140 likes | 332 Views
Criminal and Evictions Data Compliance Policies as a Tenant Screening CRA. Presented by Tom Hier from TransUnion Background Data Solutions. Standard Policy Statement.
E N D
Criminal and Evictions Data Compliance Policies as a Tenant Screening CRA Presented by Tom Hier from TransUnion Background Data Solutions
Standard Policy Statement • It is the responsibility of the Reseller to fully understand and comply with all of its legal obligations as both a Consumer Reporting Agency and as a Reseller under the Federal Fair Credit Reporting Act, Gramm-Leach-Bliley Act Financial Privacy and Safeguarding Rules, FTC Disposal Rule and any other federal or state laws that may apply to the services the Reseller provides.
Definitions • Consumer Information refers to Consumer Reports and other non-public, personally identifiable consumer information. • Consumer Reporting Agency (“CRA”) shall have the meaning set forth in the FCRA, 15 USC 1681 (a)(f), as may be amended from time to time. As of the date of this Policy example, the term “Consumer Reporting Agency” is defined in the FCRA as an entity which, for monetary fees, dues, or on a cooperative nonprofit basis, regularly engages in whole or in part in the practice of assembling or evaluating consumer credit information or other information on consumers for the purpose of furnishing consumer reports to third parties, and which uses any means or facility of interstate commerce for the purpose of preparing or furnishing consumer reports. There are two types of CRAs: the Repository CRA, and the Issuing CRA, which could be the Repository CRA or a Reseller.
Definitions continued… • End User refers to prospective and current customers of Reseller, to whom Reseller will furnish data. End User must be both based and have an office in the United States. • FCRA refers to the Federal Fair Credit Reporting Act, 15 USC 1681 et seq., as amended from time to time. • GLB refers to the Financial Modernization Act of 1999, also known as the "Gramm-Leach-Bliley Act" or GLB Act. • Issuing CRA shall be defined as the Consumer Reporting Agency or Reseller that provides a Consumer Report to an End User.
Definitions Continued • Reseller shall have the meaning set forth in the FCRA, 15 USC 1681(a)(u), as may be amended from time to time. As of the date of this Policy example, the term “reseller” is defined in the FCRA as a consumer reporting agency that - 1) assembles and merges information contained in the database of another consumer reporting agency or multiple consumer reporting agencies concerning any consumer for purposes of furnishing such information to any third party, to the extent of such activities; and 2) does not maintain a database of the assembled or merged information from which new consumer reports are produced.
Permitted Use of Consumer Reports and Displayed Identification of End User Reseller must require that each End User identify itself, certify the permissible purpose for which Consumer Reports will be obtained and certify that Consumer Reports and information derived therefrom will be used for no other purpose, all as required by the FCRA and in accordance with the following specified purposes: • In connection with a credit transaction involving the consumer on whom the information is to be furnished and involving the extension of credit to, or review or collection of an account of the consumer • For employment purposes, in which case the Reseller must request and resell only a report approved by provider as appropriate for employment purposes, and Reseller and its End User must execute an agreement containing all the required certifications identified in the Agreement as applicable to Consumer Reports requested for employment purposes • In connection with the underwriting of insurance involving the consumer • In accordance with the written instructions of the consumer to whom the report relates • For a legitimate business need in connection with a business transaction that is initiated by the consumer. This purpose includes use of the consumer report in connection with a tenant screening pursuant to an application by the consumer for a rental dwelling • For a legitimate business need to review an account to determine whether the consumer continues to meet the terms of the account • As a potential investor or servicer, or current insurer, in connection with a valuation of, or an assessment of the credit or prepayment risks associated with, an existing credit obligation • In connection with the determination of the consumer’s eligibility for a license or other benefit granted by a governmental instrumentality required by law to consider an applicant’s financial responsibility or status
Verifying End User Identity and Certifications • Reseller shall establish reasonable procedures to comply with the FCRA requirement that a Consumer Report (or information derived from a Consumer Report, such as a score or decision) is resold only for a purpose permitted under Section 604 of the FCRA. Before reselling any data, Reseller shall make reasonable efforts to verify the identifications and certifications made by each End User. Those reasonable efforts shall include, but should not necessarily be limited to obtaining and maintaining on file End User contact information including business name, business address, business phone number and business e-mail address, and the items listed below for every prospective and current End User. Reseller shall review each item independently and in combination with one another for any inconsistency, indication of fraud, or other indication that the End User’s identification and/or certifications are unreliable. Reseller shall not provide data to any End User whose identification and/or certifications cannot be verified. All documents and verifications obtained by Reseller must be retained as long as the End User continues to maintain access for a period of five (5) years thereafter (Sample Credentialing Checklist is attached hereto as Exhibit A). Those records (or copies thereof) must be made available to appropriate personnel, or an authorized representative, upon request.
EXHIBIT A Sample Credentialing Checklist • Completed and signed Membership Application. • Separate Letter of Intent on the end users letterhead, signed by an officer, owner or authorized manager of the company. • Service Agreement meeting all required terms set forth in Reseller Agreement, signed and dated by either the owner or an authorized officer of the company/corporation. • Site Inspection showing the date physical inspection was conducted, who conducted the visit and details regarding their findings signed by the End User. • If Site Inspection not required, under which exception does End User fall? ________________________ • Business type/industry verification performed via a business telephone directory such as Yellow Pages (printed or electronic) to determine whether applicant is listed under any unauthorized type as defined in the Reseller Policy. • Business Bank account verified with financial institute using listing secured from reputable directory or: • - Secured copy of listing with a reputable industry listing or rating, such as A.M. Best’s, Moody’s, • Standard and Poor’s, FDIC or NCUA, or; • - Secured copy of end user’s Annual Report published within the last twelve (12) months, which has been certified by a certified public accounting firm. • Credit references verified using listings secured from reputable directory. • Sole Proprietor or Partners personal credit report(s) accessed as well as a secondary fraud risk evaluation Tool. • End User Web-Site Verification performed by reviewing and printing applicant’s web site where applicable. • Business license copy secured or printed verification from the website of the authorized issuer of the license. • Two of the following items are also required for those businesses opened for 1 year or less: • Copy of utility or phone bill in the business name for service at the principal place of business. • Copy of lease, or proof or property ownership by business, of the principal place of business. • Copy of business bank statement addressed to the applicant at its principal place of business. • Proof of commercial insurance.
Site Inspection • A site inspection should be performed at the principal place of business of all End Users. The Reseller, or any third-party vendor the Reseller hires to act on its behalf, may perform the site inspection. Upon request, provider will provide a list of vendors; however, Reseller is solely responsible for the selection of, contract with, and payment to, any vendor and provider shall have no responsibility or liability for the actions of any vendor. • The purpose of the inspection is to ensure that the End User’s business facility is commensurate with the size and purported type of business listed on the application and/or Statement of Intent, and the identification and certifications made by the End User. • In the event that an End User’s principal place of business changes, an additional site inspection should be performed within sixty (60) days of Reseller becoming aware of such change. • An End User operating from a home office may be approved by Reseller only if each of the following conditions are met: (1) site inspection must confirm physical separation of the business from the living quarters; and (2) End User is listed in either the appropriate category of a reputable/public business telephone directory (e.g., Yellow Pages, yellowpages.com, 411.com) or a national or state trade association or a current copy of the End User’s telephone bill reflects the same company name and address as the End User’s application for membership and the bill reflects commercial rate charges. Reseller must maintain a copy of the above-referenced listing(s) or telephone bill in its membership files. • All site inspections should be documented and demonstrate when and by whom the physical inspection was conducted, and should reflect the inspector’s findings (a Sample Site Inspection Form is attached hereto as Exhibit B). Such documentation should also bear the signature of the End User's owner/officer/authorized manager who was present at the site inspection.
EXHIBIT BSample Site Inspection Form • Company Name: • Address Inspected: • A. Is the company located at the exact address provided by the client? If not, please explain the discrepancy • B. Is the applicant working out of his/her home? If Yes, is there physical separation of the business and living quarters? If Yes, is the company listed in a directory/trade association? (If Yes, obtain copy of listing.) • C. How many full time employees were on the premises? • D. Is there a permanent sign identifying the business? If Yes, does it reflect the same name as provided on their application? If No, what is the exact name appearing on the sign? • E. Does this company share space with another firm? If Yes, is there any affiliation between the companies? Will both companies use the credit reports? Name of other firm(s): Nature of other firm’s business: • F. Does the space appear to be a temporary/ executive facility? (shared receptionist, within a commercial setting) If Yes, provide comments below and list the leasing agent’s name and phone number.
Sample Site Inspection Form continued • G. Do the space, furnishings, office equipment and inventory match the size and type of business noted? • H. Are the company’s marketing materials displayed? Do they match the type of business noted above? If available, collect samples of brochures, business cards, etc. • I. Is there any evidence indicating that the company or any adjacent business is involved in or associated with credit repair? • J. Is there any evidence indicating that the company or any adjacent business is involved or associated with brokering, reselling, or releasing credit reports? • K. Is there any evidence indicating that the company or any adjacent business is involved in or associated with investigative, detective or private investigation services, legal services, law enforcement, or similar activity? • L. If yes to any of part H, state what evidence (i.e. advertising, signs, licenses, certificates, business cards, etc.) and attach samples, if available.
Requirements for Reseller Agreements with End Users Required Terms for Agreement Between Reseller and End User for Consumer Reports • Prior to delivering Consumer Reports to an End User, Reseller must first enter into a Service Agreement with that End User that contains the following language: • End User is a [Insert type of business i.e. Property Management Company] and has a permissible purpose for obtaining consumer reports in accordance with the Fair Credit Reporting Act (15 U.S.C. §1681 et seq.) including, without limitation, all amendments thereto ("FCRA"). The End User certifies its permissible purpose as: • _ In connection with a credit transaction involving the consumer on whom the information is to be furnished and involving the extension of credit to, or review or collection of an account of the consumer; or • _ In connection with the underwriting of insurance involving the consumer or review of existing policy holders for insurance underwriting purposes, or in connection with an insurance claim where written permission of the consumer has been obtained; or • _ In connection with a tenant screening application involving the consumer; or • _ In accordance with the written instructions of the consumer; or • _ For a legitimate business need in connection with a business transaction that is initiated by the consumer; or • _ As a potential investor, servicer or current insurer in connection with a valuation of, or assessment of, the credit or prepayment risks.
Required Terms for Agreement Between Reseller and End User for Consumer Reports Continued… • End User certifies that End User shall use the consumer reports: (a) solely for the Subscriber’s certified use(s); and (b) solely for End User’s exclusive one-time use. End User shall not request, obtain or use consumer reports for any other purpose including, but not limited to, for the purpose of selling, leasing, renting or otherwise providing information obtained under this Agreement to any other party, whether alone, in conjunction with End User’s own data, or otherwise in any service which is derived from the consumer reports. The consumer reports shall be requested by, and disclosed by End User only to End User’s designated and authorized employees having a need to know and only to the extent necessary to enable End User to use the Consumer Reports in accordance with this Agreement. End User shall ensure that such designated and authorized employees shall not attempt to obtain any Consumer Reports on themselves, associates, or any other person except in the exercise of their official duties. • End User will maintain copies of all written authorizations for a minimum of five (5) years from the date of inquiry. • THE FCRA PROVIDES THAT ANY PERSON WHO KNOWINGLY AND WILLFULLY OBTAINS INFORMATION ON A CONSUMER FROM A CONSUMER REPORTING AGENCY UNDER FALSE PRETENSES SHALL BE FINED UNDER TITLE 18 OF THE UNITED STATES CODE OR IMPRISONED NOT MORE THAN TWO YEARS, OR BOTH. • End User shall use each Consumer Report only for a one-time use and shall hold the report in strict confidence, and not disclose it to any third parties; provided, however, that End User may, but is not required to, disclose the report to the subject of the report only in connection with an adverse action based on the report. Moreover, unless otherwise explicitly authorized in an agreement between Reseller and its End User for scores obtained from source, or as explicitly otherwise authorized in advance and in writing through Reseller, End User shall not disclose to consumers or any third party, any or all such scores provided under such agreement, unless clearly required by law. • With just cause, such as violation of the terms of the End User’s contract or a legal requirement, or a material change in existing legal requirements that adversely affects the End User’s agreement, Reseller may, upon its election, discontinue serving the End User and cancel the agreement immediately.
Reseller Audit Requirements • Reseller must perform periodic audits of its End Users on an on-going basis. The Reseller audit must include the following: • a. Periodically verify that the basic company information on the End User has not changed and that the company name, location, ownership, nature of business and permissible purpose/intended use of data is the same as certified on the original documentation. Any changes must be investigated • b. If the End User is a partnership or sole proprietor and the ownership changes, the End User must be re-credentialed in accordance with this Policy. Reseller must notify data provider of such change in ownership and, if requested, cooperate in the assignment of a new End User subscriber code or to change the End User’s business name on the existing End User code • c. If the nature of business changes, additional credentialing must be performed to verify the new business of the existing End User • d. Any changes in the End User’s nature of business and/or permissible purpose must be consistent with End User’s Service Agreement and may require a new Service Agreement. The proposed new business and new use(s) of the data must be consistent with the types of business for which Reseller has been approved to resell data.