ABA Banking Journal
No Result
View All Result
  • Topics
    • Ag Banking
    • Commercial Lending
    • Community Banking
    • Compliance and Risk
    • Cybersecurity
    • Economy
    • Human Resources
    • Insurance
    • Legal
    • Mortgage
    • Mutual Funds
    • Payments
    • Policy
    • Retail and Marketing
    • Tax and Accounting
    • Technology
    • Wealth Management
  • Newsbytes
  • Podcasts
  • Magazine
    • Subscribe
    • Advertise
    • Magazine Archive
    • Newsletter Archive
    • Podcast Archive
    • Sponsored Content Archive
SUBSCRIBE
ABA Banking Journal
  • Topics
    • Ag Banking
    • Commercial Lending
    • Community Banking
    • Compliance and Risk
    • Cybersecurity
    • Economy
    • Human Resources
    • Insurance
    • Legal
    • Mortgage
    • Mutual Funds
    • Payments
    • Policy
    • Retail and Marketing
    • Tax and Accounting
    • Technology
    • Wealth Management
  • Newsbytes
  • Podcasts
  • Magazine
    • Subscribe
    • Advertise
    • Magazine Archive
    • Newsletter Archive
    • Podcast Archive
    • Sponsored Content Archive
No Result
View All Result
No Result
View All Result
ADVERTISEMENT
Home Compliance and Risk

ABA Compliance Center Inbox, March/April 2016

March 7, 2016
Reading Time: 5 mins read

Q:

I understand that a new law has impacted my bank’s annual notice requirements under the privacy law. Where can I find that information?

A: On Dec. 4, President Obama signed the Fixing America’s Surface Transportation Act. Included in the legislation—now Public Law No: 114-94—is Title 75, which creates a new exception to the annual privacy notice requirement under the Gramm-Leach-Bliley Act of 1999 (GLBA).

 

Q: To what part of the GLBA does the FAST Act apply?
A: It applies to the requirement to send annual privacy notices to your customers. It does not affect the initial notice requirements under the GLBA or the regulation.

 

Q: When can I stop sending my annual privacy notices?
A: The FAST Act was signed on Dec. 4, 2015. This provision was effective immediately upon signing.

 

 

Q: Under what circumstances can I forego sending my annual privacy notice?
A: In order to take advantage of the change, your bank must meet two conditions. First, your financial institution must not have changed its policies and practices with respect to the disclosure of nonpublic personal information since its most recent privacy notice to customers. Second, your financial institution must only share information under one of the existing statutory or regulatory exceptions listed in §§1016.12-15 of Regulation P.

 

Q: Are there any customer notification requirements, such as the one mandated by the Consumer Financial Protection Bureau’s alternative delivery system?

A: No.

 

 

Q: What is the difference between the CFPB’s 2014 regulatory changes regarding the alternative delivery system and the FAST Act provisions?

A: Last year, the CFPB issued an amendment to the regulations that allowed a financial institution to post its privacy disclosure notice on its website once a series of conditions had been met. The regulatory change did not eliminate the requirement to provide an annual notice. Instead, the Bureau’s rule was an alternative way to deliver that notice.

The FAST Act, which is a simpler approach that ABA has long supported, eliminates the requirement to send annual privacy notices as long as two simple conditions are met. Under the FAST Act, if you haven’t changed your information sharing and you only share under one of the existing exceptions (see page 50), no notice at all must be delivered. Essentially, the FAST Act has made the Bureau’s alternative delivery mechanism no longer necessary.

 

Q: Regulation P still states that the annual notice is required. Will I be cited by my regulator if I stop sending my annual notices?

ADVERTISEMENT

A: Current regulations have not yet been amended and no guidance has been issued by the regulatory agencies. If a financial institution satisfies the two conditions in the FAST Act, it can elect not to send the annual notice. Technically, this does not comply with current regulations, but it is difficult to imagine an examiner citing the bank for a regulatory violation when the regulation is inconsistent with the law.

 

Q: The privacy notice contains information about my sharing practices with my affiliates. Did that change as well?

A: While the law changes the annual notice requirement under GLBA, the FAST Act did not change the provisions that apply to information sharing with affiliates. Those disclosures are subject to the provisions of a different statute, the Fair Credit Reporting Act (FCRA).

 

Q: Which sections of the FCRA will impact my bank’s notice requirements?

 

A: There are two sections of the FCRA that impact information sharing with affiliates that are currently disclosed as part of the GLBA privacy notice. FCRA section 603 allows a financial institution to share a customer’s transaction and experience information with an affiliate in any instance and the customer does not have the right to opt out from that information sharing. Section 603 also allows an affiliate to share other customer information, including information about credit-worthiness, with another affiliate but only if the consumer is given notice and an opportunity to opt out.

FCRA Section 624 allows an affiliate to use the information it has obtained from another affiliate within the corporate family for marketing purposes only if the customer has been provided with a clear, conspicuous and concise notice and an opportunity to opt out from the sharing. Once a customer has elected against information sharing for marketing purposes, that election must be honored for five years.

 

Q: I share information with my affiliates that require an opt-out. Can I still take advantage of the new FAST Act provisions and forego my annual notice mailing?

A: FCRA does not require an annual notice. The current model forms used to provide notice to consumers combine the GLBA and FCRA notices. If a bank used the model forms to provide the most recent annual notice, it has met the requirements under FCRA.

Since the FCRA notice on affiliate sharing is not subject to an annual requirement, the question is whether the most recent privacy notice section on affiliate sharing would be sufficient. It appears that it would, since it meets all current expectations.

 

Q: If I do not currently share with my affiliates and decide to do so in the future, must I send my annual privacy notice to my customers?
A: You can revise your privacy notice and send a new annual notice, or you can ensure that your customers are provided with a separate FCRA notice that informs them of your affiliate sharing practices and allows them the opportunity to opt out. Either way, you have to provide something.

Since the notice requirements of the two statutes are now separate, policies and procedures should be reviewed to be certain that the standards for meeting the notice and opt-out for affiliates are still in compliance. This would include a mechanism to ensure notice and an opportunity to opt out is provided to customers if and when information sharing with affiliates should change.

The sharing “exceptions” let financial institutions share information without notifying customers, or, in some cases, without providing customers an opportunity to opt-out from that information sharing. The current exceptions that permit a financial institution to share information without notice or without notice and opt-out right can be found at 12 CFR 1016.13, 1016.14 and 1016.15.

Section 1016.13 lets a financial institution share non-public personal information with a nonaffiliated third party, but it does require the customer be provided notice that information will be shared. However, the customer does not have the right to opt-out from the information sharing. This exception applies to information shared so that the third-party can perform services for the financial institution. This exception also applies to joint marketing agreements to market financial products and services, such as credit cards, annuities and insurance.

Sections 1016.14 and 1016.15 also create exceptions from the general prohibition against information sharing. Under these exceptions, non-public personal information can be shared without notice, and the consumer does not have the right to opt-out. These exceptions permit nonpublic personal information to be shared: to process transactions requested by the consumer; to effect, administer or enforce a transaction; with the consent of the consumer; to protect the confidentiality of records, to protect against fraud, to resolve customer disputes, or to persons holding a beneficial interest relating to the consumer or to persons acting on behalf of the consumer; to provide information to insurance rate advisory organizations, rating agencies, persons assessing the financial institution’s compliance with industry standards or the financial institution’s attorneys, accountants and auditors; to the extent specifically permitted by law; to a consumer reporting agency (credit bureau); in connection with a proposed or actual sale or merger of the financial institution; to comply with federal, state or local laws, properly authorized subpoenas or other official agencies with authority over the institution, such as regulatory examiners.

Answers are provided by Leslie Callaway, CRCM, director of compliance outreach and development, and Robert Rowe, VP and associate chief counsel, ABA Center for Regulatory Compliance. This information does not provide, nor is it intended to substitute for, professional legal advice.

Tags: Privacy notice
ShareTweetPin

Author

Monica C. Meinert

Monica C. Meinert

Monica C. Meinert is a senior editor at the ABA Banking Journal and VP for executive communications at the American Bankers Association.

Related Posts

Fifth Circuit grants ABA mandamus, vacates transfer order for second time

ABA, CBA support maintaining confidentiality of CFPB nonbank risk determinations

Compliance and Risk
June 12, 2025

The American Bankers Association, joined by the Consumer Bankers Association, expressed support for the Consumer Financial Protection Bureau’s proposal to maintain the confidentiality of decisions to exercise the agency’s supervisory authority over a nonbank entity that may pose...

ABA experts see reasons for optimism amid economic, regulatory uncertainty

ABA experts see reasons for optimism amid economic, regulatory uncertainty

Compliance and Risk
June 11, 2025

The Trump administration has rolled back a broad range of banking guidance and regulatory proposals made in the last few years, and while bankers are used to regulatory whiplash when administrations change, it is possible some of changes...

ABA’s Nichols: Banking sector seeing positive policy developments

ABA’s Nichols: Banking sector seeing positive policy developments

Compliance and Risk
June 11, 2025

The banking sector has seen many constructive, positive policy developments at the federal level so far this year, and top officials have expressed their willingness to work with and engage with bankers on those issues, ABA President and...

Report: Synthetic identity fraud on rise

ABA Fraudcast: Federal data points to need for united response to fraud

Compliance and Risk
June 11, 2025

Telecoms and Meta are avoiding addressing serious challenges. And it's time to set up a family password.

Fighting the Rise in Ransomware Attacks: The Value of Breaking Through Silos

Key questions and decisions bankers face in response to ransomware attacks

Cybersecurity
June 10, 2025

ABA has recently convened panel discussions and a simulation to highlight important challenges bankers will likely encounter.

OCC issues statement for banks on recent data breach

Trade groups: Financial agencies’ handling of data needs ‘significant reform’

Compliance and Risk
June 9, 2025

Financial institutions are legally required to share sensitive, proprietary and nonpublic information with their regulators as part of the supervisory process. This information can range from capital and liquidity management to cybersecurity protocols. Centralizing large amounts of data,...

NEWSBYTES

ABA, associations urge CFPB to rescind changes to adjudication process

June 13, 2025

ABA DataBank: May inflation cooler than expected, but still above Fed’s 2% target

June 13, 2025

Consumer sentiment rebounds in June

June 13, 2025

SPONSORED CONTENT

AI Compliance and Regulation: What Financial Institutions Need to Know

Unlocking Deposit Growth: How Financial Institutions Can Activate Data for Precision Cross-Sell

June 1, 2025
Choosing the Right Account Opening Platform: 10 Key Considerations for Long-Term Success

Choosing the Right Account Opening Platform: 10 Key Considerations for Long-Term Success

April 25, 2025
Outsourcing: Getting to Go/No-Go

Outsourcing: Getting to Go/No-Go

April 5, 2025
Six Payments Trends Driving the Future of Transactions

Six Payments Trends Driving the Future of Transactions

March 15, 2025

PODCASTS

Podcast: Old National’s Jim Ryan on the things that really matter

June 12, 2025

Podcast: What bankers need to know about ‘First Amendment audits’

June 5, 2025

Podcast: Accelerating banking for quick-service restaurants

May 8, 2025
ADVERTISEMENT

American Bankers Association
1333 New Hampshire Ave NW
Washington, DC 20036
1-800-BANKERS (800-226-5377)
www.aba.com
About ABA
Privacy Policy
Contact ABA

ABA Banking Journal
About ABA Banking Journal
Media Kit
Advertising
Subscribe

© 2025 American Bankers Association. All rights reserved.

No Result
View All Result
  • Topics
    • Ag Banking
    • Commercial Lending
    • Community Banking
    • Compliance and Risk
    • Cybersecurity
    • Economy
    • Human Resources
    • Insurance
    • Legal
    • Mortgage
    • Mutual Funds
    • Payments
    • Policy
    • Retail and Marketing
    • Tax and Accounting
    • Technology
    • Wealth Management
  • Newsbytes
  • Podcasts
  • Magazine
    • Subscribe
    • Advertise
    • Magazine Archive
    • Newsletter Archive
    • Podcast Archive
    • Sponsored Content Archive

© 2025 American Bankers Association. All rights reserved.