The Federal Trade Commission recently announced the settlement of its first enforcement action for alleged violations of the Fair Credit Reporting Act (FCRA) risk-based pricing rule (Rule). The settlement demonstrates that the FTC remains focused on FCRA enforcement even though it shares FCRA enforcement authority regarding nonbanks with the Consumer Financial Protection Bureau. In addition, the settlement serves as a reminder of the need for companies to review their policies and procedures for compliance with the Rule. 

Under the settlement, Time Warner Cable (TWC) agreed to pay a civil penalty of $1.9 million to settle charges that it failed to provide risk-based pricing notices to consumers who were required to submit a security deposit or advance payment of the first month’s bill as a condition of receiving cable television, high-speed Internet, or other technology services. The FCRA requires a creditor to provide such a notice to a consumer when, based on a consumer report used in connection with a credit application, the creditor grants credit on terms materially less favorable than the most favorable terms obtained by a substantial portion of consumers. 

For purposes of the FCRA, "credit" means a "right granted by a creditor to an applicant to defer payment of a debt or to incur debt and defer its payment or to purchase property or services and defer payment therefor." TWC was considered to be a creditor receiving applications for "credit" from consumers because it permitted consumers to defer payment for the services purchased.

A risk-based pricing notice must inform the consumer that the credit terms offered were based on information in a consumer report. It must include certain other information, such as a statement that such credit terms may be less favorable than the terms offered to consumers with better credit histories and, if the consumer’s credit score was used in setting the material terms of credit, a credit score and related information. (A risk-based pricing notice containing similar information also is required when an account review results in an increase in the consumer's annual percentage rate (APR) based on information in a consumer report.)

Although the FTC and CFPB share FCRA enforcement authority regarding nonbanks, the Dodd-Frank Act transferred most FCRA rulemaking authority to the CFPB. Before the transfer, the FTC and Federal Reserve Board had jointly adopted risk-based pricing rules that first became effective on January 1, 2011, and were subsequently amended effective August 15, 2011, to add the disclosure of credit score information. Those rules were consolidated in the Rule, which is now part of the CFPB's Regulation V (12 CFR Part 1022) that incorporated the FCRA rules of the FTC and federal banking agencies. 

In addition to imposing the $1.9 million civil penalty, the settlement enjoins TWC from failing to comply with the Rule and, for 10 years, requires TWC to create various records, each of which must be retained for five years. Those records include accounting records showing revenues from all goods and services sold to consumers in transactions in which a credit report or credit score was considered, certain information for transactions in which a consumer report or credit score resulted in increased cost to the consumer (such as records showing the total dollar value of the increased costs), and personnel records for each person involved with risk-based pricing notices.

Attorneys in Ballard Spahr’s Consumer Financial Services and Privacy and Data Security Groups regularly advise clients on FCRA compliance and defend clients in FCRA lawsuits. The Consumer Financial Services Group is nationally recognized for its guidance in structuring and documenting new consumer financial services products, its experience with the full range of federal and state consumer credit laws, and its skill in litigation defense and avoidance (including pioneering work in pre-dispute arbitration programs).

The Privacy and Data Security Group includes experienced lawyers who help clients navigate the many laws designed to safeguard health, financial, and other private information; counsel clients on compliance, data mining, online marketing, and mobile privacy; and assist clients in responding to security breaches.

For more information, please contact CFS Practice Leader Alan S. Kaplinsky at 215.864.8544 or, or John L. Culhane, Jr., at 215.864.8535 or

Copyright © 2013 by Ballard Spahr LLP.
(No claim to original U.S. government material.)

All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, including electronic, mechanical, photocopying, recording, or otherwise, without prior written permission of the author and publisher.

This alert is a periodic publication of Ballard Spahr LLP and is intended to notify recipients of new developments in the law. It should not be construed as legal advice or legal opinion on any specific facts or circumstances. The contents are intended for general informational purposes only, and you are urged to consult your own attorney concerning your situation and specific legal questions you have.

Related Practices

Consumer Financial Services
Privacy and Data Security


Visit CFPB Monitor, our blog on the Consumer Financial Protection Bureau >

Subscribe to the blog >

Subscribe to the Mortgage Banking Update and legal alerts >