Peopletrail Logo

What Is FCRA Compliance?

Blocks on a table with the letters FCRA. Compliance concept.

Key terms:

Consumer Reporting Agency (CRA): Any person or entity that procures or furnishes consumer information (particularly credit or criminal history information) on a non-profit or for-profit basis. Common examples of CRAs include credit bureaus and background screening companies.

Consumer Report: Information collected by a CRA and used by employers, creditors, or other parties in order to determine job eligibility or credit worthiness. Common examples include credit reports and background checks.

Federal Trade Commission (FTC): An independent agency of the U.S. government tasked with upholding and enforcing certain acts of federal legislation including the FCRA.

Consumer Financial Protection Bureau (CFBP): Like the FTC, the Consumer Financial Protection Bureau is primarily concerned with consumer protection and is likewise tasked with enforcing the FCRA.

Providing Some Context

Imagine trying to apply for a home loan only to find out there are dozens of long-since-resolved or erroneous records on your credit report, ultimately resulting in your application being denied.

Now, imagine being powerless against these credit report inaccuracies. They will simply remain until the credit bureaus see fit to remove them. On top of it all, the bureaus deny you access to your credit report information. Only lenders are able to access your personal (and potentially incorrect) credit data. Some lenders may be kind and clue you in as to why you’re failing your credit checks, however, they are under no obligation to do so.

For years, you are unable to find loan approval or enjoy reasonable rates due to factors outside of your control while also being unable to access the data that will tell you where things are going wrong.

This could very well be your state of affairs in a world without FCRA compliance regulation.

Loan application denied

Let’s take a step back in time.

Up until the mid to late 1960s, most employers and financial institutions were making employment/lending decisions in good faith alone. An individual’s credit and criminal history were not being intentionally tracked and reported as they are today.

With time, there began to be more of a focus on consumer data collection for the purpose of providing more insights to institutions, such as banks and employers. 

As data, not good faith, became the basis by which institutions made judgments about everyday people, issues of data integrity began to arise. Who was regulating this information and what right to action did consumers have against it in the event of error?

FCRA Compliance Overview: What You Should Know

Enacted in 1970, the Fair Credit Reporting Act (FCRA) worked to set parameters and implement guidelines with the sole purpose of promoting the accuracy, fairness, and privacy of consumer information.

This act of legislation clearly defined consumer rights as well as consequences for infringement. Here are a few important takeaways regarding consumer rights under the Fair Credit Reporting Act

FCRA Consumer Rights Overview


1. An individual has the right to be told if information in their consumer report has been (or will) be used against them. 

Example: A prospective hire must be duly informed if a prospective employer makes a hiring decision based on the results of their background check.

2. An individual has the right to know what is on their file. 

Example: Credit bureaus cannot knowingly withhold credit information when requested by an authorized individual. Additionally, consumers are entitled to free file disclosure if: 

  • Adverse action has been taken against the individual because of information in their
  • credit report;
  • The individual is a victim of identity theft and a fraud alert is placed in their file;
  • The individual’s file contains inaccurate information as a result of fraud;
  • The individual is on public assistance;
  • The individual is unemployed but expects to apply for employment within 60 days.

3. An individual has the right to ask for a credit score. 

Note that this does not say consumers are always entitled to free credit scores. Much of the time, it will be made available after a small fee has been paid.

4. An individual has the right to dispute inaccurate information. 

Example: Let’s say you order a credit report and notice a late payment that doesn’t belong to you, or perhaps you spot a collection that was resolved a decade prior. You reserve the right to formally dispute this inaccurate or unverifiable information with the credit bureaus and they will be legally bound to respond to your dispute, correcting or removing all errors (usually) within a period of 30 days.

5. An individual must give consent for reports to be provided to employers. 

Example: An employer cannot conduct a background check on a new hire without the express consent of the candidate.

6. An individual may seek damages from violators. 

Consumers have the right to action against violations of the FCRA.

Who Is Responsible?

It’s important to note that the FCRA regulates CRAs, specifically. It doesn’t regulate all forms of consumer data. For example, the FCRA has nothing to do with ensuring the integrity of online information such as passwords, transactional data, payment credentials, etc.

When talking about pre-employment screening, the CRA is the background screening company. However, the employer also has a duty to comply. Let’s take a look at the primary responsibilities of both the CRA and the employer.  

CRA Responsibilities


1. Consumer reporting agencies must correct or delete inaccurate, incomplete, or unverifiable information. 

As is the case with credit bureaus, individuals have the right to dispute inaccuracies on their background check reports. Once a formal dispute is opened, the background screening company is then obligated to resolve the dispute within a reasonable amount of time (usually 30 days).

2. Consumer reporting agencies may not report outdated negative information.

Information changes over time. Perhaps a collection is settled or criminal charge disposition changes from pending to dismissed. CRAs are responsible for ensuring the integrity of their data to the highest possible degree. Again, there will likely be mistakes that can be handled by following the proper dispute protocol. However, these mistakes should very much be the exception. 

3. CRA must obtain proper consent and authorization.

A CRA cannot provide any information to employers (or potential employers) without the individual’s written consent. Depending on an individual’s state of residence, the background screening process may require further authorization.

SHRM provides more helpful insights regarding the legalities surrounding background screening that can be found here.

Employer Responsibilities


1. If adverse action is to be taken against a prospective hire, the employer must inform the individual of any consumer report information that is being used against them.

For this item, compliance is achieved through the dispatch of pre-adverse and adverse action letters at appropriate times during the hiring process. Pre-adverse action letters simply inform an individual that adverse action may be taken against them. Adverse action letters are sent following a decision not to hire on the basis of negative background check information.

As far as the FCRA is concerned, it is the sole responsibility of the employer to manage this process and many are unaware of this duty to FCRA compliance.

2. State and federal regulations determine what information can and cannot be used in a hiring decision. 

Each state has its own opinion when it comes to what consumer data can and should be used in a hiring decision. For crimes processed in California, for example, no charges (convictions included) older than 7 years can be used in a hiring decision. If the employer is unaware of California hiring laws, lawsuits could possibly result.

This is another facet of FCRA compliance that falls completely on the employer. However, a good screening partner can take a lot of weight off the shoulders of hiring managers when it comes to their duties under the FCRA. I will explain how in just a moment.

Examples of Non-Compliance in Background Screening

Here are the most common ways CRAs and Employers fall out of compliance with the FCRA (whether knowingly or unknowingly).

Top CRA Examples

  1. Failure to obtain proper disclosures.
  2. Failure to properly verify potential records.
  3. Reporting of expunged or sealed records.
  4. Failure to remove inaccurate information after a dispute has been initiated. 

Top Employer Examples

  1. Failure to send an adverse action notice.
  2. Taking adverse action based on records that can’t lawfully be used in a hiring decision.

How Some CRAs Work to Keep Employers FCRA Compliant

Reliable background screening extends far beyond the data alone.

If you handle the hiring within your organization and are not an expert on hiring laws state-by-state, it is very important you choose a screening partner that is willing to help you stay FCRA compliant.

It is not the responsibility of the CRA to remove all non-actionable information from each report. It is not the responsibility of the CRA to help automate and facilitate pre-adverse action letter processes. For this reason, most screening companies don’t take the time to do so.

However, there are a number of screening companies, particularly those that are PBSA accredited, that set higher FCRA compliance standards than are required by law. If you are looking for a screening partner that puts particular emphasis on compliance, begin with those that hold a PBSA accreditation, then inquire as to their dedication to employer compliance.


In summation, FCRA compliance is a set of consumer data protection laws that also very much applies to CRAs and employers.

The first step to compliance is better understanding the laws themselves, what purpose they serve, and how they affect each involved party.

The FCRA gives the consumer right to action against individuals or entities who fail to comply which is why it is very important for CRAs and employers alike to stay up-to-date on pertinent laws and regulations.

Are you an employer in need of more FCRA compliance and related resources? Check out this compliance resource page.

Want to Reach Out to Us?

You can contact us here.

DISCLAIMER: The information provided by Peopletrail in this article is for general information purposes only. Peopletrail and their representatives are not lawyers; nothing on this website or provided by Peopletrail should be deemed as legal guidance or advice. All information in this article is provided in good faith, however, we make no representation or warranty of any kind, expressed or implied, regarding the accuracy, adequacy, validity, reliability, and availability or completeness of any information on our site. Users are solely responsible for complying with all local, state, and federal laws as they may relate to any information provided by Peopletrail. Peopletrail recommends the utilization of a competent legal representative for any legal issues.

Under no circumstance shall we have any liability to you for any loss or damage of any kind incurred as a result of the use of the site or reliance on any information provided on the site. Your use of the site and your reliance on any information on the site is solely at your own risk.

Share our Blog