WASHINGTON Federal bank and thrift regulators released guidelines Thursday on how examiners should evaluate a financial institutions compliance with the privacy provisions of the Gramm-Leach-Bliley Act of 1999.
That law required institutions to disclose their privacy policies annually and to give consumers a chance to opt out of information-sharing with third parties. Regulators released rules last year detailing what the disclosure forms should say and how often they should be sent. The rules take effect July 1.
The guidelines, which were sent to banks and thrifts along with an advisory letter, tell examiners to inspect an institutions policy and opt-out notices to ensure they are timely, accurate, clear and conspicuous, and delivered so that each customer can reasonably be expected to receive them.
The guidelines say that examiners should watch how nonpublic personal information is disclosed to third parties, whether the bank or thrift is honoring consumers opt-out requests, and that its internal controls are sufficient to monitor compliance. They also say supervisors should ascertain areas of risk associated with a financial institutions privacy policies.
In addition the guidelines instruct examiners to review complaint logs, telemarketing scripts, and other information obtained from third parties and to look at the nonpublic information an institution collects from or about consumers when providing a financial product or service.
Supervisors should also address how an institution collects complaints and fixes problems concerning its privacy policies.