[Anonymous]

On our privacy notice (we use the one from Reg. P), it says we do share for “joint marketing with other financial companies”. Joint Marketing is defined as “a formal agreement between nonafilliated financial companies that together market financial products or services to you”. If we begin offering NDIPs through a third party with a registered representative onsite, does this mean we can give them access to our customer information without sending new privacy notices and giving them the opportunity to opt out? I guess I am not sure what would constitute a “financial company”…..

[rcooper]

You may or may not have a joint marketing agreement with a financial company. 12 CFR 1016.13 governs the joint marketing agreement exception. The definition of a financial company in Regulation P, 12 CFR 1016.3 references 12 USC 1843(k) (see section 4https://www.law.cornell.edu/uscode/text/12/1843). Most of the time the relationship you described does qualify as a financial company. But make sure your third party provider doesn’t meet the definition of what is “not” a financial company under 12 CFR 216.3(l). Also take a look at https://www.federalreserve.gov/regulations/cg/faq.pdf, specifically Q&A J1, J4 and J5. They tell you exactly what you need to ensure you have a joint marketing agreement. I recommend you summarize what type of joint marketing agreement you have in your privacy policy. For example, “we have a joint marketing agreement to market and provide you with investment and insurance products” – take a look at 12 CFR 1016(c)(4)(ii) for what should be included in your privacy policy.

[Author]

Posts