eRegulation: Compliance, Post Modernization

The first Internet-based tutorial about the Gramm Leach Bliley Act was released last month. Software that walks banks through the steps of creating privacy policies under that "financial modernization" legislation is in development. Two banking law compliance companies have already formed alliances with their counterparts in insurance and securities law, anticipating that their clients will act on their newfound legal right to branch into other areas of financial services.

Compliance is a hot topic in the wake of the landmark legislation passed last year. However, compliance specialists are grappling with how to modify compliance software when the regulations that will stem from the Gramm Leach Bliley Act (GLBA) have yet to be finalized.

Some see the speed of the Internet age as adding to the pressures of the bringing products to market swiftly.

"There is enough new information that we decided, at the urging of customers, to launch an Internet course on the act on April 15," says Michele Zschau, founder and CEO of IBT Financial, Bend, OR. "It will be more of a broad overview, a Financial Modernization Act 101. It's certain that audiences are hungry for knowledge on pieces of it."

The two-year-old company, which lists among its customers individual banks as well as 31 banking associations, offers all of its compliance courses on the Internet. Although the company still plans to offer a separate, updated regulations course when the rules governing the act are finalized later this month, Zschau says the interactive and flexible nature of the Internet makes it easy to introduce products and then continue to alter them after they have been sold.

"One of the greatest benefits of Internet-based delivery or training is that the course resides on one of our servers," she says, explaining that this allows for one quick fix to be centrally applied to all users' software. "The next time customers log on to the course, they'll access the modified version," she said, noting that e-mail could then be sent to customers alerting them that the course has been altered.

The early GLBA course will incorporate online tests that banks can require staff to pass. The course will include a "pre-test" that assesses the areas of the law customers need most help with and are most interested in. IBT Financial can use pre-test results to understand which areas should be further developed into more in-depth courses.

Similarly, Concentrex Inc., Portland, OR, last month, launched its Intelliportal Network, an Internet site designed to offer banks Concentrex' compliance software, as well as financial products offered by partner companies.

The site's compliance section will offer features such as summaries of letters and proposals issued by regulators with links to the regulators' sites; an "ask the expert" section; an online training section where visitors can sign up for Concentrex' compliance training courses and learn about courses provided by others; attorney networking sections; and templates of letters to regulators and legislators that can be used for lobbying efforts.

The site was inspired by the "on-demand world" that the Internet is creating and the competitive battle that banks will have to sell newly admissable types of financial services, a spokeswoman said.

Of many aspects of banking affected by the Act, the new privacy provisions are foremost in bankers' minds. Banks feel the pressure of the November deadline, by which time privacy policies must be in place.

"Privacy is number one just because it will be implemented by the end of the year," says Adella Heard, senior vice president and counsel with First Tennessee National Corp., Memphis.

Others also stress the enormity of the privacy issue with so many customers and business affiliates affected. Moreover, individual states may enact more restrictive laws, as they are entitled to.

"On a scale of 10 to 1000, privacy is 1000," says Jerry Loeser, deputy general counsel with Comerica Inc., Detroit.

From a compliance standpoint, the issue will involve assessing all third-party contracts, as well as assessing the bank's technology, says Jim Garavaglia, Comerica's senior vice president and privacy officer.

"It's understanding what you are doing as a company and making sure that your database is stellar in relation to tracking customer information and the sharing of customer information," Garavaglia says. "For a bank like Comerica, there are many customers who have a checking account in Michigan and a trust account in Florida. If both states have different laws, then when dealing with customers we have to realize that when we are dealing with the customer as a trust customer, it's under Florida law, and when we are dealing (with him) as a checking-account customer, it's under Michigan law," Garavaglia says. "Then there is the question of 'What if he "opts out" in Florida?' It's clumsy."

Both Comerica and First Tennessee have formed internal task forces on the issue. For now, both have turned to industry groups for information on developments on the state level. However, in time, banks may question whether the tools they are currently using are sufficient. "Once we've gotten to the point of implementation, we may start to look for other resources," Heard says.

Compliance product vendors are rushing to develop a wide array of services for customers looking to tap into extra privacy compliance tools now or down the road. At Bankers Systems Inc., St. Cloud, MN, software about privacy compliance is being developed, and specialists are carefully tracking legislation on the state level-where banks are expected to be in particular need of extra resources.

"The complexity grows exponentially on the Internet where there aren't state boundaries," says John Bryant, vice president of marketing with Bankers Systems. "Banks need to understand 51 jurisdictions."

Concentrex is developing software that will, through a series of prompts, walk banks through the creation of their own privacy policies. "It's not a generic thing, it will help banks address specific needs," says Alan Dombrow, senior professional and compliance liaison. "For example, it might list items that have to be included (in a privacy statement). It could explain categories of personal information that would have to be disclosed."

The legislation says banks must tell consumers whenever data classified by regulators as "non-public personal information" is shared with affiliates. However, says Dombrow, "Right now we don't even know what non-public personal information is. For an institution to put together a privacy policy today, it's very difficult."

That Concentrex software is not expected to be released until regulations to explain and govern implementaion of the new privacy law are finalized. Those regulations are expected out later this month.

While moves into insurance, securities and other areas might be further down the road, compliance companies say they are already hearing from banks interested in broadening the financial services they offer. Banks are expected to form partnerships to enter into these new lines of business-as compliance companies already have.

Bankers Systems, which is a subsidiary of tax and business law information and software company CCH Inc., Riverwoods, IL, will offer securities information through the brokerage unit of CCH. It will also offer insurance compliance information through another CCH subsidiary, National Insurance Law Service, Chatsworth, CA. Through these arrangements, customers who call Bankers Systems with questions will be connected to the appropriate experts in the insurance and securities fields at CCH and NILS.

Insurance offerings

Concentrex has entered an alliance with National Regulatory Services (NRS), Lakeville, CT, to offer insurance services to banking clients. NRS will provide consulting to guide clients through the early entry issues of the insurance business, plus guidance in the set-up of an insurance sales team and other operational issues, says Jim Shelly, NRS business development manager. A "best practices" guide for banks as insurance agencies will also be offered, along with training and conferences geared toward a bank's insurance compliance officer.

For banks that want to sell annuities under the new law, NRS will help them through a different set of compliance challenges, including registration with the National Association of Securities Dealers.

Shelly says NRS is gearing up for strong interest in insurance from the banking industry, and Concentrex represents just one avenue through which the company will target banks. "The (banking) industry is looking for comprehensive help in this area," he says.

Pending proposals on the insurance licensing front are still being formulated, however, Shelly, understandably, advises banks to begin laying the groundwork to sell insurance. "Banks cannot wait for all regulations to be in effect. To remain competitive, they must get up and running," he says.

For reprint and licensing requests for this article, click here.
MORE FROM AMERICAN BANKER