At Wisconsin's Grafton State Bank, chief executive Tom Sheehan has taken an unusual step to demonstrate that he honors his customers' privacy.
In addition to placing a privacy policy in large letters on its Web site, the bank often displays large bags of shredded customer documents near one of its entrances.
"We're very careful how these records are destroyed," wrote Mr. Sheehan in a recent bank newsletter. The article's headline read: "Privacy, We Know It's Important to You and It's Very Important to Us.''
What is your bank doing to safeguard your customers' privacy? And what are you doing to let them know about it?
This report describes how some community banks are establishing privacy policies as well as how they have publicized their efforts with the help of advertising, Web site messages, and other means.
Customer privacy gained headlines earlier this year when U.S. Bancorp was sued by the Minnesota attorney general for allegedly selling private information about its customers. Even Congress is getting in on the act. A provision dealing with customer privacy has been folded into financial modernization legislation that may be signed into law later this year.
"This has been an issue on our minds for a while," says Karen Thomas, director of regulatory affairs for the Independent Community Bankers of America. She says that although the practice of enacting standard privacy policies is "individualistic" at this time, more and more of the group's 5,400 members are formalizing rules.
Grant Thornton, a Chicago-based accounting and consulting firm, found that 57% of community banks had privacy policies in place. But that means that a significant minority do not.
"Community banks cannot long survive if they gain a reputation for abusing customer confidentiality," says Robert Barsness, chief executive officer of Prior Lake State Bank in Minnesota. "If my bank employees who have access to confidential customer information were to start spreading information around town about how much a customer had in his or her account, there would be a line of people waiting outside my bank the next day to close their accounts."
Some community bankers feel unjustly burdened by the recent legal and press scrutiny that has come as a result of the U.S. Bancorp issue.
In addition, they take issue with the language of privacy provisions in the financial modernization bill, also known as H.R.10. The bill requires banks to provide an opportunity for customers to opt out of disclosing personal information that can be handed over to a third party for marketing purposes. Most small banks conduct their business through third-party companies. But the bill does not, community bankers say, apply the same requirements to those institutions that share information with corporate affiliates. Since most small banks do not have affiliates, the language would suggest that they would be at a disadvantage to the bigger banks.
"It's distressing to see that large banks create the issue and that we should be punished for it," says Mr. Barsness, who is also the president of the ICBA.
He wonders what will happen in cases when customers "opt out" of services provided through third-party companies, such as accidental death insurance. That kind of insurance, he says, recently came in handy when an elderly couple died in an accident, and the money went to the couple's relatives. If they had opted out of the program, there would have been nothing to give the family.
But community banks are not waiting around for Congress to tell them how to proceed. At Citizen's Bank in Robertsdale, Ala., privacy is a big part of employee training and the bank has occasionally emphasized it in its advertising pamphlets, says Robert Gulledge, the bank's chief executive officer.
Others post their privacy policies on their Web sites. Oswego, Ill.-based Oswego Community Bank, for instance, has printed in bold letters parts of its Web privacy policy.
One reads as follows: "We will NOT sell personal identification information to a third party for the purpose of solicitation or provide personal information to a third party for its own use."
Oswego Community Bank's chief executive officer, Frank Wooley, says his $90 million-asset bank felt it needed to "make a statement." Its Web-based policy, especially given recent market research the bank undertook, showed privacy was one of the top four concerns for customers looking for a financial institution.
At Grafton State Bank, Mr. Sheehan says that his customer service staff can only access information on a "need-to-know" basis, and that the bank , which has about $110 million in assets, will refuse to give confidential information over the phone unless it can reach the caller at a number in its system.
But all community banks need not be as creative as Grafton State Bank. Two years ago, the banking industry issued a set of privacy principles, which are posted on the ICBA's (www.ibaa.org/privprinc.html) Web site, and which banks can adopt as their own.
Mr. Barsness has incorporated the industry guidelines into his own at Prior Lake State Bank. Privacy, he says, is regularly covered in weekly staff meetings. And because word of mouth is often as good as paid advertising, he has even taken a few customers away from nearby U.S. Bancorp as a result of the lawsuit filed by Minnesota's attorney general. "A number (of people) came to my small bank in Prior Lake seeking to open accounts, and asking whether we would fully protect the privacy of their account," he said during July testimony before Congress.
For executives with small banks, it is community reaction, rather than looming federal legislation, that is goading them to sharpen their privacy policies and practices.
Oswego Community Bank's Frank Wooley was born and raised in Oswego.
"I've grown up with my customers," he says. "I know what's on their mind, and if I don't they'll make sure I know."
Ms. Merrill is a writer in New York.
