Business Transactions Archives

The Fair Credit Reporting Act and Commercial Transactions

Does the Fair Credit Reporting Act (FCRA) apply to commercial transactions?

Although the FCRA is generally limited to consumer-purpose transactions (e.g., those primarily for personal, family, or household purposes), there is no straightforward answer regarding commercial transactions. This is because the FCRA defines a “consumer” as just an “individual.” The FCRA does not require the consumer/individual to obtain the loan specifically for a consumer purpose. Whether and how the FCRA applies depends on the facts and circumstances regarding the commercial transaction.

Commercial Loans, Personal Liability, and the Permissible Purpose Requirement

When an individual applies for a loan primarily for personal, family, or household purposes, the lender has a permissible purpose under the FCRA to obtain the individual’s consumer report.

However, a commercial transaction does not give rise to a permissible purpose except for a report on an individual – such as a sole proprietor or principal of a company – who will be personally liable for the debt. In a Federal Trade Commission (FTC) staff opinion letter dated in 2001, the FTC stated that “it is reasonable to view a business transaction in which an individual has accepted personal liability for the business debt as involving the consumer, thus providing a permissible purpose for the lender to obtain a consumer report under Section 604(a)(3)(A).”

A follow-up question is whether the commercial loan application itself is enough of a permissible purpose when the individual is only a guarantor and not otherwise related to the transaction or debtor. Another 2001 FTC opinion letter concluded that if an individual has any personal liability on a business loan, including just a guarantee, there would be a permissible purpose by means of the application for credit.

These opinion letters have been reaffirmed in subsequent FTC publications.

As a caveat, however, it is important to remember that these opinion letters are merely informal guidance and are not binding on the FTC, the courts, or other governmental regulators. That is why we think the best practice is to get written authorization from the individual (another form of permissible purpose under the FCRA) before preparing the report.

Reporting Adverse Information

When the FCRA applies to a commercial transaction, the restrictions for reporting adverse information should be followed. The restrictions generally prohibit reporting adverse information that pre-dates the report by seven years. Bankruptcies that pre-date the report by 10 years cannot be reported. Criminal convictions can be reported regardless of the date.

The FCRA also provides an important exemption to these reporting restrictions. If a credit transaction involves, or may reasonably be expected to involve, a principal amount of $150,000 or more, the restrictions on reporting adverse information do not apply.

Adverse Action Notice

When the FCRA applies to a commercial transaction, does the adverse action notice requirement apply? The general rule in the FCRA is that if the lender obtains a consumer report and takes adverse action based, in whole or in part, on any information in the report, the lender must give the consumer an adverse action notice. Therefore, in the commercial context, the lender should give the consumer an adverse action notice if the loan application is denied.

What about guarantors? Although the FCRA is silent on whether guarantors are included for purposes of an adverse action notice, the FTC clarified the issue in a 2000 advisory letter. If the consumer is only a guarantor (i.e., secondarily liable on the loan), then an adverse action notice would not be required to be provided to the guarantor. This is true even if the application is denied based on information in the guarantor’s consumer report.

|Business Transactions, Compliance Corner|

Company Legal Name v. DBA

Every business has a “legal” or “true name.” When researching a company, it is important to identify its legal name. In the case of a corporation or limited liability company, the legal name is the one on its formation document — e.g., the articles of incorporation or articles of organization. As an example, Scherzer International’s legal name is Scherzer International Corporation.

If the company does business under another name, it is commonly referred to as a DBA – which stands for “doing business as.” DBAs are also sometimes referred to as an “assumed name,” “fictitious business name,” or “trade name.” State and local laws generally require a company to register a DBA it is using; however, it is important to note that registering and doing business under a DBA name is not the same as forming a business or a business entity.

|Business Transactions, Compliance Corner, Guidance|

The Swiss-U.S. Privacy Shield Framework is approved

The Swiss-U.S. Privacy Shield Framework (the “Framework”) made its debut on January 12, 2017 without much fanfare when Swiss federal councillor Johann Schneider-Ammann announced the Framework’s approval as a valid legal mechanism to comply with Swiss requirements for transferring personal data from Switzerland to the United States. The Framework, designed by the U.S. Department of Commerce (the “DOC”) and the Swiss government to align with the EU-U.S. Privacy Shield, will immediately replace the U.S.-Swiss Safe Harbor. The DOC will begin accepting self-certifications starting April 12, 2017 to give organizations ample time to review the new Framework’s principles and compliance requirements. For more of Scherzer International’s coverage of the EU-U.S. Privacy Shield, click here.

|Business Transactions, European Union, International, Legislation, Privacy, Risk Management|

European Commission Adopts EU-US Privacy Shield as Replacement for EU-US Safe Harbor Framework

What this is about	On July 12, 2016, the European Commission formally adopted the EU-US Privacy Shield (the “Privacy Shield”) which will provide organizations a mechanism to comply with EU data protection requirements when transferring personal data from the EU to the US. This new privacy framework reflects the requirements set out by the European Court of Justice in its October 2015 landmark decision in Maximillian Schrems vs. Data Protection Commissioner, which declared the EU-US Safe Harbor privacy regime invalid.
Privacy Shield overview:	The framework provides a set of robust and enforceable protections for the personal data of EU individuals, as well as transparency regarding the use of such data by participating companies, strong US government oversight, and increased cooperation with EU data protection authorities. For more information, see US Department of Commerce (“DOC”) factsheet and FAQs.
Joining the program:	The DOC will start accepting self-certifications beginning August 1, 2016. Organizations must identify and register with an independent dispute resolution provider prior to submitting their self-certification.
About self-certification:	The decision to participate in the program is voluntary; however, once an organization publicly commits to comply with the framework’s principles through self-certification, that commitment is enforceable under US law by the relevant authority–either the US Federal Trade Commission or the Department of Transportation. To receive the Privacy Shield’s benefits, an organization must self-certify annually to the DOC that it agrees to adhere to the framework’s requirements, based on the privacy principles that include notice, choice, access, and transfer accountability. See the DOC’s guide for more information about participation and compliance requirements.

Disclaimer: This communication is for general informational purposes only, and does not constitute legal advice. No recipient should act, or refrain from acting, on the basis of any information provided here without advice from a qualified attorney licensed in the applicable jurisdiction.

For further information, please contact us at 1-866-723-2287.

|Business Transactions, European Union, Security|

Tenant screening laws update: passing background check costs to the applicants

The states of Washington and Oregon recently enacted laws in connection with tenant screening. Among the provisions in both Washington’s RCW §59.18.257 and Oregon’s OAS §90.295, is that the entire cost of the background check can be charged to the applicant, if the screening is performed by a consumer reporting agency (“CRA”). However, if the landlord conducts the background check, it may not charge in excess of the customary fees of the CRAs in its geographical area.

Notably, California’s Civil Code §1950.6(b) provides that a landlord cannot charge (or pass-through) to the applicant more than $30 for a background check. This application screening fee may be adjusted annually by the landlord or its agent commensurate with an increase in the Consumer Price Index. (The current adjusted amount is $41.50.)

|Business Transactions, Legislation|

SEC rule amends certain broker/dealer reporting, audit and notification requirements

The amendments issued by the Securities and Exchange Commission (the “SEC”) last month include:

a requirement that broker-dealer audits be conducted in accordance with standards of the Public Company Accounting Oversight Board (the “PCAOB”) “in light of explicit oversight authority provided to the PCAOB by the Dodd-Frank Wall Street Reform and Consumer Protection Act to oversee these audits;”
a requirement that a broker-dealer that clears transactions or carries customer accounts agree to allow representatives of the Commission or the broker-dealer’s designated examining authority (“DEA”) to review the documentation associated with certain reports of the broker-dealer’s independent public accountant, and to allow the accountant to discuss the findings relating to the reports with those representatives when requested in connection with a regulatory examination of the broker-dealer; and
a requirement that a broker-dealer file a new form with its DEA that elicits information about the broker-dealer’s practices with respect to the custody of securities and funds of customers and non-customers.

|Business Transactions, Legislation|

“Misspelling to defraud,” a case study from our files

The subject’s biography provided along with our client’s request for due diligence in connection with a private equity funding transaction was ridden with misspellings. And it did not say much, apart from boasts of professional accomplishments and financial success, and the subject’s self-description of being a “people-person who likes to travel.” But even with the biography’s vague statements and typos, our research quickly found that the subject’s company, which contained a transposed letter in its name, was affiliated with a Mexican multi-level marketing operation whose executives were recently arrested or are wanted by authorities for setting up allegedly fake websites whereby they defrauded investors for millions of dollars. As our research continued, we located media reports and online documents which indicated that the fraud spanned across three continents, and involved at least four other entities closely held by the subject, whose names were not listed in the biography. And according to various government sources, there is also mounting evidence of money laundering. Our client, although somewhat surprised by our findings, immediately halted the funding transaction.

|Business Transactions, Fraud|