Ch. 9 - Financial Privacy Flashcards
What is the FCRA?
The Fair Credit and Reporting Act.
It mandates that accurate and relevant data collection, provides consumers with the ability to access and correct their information, and limits the use of consumer reports to defined permissible purposes.
Who does the FCRA regulate?
Any consumer reporting agency (CRA) that furnishes a consumer report.
Who is a CRA?
Credit Reporting Agency
Any person or entity that compiles or evaluates personal information for the purpose of furnishing consumer reports to 3rd parties for a fee.
What is a consumer report?
Any communication by a CRA related to an individual that pertains to the person’s:
- Creditworthiness
- Credit Standing
- Credit Capacity
- Character
- General Reputation
- Personal characteristics
- Mode of living
and that is used as a factor in establishing a consumer’s eligibility for credit, insurance, employment or other business purpose.
What are the 4 main requirements under the FCRA that users of consumer reports must meet?
- Third party data for substantive decision making must be appropriately accurate, current and complete
- Consumers must receive notice when third-party data is used to make adverse decisions about them
- Consumer reports may be used only for permissible purposes
- Consumers must have access to their consumer reports and an opportunity to dispute them or correct any errors.
What obligations are CRAs required to provide notice of to users of consumer reports?
- Users must have a permissible purpose.
- Users must provide certifications.
- Users must notify consumers when adverse actions are taken.
Gramm-Leach-Bliley Act of 1999
GLBA, AKA Title V of the Financial Services Modernization Act
- any org that significantly engaged in US financial activities
- Must have a program for customer PII, that includes: storage, notice, and opt-out.
FTC managed.
GLBA Opt-Out Policy
Opt out only-
you can choose not to have info shared to nonaffiliated 3rd parties, but no choice on data processors.
GLBA Privacy Rule
You must provide a privacy notice at relationship establishment and annually thereafter.
You have the right to opt out of sharing to 3rd parties.
If the policy changes, you must provide notice again.
GLBA Safeguards Rule
requires financial institution to develop and implement a comprehensive information security program,” which is defined as a program that contains “administrative, technical and physical safeguards” to protect the security, confidentiality and integrity of customer information.
Financial Institution Reform, Recovery, and Enforcement Act of 1989
FIRREA. If you violate GLBA, you face penalties under this. Admin’ed by CFPB (formerly FTC)
Bank Secrecy Act of 1970
BSA, AKA Currency and Foreign Transactions Reporting Act
- regulation that imposes extensive record-keeping and reporting requirements on financial institutions
- Transactions over 10k must be reported to the IRS- name, address, SSN, amounts, currency
Suspicious Activity Reports (SARs)
- any insider crime of any amount
- $5k+ and can ID suspect
- $25k+ and can’t ID suspect
- $5k+ if potential money laundering
US Treasury and FinCEN
Right to Financial Privacy Act of 1978
RFPA- covers financial institutions, and says the Fed gov’t can’t access records of customers unless “reasonably described” and one of the following:
- Customer consents
- subpoena / warrant / summons
- written formal request from gov’t authority
Treasury enforces.
Dodd-Frank Wall Street Reform Act of 2010
Title X created CFPB. Added “abusive acts and practices” to “unfair and deceptive” language.
CFPB now manages what acts?
FCRA GLBA Fair Debt Collections Act FIRREA ECOA
Fair and Accurate Credit Transactions Act of 2003
FACTA. Focuses on ID theft and prevention. Must truncate credit, debit card #s and gives right to free annual credit report from big 3.
Established Red Flags Rule and Disposal Rule.
Enforced by FTC, the Fed, and CFPB.
FACTA Preemption and Opt-Out
A handful of states were allowed to keep STRICTER laws, but otherwise this generally preempts states.
Federally mandated opt-out of sharing available.
FACTA- Red Flag and Disposal Rules
Red Flag- you must have a set of rules to detect, prevent, and mitigate ID theft, and the program must be written out.
Disposal- anyone using a consumer report must dispose of the info in a way that prevents unauthorized use.
Equal Credit Opportunity Act of 1974
ECOA- you can’t discriminate credit on the basis of race, color, religion, origin, age, sex, aid received, kids.
You can’t ask about marital status if applying “single” unless the state is a “community property” state.
If credit is denied, must notify within 30 days.
CFBP
Red Flag Clarification Act of 2010
narrowed definition of a creditor and when they’re covered, so related third parties (like attorneys and health care providers) aren’t covered by FACTA.
The executive agency responsible for promoting economic prosperity and ensuring the financial security of the United States:
The Treasury Department
The Chair and Vice Chair of the Board of Governors are appointed by ____________ from among the sitting Governors. They both serve a four-year term and they can be renominated as many times as the President chooses, until their terms on the Board of Governors expire.
the President
The Board of Governors of the Federal Reserve, an agency of the federal government that reports to and is directly accountable to _______, provides general guidance for the System and oversees the 12 Reserve Banks.
Congress,
The Board of the Federal Reserve is required to make an annual report of operations to
the Speaker of the House.
The Board of Governors, an agency of the federal government that reports to and is directly accountable to Congress, provides general guidance for the System and oversees
the 12 Reserve Banks.
What is the central bank of the United States?
The Federal Reserve System (sometimes called “The Fed”)