On November 22nd, the CFPB issued a press release announcing that a stipulated final judgment and order (Order) were filed in the U.S. District Court for the Southern District of New York against Sterling Infosystems, Inc. (Sterling) to resolve allegations that the employment background screening company violated the Fair Credit Reporting Act (FCRA). The CFPB’s complaint alleged that Sterling’s internal procedures violated the FCRA by:
- Creating a heightened risk that its consumer reports would include criminal records belonging to another individual with the same name as the applicant because Sterling used only two personal identifiers to match criminal records to an applicant,
- Failing to ensure that public record information that was included in the consumer reports was complete and up to date,
- Not notifying consumers that public record information was being reported,
- Reporting adverse information about consumers outside of the allowable reporting period of seven years, and
- Incorporating “high risk” indicators from a third party source without verifying the accuracy of such designations.
If the Order is entered by the court, Sterling will be required to pay $6 million in monetary relief to affected consumers whose employment opportunities may have been adversely affected by Sterling’s practices and a $2.5 million civil money penalty to the CFPB. The Order also includes injunctive relief to prevent the claimed illegal conduct from recurring. Among other requirements set forth in the Order, Sterling must remain registered on the CFPB’s Company Portal for at least five years and establish a Compliance Committee that will be responsible for overseeing compliance with the Order.
This is a stark reminder that the CFPB’s enforcement jurisdiction extends to all entities subject to the FCRA’s requirements, regardless of whether the entity is a bank or non-bank company providing consumer financial services. It is also a reminder that both the creation of employment background screening reports and the use of such reports by employers when making personnel decisions triggers FCRA compliance obligations. The CFPB previously entered into a consent order with providers of employment background screening reports to settle alleged FCRA violations.