Chamber Comments on CFPB's Proposal to Address Identity Theft and Coerced Debt

To Whom It May Concern: 

The U.S. Chamber of Commerce Center for Capital Markets Competitiveness (“Chamber”) appreciates the opportunity to comment on the Consumer Financial Protection Bureau’s (“CFPB”) Advance Notice of Proposed Rulemaking on “Fair Credit Reporting Act (Regulation V); Identity Theft and Coerced Debt” (“the proposal”).^[1]

 

The proposal states the CFPB has determined a rulemaking is warranted based on a petition from the National Consumer Law Center (“NCLC”). In the petition, the NCLC requested that the CFPB:

• Modify the definition of “identity theft” to include “without effective consent” to provide relief for persons with coerced debt and specify what constitutes effective consent.
• Modify the definition of “identity theft report” to reflect the modified definition of “identity theft.”
• Allow the modified definition of “identity theft” to enable persons with coerced debt to utilize the block of information resulting from identity theft.
• Clarify that no consumer reporting agency (“CRA”), including specialty CRAs, can refuse to block information under15 U.S.C. 1681c-2(c)(1)(C) if the consumer is a person with coerced debt.^[2]
  [2]​ ANPRM at 100922-23.
   

The CFPB requested comments on the petition, as well as other related topics, such as the documentation a person should be required to produce to show coerced debt and whether self-attestation mechanisms might be appropriate. The proposal specifies that the petition and comments received on it “persuasively suggest that amending Regulation V to specifically account for coercion, and absence of effective consent, in the definition of identity theft could enable survivors to regain control of their financial lives and further their physical safety and independence from abusers.”^[3]

The CFPB also has preliminarily determined that it has the statutory authority to define “identity theft.”^[4]

[4]​ Id.

 

Survivors of domestic violence and economic abuse encounter significant challenges, including the ongoing burden of coerced debt, and while the CFPB’s initiative to enhance protections for these vulnerable individuals in commendable, the   measures considered in the proposal risk extending beyond the statutory boundaries delineated by the Fair Credit Reporting Act (“FCRA”). The FCRA's primary purpose is to ensure the accuracy, fairness, and privacy of consumer information. Considering this intent, the CFPB must only implement consumer protection measures that are in accordance with the established tenets of the FCRA and must avoid potential overreach that could undermine the FCRA’s core objectives.

The integrity of the credit reporting system is predicated on the accuracy of credit reporting, which serves as a critical tool for financial institutions in assessing consumers’ creditworthiness. Expanding options for self-attestation of identity theft claims under the FCRA and reducing the threshold for verification could destabilize this essential framework. Without rigorous verification protocols, self-attestation opens avenues for inaccuracies and misrepresentations in credit reports, thereby obstructing financial institutions' capacity to make informed assessments of credit risk. It is, therefore, paramount to maintain stringent standards for credit reporting to preserve the reliability of the credit reporting system.

We accordingly ask the CFPB to consider the following points:

•  The requests included in the NCLC petition, if adopted into a proposed rule, would go beyond the scope of the FCRA.
• The ANPRM significantly increases the risk that bad actors will engage in “credit washing.”
• The CFPB should focus on addressing the inadequacies in the current Regulation V identity theft mechanism.
• The CFPB should withdraw the ANPRM.

I.               The requests included in the NCLC petition, if adopted into a proposed rule, would go beyond the scope of the FCRA.

The CFPB’s proposal suggests that the NCLC petition to amend the definition of “identity theft” under Regulation V to address coercion and lack of effective consent would be persuasive. However, such an amendment would significantly and impermissibly change the definition of identity theft in the FCRA to include coerced debt as a type of identity theft. It is crucial to differentiate between identity theft and coerced debt, as these concepts are not synonymous. The FCRA delineates identity theft as a specific instance of fraud that involves the unauthorized use of another individual's identifying information, particularly in cases involving stolen financial data, such as credit card information. The statute defines identity theft as “a fraud committed using the identifying information of another person.”^[5]

Identity theft is accordingly limited in the FCRA to the specific circumstance where one person uses or attempts to use the identity of another person. Identity theft under the FCRA does not include circumstances, for example, in which a person using their own identity is deceived or threatened into completing a transaction. Coerced debt resembles the latter situation, because it involves an individual using their own identity to make a transaction, even though that transaction lacks appropriate consent. As a result, coerced debt simply does not meet the definition of “identity theft” under the FCRA.

The CFPB does not possess the authority to address issues related to coerced debt through its statutory authority to implement the FCRA. The FCRA focuses on ensuring accurate and fair credit reporting, not on addressing broader issues like coerced debt. While Congress authorized the CFPB to regulate identity theft under the FCRA, coerced debt falls outside its scope. Expanding the FCRA to include coerced debt would require congressional action, as the CFPB cannot reinterpret the statute to regulate areas not explicitly authorized. Without clear legislative direction, the CFPB would exceed its regulatory authority. 

The petitioned expansion to include the phrase “without effective consent” also introduces new criteria that could result in significant variability in application, leading to inconsistent interpretations of the law. For example, varying standards among creditors regarding the acceptance of claims related to coercion could yield disparate outcomes, even within analogous fact patterns. Moreover, this broadened definition would necessitate the consideration of subjective assertions and interpersonal dynamics that exceed the purview of the FCRA. 

Introducing coerced debt into the identity theft framework would also add new complexities and result in consumer confusion. Identifying and resolving a claim of identity theft under the FCRA is a somewhat straightforward process—determining whether the individual who claims identity theft made the transaction. Introducing the concept of coerced debt into the existing framework for resolving identity theft claims would bring in a new requirement to make much more subjective assessments regarding the legitimacy of claims. Further, identity theft claims must be supported by certain documentation under the FCRA and Regulation V. Consumers who set forth coerced debt claims may not be able to provide the required documentation. As a result, processing coerced debt claims using the existing framework for identity theft claims could result in significant gaps. Consumers may struggle to obtain the relief the CFPB seeks for them, and CRAs and furnishers would likely face significant challenges in attempting to resolve coerced debt claims through their identity theft compliance mechanisms. Moreover, consumers would still be responsible for the actual debt obligation. Consumer confusion may arise if a consumer incorrectly believes that by removing the debt from their consumer report that they have also removed the underlying obligation to pay the debt.

Continue Reading Here

---

^[1]

​ See CFPB, Advance notice of proposed rulemaking; Fair Credit Reporting Act (Regulation V); Identity Theft and Coerced Debt, 89 Fed. Reg. 100922 (Dec. 13, 2024), https://www.govinfo.gov/content/pkg/FR-2024-12-13/pdf/2024-29292.pdf (hereinafter “ANPRM”).

^[2]

​ ANPRM at 100922-23.

^[3]

​ Id. at 100923.

^[4]

​ Id.

^[5]

15 U.S.C. § 1681a(q)(3).