Ch. 9 - Financial Privacy Flashcards

You may prefer our related Brainscape-certified flashcards:
1
Q

What is the FCRA?

A

The Fair Credit and Reporting Act.

It mandates that accurate and relevant data collection, provides consumers with the ability to access and correct their information, and limits the use of consumer reports to defined permissible purposes.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Who does the FCRA regulate?

A

Any consumer reporting agency (CRA) that furnishes a consumer report.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Who is a CRA?

A

Credit Reporting Agency

Any person or entity that compiles or evaluates personal information for the purpose of furnishing consumer reports to 3rd parties for a fee.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is a consumer report?

A

Any communication by a CRA related to an individual that pertains to the person’s:

  • Creditworthiness
  • Credit Standing
  • Credit Capacity
  • Character
  • General Reputation
  • Personal characteristics
  • Mode of living

and that is used as a factor in establishing a consumer’s eligibility for credit, insurance, employment or other business purpose.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What are the 4 main requirements under the FCRA that users of consumer reports must meet?

A
  1. Third party data for substantive decision making must be appropriately accurate, current and complete
  2. Consumers must receive notice when third-party data is used to make adverse decisions about them
  3. Consumer reports may be used only for permissible purposes
  4. Consumers must have access to their consumer reports and an opportunity to dispute them or correct any errors.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What obligations are CRAs required to provide notice of to users of consumer reports?

A
  1. Users must have a permissible purpose.
  2. Users must provide certifications.
  3. Users must notify consumers when adverse actions are taken.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Gramm-Leach-Bliley Act of 1999

A

GLBA, AKA Title V of the Financial Services Modernization Act

  • any org that significantly engaged in US financial activities
  • Must have a program for customer PII, that includes: storage, notice, and opt-out.

FTC managed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

GLBA Opt-Out Policy

A

Opt out only-

you can choose not to have info shared to nonaffiliated 3rd parties, but no choice on data processors.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

GLBA Privacy Rule

A

You must provide a privacy notice at relationship establishment and annually thereafter.

You have the right to opt out of sharing to 3rd parties.

If the policy changes, you must provide notice again.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

GLBA Safeguards Rule

A

requires financial institution to develop and implement a comprehensive information security program,” which is defined as a program that contains “administrative, technical and physical safeguards” to protect the security, confidentiality and integrity of customer information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Financial Institution Reform, Recovery, and Enforcement Act of 1989

A

FIRREA. If you violate GLBA, you face penalties under this. Admin’ed by CFPB (formerly FTC)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Bank Secrecy Act of 1970

A

BSA, AKA Currency and Foreign Transactions Reporting Act

  • regulation that imposes extensive record-keeping and reporting requirements on financial institutions
  • Transactions over 10k must be reported to the IRS- name, address, SSN, amounts, currency

Suspicious Activity Reports (SARs)

  • any insider crime of any amount
  • $5k+ and can ID suspect
  • $25k+ and can’t ID suspect
  • $5k+ if potential money laundering

US Treasury and FinCEN

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Right to Financial Privacy Act of 1978

A

RFPA- covers financial institutions, and says the Fed gov’t can’t access records of customers unless “reasonably described” and one of the following:

  • Customer consents
  • subpoena / warrant / summons
  • written formal request from gov’t authority

Treasury enforces.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Dodd-Frank Wall Street Reform Act of 2010

A

Title X created CFPB. Added “abusive acts and practices” to “unfair and deceptive” language.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

CFPB now manages what acts?

A
FCRA
GLBA
Fair Debt Collections Act
FIRREA
ECOA
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Fair and Accurate Credit Transactions Act of 2003

A

FACTA. Focuses on ID theft and prevention. Must truncate credit, debit card #s and gives right to free annual credit report from big 3.

Established Red Flags Rule and Disposal Rule.

Enforced by FTC, the Fed, and CFPB.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

FACTA Preemption and Opt-Out

A

A handful of states were allowed to keep STRICTER laws, but otherwise this generally preempts states.

Federally mandated opt-out of sharing available.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

FACTA- Red Flag and Disposal Rules

A

Red Flag- you must have a set of rules to detect, prevent, and mitigate ID theft, and the program must be written out.

Disposal- anyone using a consumer report must dispose of the info in a way that prevents unauthorized use.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Equal Credit Opportunity Act of 1974

A

ECOA- you can’t discriminate credit on the basis of race, color, religion, origin, age, sex, aid received, kids.

You can’t ask about marital status if applying “single” unless the state is a “community property” state.

If credit is denied, must notify within 30 days.

CFBP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Red Flag Clarification Act of 2010

A

narrowed definition of a creditor and when they’re covered, so related third parties (like attorneys and health care providers) aren’t covered by FACTA.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

The executive agency responsible for promoting economic prosperity and ensuring the financial security of the United States:

A

The Treasury Department

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

The Chair and Vice Chair of the Board of Governors are appointed by ____________ from among the sitting Governors. They both serve a four-year term and they can be renominated as many times as the President chooses, until their terms on the Board of Governors expire.

A

the President

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

The Board of Governors of the Federal Reserve, an agency of the federal government that reports to and is directly accountable to _______, provides general guidance for the System and oversees the 12 Reserve Banks.

A

Congress,

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

The Board of the Federal Reserve is required to make an annual report of operations to

A

the Speaker of the House.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

The Board of Governors, an agency of the federal government that reports to and is directly accountable to Congress, provides general guidance for the System and oversees

A

the 12 Reserve Banks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

What is the central bank of the United States?

A

The Federal Reserve System (sometimes called “The Fed”)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

What does The Office of the Comptroller of the Currency do?

A

The Office of the Comptroller of the Currency charters, regulates, and supervises all national banks. It also supervises the federal branches and agencies of foreign banks.

28
Q

Who insures deposits?

A

The Federal Deposit Insurance Corporation (FDIC) is an independent federal government agency which insures deposits in commercial banks and thrifts.

29
Q

Under Gramm-Leach-Bliley privacy provisions, what are financial institutions required to do?

A
  1. Store personal financial information in a secure manner.
  2. Provide notice of their policies regarding the sharing of personal financial information.
  3. Provide consumers with the choice to opt out of sharing some personal financial information.
  4. Refrain from disclosing to any non-affiliated third party marketer, other than a CRA, an account number or access code to a consumer’s credit card, deposit or transaction account.
30
Q

What is a financial institution under GLBA?

A

Any US company significantly engaged in financial activities. Includes banks, insurance providers, securities firms, payment settlement services, check cashing services, credit counselors and mortgage lenders, among others.

31
Q

What is “nonpublic personal information” under GLBA?

A

Personally identifiable financial information:

  1. Provided by a consumer to a financial institution,
  2. Resulting from a transaction or service performed for the consumer, or
  3. Otherwise obtained by the financial institution.
32
Q

What is excluded from the definition of “nonpublic personal information” under GLBA?

A
  1. Publicly available information

2. Any consumer list that is derived without using personally identifiable financial information.

33
Q

Which agency has rule making power over the GLBA?

A

CFPB with limited exceptions for the SEC and Commodity Futures Trading Commission.

34
Q

What are the possible penalties under GLBA?

A

Up to $5,500 for violations of law

Up to $27,500 if the violations are unsafe, unsound or reckless

Up to $1.1M for “knowing” violations.

35
Q

Who has enforcement power under the GLBA?

A

Agencies have authority over institutions in their jursidiction such as:

  1. Federal Reserve
  2. Office of the Comptroller of the Currency
  3. Federal Deposit Insurance Corporation
  4. Securities and Exchange Commission
  5. CFPB (for institutions not otherwise covered)
  6. State Attorneys General
36
Q

Does GLBA preempt state law?

A

No

37
Q

Does GLBA have a private right of action?

A

No, but certain states may consider it a deceptive trade practice for failing to give notice.

38
Q

Who is protected by GLBA?

A

Consumers or individuals who obtain financial products or services from a financial institution to be used primarily for personal, family or household purposes.

39
Q

What are the requirements of the GLBA privacy notice?

A
  1. What information the financial institution collects about its consumers and customers.
  2. With whom is shares the information.
  3. How it protects or safeguards the information.
  4. An explanation of how a consumer may opt out of having his information shared through a reasonable opt-out process.
40
Q

Can a financial institution share consumer information with affiliated companies and joint marketing partners?

A

Yes, so long as they have complied with the notice requirements.

41
Q

Can a financial institution share consumer information with unaffiliated or this party marketing companies?

A

Yes, other than for defined exceptions, if they have disclosed the information sharing practice and provided opt out option.

42
Q

What information sharing can’t a consumer opt out of under GLBA?

A
  1. If financial institution shares information with outside companies that provide essential services like data processing or account servicing.
  2. If the disclosure is legally required.
  3. If the financial institution shares customer data with outside service providers that market the financial company’s products or services.
43
Q

What does the GLBA Safeguards Rule require?

A

Financial institutions must establish a comprehensive information security program that contains administrative, technical and physical safeguards.

44
Q

What are the requirements of the GLBA information security program?

A
  1. Designated employee to coordinate the program.
  2. Audit systems to determine risks.
  3. Procedures to take with service providers to assure security.
45
Q

What are the 3 levels of security under a GLBA Safeguards Program?

A
  1. Administrative security, including program definition, management of workforce risks, employee training, vendor oversight.
  2. Technical security, including computer systems, networks and applications in addition to access controls and encryption.
  3. Physical security, including facilities, environmental safeguards, business continuity and disaster recovery.
46
Q

GLBA

A

Also known as the Financial Services Modernization Act, the Gramm Leach Bliley Act (GLBA)

47
Q

GLBA

A

applies to U.S financial institutions and governs the secure handling of non-public personal information including financial records and other personal information.

48
Q

The Gramm-Leach-Bliley Act also requires each financial institution to implement a comprehensive

A

written information security program

  • that includes administrative, technical and physical safeguards appropriate to the size, complexity and scope of activities of the institution.
49
Q

GLBA requires the (3)

A

(1) Ensuring the security and confidentiality of customer records and information
(2) Protecting against any anticipated threats or hazards to the security or integrity of such records
(3) Protecting against unauthorized access to or use of such records or information, which could result in substantial harm or inconvenience to any customer

50
Q

The Gramm-Leach-Bliley privacy regulations, combined with referenced requirements under the Federal Deposit Insurance Act – section 36, result in the need to:

A

(1) Safeguard and monitor customer records and information

(2) Create and maintain effective risk assessments
Identify, implement and audit specific internal security controls that protect this data

51
Q

Under the Gramm-Leach-Bliley Act, which of the following is considered nonpublic information?

A

A borrower’s current loan balances.

Information that can be obtained through public sources such as a phone book or courthouse public records is not subject to the GLB Act. Personal financial information such as that which could only be found in account records or on a credit report is subject to the Act’s provisions.

52
Q

Postsecondary educational institutions entrusted with student financial aid information are continuing to develop ways to address cybersecurity threats and to strengthen their cybersecurity infrastructure.

A

under the Gramm-Leach-Bliley Act (15 U.S. Code § 6801),

53
Q

Under their Program Participation Agreement (PPA) and the Gramm-Leach-Bliley Act (15 U.S. Code § 6801), they must protect

A

student financial aid information, with particular attention to information provided to institutions by the Department of Education or otherwise obtained in support of the administration of the Title IV Federal student financial aid programs authorized under Title IV of the Higher Education Act, as amended (the HEA). Summary information about the GLBA requirements is provided later in this letter; and

54
Q

Non-personal information under GLBA

A

“personally identifiable financial information (i) provided by a consumer to a financial institution, (ii) resulting from a transaction or service performed for the consumer, or (iii) otherwise obtained by the financial institution.”

55
Q

PROA under GLBA?

A

No

56
Q

GLBA customers vs. consumers

A

Consumers are those who obtain financial services.

Customers are those who financial institution has ongoing rel. with (notice given to these).

57
Q

Major components of GLBA Privacy Rule

A
  1. Prepare and provide to customers clear and conspicuous notice of the financial institution’s information-sharing policies and practices. These notices must be provided when a customer relationship is established and annually thereafter.
  2. Clearly provide customers the right to opt out of having their nonpublic personal information shared with nonaffiliated third parties (subject to significant exceptions, including for joint marketing and processing of consumer transactions).
  3. Refrain from disclosing to any nonaffiliated third-party marketer, other than a consumer reporting agency, an account number or similar form of access code to a consumer’s credit card, deposit or transaction account. [regardless of opt out in 2 above]
  4. Comply with regulatory standards established by certain government authorities to protect the security and confidentiality of customer records and information, and protect against security threats and unauthorized access to or certain uses of such records or information.
58
Q

GLBA opt-out rules

A
  • If notice given, then can share info with affiliated companies and joint marketing partners (no opt out necessary).
  • May share with nonaffiliated companies and other 3d parties only after notice and opt-out provided and declined (with exceptions)
  • Can’t provide consumer account numbers at all for purposes of telemarketing and direct mail marketing.
  • No right to opt-out if:
  • A financial institution shares information with outside companies that provide essential services like data processing or servicing accounts
  • The disclosure is legally required
  • A financial institution shares customer data with outside service providers that market the financial company’s products or services
59
Q

CFPB Abusive Acts and Practices Standard

A

An abusive act or practice:
• Materially interferes with the ability of a consumer to understand a term or condition of a consumer financial product or service or
• Takes unreasonable advantage of—
o A lack of understanding on the part of the consumer of the material risks, costs, or conditions of the product or service;
o The inability of the consumer to protect its interests in selecting or using a consumer financial product or service; or
o The reasonable reliance by the consumer on a covered person to act in the interests of the consumer

60
Q

Bank Secrecy Act

A
  • Financial institutions must keep records and file reports on certain financial transactions, including currency transactions in excess of $10,000, which may be relevant to criminal, tax or regulatory proceedings
  • The BSA contains regulations relating to reporting of currency transactions, transportation of monetary instruments and the purchase of currency-like instruments
  • As part of the overall anti-money-laundering strategy, financial institutions are required to retain categories of records for use in investigations or enforcement actions
  • Financial institutions must file a Suspicious Activity Report (SAR) in defined situations. The rationale is that SARs can alert government agencies to potentially suspicious transactions.
61
Q

International Money Laundering Abatement and Terrorist Financing Act of 2001

A

For covered financial services companies, the major USA PATRIOT Act compliance issues can be grouped into the following categories:
• Information-sharing regulations and participation in the cooperative efforts to deter money laundering, as required by Section 314
• Know Your Customer rules, including the identification of beneficial owners of accounts—procedures required by Section 326
• Development and implementation of formal money-laundering programs as required by Section 352
• Bank Secrecy Act expansions, including new reporting and record-keeping requirements for different industries (such as broker-dealers) and currency transactions67

62
Q

What is considered a Credit Report under FCRA?

A

Written, oral, or other communication that communicates:

  1. Creditworthiness
  2. Credit standing
  3. Credit capacity
  4. Character
  5. General reputation
  6. Personal characteristics
  7. Mode of living
63
Q

What must be included in an Adverse Action notice?

A

o Contact information for a credit reporting agency
o Statement that the CRA did not make the decision
o Notice of the right to access report
o Notice of right to dispute report
o Any credit score used in decision

64
Q

GLBA Scope

A
  1. Banks
  2. Non-bank lenders
  3. Financial Advisors
  4. Check-cashing services
  5. Payday lenders
  6. Real estate appraisers
  7. Tax prepares
  8. Mortgage brokers
  9. ATM operators
  10. Colleges and universities.
65
Q

Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010

A

Reshaped the US regulatory systems in a number of areas including but not limited to consumer protection, trading restrictions, credit ratings, regulation of financial products, corporate governance and disclosure and transparency.

The Dodd-Frank Act established the Consumer Financial Protection Bureau (CFPB) and granted it the power to regulate unfair, deceptive, or abusive acts and practices.

66
Q

Consumer Financial Protection Bureau (CFPB)

A

Created by the Dodd-Frank Act, CFPB intended to consolidate the oversight of the financial industry. It is an independent bureau within the Federal Reserve and when it was created CFPB took rule-making authority to take action against “abusive acts and practices” as specified by the Dodd-Frank Act