RIGHT TO FINANCIAL PRIVACY ACT
The RIGHT TO FINANCIAL PRIVACY ACT was enacted as Title XI of the FINANCIAL INSTITUTIONS REGULATORY AND INTEREST RATE CONTROL ACT OF 1978.
The act attempts to protect the financial privacy of individual customers of financial institutions from unwarranted intrusion by the federal government. It regulates federal government access to, and transfer of, records or information derived from personal “financial records” held by a financial institution. The term customer means any person or his or her authorized representative and is limited to individuals or partnerships of five or less. Financial records include both physical documents and any information derived from them.
FORMAL REQUEST FOR INFORMATION FROM GOVERNMENTAL AUTHORITIES - CUSTOMER CONSENT
A federal government authority may obtain customer information from a bank with consent of the customer. It is not sufficient, however, for a customer to call the bank and say, “The IRS wants to look at my records; let them have what they want.” It is also not sufficient if the customer gives the bank a signed statement saying,”Give the IRS access to my records.” The Right to Financial Privacy Act clearly sets out the following requirements that the customer authorization provided by the governmental agency must contain:
- A specific time period that the authorization is effective, not to exceed three months.
- A statement that the customer may revoke the authorization at any time before the records are disclosed.
- An identification of the specific records authorized to be disclosed.
- The specific purpose for which and the governmental authority to which the records may be disclosed.
- A statement that the customer understands his rights under the Right to Financial Privacy Act.
Right to Financial Privacy Act sets out the procedures the government must follow in obtaining customer records from a bank in a civil matter.
- Generally, the government agency must obtain a judicial subpoena (or if it has the authority, issue an administrative subpoena) and serve it on the bank’s customer a specific number of days prior to obtaining the information from the bank. The subpoena must be accompanied by a notice to the customer that he or she has the right to contest the subpoena and how to do so.
- When the time set out in the notice has run and the customer has not filed a motion to quash the subpoena, the government authority must give the bank a written certification that it has complied with the provisions of the Right to Financial Privacy Act. The bank is authorized to rely on the government certification and produce the records.
- If the customer does file a motion to quash the subpoena, the government must wait and abide by the court’s order.
- If a government authority obtains a search warrant pursuant to the Federal of Criminal Procedure, it may obtain a customer’s records from the bank upon presentation of the search warrant to the bank.
- The government authority obtaining the warrant must give the bank a certificate that it has complied with the provisions of Right to Financial Privacy Act.
FORMAL WRITTEN REQUEST
- If no subpoena authority is available to the government and certain other requirements are met, the government may serve on or mail to a bank customer notice that after a specified time period, the government agency will obtain the customer’s financial records from the bank. The notice must be accompanied with a description of the steps the customer may take to protest the disclosure.
- If a protest has been filed, the government must wait and abide by the court’s order.
NOTIFICATION AND DISCLOSURE TO CUSTOMER
In most cases there is no prohibition on the bank notifying the customer. However, in the following instances there is a prohibition.
- If a court orders that the bank not notify the customer.
- If the information was given to the FBI for counter-intelligence purposes.
- If the information was given pursuant to a grand jury subpoena in connection with an investigation relating to a possible crime against any financial institution or supervisory agency or a conspiracy to commit such a crime.
Under No. 1 and No. 2 above, generally the bank shall not “notify” or “disclose” to the customer the existence of the subpoena.
Under No. 3 above which was added by the Right to Financial Privacy Act on 1989 provides: “No officer, director, partner, employee or shareholder of, or agent or attorney for a financial institution shall directly or indirectly notify any person named in a grand jury subpoena...” Under the new law any bank served with a grand jury subpoena should immediately notify its counsel so that counsel can contact the attorney conducting the grand-jury investigation to determine the nature of the investigation and advise the bank how to proceed.
EXEMPTIONS FROM RIGHT TO FINANCIAL PRIVACY ACT
Right to Financial Privacy Act does not hinder or impede the following:
- A financial institution providing the government-prescribed information of a customer believed engaged in criminal activity.
- Disclosing information incident to perfecting security interest or enforcing a debt.
- Disclosing information in processing a government or government-guaranteed loan, or administering or servicing such a loan.
Right to Financial Privacy Act does not apply to the following:
- Financial records not identified with a particular customer.
- Examination by supervisory agencies.
- Information required to be reported by federal law.
- Information sought under the federal rules of civil procedure in connection with litigation to which the government and the customer are parties.
- Providing only a customer’s name, address, account number, and type of account in certain situations.
- In proceedings involved in the investigation of government loans or government-loan guaranties.
- Grand-jury subpoenas (except as it relates to nondisclosure to customer)
- Under certain circumstances, the General Accounting Office, the FBI, the Social Security Administration, and the Railroad Retirement Board maybe exempt.
INFORMAL REQUEST FOR INFORMATION
The bank should never respond to an informal request for access to the information contained in the financial records of any customer. The Right to Financial Privacy Act covers requests from most federal government agencies.
When the bank receives a subpoena, etc., it is obligated to proceed to assemble the records requested and be prepared to deliver the records upon receipt from the government of a certificate that it has complied with the Right to Financial Privacy Act.
Generally, the government is obligated to reimburse the bank for its costs in assembling, processing, and transporting the information requested.
SUBPOENAS IN NON-GOVERNMENTAL MATTERS
The bank is frequently subpoenaed to produce customer records incident to private litigation, which may be a lawsuit against the bank, a lawsuit involving a bank customer, or a lawsuit unrelated to the bank or a customer. The discovery sought may involve only the production for documents, but can also include the sworn testimony of a bank officer or employee. Most states have laws that prohibit a bank making a public disclosure of customer records (such as regulatory examination results) of the bank not necessarily related to a particular customer.
Because of the potential liability inherent in responding inappropriately, whenever the bank or bank officer is served with a subpoena in a private lawsuit, it should immediately contact legal counsel. Counsel may file a motion for a protective order, request an in-camera inspection of the documents by the court, or take other steps to shield the bank from liability.
BANK’S POLICY REQUIREMENTS FOR HANDLING EITHER INFORMAL OR FORMAL SUBPOENA REQUEST.
- No information about a bank customer is to be disclosed other than through an appropriate formal subpoena process.
- The VICE PRESENDENT & BANK CASHIER is designated to receive all subpoenas served on the bank. The receptionist and other bank employees are instructed to direct the sheriff, marshal, IRS agent, or other process server to that person.
- If an employee other than the designated officer is served with a subpoena, the served employee is to immediately deliver it to the designated officer without divulging its contents to others.
- The bank’s designated officer should obtain the advice of counsel regarding the procedures it should follow when a subpoena is served on the bank and is in the hands of the designated employee.
ALL EMPLOYEES SHOULD BE AWARE THAT FAILURE TO FOLLOW THIS POLICY COULD BRING PERSONAL LIABILITY TO THEMSELVES AS WELL AS THE BANK.
The bank must retain a copy of all information furnished to an outside entity.
FAIR CREDIT REPORTING ACT
In addition to the Right to Financial Privacy Act the Fair Credit Reporting Act also deals with the handling of customer information. In addition to lending officers complying with all aspects of the Fair Credit Reporting Act, all employees are to comply the following, as it relates with providing information on a bank customer’s accounts.
The Fair Credit Reporting Act concerns the duties and responsibilities of “users of credit reports,” meaning banks and other entities that utilize reports of information that are furnished by third parties.
CONSUMER REPORTING AGENCY
A consumer-reporting agency is anyone who regularly assembles or evaluates information on consumers for the purposes of supplying reports of consumer credit information to third parties. For purposes of Fair Credit Reporting Act, consumer means a living, breathing person. Reports of information about non-consumers such as corporations, partnerships, trusts, and other commercial entities are not covered by the Act nor are reports about individuals when obtained in conjunction with a non-consumer transaction.
Being classified as a consumer reporting agency is something the bank wants to avoid, as there is a host of responsibilities that go along with that designation.
To avoid being classified as a consumer-reporting agency, do not report any information on a consumer except our own bank’s credit experience with him or her. This will maintain the bank’s status of a “user” of reports, not a consumer reporting agency under the statute. A consumer report is information about individual’s relationship with third parties. Information you provide about a customer’s relationships with our bank is not a consumer report, and if you provide only that information our bank is not a consumer-reporting agency.
As an example, suppose an employee of First Bank telephones an employee of Second Bank to inquire about the credit history of a loan applicant. The person at Second Bank looks up that bank’s file on the applicant and gives the requested information on the bank’s experience with the customer. If that is all that happens, Second Bank is not a consumer-reporting agency. But, if Second Bank’s employee continues and says something on the order of, “Watch this guy, he shows an I-9 from Third Credit Co. on a report we’ve got,” Second Bank has just become a consumer reporting agency. This is true even though the response was completely oral, rather than written. The law covers any kind of communication.
The Fair Credit Reporting Act defines a consumer report as “any written, oral, or other communication of any information by a consumer reporting agency bearing on a consumer’s creditworthiness, credit standing, credit capacity, character, general reputation, personal characteristics, or mode of living.”
The Fair Credit Reporting Act places limitations on the information that may appear on a consumer report.
Bankruptcies may only appear on the report for a period of ten (10) years.
- All other information may only appear on the report for a period of seven (7) years.
OBTAINING CREDIT REPORTS
The Fair Credit Reporting Act requires consumer-reporting agencies to have a permissible purpose before supplying consumer reports to users (such as the bank) and places liability on those who supply consumer reports without a permissible purpose. The credit bureaus include a provision in their agreement with the bank saying the bank must have prior permission or a permissible purpose before obtaining a report.
It is unlawful to obtain or reveal our customer’s credit information without a permissible purpose. Anyone who does subjects themselves and the bank to penalties, punitive damages, court cost, attorney fees and possible criminal charges.
Credit information must be reported truthfully and accurately.
- A credit application or review of an existing credit.
- An application, initiated by the consumer, to open a deposit account or grant a feature of a deposit account.
- An insurance application or review.
- A decision whether to enter into a business transaction with a consumer.
The bank may not obtain a credit report in connection with an employment decision unless it has prior written permission from the consumer.
PROVIDING COPIES OF A CREDIT REPORT TO A CONSUMER
The Fair Credit Reporting Act itself does not prohibit showing or providing a copy of a consumer report to a customer, however the bank’s contracts with our reporting agencies do prohibit our providing a copy of the report to our customers. It is always permissible to provide the names, addresses and telephone numbers of the credit reporting agencies to anyone.
CREDIT RATINGS PROVIDED BY THE BANK
- All consumer loans are reported by automatic data monthly to Experian, a credit-reporting agency.
- All other credit rating inquires should be directed to obtain our rating from the Experian Credit Reporting Agency.
- Oral or faxed credit information may be shared with local lending institutions provided that institution has faxed or mailed a signed application or request for credit from the institution, or the customer has provided the bank with a written request authorizing the bank to provide a credit rating to a particular institution. A copy of the authorization should be placed in file.
It is strict bank policy that its employees should never discuss a client’s financial business or finances. Not only is it bad business, it could subject both the employee and the bank to fines and civil liability.
Employees shall avoid making false, misleading or ambiguous statements, deliberately or willfully, whether oral or written, in connection with any customer or their banking relationship.
The Fair Credit Reporting Act requires that all entities report credit information that is accurate and complete. It is an obligation to investigate alleged errors. The following steps should be followed after the customer disputes reported information:
- The reporting agency must report the dispute to the entity that furnishedthe information to it within five days.
- That entity has 30 days to investigate the situation and report back to the credit bureau with its results.
- If the information was wrong, the credit bureau must change the report and report back to the customer within 5 days of the completion of its investigation.
THE PROTECTION OF CUSTOMER PRIVACY IS REQUIRED BY
SEVERAL LAWS AND REGULATIONS, AS LISTED BELOW:
- The Gramm-Leach-Bliley Act (GLBA) - Signed into law on November 12, 1999 - Effective November 12, 2000 and compliance mandatory as of July 1, 2001. (Implementing Reg. - Privacy of Consumer Financial Information).
- Fair Credit Reporting Act - The Consumer Credit Reporting Reform Act (reform Act), signed into law September 30, 1996.
- Electronic Funds Transfer Act (Regulation E)
- Right to Financial Privacy Act
- Children’s Online Privacy Protection Act
- Federal Trade Commission Regulations
- State Laws
The most recent is the Gramm-Leach Bliley Act (GLBA), in which the bank must comply with by July 1, 2001.
The Act requires that the bank provide an initial privacy notice, and a privacy notice annually thereafter, to each customer that establishes a continuing relationship with the bank.
The Privacy Notice must contain information on the following:
- Categories of information the bank collects.
- Categories of information that the bank discloses.
- Categories of parties to whom the bank may disclose information to.
- Information about former customers.
- Information disclosed to service providers and joint marketers.
- The Right to OPT OUT.
- Disclosures required under the Fair Credit Reporting Act.
- Disclosures regarding confidentiality and security of information.
THE FOLLOWING PEOPLE / DEPARTMENTS ARE AUTHORIZED TO PROVIDE CREDIT INFORMATION TO OUTSIDE PARTIES.
VICE PRESIDENT & BANK CASHIER
FORMAL AND INFORMAL SUBPOENAS OR REQUEST FROM:
- JUDICIAL SUBPOENAS
- OTHER FORMAL OR INFORMAL WRITTEN REQUEST.
NOTE DEPARTMENT OR LENDING OFFICERS
- CHECKING ACCOUNTS
- SAVINGS ACCOUNTS
EACH PERSON OR DEPARTMENT PROVIDING CUSTOMER INFORMATION IS RESPONSIBLE FOR PLACING A COPY OF THE PROVIDED INFORMATION IN THE APPROPRIATE BANK FILE.
SOURCES: OCC - PPM - 1000-1 RIGHT TO FINANCIAL PRIVACY
LOUISIANA BANKING LAWS
KIRSHMAN REGULATORY COMPLIANCE SERVICE
OCC - 12CFR-CH I - Part 40 -Privacy of Consumer Financial Information