How is your Regulatory Compliance Knowledge?

Compliance 101 – Stop Guessing Start Knowing Part One

Most businesses don’t have it in the budget to hire a compliance consultant or pay for compliance training, despite the fact violations can be hefty and potentially even include jail time.

CBC is on your side and is here to provide a stable foundation for a solid compliance program that will keep you on the right track with your compliance obligations.

Through this series of newsletters, we will cover compliance as it pertains to a credit transaction. Read on…

Stop Guessing Start Selling


Knowledge is Power! Unfortunately, we don’t all have time to be a superhero. Keep these newsletters nearby, then rest assured that you’ll have the answer or answers you need when in doubt.

Credit Bureau Connection is well known throughout the industry as the “best-in-class” leader of credit reports, and federal and state regulatory compliance tools. We will provide a straightforward understanding of the What, When, Why, and To Whom to satisfy credit report compliance requirements. Nothing in these materials should be regarded as rendering legal advice for specific cases. Please seek appropriate assistance from qualified legal counsel.

creditor success


A creditor is anyone who requests information from a person, persons, or business with the intent of providing or facilitating credit. Also, a creditor is any business that accepts a credit application regardless of whether you are the funding source or providing credit information to a lender. You must abide by FCRA, ECOA, GLBA, and other agency guidelines, and failure to do so can result in hefty fines leveled against an individual or business. Towards the end of this newsletter series, we will provide a list of all compliance fines and secure document storage rules.

secure text and email delivery

LET’S BEGIN WITH THE ITPP – (Identity Theft Prevention Program)

The Red Flags Rule requires creditors to implement a written Identity Theft Prevention Program. Templates are most likely available from your compliance provider or available on the internet and are free to download. Here is another source for the Red Flags Rule.

The ITTP should be put in place immediately, filed in a safe location, and kept current by reviewing and updating quarterly, ensuring the program maintenance by employed, knowledgeable, and relevant personnel. The program will be a compliance necessity indefinitely. It is a Safeguards Rule violation if complete paper and electronic information plans are not in place, even if no customer information is compromised.

By recognizing Red Flags warning signs of identity theft in your day-to-day operations, focusing on red flags now, you will be better able to spot a fraudster using someone else’s identity to obtain products or services from you.

The ITTP Rule applies to any business that provides products or services and bills customers later.


A signed credit application containing proper authorization provides a vetted subscriber permissible purpose to request a consumer credit report. Consent language may vary depending on the type of credit report you are pulling—for example, a traditional hard-pull credit report vs. a prequalification or soft-pull credit report. Consult your credit report, compliance provider, or legal counsel to confirm that you are using current and correct consent language on all credit applications, such as paper credit applications, verbal consent, or electronic submission.

Consent is valid for 30 days from the date of the application. If re-pulling credit is necessary after the 30-day window, a new signed application is required. If you do not do business with the applicant, keep all applications in a dead deal or similar file. Also, if changing or correcting the application is necessary, start over and recapture consent after the changes or corrections have been made. Doing this with proper authorization is the only protection against a consumer complaint or potential lawsuit.

The Equal Credit Opportunity Act (ECOA) requires you to keep a copy of a credit application for 25 months after notifying the consumer of the action taken with the application. As a general rule, it is best to keep all finance deal information for at least 7 years.

Having a solid system for maintaining your credit applications should make it easy to retrieve a specific credit application in the event of a challenge or audit. Responding quickly with a signed credit application will most often be all you need to satisfy the request for proof.

Note: The Credit Reporting Agencies audit dealers annually. If you are requested to show proof of consent and cannot produce a signed credit application, you may be subject to a more in-depth audit or a suspension of service from the bureau.

Have a question?

Use this link to ask an expert a question regarding consumer credit reports, Federal Compliance, or Identity Fraud.

Ask an expert in credit report, compliance, fraud, or anything related and we will respond with an answer within a few days.

If for some reason we do not have an immediate response we will let you know, research the question and get back to you.

Tune in next time when we’ll cover Safe Harbor Privacy notices, OFAC, and the Red Flags Rule.

Stay safe and Be well.

1 thought on “How is your Regulatory Compliance Knowledge?

Comments are closed.