FCRA Business Verifications: An Introduction
September 5, 2008
FCRA Business Verifications: An Introduction
Editors Note: As many of you know, the credit bureaus developed a mandate in 2005 that all end users of their products (Credit Reports and Social Security Number Traces) must undergo a 3rd party site inspection by an approved vendor before they can receive their products and services. Global Compliance is an approved vendor of all three bureaus and has significant insight into the why’s, what’s and how’s. Enjoy! NF
In the compliance arena, public concern for data privacy has become increasingly visible through a surge of recent legislation, as seen by the enactment of HIPAA, OPPA, PIPEDA (Canada), Data Privacy Act (UK and Switzerland), Gramm-Leach-Bliley Act, and the FCRA.
The consumer reporting industry has been largely impacted by such legislation, most notably through the Fair Credit Reporting Act (FCRA). Anyone in the consumer reporting industry has become well acquainted with the FCRA’s mandate on Consumer Reporting Agencies (CRAs) to verify data accuracy and remove erroneous consumer information. Despite the ubiquity of material on this subject, information relevant to the Business Verification process (a process driven by the FCRA) is sparse and mostly available through primary sources and online advertisements. In response, this article provides an objective introduction to the Business Verification process to aid those affected by this requirement (i.e. those purchasing consumer information).
In short, business verification—often referred as a “site inspection,” “on-site inspection,” or “physical inspection”—is a surface-level inspection that aims to verify the legitimacy, substance, location, security, and intended purpose of a company requesting credit information. The practice is rooted in Section 604 of the FCRA (15 U.S.C. §1681b) with its mandate on CRAs and credit resellers to confirm the legitimate use of purchased credit information by their customers. The FCRA qualifies legitimate purpose of use in: a credit transaction, employment purposes, insurance underwriting, and provisioning of government-issued licenses. This section is aptly titled “Permissible Purposes of Consumer Reports.”
While there is no explicit mention of business verifications in the FCRA, the three primary credit bureaus have taken additional measures by requiring resellers, in addition to themselves, to inspect their customers through an approved and unaffiliated third party. Naturally, a number of vendors have sprung to life to offer onsite inspection services.
Requesting and Scheduling an Inspection
Once a vendor is selected, requests are submitted through an online request page. Upon receipt of the request, the vendor will assign the order to an inspector and make contact to schedule an appointment. Most business verification vendors now have a web-management page shared by inspectors and the reseller to troubleshoot issues that occur with scheduling the appointment.
The nature of the inspection is largely non-invasive and relies mostly on surface-level data collection. Questions such as: “Does the company have permanent signage?”; “Are customer files kept in locked file cabinets?”; and “Are computers password protected?” serve to verify that the company meets minimum security requirements and are the basic indicators that it is a legitimate company. The vendor can provide copies of the forms used by the three bureaus so that the reseller is aware of the questions being posed to their customers.
Interior and exterior photos must now be submitted to the three bureaus with slightly varying requirements. In general, photographs aim to determine if the location is a substantive business by capturing permanent signage, the office structure, locking file cabinets (to confirm the presence and security of customer files), and the computers where the data will be accessed. Government institutions and banking centers are typically excluded from this requirement.
Because of volume fluctuations and the need for nationwide coverage, vendors normally use independent contractors to conduct their work. Asking questions regarding contractor requirements and certifications employed by the vendor to ensure proper training and screening is highly recommended.
Since inspection criteria are dictated by the three credit bureaus (Equifax, TransUnion, and Experian), each has an approved form specific to their requirements. Often times the Consumer Reporting Agency will purchase information from two or more primary bureaus, and therefore the vendor conducting the on-site inspection must meet the requirements for each bureau. The third-party vendor in this case will either have the inspector complete multiple forms or use a universal form to meet the requirements. In the latter case, check with the vendor to ensure that the universal form has received approval from each bureau.
Upon completion of the inspection, the vendor will complete a superficial review of the form for consistency; however, the credentialing (i.e. approving the customer to receive credit information) is most often conducted by the Consumer Reporting Agency under the guidelines of the major bureaus. The inspector is simply collecting data to be reviewed by the Consumer Reporting Agency.
Best Practice Tips
With four parties (the Consumer Reporting Agency, the business verification vendor, the actual inspector, and customer) involved, knowledge of the process is imperative in order to anticipate possible setbacks. Some helpful tips on what to expect during a business verification are listed below:
- The need for verification should be confirmed by the consumer reporting agency so that the customer does not receive a surprise call from an inspector. Although the business verification is mandatory in most cases, notification of this requirement can be subtle or in some cases only mentioned in a buried contract reference.
- Customers will regularly inquire as to why they are being inspected and what exactly the inspector will be reviewing during the visit. Knowing that the inspection is merely a surface-level examination required of credit applicants and does not involve the reviewing of records, customer files, or proprietary information does much to qualm any fears that the process is invasive. Customers can often speak with their sales representative or the business verification vendor directly to be reassured that the credibility of their business is not in question.
- During the application process with the Consumer Reporting Agency, identifying the best-suited person to escort the inspector during the onsite inspection and his/her availability during that time should be confirmed. Doing so is key in avoiding delays, ensuring timely completion of the inspection, and continuing a clear communication path. Providing an alternate point of contact is an additional measure to help with a successful contact by the inspector.
- Confirming with the Consumer Reporting Agency that the address on file is the address where credit information is being accessed will also avoid confusion and a potential revisit by the inspector.
- If the business location of the customer is in an unusual area such as Ketchikan, AK or Tamuning, Guam for example, determining prior to setup that the business verification vendor has coverage of that area is another best practice to employ. If coverage is not available, the reseller can contact additional business verification vendors for their coverage availability. Confirming contractor availability will ensure a timely setup of customer’s account.
Onsite inspections can be a sensitive issue with the potential customer; however, being informed about the process will help assure that the customer will have a positive experience.
Please note the above information should not be taken as legal advice. One should always consult their corporate counsel for advice for maintaining FCRA compliance.
Michael Korvink manages the Field Research business unit at [Global Compliance](http://globalcompliance.com) which includes the FCRA business verification service. His experience includes program and project management, Six Sigma quality assurance, and regulatory affairs training.
Before joining the company, Mr. Korvink held teaching positions at the University of North Carolina at Charlotte in the International Studies and Liberal Studies departments. As an alumnus of the University of North Carolina at Charlotte, Mr. Korvink holds a Master’s Degree in International Studies and is a Notre Dame NSF research fellow.
For more information related to this topic please visit the following sites:[EmployeeScreenIQ Privacy Protection Policy](http://www.EmployeeScreen.com/privacy_protection.asp)
Latest posts by admin (see all)
- SterlingBackcheck Acquires EmployeeScreenIQ, a Global Provider of Background Screening Services - November 3, 2015
- Many Employers Not in Compliance With EEOC Criminal Records Guidance, EmployeeScreenIQ Research Shows - October 21, 2015
- The EEOC’s Criminal Background Screening Guidance 3 Years Later - October 8, 2015