The Consumer Financial Protection Bureau’s (CFPB) announcement that it has entered into a consent order with two affiliated companies that generate and provide employment background screening reports serves as a reminder to employers that the use of background checks when making personnel decisions can create compliance obligations under the Fair Credit Reporting Act (FCRA).
The consent order settles CFPB charges that the companies, which the CFPB’s press release describes as “two of the largest background screening report providers in the United States,” violated FCRA requirements for consumer reporting agencies (CRA). The consent order requires the companies to pay a $2.5 million civil penalty and $10.5 million in redress to consumers.
According to the CFPB’s findings and conclusions in the consent order, the companies’ alleged FCRA violations included:
Failing to employ reasonable procedures to employ maximum possible accuracy of consumer report information, including failing to have written procedures for researching public records information for consumers with common names or who use nicknames, failing to require employers to provide middle names for applicants for purposes of matching criminal records to consumers, not using consumer dispute data to identify the root causes of accuracy errors, and failing to conduct testing of non-disputed reports.
Failing to exclude non-reportable information from consumer reports, specifically civil-suit and civil-judgment information that antedated a report by more than seven years where no salary-based exception applies. (The FCRA contains an exception from the seven-year limitation for the reporting of any information in connection with employment at an annual salary that equals or is reasonably expected to equal at least $75,000.)
The companies must pay $10.5 million in consumer redress to “affected consumers” whom they identify. Affected consumers are defined by the consent order as certain consumers who disputed their criminal background report prepared by the companies during a specified time period and whose dispute resulted in a change of the grade assigned to the report (e.g., fail to pass) following a further review or resulted in a change or correction for certain specified reasons involving inaccurate information, or about whom the companies reported non-reportable civil-suit or civil-judgment information during a specified time period. (The consent order provides that each affected consumer is to be paid $1,000 but if such payments would result in a total payment of more than $10.5 million, the amount paid to each affected consumer may be reduced pro rata.)
In addition to payment of the civil penalty and consumer monetary relief, the consent order requires the companies to take further actions that include:
Revising their compliance procedures (including using algorithms to distinguish records by middle name and match common names and nicknames, analyzing consumer dispute data at least monthly to determine the root causes of errors, and using software to identify and reconcile discrepancies in criminal records)
Retaining an independent consultant to review and assess the companies’ policies, procedures, staffing levels, and systems and recommend changes, and
Developing a comprehensive audit program to test the accuracy, integrity, and completeness of the public-record information sourced to generate the companies’ background reports.
Employers who obtain background reports from a company that acts as a CRA must comply with a multitude of FCRA requirements, such as provisions that address giving advance notice, obtaining written employee consent, providing a certification to the CRA, and providing notice when taking adverse action. In light of the CFPB consent order, employers should be careful that the information they provide to CRAs about prospective employees is as accurate as possible.