a broker must attempt to obtain and analyze a broad array of customer-specific factors, and also determine quantitative suitability if the broker has actual or de facto control over a customer account.

FINRA now makes it clear that a broker must have a firm understanding of both the product and the customer, and that the lack of such an understanding itself violates the suitability rule.

January 7th, 2013|Categories: Commercial Transactions Due Diligence|Tags: |

Regulatory focus on corporate social responsibility

Corporate social responsibility (CSR) policies that promote good citizenship are being implemented or revised at a record pace. In response to concerns about labor exploitation in the developing world, many companies have joined the Ethical Trade Initiative (ETI), which has established corporate codes of practice implementing human rights, ethical labor practices and environmental protection standards. Many also have adopted the United Nations Global Compact “ten universally accepted principles in the areas of human rights, labor, environment and anti-corruption.”

High on the CSR priority list for SEC-listed companies that use conflict minerals “in the functionality of production” of a manufactured product is developing a compliance program that will meet the requirements of Section 1502 of the Dodd-Frank Wall Street Reform and Consumer Protection Act (“Dodd-Frank”). Due from the SEC within the next few weeks, the final rule will have a direct impact on reporting requirements for about half of all publicly traded companies in the United States, mandating them to disclose in 10-K, 20-F, and 40-F filings whether they manufacture products containing conflict minerals (specified as gold, wolframite, casserite, columbite-tantalite and their derivative metals, which include tin, tungsten, and tantalum, that are mined in the DCR or its adjoining countries). These metals are used in a broad array of products, including electronics, jewelry, tools, engines, medical equipment, chemicals, packaging, etc. And although the regulation technically applies to public companies only, it will have a significant bearing on any company anywhere in the world, public or private that is within the public company’s supply chain.

Under the rule as proposed, among other requirements, the affected SEC-listed companies must conduct certain due diligence, as outlined below.

  1. Determine if conflict minerals/metals are used to make their products.
  2. Determine if the metals originated in the DRC or in neighboring countries. If they did not, a report must be issued on how the metals’ origins were determined.
  3. If the metals were from DRC or adjoining countries, if the source is unknown or if it is from scrap or recycled sources, a supply chain due diligence to determine the source(s) must be performed and the results provided in an independently audited report.

The rule is expected to require the above-noted first and second steps regardless of the metals’ origin. The third step, i.e., the disclosure of the products manufactured and facilities where DRC materials may have been used, etc. must be completed only if the DRC is identified as a source or if the source cannot be determined. If applicable, in addition to specific annual report disclosures and the inclusion of a conflict minerals report as an exhibit, the companies will have to indicate on their websites whether or not they use conflict minerals in their products or in those contracted to be manufactured on their behalf.

Of course, this Dodd-Frank provision is not the only regulatory effort that addresses the elimination of child and forced labor, slavery, and human trafficking within supply chains. Public pressures over these atrocities have led to related policymaking within U.S. local and state governments, and around the world. For example, in 2011, California enacted SB 861 which requires issuers that do business with the state to fulfill the public reporting obligations outlined in the upcoming SEC rules. Issuers that fail to meet these obligations will be prohibited from seeking procurement contracts with the state. In Maryland, a similar “conflict minerals” law under SB 551 will become effective October 1, 2012. Rhode Island and Massachusetts are considering parallel legislation.

Other U.S. efforts include California’s SB 657, known as the California Transparency in Supply Chains Act, which effective January 1, 2012, mandates retail sellers and manufacturers doing business in California with annual gross receipts exceeding $100 million to conspicuously and clearly disclose their efforts and policies for ensuring that their supply chains are free from human trafficking and slavery. On a municipal level, the City of Pittsburgh calls on companies from all sectors to favor in their electronics purchasing decisions products that have been verified as being free of conflict minerals. And among several major worldwide endeavors, is the European Commission’s support of the United Nations and Organization for Economic and Cooperation Development (OECD) due diligence guidelines and recommendations for responsible supply chain management.

Strong corporate responsibility policies are here to stay. A 2011 U.S. State Department press release urges companies to “…begin to exercise due diligence immediately in order to ensure a viable and conflict free supply chain…”

January 7th, 2013|Categories: Commercial Transactions Due Diligence|Tags: , , |

“Misspelling to defraud,” a case study from our files

The subject’s biography provided along with our client’s request for due diligence in connection with a private equity funding transaction was ridden with misspellings. And it did not say much, apart from boasts of professional accomplishments and financial success, and the subject’s self-description of being a “people-person who likes to travel.” But even with the biography’s vague statements and typos, our research quickly found that the subject’s company, which contained a transposed letter in its name, was affiliated with a Mexican multi-level marketing operation whose executives were recently arrested or are wanted by authorities for setting up allegedly fake websites whereby they defrauded investors for millions of dollars. As our research continued, we located media reports and online documents which indicated that the fraud spanned across three continents, and involved at least four other entities closely held by the subject, whose names were not listed in the biography. And according to various government sources, there is also mounting evidence of money laundering. Our client, although somewhat surprised by our findings, immediately halted the funding transaction.

January 7th, 2013|Categories: Commercial Transactions Due Diligence|Tags: , |

Agencies jointly support that FCRA Section 1681c does not violate first amendment

On May 3, 2012, the Federal Trade Commission (FTC) joined the Department of Justice (DOJ) and the Consumer Financial Protection Bureau (CFPB) in filing a memorandum brief in support of the constitutionality of the Fair Credit Reporting Act (FCRA), established in 1970 to protect credit report information privacy and to ensure that the information supplied by consumer reporting agencies (CRAs) is as accurate as possible.

In the case of Shamara T. King vs. General Information Services, Inc. (GIS), the CRAs address a provision of the FCRA that balances the Act’s dual purposes, i.e., to protect consumers from privacy invasions caused by the disclosure of sensitive information and to ensure a sufficient flow of information to allow the CRAs to fulfill their vital role.) The provision, Section 1681c, bars CRAs from disclosing arrest records or other adverse information that is more than seven years old, in most cases.

The agencies brief refutes GIS’s argument that this FCRA protection is an unconstitutional restriction of free speech, pointing out that the recent U.S. Supreme Court case law that GIS cites to support its argument, Sorrell v. IMS Health Inc., “does not change the settled First Amendment standards that apply to commercial speech, nor does it suggest that restrictions on the dissemination of data for commercial purposes

[such as those by CRAs] must satisfy stricter standards.” Therefore, the brief concludes, the court should not invalidate the FCRA provision, as it “directly advances the government’s substantial interest in protecting individuals’ privacy” while also accommodating the interest of businesses. The case is pending.

May 21st, 2012|Categories: Commercial Transactions Due Diligence|Tags: , , , |

Whistleblower activity for SEC violations on the rise

The U.S. Senate reports that more than half of all uncovered frauds have originated from whistleblower tips. Since the SEC’s Office of the Whistleblower was launched in August 2011, officials have been dealing with close to 100 tips per day. And this number is expected to double in the coming years with Dodd-Frank’s provisions for monetary incentives and protection from retaliation.

While coming to grips with the complexities of Dodd-Frank, many companies and financial institutions are heightening their efforts to mitigate the potential liability from whistleblowing. Developing and evaluating existing risk management and compliance programs is now a priority. The programs established under the 2002 Sarbanes-Oxley Act may not be effective in this new regulatory environment, and may need to be modified or strengthened, with an emphasis on internal communications and investigations of possible violations. When determining if and how much leniency to grant an entity, the SEC notes that “the promptness with which entities voluntarily self-report their misconduct…is an important factor.”

According to a recent study published by the Association of Certified Fraud Examiners and the Institute of Internal Auditors, fraudulent acts by employees and outsiders rise during periods of economic stress. Crime experts say that fraud and other misconduct are committed primarily because of three factors, referred to as the Fraud Triangle, and involve financial pressure, opportunity, and rationalization. In these still challenging times, businesses of all types and sizes need to tighten their internal controls and be proactive in preventing wrongful acts. Allocating budgets for compliance programs which include compelling due diligence with a focus on background investigations, will provide a high return on the investment and ultimately protect the bottom line.
March 2nd, 2012|Categories: Commercial Transactions Due Diligence|Tags: , , |

The White House casts “Consumer Privacy Bill of Rights”

Over two years in the making, and backed by online ad powerhouses such as AOL, Microsoft, Yahoo, and even Google, the Bill of Rights announcement on February 22, 2012 pulls together consumer privacy initiatives of both the Federal Trade Commission (FTC) and the Commerce department. Intended to lead to new legislation that fills the gaps of current U.S. privacy laws, the bill promotes a set of standards for the fair handling of private information based on a set of principles that date back to the early 1970s known as the Fair Information Practices.
The Consumer Privacy Bill of Rights applies to personal information, which means any data, including aggregations of data that is identifiable to a specific individual, and to a specific computer or other device. According to the Administration, this bill will establish codes of conduct and call for strong enforcement, ultimately increasing interoperability between the U.S. consumer data privacy framework and that of its international partners. Below are the bill’s highlights.
  • Individual control. Consumers have a right to exercise control over what personal data companies collect from them and how they use it.
  • Transparency. Consumers have a right to easily understandable and accessible information about privacy and security practices.
  • Respect for context. Consumers have a right to expect that companies will collect, use, and disclose personal data in ways that are consistent with the context in which consumers provide the data.
  • Security. Consumers have a right to a secure and responsible handling of personal data.
  • Access and accuracy. Consumers have a right to access and correct personal data in usable formats, in a manner that is appropriate to the sensitivity of the data and the risk of adverse consequences to consumers if the data is inaccurate.
  • Focused collection. Consumers have a right to reasonable limits on the personal data that companies collect and retain.
  • Accountability. Consumers have a right to have personal data handled by companies with appropriate measures in place to ensure that they adhere to the Consumer Privacy Bill of Rights.
March 2nd, 2012|Categories: Commercial Transactions Due Diligence|Tags: , , |

Identity theft again tops FTC’s top complaints list for 2011

Identity theft again tops FTC’s top complaints list for 2011

The Federal Trade Commission (FTC) on February 27, 2012 released its list of top consumer complaints received by the agency in 2011. For the twelfth year in a row, identity theft topped the list at 279,156 complaints or 15%. The breakdown for the next nine complaint categories (from a list of 30) is as follows:

Category Number Percentage
Debt collection 180,928 10
Prizes, sweepstakes, and lotteries 100,208 6
Shop-at-home and catalog sales 98,306 5
Banks and lenders 89,341 5
Internet services 81,805 5
Automobile-related 77,435 4
Imposter scams 73,281 4
Telephone and mobile services 70,024 4
Advance-fee loans and credit protection/repair 47,414 3

 
The FTC records the complaints in its Consumer Sentinel, a secure, online database available to more than 2,000 civil and criminal law enforcement agencies in the U.S. and abroad. Other federal and state law enforcement including the U.S. Postal Inspection Service, the Department of Justice’s Internet Crime Complaint Center, and the attorneys general offices of Idaho, Michigan, Mississippi, North Carolina, Ohio, Oregon, Tennessee, and Washington also contribute to the database content, along with private-sector organizations such as U.S. and Canadian members of the Better Business Bureau, Western Union and Moneygram, and the Lawyers Committee for Civil Rights Under Law.

February 29th, 2012|Categories: Commercial Transactions Due Diligence|Tags: , |

CFPB proposal would put larger debt collectors and credit reporting agencies under the same supervision process as banks

The Consumer Financial Protection Bureau (CFPB) on February 16, 2011 announced a
proposed rule to include debt collectors and consumer reporting agencies under its nonbank
supervision program.

Created by the Dodd-Frank Wall Street Reform and Consumer Protection Act, the CFPB is
authorized to supervise nonbanks in the specific markets of residential mortgage, payday
lending, and private education lending. For other nonbank markets of consumer financial
products or services, the CFPB must define “larger participants” by rule, which is due on
July 21, 2012.

Three types of debt collection agencies dominate the market: firms that collect debt owned
by another company for a fee, firms that buy debt and collect the proceeds for themselves,
and attorneys and law firms that collect debt through litigation. A single company may be
collecting through any or all of these activities. Under the proposed rule, debt collectors
with more than $10 million in annual receipts from collection activities would be subject to
supervision. The CFPB estimates that the proposed rule would cover approximately 175 debt
collection firms (or 4% of debt collection firms) which account for 63% of annual receipts
from the debt collection market.

The CFPB’s proposal also takes aim at the largest credit bureaus selling comprehensive
consumer reports, consumer report resellers, and specialty consumer reporting agencies.
Defined as companies that make more than $7 million annually from their consumer
business, the rule would affect 30 companies, and firms like Experian, TransUnion and
Equifax, that account for 94% of the industry’s business.

This is the CFPB’s first in a series of rulemakings to define larger participants. The CFPB
chose annual receipts as the criterion for both debt collection and consumer reporting
because it approximates participation in these two markets.

The proposed rule is open for comment for 60 days after the rule is published in the Federal
Register.

February 18th, 2012|Categories: Commercial Transactions Due Diligence|Tags: , , |
© 2012- SCHERZER INTERNATIONAL | ALL RIGHTS RESERVED
Go to Top