LogoInsurAItools
  • Reviews
  • Free Tools
  • Solutions
  • Categories
  • Compare
  • Glossary
  • Blog
  • Pricing
LogoInsurAItools
← Back to Glossary

Fair Credit Reporting Act (FCRA)

Federal law governing collection, accuracy, and use of consumer credit information—applicable to insurers using credit-based insurance scores in underwriting.

industryPublished 2026/06/07Last verified 2026/06/07

FAQs

Must an insurer provide an adverse action notice every time it uses a credit score in rating?
An adverse action notice is required when a consumer's application results in an adverse outcome attributable to the consumer report—being declined, charged a higher rate than the applicant would otherwise receive, or offered less favorable terms based on the credit report. It is not required for every instance of credit score use; it is required when the credit information contributes to an unfavorable underwriting or rating decision.
Can an insurer use information from social media as part of underwriting?
Social media use in underwriting is a legally complex area. If the insurer uses a third party to compile social media information into a consumer report, that report is likely subject to FCRA. If the insurer accesses publicly available social media directly, FCRA may not apply, but state insurance laws and unfair discrimination prohibitions still do. Using social media information as a proxy for protected characteristics creates significant algorithmic bias exposure.
How long must an insurer retain adverse action notices for FCRA compliance?
FCRA does not specify a specific retention period for adverse action notices, but the statute of limitations for FCRA claims (two years from violation discovery, five years from violation) suggests retaining records for at least five years. Some state insurance regulations impose additional record retention requirements that may exceed this baseline.

Related Terms

  • Algorithmic Bias

    Systematic unfair discrimination in AI or ML models disadvantaging protected classes—a critical compliance concern as insurers adopt predictive models.

  • Market Conduct Examination

    A formal state insurance department examination reviewing an insurer's business practices—claims handling, underwriting, and producer oversight—for compliance.

  • Gramm-Leach-Bliley Act (GLBA)

    Federal law requiring financial institutions, including insurers, to protect consumer financial information privacy and disclose their data-sharing practices.

  • Suitability

    The regulatory requirement that insurance products recommended to clients are appropriate for their financial situation, coverage needs, and risk tolerance.

Related Items

  • Verisk

    Claims intelligence, ISO forms and fraud scoring layer

LogoInsurAItools

Independent AI tool reviews for insurance agents and brokers

Product
  • Reviews
  • Free Tools
  • Solutions
  • Categories
  • Compare
Resources
  • Glossary
  • Blog
  • Pricing
  • Search
  • Collection
  • Tag
Company
  • About Us
  • Privacy Policy
  • Terms of Service
  • Sitemap
Copyright © 2026 All Rights Reserved.

The Fair Credit Reporting Act (FCRA), enacted in 1970 and substantially amended since, is a federal law regulating the collection, use, accuracy, and sharing of consumer credit information by consumer reporting agencies (CRAs) and the companies that use their reports. For the insurance industry, FCRA is directly applicable to the use of credit-based insurance scores in underwriting and rating, access to CLUE (Comprehensive Loss Underwriting Exchange) reports, and the use of consumer investigative reports in insurance transactions.

How It Works / Why It Matters

Permissible purpose: An insurer may access a consumer's credit report only for a "permissible purpose" under FCRA. Using credit information to underwrite or rate an insurance policy for which the consumer has applied is an explicitly permissible purpose. Using credit information for marketing (without a pending application) is a more restricted use, typically requiring an offer of insurance as part of a pre-screening program conducted under FCRA's specific rules.

Adverse action notices: When an insurer takes an adverse action based on information in a consumer report—including refusing to issue a policy, charging a higher rate, or offering less favorable terms than available to similarly situated applicants—FCRA requires the insurer to provide the consumer with an adverse action notice. The notice must identify the CRA that provided the report, state that the CRA did not make the adverse decision, advise the consumer of their right to a free copy of the report within 60 days, and advise the consumer of their right to dispute inaccurate or incomplete information.

Credit-based insurance scores: Credit-based insurance scores (CBIS) are models developed by companies like LexisNexis Risk Solutions and TransUnion that convert raw credit data into a score predictive of insurance losses. CBIS differ from credit scores used in lending—they are optimized to predict insurance claim frequency and severity, not creditworthiness. FCRA governs the underlying credit data used to generate CBIS; state insurance regulations further govern how CBIS can be used in underwriting and rating.

CLUE reports: CLUE (Comprehensive Loss Underwriting Exchange) is a CRA database maintained by LexisNexis Risk Solutions containing records of insurance claims filed by consumers. Because CLUE is a consumer report under FCRA, its use in insurance underwriting is subject to FCRA's permissible purpose, adverse action, accuracy, and dispute resolution requirements.

In Practice

A homeowners insurer uses a credit-based insurance score in its underwriting model. A consumer applies for coverage; the insurer orders a CLUE report and a CBIS from a CRA. The CBIS is unfavorable, and the insurer declines to offer coverage at standard rates—instead offering a policy at a higher rate tier.

Under FCRA, the insurer must send an adverse action notice to the consumer identifying the CRA, informing the consumer of their right to a free report copy, and noting their right to dispute inaccurate information.

State insurance score laws: Approximately 20 states have enacted specific laws regulating the use of credit-based insurance scores in underwriting and rating, sometimes going beyond FCRA requirements—prohibiting use of certain credit factors, requiring underwriters to re-run scores periodically, or requiring additional adverse action disclosures. Insurers using CBIS must comply with both FCRA and applicable state insurance scoring laws. This intersects with algorithmic-bias concerns, since CBIS have been shown to produce disparate impact on protected classes.

Verisk is a major provider of CLUE data and associated analytics used in property insurance underwriting workflows.

Related Concepts

FCRA intersects with algorithmic-bias (credit scores as potential proxy discrimination variables), market-conduct-examinations (which review adverse action compliance), and glba (which also governs consumer financial data privacy).