On May 10, 2000, the federal financial institution regulatory agencies issued final regulations implementing the consumer privacy provisions of the Gramm-Leach-Bliley Act. The regulations became effective on Nov. 13, 2000, but compliance is not mandatory until July 1, 2001.
The regulations issued by each agency are identical in all substantive respects. The Fed will implement these rules through its new Regulation P, "Privacy of Consumer Financial Information."
Regulation P imposes notice requirements and restrictions on a financial institution's ability to disclose "nonpublic personal information" about its customers to non-affiliated third parties. Generally, this would include any customer information a bank obtains while providing a financial product or service, such as account balances or payment histories. Even simple lists, such as the names and addresses of customers, are subject to disclosure restrictions if these lists are derived from loan or deposit accounts. The regulation also prohibits financial institutions from disclosing account numbers or access codes for a customer's credit card, deposit or transaction account to any non-affiliated third party for external marketing purposes.
There are three principal mandates under the regulations. Financial institutions must provide:
Even those financial institutions that do not intend to share nonpublic personal information with their affiliates or unaffiliated third parties must provide initial and annual notices to their customers.
Over the past two months, the St. Louis Fed's Consumer Affairs Supervision staff has hosted outreach seminars covering privacy issues, with a special focus on the provisions of Regulation P, for District bankers. The final seminar will be held Thursday, Jan. 11, at the Radisson Hotel in Louisville. Those interested in attending the seminar or learning more about Regulation P should contact examiner Kevin Henry at (314) 444-8823.
During the first quarter of 2001, the Bank will also partner with the Federal Reserve Banks of Minneapolis, Kansas City and Dallas, and the regional offices of the Federal Deposit Insurance Corporation (FDIC), the Office of Thrift Supervision (OTS) and the Office of the Comptroller of the Currency (OCC), to present seminars on the privacy regulations. These seminars will cover both Regulation P and the Fair Credit Reporting Act. For more information regarding the prospective dates and locations of these seminars, contact senior examiner Allen North at (314) 444-8826.