Financial Laws Flashcards
Gramm Leach Bailey Act
(GLBA)
privacy rule- notice
FI and affiliates must provide notice in clear and conspicuous manner of privacy policies and data sharing policies prior to disclosure
timing
1. at time of establishing customer relationship
2. 1 annually during relationship
safe harbor for violation- if have model disclosure form
GLBA privacy rule
disclosure
no disclosure to nonaffiliated unless
- opt out opportunity (that is implemented in 30 days)
- to service provider of FI
- consent
-joint marketing purpose
- necessary for transaction or law
GLBA privacy rule
refuse/resell
non-affiliates can’t reuse/resell info or disclose account # or access code to non affiliate for marketing (unless to a CRA)
GLBA safeguard rule
- adopt info security program (TAP)
- appoint qualified individual to oversee
- conduct risk assessment
- regularly test safeguards
- establish incident response plan
- establish contract requiring service providers to adopt safeguards
GLBA written contracts with service providers
written contracts are required FI under safeguard rule but not FI under privacy rule
state laws that exempt FI from GLBA regulation
- CCPA california
- Virginia VCDPA
- Connecticut
- Colorado CPA
Enforcement - Financial regulators
- federal reserve
- comptroller of currency
- FDIC
- NCUA
- SEC
state level insurance agencies
FTC anything not subject to financial regulator
FCRA importance
1st federal law to regulate use of PI by private businesses
FCRA
consumer report definition
3 components
- form of communication (oral written or any other)
- purpose ( eligibility for credit, employment, insurance, business in general)
- type of info contained inside
- bears on credit worthiness
- standing
- capacity
- character
-general reputation
- personal characteristics
- mode of living
FCRA
not consumer report
communications between affiliates
transmission that is only interactions between consumer and party making communication (ex. bank transaction record)
affiliate sharing info with CRA + consumer opt out opportunity
FCRA
additional requirements for investigative consumer report
(doesn’t apply if employer investigation)/relates to character
- notification to consumer within 3 days
- verification of all negative info before including
- certification to CRA that disclosures to consumers have been made by user and will make required disclosures upon consumer report
FCRA
user of CR
- permissible purpose
- must notify consumer affected by adverse action (business, credit employment with neg impact)
- no resell unless notify CRA of identity of end user and permissible purposes end user will use report for
- adequate records of criteria used for past 3 years (if use prescreened list of preselected qualifications)
FCRA- user
is there a right to amend
NO- user doesn’t need to correct inaccurate info
FCRA
furnishers of PI to CRA requirements
- up to date, accurate info (no cause to believe not accurate)
- notice of any
- consumer dispute
- closure of consumer account
- delinquency within 90 days of collection
- identity theft - notice to consumer of negative info included (30 days)
NO PERMISSIBLE PURPOSE NEEDED
FCRA
permissible purposes to generate CR
needed for CRA and User
court order
credit transaction
consent
employment offer/reassignment
business transaction
credit/prepayment risk
child support
liquidation of financial institution
gov benefit eligibility
underwriting insurance
CRA requirements
current info
- no bankruptcy 10+ years old
- no lien, accounts place in collection, civil judgments, records of arrest, negative info 7+ years old
doesn’t apply to
- criminal convictions
- life insurance transactions 150,000+
- employment salary 75,000+
CRA requirements
complete info
bankruptcy file
- whether case is voluntary withdrawn
- chapter
if # of credit inquiries affects score
if consumer disputes info contained
CRA requirements
accurate info
if consumer dispute must
- reinvestigate within 30 days
- notify furnisher within 5 days + after investigation concluded
if accurate
- written statement must be included in all future disclosures form consumer on dispute
if inaccurate: delete + notify recipients in last 6 months
CRA requirements
consumer access
provide access to
1. info contained in file maintained by CRA
2. info on who disclosures to in last 2 years (employment) or 1 year (other)
3. inquiries received by CRA in last year
4. sources obtained info for CR
Fair and Accurate Credit Transactions Act (FACTA)
individual rights
- free annual credit report form 3 national CRAs
- Equifax
- Experian
- Transunion - only last 4 #s of credit/debit on receipt
- right to explanation of credit score
FACTA
disposal rule
protect upon disposal from
1. unauthorized access
2. misses of info
includes destruction of property containing info (ex. flash drive)
FACTA
red flags rule
financial regulators must create guidelines for FI and creditors to use to guard against identity theft
program must be approved by BOD and have oversight by BOD
FACTA
preemption
stricter laws are preempt unless
1. CA or CO credit score laws
- state insurance laws regulating use of credit based insurance scores
- 7 states with laws regulating frequency of free credit report
Enforcement federal
1st- FTC section 5 authority
2nd- functional regulators (within their jurisdiction)
3rd- CFPB
enforcement state
state attorney general
- must notify federal authority before filing suit and they have right to intervene
private right of action
- willful-actual or statutory, punitive, attorneys fees/costs, damage to CRA
-negligence- actual, attorneys fees/costs
- criminal (doesn’t apply to furnishers) - fine and kjail up to 2 years
Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010
created consumer financial protection bureau which
1. enforces federal consumer finance laws
2. rule making authority over covered persons or service providers
3. monitors authority against consumer risk
4. enforcement authority over non-depository financial institutions and depository institutions with more than 10 billion in assets
right to financial privacy act of 1978
governs federal government agencies (not state) and financial institutions that have financial records of customers (not financial records of corporations)
right to financial privacy act of 1978
no access or copying
federal government agency may not access or copy financial records of customers unless
- customer authorization
- response to admin/ judicial subpoena
- response to search warrant
- response to formal written request by gov agency
right to financial privacy act of 1978
disclosure
financial institution may not disclose financial records until
- receive written certification by gov agency that it has complied with law
- exception applies
- info related to criminal violation
- disclose to perfect security interest
- processing for loan
right of financial privacy act of 1978
enforcement
private cause of action
bank secrecy act of 1970 (BSA)
record keeping
financial institutions must maintain records that have high degree of usefulness in criminal tax or regulatory investigations or proceedings or national security investigations
keep for 5 years
bank secrecy act of 1970 (BSA)
reporting
financial institutions must report
their:
- transactions 10,000+ both US and foreign
- purchase of monetary instruments 3,000+
any:
- suspicious transaction relevant to possible violation of law or regulation within 30 days of initial detection
- transaction 10,000+ IN COINS OR CURRENCY
- transportation of financial instruments
- foreign financial accounts and transactions
BSA enforcement
treasury department - civil penalties
DOJ- criminal penalties
BSA
USA-Patriot act
- anti-money laundering program put in place
- designated compliance officer
- employee training
- audit function to test programs - know your customer requirement for foreigner
- detect and report instances of money laundering through accounts - no accounts with foreign banks that have no physical presence in US
- must create non-public registry of beneficial owners of certain business entities that do business in US
