Xerox Business Solution has been fined by the Consumer Financial Protection Bureau for issues stemming from defective software that sent erroneous information to consumer reporting agencies. More than 1 million consumers were affected.
The bureau claims that Xerox knew of the errors but failed to inform the lenders that were its clients. The CFPB and Xerox have entered into a consent order that will require Xerox to pay a $1.1 million fine.
This is another case of the CFPB targeting an entity under the Dodd-Frank Act that has no direct contact with consumers. As a vendor to five auto loan lenders, Xerox licensed a third-party software application designed to help lenders. Xerox customized the software for some clients. The software then reported data to credit reporting agencies.
Lenders then used that data when considering whether to issue a loan and on what terms. Defects in the software that Xerox used led creditors to report inaccurate information about consumers’ performance on their contracts. In 2016, its reports for more than one million of the auto creditors’ 6.4 million customer accounts had one or more errors. The CFPB claims that puts Xerox in.
Xerox allegedly compounded the issue by failing to disclose it to its clients after they knew the issue was serious and widespread. Xerox also failed to pass along information it learned from the software’s developer about upgrades needed to prevent mistakes, the bureau said. As a result, for years Xerox’s clients persisted in transmitting inaccurate information about borrowers and their accounts to the credit reporting agencies.
“Xerox provided flawed software that resulted in incorrect or incomplete credit reporting information on more than a million borrowers,” said CFPB Director Richard Cordray. “The company compounded the problem by keeping lenders in the dark about the defects. Mistakes on credit reports can greatly harm consumers, so we are ordering Xerox to fix its flawed systems.”
In addition to the fine, which will be paid into the CFPB’s Civil Penalty Fund, the consent order requires Xerox to describe the errors caused by its flawed software to its clients, inform lenders of any future potential or actual errors within 30 days of its discovery, and explain the correct use of the software to its clients each time the coding is revised. Also, Xerox must give the CFPB a plan showing that it will identify and fix all defects in its software, and ensure that the software will report accurate information to credit reporting agencies.