As financial companies get bigger, they must do more to protect customer privacy or face a government crackdown, acting Comptroller of the Currency Julie L. Williams warned Friday.
"If self-regulatory initiatives are viewed as weak and toothless," she said, "the stage will be set for a more active government role."
Huge pending mergers like the one between Citicorp and Travelers Group have highlighted privacy concerns, Ms. Williams said in a strongly worded speech to a Bankers Roundtable meeting.
"One key rationale for the recently announced megamergers is that the resulting companies will be able to gather and distill data on an expanded customer pool," she said. And if banks are careless with personal data, consumers will push for restrictions on cross-marketing among affiliates.
Industry officials insisted there already are sufficient safeguards.
"The financial services industry already has strong laws in place and regulators that enforce the law," said a Citicorp official who asked not to be named.
"Banks protect customer data better than anyone," said John J. Byrne, senior counsel at the American Bankers Association. "Financial privacy has been a priority since the beginning of organized banking."
Ms. Williams did praise industry initiatives to establish privacy guidelines, but she said these efforts are meaningless if banks do not enforce them.
"Who will judge whether a bank's policies are consistent with industry principles or whether they are being complied with?" she asked. "What remedies will be available to deal with those institutions that fall short of the standards?"
Ms. Williams suggested bankers hire outside auditors to monitor their compliance with privacy policies. Mr. Byrne said such a move would be costly, especially for smaller banks. "Hiring an independent auditor is not in the cards," he said.
Ms. Williams also said customers must be better informed of their right to forbid institutions from sharing confidential information with affiliates.
Too often, institutions bury such disclosures, she said. "Such techniques may fall within the letter of the law, but they certainly fall short of its spirit."
L. Richard Fischer, a partner at Morrison & Foerster in Washington and an expert on financial privacy, said the industry has done little to reassure uneasy consumers.
"Banks have a lot more work to do to keep customers' trust," he said. "Each institution needs to set down its policies and communicate them to customers."
Ms. Williams cited recent surveys showing consumers are worried that financial organizations do not disclose how their data are used or may offer information on them to third parties without their permission.
To quell such concerns, banking industry groups have developed self- regulatory guidelines. For instance, the Consumer Bankers Association issued a nine-point plan in November 1996 that advises banks to limit employee access to confidential data and to collect only the information needed for "useful" business purposes.