Discussions here at the bank regarding whether or not red flags/alerts on an applicants credit bureau need to be identified and resolved/cleared for those applicants in which the application does not result in loan origination (e.g. denials). If this is required or addressed in the regulation, can someone please point me to the regulatory language that addresses this. Thank you!

I don't have or know the regulatory answer for you. However, I do not clear or address these issues on denials for a logistical reason. Hey, no loan for you but can you tell me why your addresses doesn't match your id? and can you provide address verification for me...right. Its hard enough to get any information out of people we do loan money to. Just my humble opinion. If I am asked in regards to it? yes, I will always try and address alerts and concerns on credit bureaus with current and potential customers. How's that for a pc answer?

The correct answer is yes, you have to try and resolve them. The issue is, if this is really identity theft, denial of the loan has no impact on your requirement to ensure you are dealing with the actual person in the report.

From the Red Flag Q&A issued in 2009:

2. If the user plans to deny the consumer’s application to open a new account on the basis of information in a consumer report, must a user that receives a notice of address discrepancy take steps to establish a reasonable belief that the consumer report it has obtained relates to the consumer?

Yes. If a user plans to deny the consumer’s application based on a consumer report, the user must take steps to ensure that the consumer report on which it is relying pertains to the consumer.

I just created procedures for approved/originated and declined/withdrawn applications. There are additional steps (request utility bill, update with the credit bureau) for a loan that is going to be originated then for a decline. At a minimum, I think efforts should be made with a decline to ensure the adverse action notice is sent to the correct person/address.

I know this is a really old post, but what is the interpretation on denials that originate through an indirect auto dealer? Do we as the bank need to address those red flags since we are pulling credit and there is something on there that may be a discrepancy? If yes, do you simply ask the dealer what they did to address the red flags on their end and then document the file or are you going above that do document it was researched?

To add on, the loan is made in the bank's name. We pull our own credit report, and make the decision to finance or not. FAQ 9 addresses indirect lending but only for purchased loans.

https://www.federalreserve.gov/newsevents/pressreleases/files/bcreg20090611a1.pdf

9. How do the Red Flags Rules apply to indirect lending? Is a consumer loan that is
purchased by the financial institution or creditor (e.g., a mortgage loan or car loan) a
“covered account?”

A consumer loan, such as a mortgage or auto loan, is covered under the first part of the “covered
account” definition (set out above under II.B.1) to the extent that it is “an account that a financial
institution or creditor offers or maintains, primarily for personal, family, or household purposes,
that involves or is designed to permit multiple payments or transactions.”
In the case of such loans, the financial institution or creditor that initially extends credit to the
consumer is responsible for applying its Identity Theft Prevention Program to the opening of that
covered account. If that loan is purchased by another financial institution or creditor, then that
entity becomes responsible for applying its Identity Theft Prevention Program to the loan as an
existing covered account.

"To add on, the loan is made in the bank's name."

That says it all. The FAQ I quoted in 2016 applies. How you go about that when working with a dealer relationship is a business decision. But all of that should be outlined in your dealer agreements.

The dealer agreement just says we will both comply with all laws and regulations, the bank is responsible for conducting credit investigations of prospective customers, and then they sign a separate document stating that they will have a ID Theft Red Flag program. I don't believe that gets us off the hook for investigating and documenting. As always, thank you for the input Randy.