ABA Banking Journal
No Result
View All Result
  • Topics
    • Ag Banking
    • Commercial Lending
    • Community Banking
    • Compliance and Risk
    • Cybersecurity
    • Economy
    • Human Resources
    • Insurance
    • Legal
    • Mortgage
    • Mutual Funds
    • Payments
    • Policy
    • Retail and Marketing
    • Tax and Accounting
    • Technology
    • Wealth Management
  • Newsbytes
  • Podcasts
  • Magazine
    • Subscribe
    • Advertise
    • Magazine Archive
    • Newsletter Archive
    • Podcast Archive
    • Sponsored Content Archive
SUBSCRIBE
ABA Banking Journal
  • Topics
    • Ag Banking
    • Commercial Lending
    • Community Banking
    • Compliance and Risk
    • Cybersecurity
    • Economy
    • Human Resources
    • Insurance
    • Legal
    • Mortgage
    • Mutual Funds
    • Payments
    • Policy
    • Retail and Marketing
    • Tax and Accounting
    • Technology
    • Wealth Management
  • Newsbytes
  • Podcasts
  • Magazine
    • Subscribe
    • Advertise
    • Magazine Archive
    • Newsletter Archive
    • Podcast Archive
    • Sponsored Content Archive
No Result
View All Result
No Result
View All Result
Home Compliance and Risk

ABA Compliance Center Inbox, March/April 2016

March 7, 2016
Reading Time: 5 mins read

Q:

I understand that a new law has impacted my bank’s annual notice requirements under the privacy law. Where can I find that information?

A: On Dec. 4, President Obama signed the Fixing America’s Surface Transportation Act. Included in the legislation—now Public Law No: 114-94—is Title 75, which creates a new exception to the annual privacy notice requirement under the Gramm-Leach-Bliley Act of 1999 (GLBA).

 

Q: To what part of the GLBA does the FAST Act apply?
A: It applies to the requirement to send annual privacy notices to your customers. It does not affect the initial notice requirements under the GLBA or the regulation.

 

Q: When can I stop sending my annual privacy notices?
A: The FAST Act was signed on Dec. 4, 2015. This provision was effective immediately upon signing.

 

 

Q: Under what circumstances can I forego sending my annual privacy notice?
A: In order to take advantage of the change, your bank must meet two conditions. First, your financial institution must not have changed its policies and practices with respect to the disclosure of nonpublic personal information since its most recent privacy notice to customers. Second, your financial institution must only share information under one of the existing statutory or regulatory exceptions listed in §§1016.12-15 of Regulation P.

 

Q: Are there any customer notification requirements, such as the one mandated by the Consumer Financial Protection Bureau’s alternative delivery system?

A: No.

 

 

Q: What is the difference between the CFPB’s 2014 regulatory changes regarding the alternative delivery system and the FAST Act provisions?

A: Last year, the CFPB issued an amendment to the regulations that allowed a financial institution to post its privacy disclosure notice on its website once a series of conditions had been met. The regulatory change did not eliminate the requirement to provide an annual notice. Instead, the Bureau’s rule was an alternative way to deliver that notice.

The FAST Act, which is a simpler approach that ABA has long supported, eliminates the requirement to send annual privacy notices as long as two simple conditions are met. Under the FAST Act, if you haven’t changed your information sharing and you only share under one of the existing exceptions (see page 50), no notice at all must be delivered. Essentially, the FAST Act has made the Bureau’s alternative delivery mechanism no longer necessary.

 

Q: Regulation P still states that the annual notice is required. Will I be cited by my regulator if I stop sending my annual notices?

A: Current regulations have not yet been amended and no guidance has been issued by the regulatory agencies. If a financial institution satisfies the two conditions in the FAST Act, it can elect not to send the annual notice. Technically, this does not comply with current regulations, but it is difficult to imagine an examiner citing the bank for a regulatory violation when the regulation is inconsistent with the law.

 

Q: The privacy notice contains information about my sharing practices with my affiliates. Did that change as well?

A: While the law changes the annual notice requirement under GLBA, the FAST Act did not change the provisions that apply to information sharing with affiliates. Those disclosures are subject to the provisions of a different statute, the Fair Credit Reporting Act (FCRA).

 

Q: Which sections of the FCRA will impact my bank’s notice requirements?

 

A: There are two sections of the FCRA that impact information sharing with affiliates that are currently disclosed as part of the GLBA privacy notice. FCRA section 603 allows a financial institution to share a customer’s transaction and experience information with an affiliate in any instance and the customer does not have the right to opt out from that information sharing. Section 603 also allows an affiliate to share other customer information, including information about credit-worthiness, with another affiliate but only if the consumer is given notice and an opportunity to opt out.

FCRA Section 624 allows an affiliate to use the information it has obtained from another affiliate within the corporate family for marketing purposes only if the customer has been provided with a clear, conspicuous and concise notice and an opportunity to opt out from the sharing. Once a customer has elected against information sharing for marketing purposes, that election must be honored for five years.

 

Q: I share information with my affiliates that require an opt-out. Can I still take advantage of the new FAST Act provisions and forego my annual notice mailing?

A: FCRA does not require an annual notice. The current model forms used to provide notice to consumers combine the GLBA and FCRA notices. If a bank used the model forms to provide the most recent annual notice, it has met the requirements under FCRA.

Since the FCRA notice on affiliate sharing is not subject to an annual requirement, the question is whether the most recent privacy notice section on affiliate sharing would be sufficient. It appears that it would, since it meets all current expectations.

 

Q: If I do not currently share with my affiliates and decide to do so in the future, must I send my annual privacy notice to my customers?
A: You can revise your privacy notice and send a new annual notice, or you can ensure that your customers are provided with a separate FCRA notice that informs them of your affiliate sharing practices and allows them the opportunity to opt out. Either way, you have to provide something.

Since the notice requirements of the two statutes are now separate, policies and procedures should be reviewed to be certain that the standards for meeting the notice and opt-out for affiliates are still in compliance. This would include a mechanism to ensure notice and an opportunity to opt out is provided to customers if and when information sharing with affiliates should change.

The sharing “exceptions” let financial institutions share information without notifying customers, or, in some cases, without providing customers an opportunity to opt-out from that information sharing. The current exceptions that permit a financial institution to share information without notice or without notice and opt-out right can be found at 12 CFR 1016.13, 1016.14 and 1016.15.

Section 1016.13 lets a financial institution share non-public personal information with a nonaffiliated third party, but it does require the customer be provided notice that information will be shared. However, the customer does not have the right to opt-out from the information sharing. This exception applies to information shared so that the third-party can perform services for the financial institution. This exception also applies to joint marketing agreements to market financial products and services, such as credit cards, annuities and insurance.

Sections 1016.14 and 1016.15 also create exceptions from the general prohibition against information sharing. Under these exceptions, non-public personal information can be shared without notice, and the consumer does not have the right to opt-out. These exceptions permit nonpublic personal information to be shared: to process transactions requested by the consumer; to effect, administer or enforce a transaction; with the consent of the consumer; to protect the confidentiality of records, to protect against fraud, to resolve customer disputes, or to persons holding a beneficial interest relating to the consumer or to persons acting on behalf of the consumer; to provide information to insurance rate advisory organizations, rating agencies, persons assessing the financial institution’s compliance with industry standards or the financial institution’s attorneys, accountants and auditors; to the extent specifically permitted by law; to a consumer reporting agency (credit bureau); in connection with a proposed or actual sale or merger of the financial institution; to comply with federal, state or local laws, properly authorized subpoenas or other official agencies with authority over the institution, such as regulatory examiners.

Answers are provided by Leslie Callaway, CRCM, director of compliance outreach and development, and Robert Rowe, VP and associate chief counsel, ABA Center for Regulatory Compliance. This information does not provide, nor is it intended to substitute for, professional legal advice.

Tags: Privacy notice
ShareTweetPin

Author

Monica C. Meinert

Monica C. Meinert

Monica C. Meinert is a senior editor at the ABA Banking Journal and VP for executive communications at the American Bankers Association.

Related Posts

FDIC withdraws proposed rules on brokered deposits, corporate governance, executive pay

Small Business Bank in Kansas closed by regulators

Community Banking
July 17, 2026

Kansas regulators closed Small Business Bank in Lenexa, Kansas, and appointed the FDIC as receiver. The Farmers State Bank of Oakley, Kansas, agreed to assume substantially all deposits and purchase certain assets.

FDIC issues relief guidance for Mississippi, Tennessee banks affected by storms

FDIC issues relief guidance for banks serving tribes in Arizona, Montana affected by severe weather

Compliance and Risk
July 17, 2026

The FDIC has released guidance with steps intended to provide regulatory relief to financial institutions and facilitate recovery in areas of the San Carlos Apache Indian Reservation in Arizona, and the Fort Peck Indian Reservation and the Crow...

ABA, 52 state bankers associations urge Congress to close stablecoin interest loophole

ABA, associations seek agency alignment on Genius Act implementation

Compliance and Risk
July 17, 2026

The National Credit Union Administration should coordinate with the banking agencies to ensure that Genius Act implementation is substantially similar among all federal payment stablecoin regulators, the American Bankers Association and three other banking sector associations said.

ABA: OCC should revise proposed changes to bank merger application process

ABA: OCC policy changes create uncertainty about minority deposit institution status

Community Banking
July 17, 2026

In a new letter, ABA cited several concerns about the OCC’s recent revisions to its standards for designating minority deposit institutions, saying the changes create uncertainty for institutions seeking to qualify or maintain MDI designation.

ABA, associations propose improvements to federal data privacy law

Banking agencies promise new approach for handling sensitive information

Compliance and Risk
July 16, 2026

The Federal Reserve, FDIC and OCC announced a “coordinated approach” for handling sensitive information used in bank examinations, including a new pledge to notify banks about data breaches that threaten to expose that information.

AI’s rapid rise compels smart risk management for banks

Risk and compliance as strategic growth partners

Compliance and Risk
July 16, 2026

Risk leaders must build relationships, credibility and trust at the bank so their input is valued.

NEWSBYTES

Small Business Bank in Kansas closed by regulators

July 17, 2026

Texas Bankers Foundation reopens flood relief fund following severe storms

July 17, 2026

FDIC issues relief guidance for banks serving tribes in Arizona, Montana affected by severe weather

July 17, 2026

SPONSORED CONTENT

Why Your Systems Keep Slowing Down — and What to Do About It

Examiners Are Now Looking at Your Non-Core Systems

June 11, 2026
Your Floorplan Audit and Your Credit Decision Are Weeks Apart. That Gap Has a Price.

Your Floorplan Audit and Your Credit Decision Are Weeks Apart. That Gap Has a Price.

June 1, 2026
A Modern Blueprint for Serving High-Net-Worth Families

A Modern Blueprint for Serving High-Net-Worth Families

May 28, 2026
Why Your Systems Keep Slowing Down — and What to Do About It

AI Is in Your Bank. Is Your Cloud Contract Governing It?

May 20, 2026

PODCASTS

Podcast: Understanding the 2025 Home Mortgage Disclosure Act data

July 8, 2026

Podcast: Financing America’s independence

June 29, 2026

Podcast: Talent and innovation in community banking

June 18, 2026

American Bankers Association
1333 New Hampshire Ave NW
Washington, DC 20036
1-800-BANKERS (800-226-5377)
www.aba.com
About ABA
Privacy Policy
Contact ABA

ABA Banking Journal
About ABA Banking Journal
Media Kit
Advertising
Subscribe

© 2026 American Bankers Association. All rights reserved.

No Result
View All Result
  • Topics
    • Ag Banking
    • Commercial Lending
    • Community Banking
    • Compliance and Risk
    • Cybersecurity
    • Economy
    • Human Resources
    • Insurance
    • Legal
    • Mortgage
    • Mutual Funds
    • Payments
    • Policy
    • Retail and Marketing
    • Tax and Accounting
    • Technology
    • Wealth Management
  • Newsbytes
  • Podcasts
  • Magazine
    • Subscribe
    • Advertise
    • Magazine Archive
    • Newsletter Archive
    • Podcast Archive
    • Sponsored Content Archive

© 2026 American Bankers Association. All rights reserved.