finance law, part three



The Fair Credit Reporting Act was enacted in 1970 to regulate the collection and reporting of consumer credit data.  It requires credit reporting agencies to follow strict guidelines in how they collect data, how they keep that data safe from misuse, and how and under what circumstances they may release that information.  It requires business entities providing credit data to certify that their data is accurate, provide disclaimers and information to consumers regarding what information they report and how to dispute it, and have clear procedures in place to ensure that information security is maintained.  It allows for severe civil and criminal penalties for violations, including both actual and punitive damages, and in some situations, imprisonment.


Basically, the FCRA operates in two halves.  One half regulates credit reporting agencies, the other half regulates the providers and users (often the same businesses, actually) of credit information.  The basic idea behind the FCRA is that credit reporting must be fair and secure – disputes must be handled fairly, credit information cannot be used inappropriately, and consumer privacy must be maintained at all times.

Credit reporting agencies are required to only give out information under certain circumstances known as ‘permissible purposes’.  These include subpoenas and other court orders; clear and specific written instructions from the consumer whose credit information is to be released; applications for and reviews, servicing, and collection of credit accounts; legitimate business needs in connection with a consumer-initiated transaction (for instance, opening a savings or checking account); employment purposes such as consideration of employment, promotion, reassignment, or use of an independent contractor (all of which require specific written consent); insurance underwriting; and consideration of government-issued license or other government benefit.

Businesses that provide information to credit reporting agencies are required to ensure that the information they report is fair and accurate.  Part of this requirement is that the burden of proof falls on them in case of dispute – if an individual reports to a credit reporting agency that the information contained in their credit report is inaccurate, the furnisher of the information is required to either correct the inaccuracy or provide proof that the information is accurate within 30 days of being made aware of the inaccuracy.  They are also required to notify individuals of negative information that has been or is about to be reported to a credit reporting agency within 30 days.

Businesses that recieve and use information from credit reporting agencies are required to notify individuals if the information contained in the credit report contributed to a decision made that was not in the individual’s favor – for instance, if a loan or job application was denied, or a credit limit on an existing account reduced.  They are also required to notify the individual what credit reporting agency the information was recieved from, and how to contact them to verify the accuracy of their credit report.


If credit reporting agencies are going to collect information about you, it only makes sense that there are laws in place to make sure it’s accurate and that problems can be fixed quickly when they’re discovered.


Your privacy is closely protected by this law – there are very limited circumstances in which your information is permitted to be accessed, and there are specific fines and other sanctions laid out in the law, including punitive damages if your information is accessed improperly or adminimstrated improperly.


Check your credit report as often as you can.  Federal law allows you to recieve one free copy of your credit report from each of the three major credit reporting agencies (Trans Union, Experian, and Equifax) each year.  Information that appears on a report from one agency is likely to appear on the others, so if you rotate requests, you can get a copy of your credit report every four months.  If there’s anything on your credit report that is inaccurate in even the least little bit, IMMEDIATELY contact the credit reporting agency and dispute it.  You can not be penalized or punished for disputing information on your credit report even if it turns out the information is accurate.

finance law, part two



The Equal Credit Opportunity Act was enacted in 1974 to prevent banks and other financial organizations from discriminating on the basis of race, color, religion, national origin, sex, marital status, age, childbearing status, source of income, or whether the potential customer has exercised their rights under the CCPA – Consumer Credit Protection Act.  It requires banks and other financial institutions to follow certain guidelines about information collection, application processing, advertising, account service and maintenance, and communications.


When a bank or other financial institution is marketing or advertising their products, they can’t use any imagery or language that indicates any sort of preference for or against any of the protected classes.  Sexual orientation isn’t listed in the protected classes, which is an annoyance, but 1) I can’t recall hearing about banks refusing to write loans for GLBT types, and 2) that would be a different article in any case, so.  Moving on!

Note that exercising one’s CCPA rights IS among the protected classes, to banks and financial institutions are specifically prohibited from ‘shutting out’ people for insisting on legally entitled fair treatment.  The gist is that banks and other financial institutions can’t discriminate against people for their status in the above classes, and they can’t advertise or market their products and services in a way that makes people THINK they are.  The only thing they can use to make decisions on is creditworthiness – your credit score, ability to meet payments on a loan, stuff like that.

They are also forbidden from discouraging people to apply for products or services based on the above protected classes.  For instance, if you have kids, and go into a bank to apply for a car loan, they cannot tell you that you shouldn’t bother to apply because you have kids, your life is destined to be an unending torrent of chaos and disorder and they couldn’t be sure you’d pay them back.  You should never be discouraged from applying for products or services unless the basis of that discouragement is strictly creditworthiness – in practice, since they should only be checking your credit report (the major, although not sole, factor in determing creditworthiness) when they are processing your application, you should never be discouraged, period.  This includes verbal discouragement as well.

Banks are also forbidden from asking you for certain information like race, ethnicity, and sex on a loan application… sort of.  They do have to collect that information on the application (and quietly fill it out for you based on best-guess from the person taking the application if you decline to state) but are forbidden from using that information in the decisionmaking process.  The information is collected and used by regulatory agencies as a way to tell if discriminatory practices are being used – for instance, if a grossly out-of-whack proportion of the approved loans vs. denied loans are for white people, this would be an indicator that the bank is potentially engaging in discriminatory activities.  The bank or financial institution is permitted to use this data to keep an eye on itself for similar reasons – just never to use it as part of making the decision about extending credit, and never in the case of mortgages or other loans or transactions secured by a principal dwelling.  Marital status and sex are also collected for home purchase or refinance loan applications for similar purposes.

Marital status is another gotcha.  Generally, unless you’re in a community property state or you’re applying for something other than individual unsecured credit (Plain old loan.  Individual means it’s just for you, unsecured means you don’t put up any property or other collateral to guarantee the loan.), the bank or financial institution can’t ask that.  If they do ask, they can only ask in terms of ‘married’, ‘unmarried’, or ‘seperated’.  Asking if you’re divorced or widowed to make a decision on extending credit is forbidden.  However, if you are or have been married, you might have to give specific information about your spouse or former spouse under very specific circumstances – if your current spouse will be permitted to access the account or contracually liable for it; if you are relying on the income of your spouse, or alimony / child support / other maintenance payments from your spouse or former spouse; or if you are in a community property state (and your spouse therefore has certain rights and obligations to your assets).

If you almost meet the creditworthiness requirements, but not quite, the bank or financial institution may require a cosigner (or guarantor).  They are specifically forbidden from requiring or even suggesting that the cosigner be any particular person or relationship – the cosigner’s suitability can be assessed solely on the basis of creditworthiness.

If you’re not approved for the loan; or if your loan terms are changed in a way that is not favorable to you; or if you requested your loan amount be raised and it wasn’t approved; or your account was terminated, the bank or financial institution has to tell you in writing within 30 days, along with specific reasons why (at BARE minimum, a statement telling you that you have the right to this information and clear instructions as to how to get it, but this just adds a needless layer of complexity so practically nobody does this and instead just tells you), the name and address of the bank or financial institution, and the name and address of the regulating agency that oversees that activity.  If instead the bank or financial institution issues a counteroffer (saying no to your request, but offering something different instead) they can hold off on the ‘this is why we denied you’ notice – called an adverse-action notice – until 90 days after the counteroffer is issued.  Many banks and financial institutions make this simpler by just tacking the counteroffer to the original adverse-action notice since it saves a stamp and that way they have one less timer to worry about.

If you’re not approved for the loan because you goofed and forgot to complete the application, they need to send you a letter within 30 days either saying ‘no, you messed up the application, no loan for you’ or ‘look, dope, you forgot to put your name on here’ and giving you a reasonable timeframe to submit the information.  If you never give them the requested information, they don’t have to send you any more letters and can safely assume you don’t care to hear from them anymore.


It’s not fair for a bank or financial institution to decide not to float you a loan just because you’re black, or Muslim, or you have kids, or etc etc etc.  It’s also not fair – though a little less obviously so – for them to market or advertise in ways that directly or indirectly communicate that people shouldn’t bother applying if they are black / Muslim / parents / etc.


There’s a line drawn between inquiry and application – and it’s not as simple as ‘if you write it down, it’s an application’.  Basically, if you’re giving information to the bank or financial institution and they are either making a decision or recommendation based on that information, it’s an application for the purposes of the ECOA, even if it’s just talk.  Asking about interest rates?  That’s just an inquiry.  Saying you have a 2500 square foot house in the suburbs and a clean credit report and asking for a ballpark figure of a loan you could get for it?  That’s an application.  This is why bankers are maddeningly vague sometimes, the slightest verbal misstep can turn light conversation into the sort of thing that could land them huge fines and penalties if they say the wrong thing.

There are a few exceptions to protected classes.  Banks and financial institutions are allowed to take age into account if and only if they are using it to favor people 62 years old or older, and they’re allowed to take your job into account if it clearly impacts your ability to pay – a waiter, for instance, has a pretty good idea what sort of money they’re going to pull in on a monthly basis even though (since it’s mainly tips) they can’t commit to a precise figure, so that couldn’t be a factor.  Someone who does temp work, daily labor, or otherwise can’t reliably commit to even a general idea of what sort of money they’re going to bring in each month, though – that can be considered in the decisionmaking process.

If you’re securing a home loan with the home in question, the bank or financial institution is going to have the home appraised.  You have a right to this report, and they can choose to either give the report to everyone who applies, or tell applicants that they’re entitled to the information and give them clear instructions as to how to get it.


If you’re applying for a loan, and the loan officer asks the wrong questions, or you feel that the regulatory information was used improperly, you should give a holler to the regulatory agency (banks and financial institutions are required to tell you who this is) and get that fixed straight away.  You’ll be awarded actual damages, and punitive damages in certain situations.

If you’re applying for a loan, and the loan officer gives you the stinkeye because he found out that you took a bank to court over illegal practices before, that’s against the law.  Banks and financial institutions aren’t allowed to care if you’ve exercised your rights.

If you see an advertisement for a loan that says directly or indirectly that certain people shouldn’t apply based on – well, based on almost anything but creditworthiness, same thing.  Also, if they require a cosigner when your creditworthiness is sufficient for you to get the loan on your own, or if they request (or even suggest) a specific cosigner or specific relationship for the cosigner to be, that’s also actionable.  There’s no penalty or anything if you contact the regulatory agency for something that turns out to be completely legal, so feel free to hit them up if something seems shady.

finance law, part one

So for a new job, I’m having to learn about finance law – specifically, BSA, ECOA reg B, FCRA, FDCPA, GLB Privacy, TILA reg Z, and UDAP reg AA.

Woah there spaceman that’s a whole lot of alphabet soup

Yeah I know.  So what I’m going to do to help myself learn this a bit better and study for an upcoming test, is I am going to attempt to explain in blog posts just what all that stuff ACTUALLY MEANS in terms that ACTUAL HUMANS use.



The Bank Secrecy Act was enacted in 1970 (and further amended and modified in 1986 by the Money Laundering Control Act, in 1992 by the Annunzio-Wylie Money Laundering Act, and in 2001 by the US PATRIOT Act section 326) basically to combat money laundering.  In a general sense, it requires banks and other financial institutions to verify the identiy of their customers, keep records of those identities, keep records of certain transactions, and report details of certain other transactions to the IRS and other regulatory agencies.


Specifically, this means that when you go to the bank to open an account (or certain other types of financial transactions at other financial institutions), you have to bring solid ID.  Driver’s license, current or expired passport, state ID card, these all work JUST FINE.  If you’re a business, then you should bring the articles of incorporation, business licenses, etc etc.  Specific documentation requirements can vary slightly but will be pretty close to one another.

Also, if you’re depositing, changing, withdrawing, or otherwise doing SOMETHING with more than $10,000.00 of cash (or cash-similar negotiable instruments, like certified checks or foreign currency), the bank (or financial institution) has to collect certain details and report the details of the transaction to the IRS.  The details they have to collect are similar to the details collected when you open an account – name, address, SSN, accounts affected by the transaction, that sort of thing.  Note that deposits and withdrawals are counted seperately – you can’t avoid a CTR (Cash Transaction Report, the report we’re talking about here) by depositing $5,000.00 and withdrawing $11,000.00.  Depositing twelve grand in cash or certified funds to your bank account? CTR.  Walking in with a crate of $50 bills and changing them into a trunkload of singles? CTR (assuming we’re talking over $10,000.00 here).  Paying off your mortgage with a $15,000.00 bank draft?  CTR.

Note that this applies to all transactions in a day – two $6,000.00 deposits in the same business day will trigger a CTR just the same as a single $12,000.00 deposit.  Transactions that happen after close of business (hitting the ATM after hours, using the night deposit, etc.) are treated as happening on the next business day – so if you cram $6,000.00 into the ATM after hours, then deposit another $6,000.00 in the bank the next day, a CTR would be triggered.  It also applies to transactions across different accounts at the same institution or at different branches of the same institution – so a $6,000.00 deposit to your checking account in the bank branch near your house and a $6,000.00 deposit to your money market account in the bank branch near your office would still trigger a CTR.

This is not the only recordkeeping requirement – activity that seems ‘out of place’ from your regular account activity would trigger what’s called a SAR or Suspicious Activity Report.  There are a number of scenarios that can trigger this, but here’s a common one:  If you maintain a pretty regular balance with paychecks coming in and bills and whatnot going out, and suddenly you’re depositing $8,000.00 every other day without some sort of explanation being volunteered, the bank is going to notice and they are going to make a note of it.  The SAR is sent to the proper regulatory agency, and they’ll take a look at it, and if they smell a rat, they’ll find out what the scoop is.  The first step of this is usually your bank contacting you – ‘Hey we noticed that you’ve been depositing 24 grand a week just like clockwork lately, what’s up with that? Did you get a raise?’ – and only if you can’t come up with anything that sounds good will the feds get involved.  Mysteriously having huge amounts of money dropped into your lap isn’t illegal by any means – heck, maybe you’ve just reunited with a long-lost and pathologically generous uncle – but it can be a pretty strong indicator of shady behavior, so the feds are going to want to know what’s up.  There aren’t really hard and fast rules of what triggers an SAR and what does not – sure there are guidelines, but an SAR can be triggered by something as simple as a teller thinking something’s a bit weird.  Note that not only does your bank not have to tell you that it has filed an SAR, but it is specifically forbidden from doing so.

Purchases of certified funds over $3,000.00 are also recorded.  If you buy a cashier’s check for $4,500.00, the bank is going to need your name, address, SSN, and date of birth; and is also going to have to make a note of the details of the transaction (date, number of instruments purchased, their type and serial numbers, etc etc) in a logbook.


Like I said before, making large transactions isn’t illegal, but it can potentially be indiciative of illegal behavior.  Nobody is going to throw you in prison for paying off your mortgage all at once, but some dudes in suits might be a little curious as to where you got the bankroll for it, that’s all.


Oh, there’s special rules for foreign shell accounts too – those are basically accounts maintained in US financial institutions by foreign banks that don’t have branches in the US to help facilitate US operations.  Foreign banks are required to, you know, EXIST before shell accounts are allowed.  This prevents funds being hidden or laundered by claiming they’re the assets of a foreign ‘bank’ that exists only on paper and is really a fancy construct for someone’s hidden bank account.  They also have to show that they have an agent that is a US resident that is authorized to access the account and recieve legal service (subpoenas and whatnot) on behalf of the foreign bank, and keep contact information on file for that agent.  This way, they can’t get around reporting and other legal requirements by putting the government in the position of having nobody to ask questions of or hand legal process papers to.


If you’re opening an account at a bank, bring ID.  If you’re depositing or withdrawing some serious cash, don’t get steamed when it takes a little longer and you have to sign some extra stuff.  If your banking habits change significantly and suddenly, don’t be surprised if your bank gives you a holla to find out why.  (And no, nobody will think less of you if you quietly fantasize to yourself that somewhere, there’s a guy in a suit CONVINCED that you’re a James Bond villain maintaining a secret identity in suburban Poughkeepsie.)  And finally, if you’re a foreign bank, you need to jump through a couple extra hoops to open an account in the US – but if you’re a foreign bank, why are you reading my blog?