WASHINGTON - Most account holders nationwide get solicitations for low-price insurance policies, mutual funds, and various other products their banks think they might want.
Not so the customers at National Bank in Middlebury, Vt. If they want information on any of the nonbanking products National offers, they have to sign a form granting consent for the bank to share their personal information with other providers of financial services.
Vermont is one of just three states with standards that exceed consumer privacy protections mandated by the Gramm-Leach-Bliley Act of 1999. Though the state often stakes out politically independent ground, experts are paying close attention to bankers' experiences there, because Vermont's law could serve as a model for activists in other state legislatures.
Indeed, Gramm-Leach-Bliley invites states to pass tougher privacy statutes. Industry lobbyists fended off similar attempts this year in nearly 25 states, but more measures are expected to surface next year.
The federal privacy rules - which regulators issued this spring and will begin enforcing July 1, 2001 - require only that banks give customers a chance to block, or "opt out," of data sharing with third parties. The federal rules allow free flow of information among affiliates and with service providers or joint marketing partners as long as customers are informed each year of their financial institution's data sharing practices.
Vermont, Connecticut, and Alaska, however, have had stricter laws on the books for years. Known as "opt-in" statutes, they require banks, credit unions, mortgage brokers, and other lenders to get a customer's written permission before deposit account and loan application information may be transferred to affiliates or third parties.
The Vermont opt-in law, which took effect in 1995, forbids banks from disclosing any type of personal financial information unless the customer gives the OK. There are 24 exceptions, including sharing with a credit reporting agency or an account verification service, provided that such disclosures are in compliance with the Vermont and federal Fair Credit Reporting acts.
State Assistant Attorney General Julie Brill, one of the original supporters and strongest proponents of Vermont's opt-in law, said it helps consumers without hurting banks because it adds only one more form to the many documents new customers have to fill out."The compliance cost is fairly minimal," she said. "Banks require customers to fill out a lot of paperwork and the law could be implemented in just one consent provision."
Vermont bankers vehemently disagree. While they cannot cite losses or specific expenses they have incurred in the past five years, they offer many everyday examples of being handcuffed by state law.
Targeted mailings, the traditional method of marketing insurance policies, cannot be used in Vermont because the law bars sharing information with an insurance company that it could use to identify customers who would be more likely to buy insurance products.
And according to National Bank president Ken Perine, the alternative - mass mailings to all bank customers - as a general rule are costly and ineffective. "We have tried a number of initiatives to see if we could improve the penetration of mass mailings, but we don't get a good response," he said.
An independent insurance agent, who works in National Bank's lobby selling property and casualty policies, must include disclosure forms in every insurance application packet. These forms provide a place for customers to opt in for information sharing that would ultimately provide targeted insurance quotes.
The set up "works to a degree, but it hasn't generated the number of referrals or quote requests we would like," Mr. Perine said. "The effort may not be worth it."
He added that the bank is looking for ways to get insurance information and quotes to the customer more quickly. One option may be to use an insurance software program that could be used in banks to give ballpark quotes without transferring customer information to the insurance agency. These estimates could be made for every loan applicant, and interested customers could be referred to the insurance agency without violating privacy laws, he said.However, this system would add to the bank's costs. "We believe that the concepts of banking and insurance are a natural fit, but it might have to be abandoned," Mr. Perine said.
Connecticut has an older but less strict opt-in law. Adopted in 1977, the law requires banks to get customer authorization to share deposit files and loan file data. These limitations apply to all third parties, joint marketing agreements, service providers, and, in most cases, affiliates.
Alaska's statute was originally enacted in 1951. It requires customers to opt in before any information is shared except in the case of disclosures required for other legal reasons, such as a court order. Under such exceptions, customers still must be notified prior to disclosure. The law has not been tested in court.
Alaskan bankers have few complaints, but acknowledge that the business differs from most states. "Alaska has small community banks, most of which have not branched beyond traditional banking services," said Jerry Weaver, secretary and treasurer of the Alaska Bankers Association.
Small banks in these states may be most disadvantaged, experts noted.
Bank holding companies are exempt because these state laws can be preempted by the federal Fair Credit Reporting Act, which lets affiliates share loan application and other information provided they give customers the chance to opt out as in Gramm-Leach-Bliley. Small banks are less likely to use a holding company structure and use affiliates than their larger counterparts.
"This preemption leads to an imbalance between large banks and small community banks," said David Wiese of Tyler Cooper and Alcorn, a law firm representing banks throughout Connecticut. "Because small banks usually operate under contractual agreements and not affiliations, they are subject to the opt-in laws."