WASHINGTON - Banking industry officials on Monday praised the federal government's first step toward adopting consumer privacy protection rules, despite last-minute changes that broadened notice requirements for co-signed loans and the definition of confidential data.
That law required banks and other financial institutions to annually disclose their privacy policies and give customers the right to block, or "opt out" of, information sharing with third parties.
The rule previews final regulations to be issued by other agencies this week. Eight agencies in all are jointly developing rules; the Federal Reserve Board and the Federal Deposit Insurance Corp. are scheduled to vote on their regulations Wednesday.
As expected, regulators decided to push back the implementation date to July 1, 2001. It was postponed from Nov. 13, the target date set by the financial reform law, to give financial companies additional time to ready mandatory disclosures and make the necessary changes to computer systems. Though the rule will technically be put in place this fall, compliance before next summer is voluntary.
Banking industry officials praised postponement of the implementation date as well as the inclusion of seven model clauses to help craft their disclosures.
"That's good for the consumer and good for the industry," said Steve Bartlett, president of the Financial Services Roundtable. "Overall, these regulations are a victory for common sense."
However, two last-minute changes raised industry concerns.
Though privacy policy and opt-out notices would have to be provided only to one owner of a joint account, the NCUA adopted an amendment that would require all co-signers of a loan to receive such notices. Whether the other agencies will follow suit remains unclear, observers said.
The all-signers requirement for loans would "obviously make compliance more difficult, by having different rules for different products," said Karen M. Thomas, director of regulatory affairs for the Independent Community Bankers of America.
"Nobody keeps automated records of co-signers," said Gilbert T. Schwartz, a partner with the law firm here of Schwartz & Ballen who represents the Financial Services Coordinating Council on privacy issues. "Everything is going to have to be done manually with co-signers. & Operationally, this is not going to be easy to implement."
Industry officials disagreed about the impact of another closely scrutinized matter, the definition of "nonpublic information."
Regulators considered two alternatives. One would have prevented firms from freely sharing publicly available customer information unless it was obtained from a public source, such as a telephone directory. The other, which was preferred by banks, would have permitted the sharing of information from customer records if it was available from a lawful public source.
NCUA split the difference by saying firms would not have to offer customers a chance to block the disclosure of the information such as names, addresses, and phone numbers if they "reasonably believe" the information is publicly available. To do that, officials would have to either know the information is publicly available, look it up, or ask the customer.
Regulators added the wrinkle primarily because of the concern that many customers have unlisted phone numbers, said Mr. Schwartz, who predicted the banking agencies will follow suit later this week.
"That decision was bad," Mr. Schwartz said. "That's not a devastating provision," he said, "but it still means that a customer list is going to be regarded as nonpublic personal information. In order to give a customer list out, you are going to have to give people notice and opportunity to opt out."
Yet Mr. Bartlett said that "a 'reasonably believe' test seems to be workable," but a final determination may require time. "If it means the institution has to look up every phone number, then it's not workable."
The 128-page rule was not released until late Monday, because of 11th-hour adjustments.
Banking industry officials emphasized that on balance the details of the rule lean toward industry demands.
NCUA staff members said that financial holding companies will be able to combine privacy and opt-out notices from different subsidiaries into one document. Institutions will have to provide customers with a privacy and opt-out notice at the time they become customers or members, but not before, as some had feared. Customers will then have 30 days to opt out.
Besides using written statements, consumers may call a toll-free number or use the Internet to block their personal, nonpublic information from being shared.
Also, under the new rule financial institutions would not be responsible for policing how third-party service providers handle private information. But they would have to enter into contracts prohibiting the providers from releasing confidential information.
Editor's Note: Each link opens a new browser window. We have no control over the content or availability of sites not part of American Banker Online.
