Request for Public Comment on Proposed Consumer Protection Rules for  Affiliate Information Sharing

Request for Public Comment on Proposed Consumer Protection Rules for Affiliate Information Sharing


25 pages
Le téléchargement nécessite un accès à la bibliothèque YouScribe
Tout savoir sur nos offres


Federal Reserve Bankll★Kof DallasDALLAS, TEXAS 75265-5906November 6, 2000Notice 00-67TO: The Chief Executive Officer of eachfinancial institution and others concernedin the Eleventh Federal Reserve DistrictSUBJECTRequest for Public Comment onProposed Consumer Protection Rules for AffiliateInformation Sharing PracticesDETAILSThe Board of Governors of the Federal Reserve System, the Federal Deposit Insur-ance Corporation, the Office of the Comptroller of the Currency, and the Office of Thrift Super-vision have requested public comment on proposed regulations implementing the provisions ofthe Fair Credit Reporting Act (FCRA). The act permits institutions to communicate consumerinformation to their affiliate (affiliate information sharing) without incurring the obligations ofconsumer reporting agencies. These provisions authorize institutions to communicate amongtheir affiliates the following:• Information regarding transactions or experiences between the consumer and theperson making the communication (transaction or experience information); and• Other information (that is, information covered by the FCRA but not transactionor experience information), provided that the institution has given notice to theconsumer that the other information may be communicated, the institution hasprovided the consumer an opportunity to “opt out” (i.e., to direct that the informa-tion not be communicated), and the consumer has not opted out.The proposed ...



Publié par
Nombre de visites sur la page 90
Langue English
Signaler un problème

Federal Reserve Bank
ll ★K
of Dallas
November 6, 2000
Notice 00-67
TO: The Chief Executive Officer of each
financial institution and others concerned
in the Eleventh Federal Reserve District
Request for Public Comment on
Proposed Consumer Protection Rules for Affiliate
Information Sharing Practices
The Board of Governors of the Federal Reserve System, the Federal Deposit Insur-
ance Corporation, the Office of the Comptroller of the Currency, and the Office of Thrift Super-
vision have requested public comment on proposed regulations implementing the provisions of
the Fair Credit Reporting Act (FCRA). The act permits institutions to communicate consumer
information to their affiliate (affiliate information sharing) without incurring the obligations of
consumer reporting agencies. These provisions authorize institutions to communicate among
their affiliates the following:
• Information regarding transactions or experiences between the consumer and the
person making the communication (transaction or experience information); and
• Other information (that is, information covered by the FCRA but not transaction
or experience information), provided that the institution has given notice to the
consumer that the other information may be communicated, the institution has
provided the consumer an opportunity to “opt out” (i.e., to direct that the informa-
tion not be communicated), and the consumer has not opted out.
The proposed regulations explain how to comply with the affiliate information and
sharing provisions, addressing such matters as the content and delivery of the notice to consum-
ers that “other” information may be communicated (opt out notice). Also, the proposed regula-
For additional copies, bankers and others are encouraged to use one of the following toll-free numbers in contacting the Federal
Reserve Bank of Dallas: Dallas Office (800) 333-4460; El Paso Branch Intrastate (800) 592-1631, Interstate (800) 351-1012;
Houston Branch Intrastate (800) 392-4162, Interstate (800) 221-0363; San Antonio Branch Intrastate (800) 292-5810.- 2 -
tions implement certain related provisions. The agencies have attempted to conform these pro-
posed regulations to the final regulations implementing the privacy provisions of the Gramm-
Leach-Bliley Act whenever feasible.
The Board must receive comments by December 4, 2000. Please address comments to
Jennifer J. Johnson, Secretary, Board of Governors of the Federal Reserve System, 20th and C
Streets, N.W., Washington, DC 20551. Also, you may mail comments electronically to All comments should refer to Docket No. R-1082.
A copy of the Board’s notice as it appears on pages 63120–41, Vol. 65, No. 204 of the
Federal Register dated October 20, 2000, is attached.
For more information, please contact Eugene Coy, Banking Supervision Department,
(214) 922-6201. For additional copies of this Bank’s notice, contact the Public Affairs Depart-
ment at (214) 922-5254 or access District Notices on our web site at,
October 20, 2000
Part II
Department of the
Office of the Comptroller of the
Office of Thrift Supervision
Federal Reserve System
Federal Deposit
Insurance Corporation
12 CFR Parts 41, 222, 334 and 571
Fair Credit Reporting Regulations;
Proposed Rule
VerDate 11<MAY>2000 13:23 Oct 19, 2000 Jkt 194001 PO 00000 Frm 00001 Fmt 4737 Sfmt 4737 E:\FR\FM\20OCP2.SGM pfrm04 PsN: 20OCP263120 Federal Register/Vol. 65, No. 204/Friday, October 20, 2000/Proposed Rules
explain how to comply with the affiliate between 9:00 a.m. and 4:30 p.m. onDEPARTMENT OF THE TREASURY
information sharing provisions, business days.
Office of the Comptroller of the addressing such matters as the content Comments may be submitted to the
Currency and delivery of the notice to consumers FDIC electronically over the Internet at
that ‘‘other’’ information may be Further information
12 CFR Part 41 communicated (opt out notice). The concerning this option may be found
proposed regulations also implement below at ‘‘FDIC’s Electronic Public
[Docket No. 00–20]
certain related provisions. The Agencies Comment Site.’’ Comments also may be
RIN 1557–AB78 have attempted to conform these mailed electronically to
proposed regulations to the final
FEDERAL RESERVE SYSTEM regulations implementing the privacy OTS: Mail: Send comments to
provisions of the Gramm-Leach-Bliley Manager, Dissemination Branch,
12 CFR Part 222 Act whenever feasible. Information Management and Services
Division, Office of Thrift Supervision,[Regulation V; Docket No. R–1082] DATES: Comments must be received by
1700 G Street, NW., Washington, DCDecember 4, 2000.
FEDERAL DEPOSIT INSURANCE 20552, Attention Docket No. 2000–81.
ADDRESSES: Comments should be
CORPORATION Delivery: Hand deliver comments todirected to:
the Guard’s Desk, East Lobby Entrance,OCC: Communications Division,12 CFR Part 334 1700 G Street, NW., from 9:00 a.m. toOffice of the Comptroller of the
4:00 p.m. on business days, AttentionRIN 3064–AC35 Currency, 250 E Street, SW.,
Docket No. 2000–81.Washington, D.C. 20219, Attention:
Facsimiles: Send facsimileDEPARTMENT OF THE TREASURY Docket No. 00–20; FAX number (202)
transmissions to FAX Number (202)874–5274 or Internet address:
Office of Thrift Supervision 906–7755, Attention Docket No. 2000–
81; or (202) 906–6956 (if comments areComments may be inspected and
12 CFR Part 571 over 25 pages).photocopied at the OCC’s Public
E-Mail: Send e-mails toReference Room, 250 E Street, SW.,[Docket No. 2000–81]
‘‘’’, AttentionWashington D.C. between 9:00 a.m. and
RIN 1550–AB33 Docket No. 2000–81, and include your5:00 p.m. on business days. You can
name and telephone number.make an appointment to inspect theFair Credit Reporting Regulations Public Inspection: Interested personscomments by calling (202) 874–5043.
may inspect comments at the Public
AGENCIES: Office of the Comptroller of Board: Comments, which should refer
Reference Room, 1700 G St. N.W., fromthe Currency, Treasury (OCC); Board of to Docket No. R–1082, may be mailed to
10:00 a.m. until 4:00 p.m. on TuesdaysGovernors of the Federal Reserve Ms. Jennifer J. Johnson, Secretary, Board
and Thursdays or obtain comments and/System (Board); Federal Deposit of Governors of the Federal Reserve
or an index of comments by facsimile byInsurance Corporation (FDIC); and System, 20th and C Streets, NW.,
telephoning the Public Reference RoomOffice of Thrift Supervision, Treasury Washington, D.C. 20551 or mailed
at (202) 906–5900 from 9:00 a.m. until(OTS). electronically to
5:00 on business days. Comments Joint notice of proposed the related index will also be posted onComments addressed to Ms. Johnsonrulemaking. the OTS Internet Site atalso may be delivered to the Board’s
‘‘’’.SUMMARY: The OCC, Board, FDIC, and mail room between 8:45 a.m. and 5:15
OTS (Agencies) are publishing for p.m. and to the security control room FOR FURTHER INFORMATION CONTACT:
comment proposed regulations outside of those hours. Both the mail OCC: Amy Friend, Assistant Chief
implementing the provisions of the Fair room and the security control room are Counsel, (202) 874–5200; Michael
Credit Reporting Act (FCRA) that permit accessible from the courtyard entrance Bylsma, Director, Community and
institutions to communicate consumer on 20th Street between Constitution Consumer Law, (202) 874–5750;
information to their affiliates (affiliate Avenue and C Street, NW. Comments Stephen Van Meter, Senior Attorney,
information sharing) without incurring may be inspected in Room MP–500 Community and Consumer Law, (202)
the obligations of consumer reporting between 9:00 a.m. and 5:00 p.m., 874–5750; Carol Workman, Compliance
agencies. These provisions authorize pursuant to § 261.12, except as provided Specialist, Community and Consumer
institutions to communicate among in § 261.14, of the Board’s Rules Policy, (202) 874–4858; Deborah Katz,
their affiliates: Information as to Regarding the Availability of Senior Attorney, Legislative and
transactions or experiences between the Information, 12 CFR 261.12 and 261.14. Regulatory Activities Division, (202)
consumer and the person making the FDIC: Send written comments to 874–5090; or Jeffery Abrahamson,
communication (transaction or Robert E. Feldman, Executive Secretary, Attorney, Enforcement and Compliance,
experience information); and ‘‘other’’ Attention: Comments/OES, Federal (202) 874–4800, Office of the
information (that is, information Deposit Insurance Corporation, 550 17th Comptroller of the Currency, 250 E
covered by the FCRA but not transaction Street, NW., Washington, DC 20429. Street, SW., Washington, DC 20219.
or experience information), provided Comments may be hand delivered to the Board: James H. Mann, Senior
that the institution has given notice to guard station at the rear of the 17th Attorney, (202) 452–2412; or David A.
the consumer that the other information Street building (located on F Street) on Stein, Attorney, (202) 452–3667,
may be communicated, the institution business days between 7 a.m. and 5 p.m. Division of Consumer and Community
has provided the consumer an (FAX number (202) 898–3838). Affairs. For the hearing impaired only,
opportunity to ‘‘opt out’’ (i.e., to direct Comments may be inspected and contact Janice Simms,
that the information not be photocopied in the FDIC Public Telecommunications Device for the Deaf
communicated), and the consumer has Information Center, Room 100, 801 17th (TDD) (202) 872–4984, Board of
not opted out. The proposed regulations Street, NW., Washington, DC 20429, Governors of the Federal Reserve
VerDate 11<MAY>2000 13:23 Oct 19, 2000 Jkt 194001 PO 00000 Frm 00002 Fmt 4701 Sfmt 4702 E:\FR\FM\20OCP2.SGM pfrm04 PsN: 20OCP2Federal Register/Vol. 65, No. 204/Friday, October 20, 2000/Proposed Rules 63121
System, 20th and C Streets, NW., opportunity to opt out, did not opt out. Board, predecessor of the OTS) issued
Washington, DC 20551. ‘‘Other information’’ refers to in 1971. These were designed to help
FDIC: James K. Baebel, Assistant information that is covered by the FCRA financial institutions develop a working
Director, Compliance Policy, Division of and that is not a report containing knowledge of the statute. The Agencies
Compliance and Consumer Affairs, information solely as to transactions or will modify or withdraw any Qs & As
(202) 942–3086; Deanna Caldwell, experiences between the consumer and that are inconsistent with the FCRA or
Community Affairs Officer, Division of the person making the report. obsolete. The 1996 Amendments prohibited the
II. Section-by-Section Analysis(202) 736–0141; Nancy Schucker Agencies from issuing implementing
Recchia, Counsel, Regulations and regulations. 15 U.S.C. 1681s(a)(4) Section .1 Purpose and Scope
Legislation Section, (202) 898–8885; A. (repealed). The Gramm-Leach-Bliley Act
Proposed paragraph .1(a) brieflyAnn Johnson, Counsel, Regulations and (GLBA) repealed this prohibition and
describes the purpose of the regulations.Legislation Section, (202) 898–3573; and directed the Agencies to prescribe.1(b) brieflyjointly such regulations as necessary toDavid Lafleur, Senior Compliance
describes the scope of the regulations,Examiner, (415) 395–5261, Federal carry out the purposes of the FCRA.
including the information andDeposit Insurance Corporation, 550 17th Pub. L. Sec. 506, 106–102, 15 U.S.C.
institutions subject to them. (TheseStreet, NW., Washington, DC 20429. 1681s(e).
OTS: Christine Harrington, Counsel institutions are identified in more detail
Coordination With Privacy Regulations(Banking and Finance), (202) 906–7957; in proposed section .3(m) of the
The GLBA sets standards for financialPaul Robin, Assistant Chief Counsel, Board, FDIC, and OTS regulations.)
institutions’ disclosure of nonpublic(202) 906–6648; or Elizabeth Baltierra, Paragraph .1(b) also provides that
personal information to nonaffiliatedProgram Analyst, Compliance Policy nothing in this part modifies, limits, or
third parties (privacy provisions; Pub. L.(202) 906–6540, Office of Thrift supersedes the standards governing the
106–102, 15 U.S.C. 6802; see also 15Supervision, 1700 G Street, NW., privacy of individually identifiable
U.S.C. 6803). The Agencies publishedWashington DC 20552. health information promulgated by the
final regulations implementing theseSUPPLEMENTARY INFORMATION: Secretary of Health and Human Services
privacy provisions on June 1, 2000 pursuant to sections 262 and 264 of theI. Background (privacy regulations; 65 FR 35162, June Health Insurance Portability and
1, 2000).The FCRA Accountability Act (HIPAA) of 1996 (42
The privacy regulations do not
U.S.C. 1320d–1320d–8). CertainThe FCRA, enacted in 1970, sets ‘‘modify, limit, or supersede the
institutions that possess medicalstandards for the collection, operation of the Fair Credit Reporting
communication, and use of information information about consumers may be
Act.’’ 15 U.S.C. 6806. Thus, both the
bearing on a consumer’s credit covered by these regulations, the GLBA
privacy regulations and the FCRA may
worthiness, credit standing, credit privacy regulations, and rules
apply to an institution’s disclosure of
capacity, character, general reputation, promulgated by the Department of
consumer information. Moreover, if a
personal characteristics, or mode of Health and Human Services (HHS)
financial institution provides an opt out
living. 15 U.S.C. 1681–1681u. In 1996, under the authority of sections 262 and
notice under the FCRA, that notice must
the Consumer Credit Reporting Reform 264 of HIPAA once those regulations are
be included in certain notices mandated
Act amended the FCRA extensively finalized. Based on the proposed HIPAA
by the privacy regulations, including
(1996 Amendments). Pub. L. 104–208, rules, it appears likely that there will be
annual notices to customers. 15 U.S.C.
110 Stat. 3009. areas of overlap between the HIPAA and
6803. Therefore, the Agencies anticipateFor many years, to avoid the the FCRA affiliate information-sharing
that financial institutions will designobligations of consumer reporting rules. For instance under the HIPAA
their information-sharing policies andagencies imposed by the FCRA, many proposal, consumers must provide
practices taking into account both theinstitutions avoided making any affirmative authorization before a
privacy regulations and the regulationscommunications to affiliated companies ‘‘covered institution’’ or its ‘‘business
implementing the FCRA.of consumer information that could partner’’ may disclose medicalTo ease compliance and promote1constitute consumer reports. The 1996 information in certain instances,consistency, the Agencies areAmendments, however, excluded whereas under these proposed FCRAconforming the two regulations wherespecified types of information sharing affiliate information sharing rules,appropriate. For example, the Agencieswith affiliates from the definition of institutions need only provideare proposing requirements regarding‘‘consumer report,’’ assuring institutions consumers with the opportunity to optthe content and delivery of the FCRAthat making these communications out of disclosures. In cases where theopt out notice that are generallywould not expose them to the HIPAA requires consumers to opt inconsistent with the correspondingobligations of consumer reporting before certain information may beprovisions of the privacy regulations.agencies. In particular, the 1996 shared, but this rule allows consumers
Amendments excluded from the This Proposal and Future Agency to opt out of the same sharing, opt in
definition of ‘‘consumer report’’ the Issuances would be necessary before the
sharing of ‘‘other’’ information among information may be shared. TheThe FCRA raises many significant
affiliates, so long as the consumer, Agencies will consult with HHS toissues in addition to affiliate
having been given notice and an avoid the imposition of duplicative orinformation sharing. The Agencies are
inconsistent requirements.analyzing these issues and expect to
1 The FCRA creates substantial obligations for
address them in an Advance Notice of‘‘consumer reporting agencies.’’ FCRA, section Section .2 Examples
603(f); see, e.g., sections 607, 611. These obligations Proposed Rulemaking. Additionally, the
include furnishing consumer reports only for Agencies will review a series of Proposed section .2 clarifies that the
permissible purposes, maintaining high standards questions and answers regarding the examples used in the regulations and in
for ensuring the accuracy of information in
FCRA (Qs & As) that the Agencies the sample notice are not exclusiveconsumer reports, resolving customer disputes, and
other matters. (including the Federal Home Loan Bank means of compliance; rather, they are
VerDate 11<MAY>2000 13:23 Oct 19, 2000 Jkt 194001 PO 00000 Frm 00003 Fmt 4701 Sfmt 4702 E:\FR\FM\20OCP2.SGM pfrm04 PsN: 20OCP2
lllllllllll63122 Federal Register/Vol. 65, No. 204/Friday, October 20, 2000/Proposed Rules
intended to provide guidance on how to exercised over individuals, government Paragraph (g)(2)(iii) excludes any
comply in specific situations. agencies, and other persons that do not communication of ‘‘opt out
The Agencies solicit comment on fit within the definition of ‘‘company.’’ information’’ if the conditions set out in
whether to include additional or Comment is solicited on whether the sections .4– .9 are satisfied. The
different examples, and, more proposed definition of ‘‘control’’ should FCRA, as explained above, uses the term
fundamentally, on whether including be expanded to apply to these ‘‘other information’’ to refer to
examples in the regulations is additional types of persons. information that it covers but that is not
appropriate and useful. Instead of transaction or experience information.
Clear and Conspicuousaddressing specific fact situations This proposal refers to ‘‘other
Proposed paragraph (c) defines ‘‘clearthrough such examples, the Agencies information’’ using the more descriptive
and conspicuous’’ to mean that a noticecould periodically issue interagency term ‘‘opt out information.’’ See
must be reasonably understandable andstaff commentaries or questions and proposed paragraph (k).
designed to call attention to the natureanswers.
Opt Outand significance of the information itThe Agencies note that an example
contains. The proposed regulations dothat mentions a particular activity does Proposed paragraph (j) defines this
not mandate the use of any particularnot, by itself, authorize an institution to term to mean a direction by a consumer
engage in that activity. Any such technique for making a notice clear and that an institution not communicate opt
authority must have an independent conspicuous; instead, they give out information about the consumer to
source. institutions flexibility in determining one or more of the institution’s
how to comply. An institution may affiliates.Section .3 Definitions
make its notice reasonably
Opt Out InformationDiscussed below are a few key understandable by, for example, using
definitions, including: ‘‘affiliate’’ (as short explanatory sentences or bullet As described above, the 1996
well as the related terms ‘‘company’’ lists and avoiding legal or highly Amendments to FCRA excluded from
and ‘‘control’’); ‘‘clear and technical business terminology the definition of ‘‘consumer report’’ the
conspicuous’’; ‘‘opt out’’; ‘‘opt out whenever possible. An institution may sharing of ‘‘other information’’ among
information’’; and ‘‘consumer report.’’ design its notice to call attention to the affiliates, so long as the consumer,
The proposal tracks the statutory nature and significance of the having been given notice and an
language referring to ‘‘transaction or information in the notice by, for opportunity to opt out, did not opt out.
experience information,’’ but does not example, using a plain-language ‘‘Other information’’ refers to
define that term. heading and a typeface and size that are information that is covered by the FCRA
easy to read. and that is not a report containingAffiliate
Paragraph (c) is consistent with the information solely as to transactions or
Several FCRA provisions apply to ‘‘clear and conspicuous’’ standard in the experiences between the consumer and
information sharing with persons privacy regulations. As such, it offers a the person making the report. The
‘‘related by common ownership or more detailed exposition of the standard proposed regulation uses the term ‘‘opt
affiliated by corporate control,’’ ‘‘related (particularly with respect to what makes out information’’ to describe this
by common ownership or affiliated by a notice ‘‘conspicuous’’) than some category of information.
common corporate control,’’ or other regulations, such as the Board’s Proposed paragraph (k) defines opt
‘‘affiliated by common ownership or Regulation Z. However, laws other than out information as information that (i)
common corporate control.’’ E.g., FCRA, FCRA—for example, the Truth in bears on a consumer’s credit worthiness,
sections 603(d)(2), 615(b)(2), and Lending Act—that require clear and credit standing, credit capacity,
624(b)(2). Proposed paragraph (b) conspicuous disclosures, are beyond the character, general reputation, personal
defines ‘‘affiliate’’ to refer to all these scope of this rulemaking. Accordingly, characteristics, or mode of living, (ii) is
relationships between and among the standard proposed here does not used or expected to be used or collected
companies, and clarifies that ‘‘related or affect disclosures required by those for one of the permissible purposes
affiliated by common ownership or laws. listed in FCRA (e.g., credit transaction,
affiliated by corporate control or The Agencies request comment on
insurance underwriting, employment
common corporate control’’ means whether institutions have any particular
purposes), and (iii) is not solely
controlling, controlled by, or under concerns about compliance with FCRA’s
transaction or experience information.
common control with another company. clear and conspicuous standard when
Section .5(d) gives examples ofConsistent with the definitions in the FCRA opt out notices are included with
categories of information that qualify asprivacy regulations, the proposal uses a the GLBA privacy provision notices.
opt out information.definition of ‘‘control’’ that applies
Consumer Reportexclusively to the control of a Section .4 Communication of Opt
Proposed paragraph (g) parallels the‘‘company,’’ and defines ‘‘company’’ to Out Information to Affiliates
definition in section 603(d) of theinclude any corporation, limited
Proposed section .4 describes theFCRA. Paragraph (g)(2)(ii) excludes fromliability company, business trust,
conditions that an institution must meetthe definition of ‘‘consumer report’’general or limited partnership,
to ensure that its communication of optcommunication among affiliates of aassociation, or similar organization. See
out information to its affiliates do notreport containing information solely asproposed paragraphs (e) (‘‘company’’)
constitute consumer reports includingto transactions or experiences betweenand (i) (‘‘control’’). The definition of
the consumer and the person making‘‘company’’ omits some entities that are
own transaction or experience information to
2the report.‘‘persons’’ under the FCRA— another affiliate directly only in the same manner
individuals, estates, cooperatives, as an entity can disclose information to a
2 Prior to the 1996 amendments to FCRA, nonaffiliated third party. While transaction orgovernments, and governmental
affiliated entities could not pool their transaction or experience information has been excluded from thesubdivisions or agencies. The Agencies,
experience information in a common database definition of ‘‘consumer report’’ since the FCRA’s
however, are not aware of any without being considered a consumer reporting initial passage, the 1996 amendments facilitated the
circumstances where ‘‘control’’ could be agency. Instead, each affiliate could disclose its disclosure of such information among affiliates.
VerDate 11<MAY>2000 13:23 Oct 19, 2000 Jkt 194001 PO 00000 Frm 00004 Fmt 4701 Sfmt 4702 E:\FR\FM\20OCP2.SGM pfrm04 PsN: 20OCP2
lllllllFederal Register/Vol. 65, No. 204/Friday, October 20, 2000/Proposed Rules 63123
the requirement that the institution section .6, below, for additional (d)(2). Comment is requested as to the
provide an opt out notice. discussion on reasonable opportunity to appropriateness of these examples of
Section 603(d)(2)(A)(iii) of the FCRA opt out). categories and items of opt out
excludes from the definition of Proposed paragraph (b) clarifies that information, and whether additional or
‘‘consumer report’’ the sharing of opt an institution’s notice may describe not different examples should be used.
out information among affiliates if: only the communications of opt out The descriptions of the categories of
information that the institution information set out in proposedit is clearly and conspicuously disclosed to
currently plans to make to its affiliates, paragraph (d)(2) differ somewhat fromthe consumer that the information may be
but also the communications that itcommunicated among such persons and the those in section .6(c)(2) of the privacy
consumer is given the opportunity, before the reserves the right to make in the future. regulations. The agencies solicit
time that the information is initially Proposed paragraph (c) explains that an comment on the extent to which the
communicated, to direct that such institution may, but need not, provide categories in (d)(2) can be treated as
information not be communicated among the consumer with the option of an opt consistent with similar categories in thesuch persons * * *. out that covers only part of the privacy regulations (such as disclosures
Proposed section .4 accordingly information or certain affiliates. This of information from consumer reporting
provides that opt out information may would enable an institution to give agencies) in order to reduce compliance
be communicated among affiliates consumers a menu of opt out choices if burden and consumer confusion.
without the communication being a it desires to do so. Proposed paragraph (e) explains how
consumer report if: (i) The institution Paragraph (d) explains how an an institution can satisfy the
has provided an opt out notice; (ii) the institution can satisfy the requirement requirement that it categorize the
institution has given the consumer a that it categorize the opt out information affiliates to which it communicates opt
reasonable opportunity and means, that it communicates. Paragraph (d)(2) out information.
before the time that it communicates the gives examples of categories of opt out Paragraph (f) cross-references the
information, to opt out; and (iii) the information, such as information from a sample notice in appendix A, which
consumer has not opted out. consumer’s application, information presents a further illustration of the
from a consumer report, information content of an opt out notice.Mergers & Acquisitions
obtained by verifying representations
Section .6 Reasonable OpportunityIn a merger or acquisition situation, made by a consumer, and information
to Opt Outthe need to provide new opt out notices provided by another person regarding
to the customers of the entity that ceases that person’s relationship with a Proposed paragraph (a) of section
to exist will depend on whether the consumer. The first two categories .6 states that financial institutions
notices previously given to those reflect the legislative history of the 1996 will provide a reasonable opportunity to
customers accurately reflect the policies Amendments, which states in part that opt out by providing a reasonable period
and practices of the surviving entity. If the opt out provision ‘‘will clarify that of time for the consumer to opt out from
they do, the surviving entity will not be affiliates within a Holding Company the time that notice is delivered.
required under the rule to provide new structure can share any application Proposed paragraph (b) sets out
notices. information * * * and consumer examples of what is a reasonable period
reports, consistent with the FCRA.’’ S. of time when notices are provided inSection .5 Contents of Opt Out
Rep. No. 185, 104th Cong., 1st Sess. 18– person, by mail, or by electronic means.Notice
19 (1995). The other two categories Comment is requested on whether there
Proposed paragraph (a) provides that represent information that the Agencies are other situations that would suggest
an opt out notice must be clear and believe does not constitute transaction a different reasonable period of time
conspicuous, and must accurately or experience information when that the Agencies should note by
explain: (i) The categories of opt out communicated by the institution that example. Proposed paragraph (c)
information about the consumer that the has received it. Paragraph (d)(3) gives a explains that a consumer may opt out at
institution communicates; (ii) the non-exclusive list of examples of any time.
categories of affiliates to which the specific items of opt out information
Section .7 Reasonable Means ofinstitution communicates the within each category, including a
Opting Outinformation; (iii) the consumer’s ability consumer’s income, credit score or
to opt out; and (iv) the means to do so. credit history, open lines of credit, Proposed paragraph (a) sets forth the
The Agencies invite comment on employment history, marital status and general rule that an institution provides
whether financial institutions should medical history. a reasonable means of opting out if it
also have to disclose in their FCRA Medical data are especially sensitive provides a reasonably convenient
notices how long a consumer has to for many consumers; if such data are method to the consumer to opt out.
respond to the opt out notice before the among the opt out information that an Examples of reasonable means of opting
institution may begin disclosing institution communicates to its out and unreasonable means are set out
information about that consumer to its affiliates, the institution satisfies the in proposed paragraphs (b) and (c),
affiliates, as well as the fact that a requirement to categorize that respectively. Proposed paragraph (d)
consumer can opt out at any time. These information only if it includes examples permits an institution to require each
disclosures are not required in the of medical data that it intends to share. consumer to opt out through a specific
privacy regulations. The Agencies seek The Agencies note that the items listed means, as long as that means is
comment on whether the benefits of the in paragraph (d)(3) as examples of reasonable for that consumer.
additional disclosures would outweigh information that would be included
Section .8 Delivery of Opt Outthe burdens, and, if so, whether the within the categories of opt out
Noticesregulation should require the information are illustrative only. Those
disclosures to state that a financial items would not be considered opt out Proposed paragraph (a) provides that
institution will wait 30 days in every information in cases where the an institution must deliver an opt out
instance before sharing consumer information is obtained from a source notice so that each consumer can
information with affiliates (see proposed other than those listed in paragraph reasonably be expected to receive actual
VerDate 11<MAY>2000 16:15 Oct 19, 2000 Jkt 194001 PO 00000 Frm 00005 Fmt 4701 Sfmt 4702 E:\FR\FM\20OCP2.SGM pfrm01 PsN: 20OCP2
llllllllll63124 Federal Register/Vol. 65, No. 204/Friday, October 20, 2000/Proposed Rules
notice. As indicated by the examples require all accountholders to opt out provides examples of prohibited
provided in proposed paragraph (b), this before honoring an opt out direction by discrimination against an applicant.
is a lesser standard than actual notice. one of the joint accountholders. Paragraph (c) notes that the terms
For instance, if an institution mails a Paragraph (f)(2) gives examples of these ‘‘applicant’’ and ‘‘discriminate against’’
printed copy of its notice to the last rules. have the meaning ascribed to these
known mailing address of an existing terms in 12 CFR part 202.
Section .9 Revised Opt Out Notice
customer, the institution has met its
Appendix AProposed section .9 addresses theobligation even if the customer has
situation in which an institution has Appendix A, which is part of thesechanged addresses and never receives
provided a consumer with one or more regulations, contains a sample notice,the notice.
opt out notices but later decides to part or all of which may be used toAn institution may give notice in
communicate opt out information to its facilitate compliance with the noticewriting or, if the consumer agrees,
affiliates other than described in those requirements. Although use of theelectronically. For example, the
sample notice is not required,notices. It explains that an institutioninstitution may e-mail its notice to a
institutions using it properly to providecustomer that conducts electronic must send a revised opt out notice that
notices will be deemed to be intransactions and has agreed to receive complies with section .4, including
compliance.electronic notice. The Agencies invite providing a reasonable means and
The Agencies solicit comment on allcomment on whether and how the opportunity to opt out, and
aspects of the proposed regulations,proposed rules governing communicating the information only if
including but not limited to thosecommunications between a financial the consumer has not opted out.
highlighted above.institution and a consumer via an
Section .10 Time by Which Opt Out
electronic medium should be modified III. FDIC’s Electronic Public CommentMust be Honored
in light of the Electronic Signatures in Site
Proposed section .10 explainsGlobal and National Commerce Act (the
The FDIC has included a page on its3 that if an institution provides aE-Sign Act).
web site to facilitate the submission ofconsumer with an opt out notice, andProposed paragraph (c) explains that
electronic comments in response to thisthe consumer opts out, the institutionoral notice alone does not comply with
general solicitation (the EPC site). Themust comply as soon as reasonablythe notice requirement; however, oral
EPC site provides an alternative to thepracticable after receiving thenotice may be provided in conjunction
written letter and may be a moreconsumer’s direction. Comment iswith appropriate written or electronic
convenient way for you to submit yoursolicited on whether the Agenciesnotice.
comments. Commenting through theshould establish a fixed number ofProposed paragraph (d) explains that
EPC site will assist the FDIC to moredays—for example, 30 days—that wouldan institution must provide the notice
accurately and efficiently analyzebe deemed a ‘‘reasonably practicable’’so that the consumer can retain it or
comments submitted electronically. Ifperiod of time for complying with aobtain it at a later time, and gives
you submit your comments through theconsumer’s opt out direction.examples of retention or accessibility.
EPC site your comments will receive theProposed paragraph (e) permits an
Section .11 Duration of Opt Out same consideration that they wouldinstitution to provide a joint opt out
receive if submitted in hard copy to theProposed section .11 providesnotice with one or more of its affiliates
FDIC’s street address. Informationthat an opt out continues to apply to thethat are identified in the notice, as long
provided through the EPC site will beinformation and affiliates described inas the notice is accurate with respect to
used by the FDIC only to assist in itsthe applicable opt out notice untileach entity jointly issuing the notice.
analysis of the proposed regulation. Therevoked by the consumer in writing, orProposed paragraph (f)(1) sets out
FDIC will not use an individual’s nameif the consumer agrees, electronically, asrules that apply, notwithstanding any
or any other personal identifier of anlong as the consumer continues to haveother provision of the regulations, when
individual to retrieve records ora relationship with the institution. If thetwo or more consumers jointly obtain a
information submitted through the EPCconsumer’s relationship with theproduct or service from an institution
site. Like comments submitted in hardinstitution terminates, the opt out will(referred to in the proposed regulation
copy to the FDIC’s street address, EPCcontinue to apply to this joint consumers), such as a joint
site comments will be made available inHowever, a new notice and opportunitychecking account. For example, an
their entirety (including theto opt out must be provided if theinstitution may provide a single opt out
commenter’s name and address if theconsumer establishes a new relationshipnotice to joint accountholders. The
commenter chooses to provide them) forwith the institution.notice must indicate whether the
public inspection.institution will consider an opt out by Section .12 Prohibition Against The EPC site will be available on thea joint accountholder as an opt out by Discrimination FDIC’s home page at http://all of the associated accountholders, or
Proposed paragraph (a) reminds You will be able towhether each accountholder may opt
institutions that they may not provide comments directly on any of theout separately. The institution may not
‘‘discriminate against’’ a consumer who sections of the proposed regulation as
is an ‘‘applicant’’ for credit because the well as the specific questions that have3 Congress recently enacted the E-Sign Act, Pub.
L. 106–229, which addresses the use of electronic applicant opts out. The source of this been asked in the preceding
records and signatures for interstate and foreign prohibition is the Equal Credit Supplementary Information section.
commerce. This legislation contains general rules Opportunity Act (ECOA; 15 U.S.C. 1691 You will also be able to view the
governing the use of electronic records for
et seq.), which bars discrimination on a regulation and Supplementaryproviding required information to consumers (such
as disclosures and acknowledgments required by prohibited basis in any aspect of a credit Information sections that related to your
the GLBA). The legal requirement that consumer transaction; one prohibited basis is comments directly on the site. Because
disclosures be in writing may be satisfied by an exercising a right under the Consumer the GLBA authorizes promulgation of
electronic record if the consumer affirmatively
Credit Protection Act, which includes this regulation, the FDIC encourages youconsents and certain other requirements of the E-
Sign Act are met. the FCRA. Proposed paragraph (b) to provide written comments in the
VerDate 11<MAY>2000 13:23 Oct 19, 2000 Jkt 194001 PO 00000 Frm 00006 Fmt 4701 Sfmt 4702 E:\FR\FM\20OCP2.SGM pfrm04 PsN: 20OCP2
llllllllllllFederal Register/Vol. 65, No. 204/Friday, October 20, 2000/Proposed Rules 63125
spaces provided. Written comments companies in the institution’s corporate assumes that all institutions with
enable the FDIC to thoughtfully family. 12 CFR .4. If a financial certain affiliates will in fact, choose to
consider possible changes to the institution wishes to share information share opt out information and thus be
proposed regulation. in a way that is inconsistent with subject to the rule.
The estimated number of consumersThe FDIC is also interested in your notices previously given to consumers,
who will receive opt out notices is thefeedback on the EPC site. We have the institution must provide consumers
sum of deposit and loan consumers, andprovided a space for you to comment on with revised notices. 12 CFR .11.
is derived from data in Board consumerthe site itself. Answers to this question The proposed regulation also contains
studies. Each Agency’s share of the totalwill help the FDIC to evaluate the EPC consumer reporting provisions. In order
number of consumers is based on thesite for use in future rulemaking. for consumers to opt out, they must
At the conclusion of the EPC site you respond to the institution’s opt out share of total deposits, and consumer
will have an opportunity to provide us notices. 12 CFR .7. At any time and mortgage loans, held by institutions
with your name, indicate whether you during their continued relationship with supervised by the Agencies. Because
OTS collects different information aboutare an individual, insured depository the institution, consumers have the right
consumer loans than the other Agencies,institution, financial holding company, to change or update their opt out status
OTS estimated the number of thriftcommunity-based organization, trade with the institution. 12 CFR .10.
FCRA was amended to include borrowers by dividing total consumerassociation, government agency, or
disclosure and opt out provisions in loans outstanding by the averageother, and provide the name of the
1996, but the Agencies were prohibited balance, for different types of consumerorganization you represent, if
from issuing implementing regulations loans. The analysis assumes thatapplicable. Whether you choose to
until 1999. Thus, the collections of institutions will provide separate optrespond to these questions is entirely up
information contained in this proposed out notices based on product lines suchto you. Any responses received may
rule are not new requirements. During as loans and deposit accounts, ratherhelp the FDIC to better understand the
the past three years, financial than single, combined notices coveringpublic comments it receives.
institutions have developed systems, all of the various relationships a
IV. Regulatory Analysis policies, and procedures to bring consumer may have with the institution.
themselves into compliance with the The Agencies seek comment as toPaperwork Reduction Act
1996 FCRA amendments. In estimating whether institutions would likely send
The Agencies invite comment on: (1) the burden associated with the separate or combined notices.
Whether the collections of information collections of information in this OCC: Comments on the collections of
contained in this notice of proposed proposed regulation, the Agencies took information should be sent to the Office
rulemaking are necessary for the proper into account the fact that FCRA-related of Management and Budget, Paperwork
performance of each Agency’s functions, disclosure and opt out requirements Reduction Project (1557—to be
including whether the information has have already become a usual and assigned), Washington, DC 20503, with
practical utility; (2) the accuracy of each customary practice for covered copies to Jessie Dunaway, Legislative
Agency’s estimate of the burden of the institutions. However, because the and Regulatory Activities Division
proposed information collections; (3) proposed rule is more explicit and (1557—to be assigned), Office of the
ways to enhance the quality, utility, and detailed than the statute, some Comptroller of the Currency, 250 E
clarity of the information to be institutions may need to revise their Street, SW, Washington, DC 20219. The
collected; (4) ways to minimize the disclosure policies or their notices, and likely respondents are national banks
burden of the information collections on consumers may need to respond to the that do not wish to be considered
respondents, including the use of revised notices. The burden associated consumer reporting agencies, but want
automated collection techniques or with these changes to current practice is to share information (other than
other forms of information technology; represented in the estimates below. In transaction or experience information)
and (5) estimates of capital or start-up estimating burden, the Agencies also with their affiliates.
costs and costs of operation, assumed that if a financial institution Estimated number of bank
maintenance, and purchases of services provides an opt out notice under the respondents: 737.
to provide information. No person is FCRA, that notice must be included in Estimated average annual burden
required to respond to these collections certain notices mandated by the GLBA hours per bank respondent: 8 hours.
of information unless the collections privacy provisions, and will not be sent Estimated number of consumer
display a currently valid Office of out separately. The collection of respondents: 94,238,000.
Management and Budget (OMB) controlinformation requirements contained in
number. The Agencies are currently hours per consumer respondent: 5this notice of proposed rulemaking will
requesting their respective control be submitted to the Office of minutes.
numbers for these information Estimated total annual reportingManagement and Budget for review in
collections from OMB. burden: 7,855,921 hours.accordance with the Paperwork
This proposed regulation contains The number of consumer respondentsReduction Act of 1995 (44 U.S.C. 3507).
disclosure requirements for certain provided by the OCC represents aThe estimated number of bank
financial institutions and their affiliates. conservative estimate based upon therespondents includes the total
A financial institution that (a) has total number of consumers who willinstitutions supervised by each of the
affiliates, (b) does not wish to be receive an opt out notice. The OCC isAgencies that have certain affiliate
considered a consumer reporting using these conservative estimatesrelationships. The requirements of the
agency, and (c) wishes to share because it lacks more precise data onregulation only apply to institutions that
consumer information (other than the number of consumers who willshare opt out information with affiliates
transaction and experience information) exercise their opt out rights. The OCCthat do not wish to be consumer
with its affiliates, must prepare and expects that the actual number ofreporting agencies; therefore, the
provide a notice to all its consumers Agencies cannot currently predict with consumer respondents will be lower
advising them of their opportunity to certainty how many of these institutions than the estimate provided above, and
opt out of information sharing with will be subject to the rule. The analysis invites comment on the number of
VerDate 11<MAY>2000 13:23 Oct 19, 2000 Jkt 194001 PO 00000 Frm 00007 Fmt 4701 Sfmt 4702 E:\FR\FM\20OCP2.SGM pfrm04 PsN: 20OCP2
llllllll63126 Federal Register/Vol. 65, No. 204/Friday, October 20, 2000/Proposed Rules
consumers who will respond to the OTS: Comments on the collection of additional opt out responses under this
FCRA opt out notices. information should be sent to the rule. Because the proposed rule is
Board: In accordance with the Dissemination Branch (1550—to be designed to minimize FCRA’s burden on
Paperwork Reduction Act of 1995 (44 assigned), Office of Thrift Supervision, financial institutions, and because the
U.S.C. 3506; 5 CFR 1320, appendix A.1), 1700 G Street, NW, Washington, DC FCRA requirements have been effective
the Board reviewed the notice of 20552, with a copy to the Office of since 1997, the OCC believes that this
proposed rulemaking under the Management and Budget, Paperwork proposed rule will not have a significant
authority delegated to the Board by the Reduction Project (1550—to be economic impact on a substantial
OMB. Comments on the collections of assigned), Washington, DC 20503. The number of small entities. For these
information should be sent to Mary M. likely respondents are savings reasons, a regulatory flexibility analysis
associations with affiliates that do not is not required.West, Federal Reserve Board Clearance
wish to be considered consumer Board: Pursuant to section 605(b) ofOfficer, Mail Stop 97, Board of
reporting agencies, and do want to share the Regulatory Flexibility Act (5 U.S.C.Governors of the Federal Reserve
601 et seq.), the Board certifies that theinformation (other than transaction orSystem, Washington, DC 20551, with aexperience information) with theircopy to the Office of Management and
economic impact on a substantialaffiliates, and consumers.Budget, Paperwork Reduction Project
Estimated number of thrift number of small entities. As further(7100—to be assigned), Washington, DC
respondents: 762. discussed below, the proposed rule20503. The likely respondents are
Estimated average annual burden implements law that has been in effectmember banks of the Federal Reserve
hours per thrift respondent: 8 hours. for some time, corresponds as much asSystem (other than national banks),
Estimated number of consumer feasible to the requirements of thebranches and agencies of foreign banks
respondents: 49,925,225. Board’s Regulation P, would allow(other than Federal branches, Federal institutions to combine privacy andagencies, and insured State branches of
hours per consumer respondent: .0833 FCRA notices to consumers, and wouldforeign banks), commercial lending
hours (5 minutes). allow institutions to combinecompanies owned or controlled by
Estimated total annual reporting consumers’ responses to those notices.foreign banks, and organizations
burden: 4,164,867 hours. Accordingly, a regulatory flexibilityoperating under section 25 or 25A of the
analysis is not required.Federal Reserve Act, that do want to Regulatory Flexibility Act
Since 1997, the FCRA has providedshare information (other than OCC: Pursuant to section 605(b) of the that the term ‘‘consumer report’’ doestransaction or experience information) Regulatory Flexibility Act (5 U.S.C. 601 not include any communication of otherwith their affiliates. et seq.), the OCC certifies that this information (meaning information thatEstimated number of bank proposal will not have a significant is not transaction or experiencerespondents: 996. economic impact on a substantial information) among persons related byEstimated average annual burden
number of small entities. Financial common ownership or affiliated byhours per bank respondent: 8 hours.
institutions have had to notify their corporate control, if it is clearly andEstimated number of consumer
consumers of the right to opt out of conspicuously disclosed to therespondents: 39,251,000.
affiliate sharing of certain information consumer that the information may be
since 1997. This rulemaking provides communicated among such persons andhours per consumer respondent: five
guidance to national banks concerning the consumer is given the opportunity,minutes.
how they may comply with the statutory before the time that the information isEstimated total annual reporting
requirements, but requires no new type initially communicated, to direct thatburden: 3,278,885 hours.
of disclosure or opt out system. While such information not be communicatedFDIC: Comments on the collections of
existing forms may need to be modified, among such persons. The proposedinformation should be sent to Steven F.
these modifications are unlikely to regulations would implement thisHanft, Office of the Executive Secretary,
result in a significant economic impact provision and would provide guidanceFederal Deposit Insurance Corporation,
on a substantial number of small to certain Board-regulated institutions550 17th Street, NW., Washington, DC
entities. on how to comply, but would not20429, with a copy to the Office of
In addition, some of the requirements substantively change existing law. NoManagement and Budget, Paperwork
in the proposed rule have been designed new type of disclosure or opt-out systemReduction Project (3064—to be
to correspond to the requirements of the would be required. While existing formsassigned), Washington, DC 20503. The
privacy regulations. For example, under may need to be modified, theselikely respondents are insured
both regulations, financial institutions, modifications are unlikely to result in anonmember banks with affiliates, that
in certain circumstances, must deliver significant economic impact on ado not wish to be considered consumer
notices to consumers and to provide substantial number of small entities.reporting agencies, and do want to share
consumers an opportunity to opt out of Additionally, the proposed rule isinformation (other than transaction or
certain information disclosures. This designed to correspond as much asexperience information) with their
proposed rule would allow financial feasible to the requirements ofaffiliates.
institutions to combine into one notice Regulation P, which governs the privacyEstimated number of bank
the notice they must deliver under of consumer financial information. Bothrespondents: 1,640.
FCRA and the notice that they must regulations implement statutoryEstimated average annual burden
deliver under the privacy regulations. provisions for the delivery ofhours per bank respondent: 8 hours.
Also, institutions may combine their information-sharing opt out notices toEstimated number of consumer
consumers’ opt out responses into one consumers. The proposed rule wouldrespondents: 24,445,000.
opt out response. By combining the facilitate compliance by financial
notices they deliver and the opt out institutions with the requirement tohours per consumer respondent: five
responses they process, financial provide privacy notices and the use ofminutes.
Estimated total annual reporting institutions will not need to produce opt out notices under the FCRA by
burden: 2,049,389 hours. additional notices or to process allowing the two notices to be combined
VerDate 11<MAY>2000 13:23 Oct 19, 2000 Jkt 194001 PO 00000 Frm 00008 Fmt 4701 Sfmt 4702 E:\FR\FM\20OCP2.SGM pfrm04 PsN: 20OCP2