FORUM PROFILE

Reg. P, FCRA & Affiliates

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • #11061
    tcranshaw
    Member

    Our current Privacy Notice omits the section “For our affiliates to market to you” because the Bank doesn’t disclose personal information to affiliates under section 624 of FCRA. The Bank is considering sharing information with our wealth management affiliate to maximize the client relationship. The thought process is for our affiliate to work with our Bank retail staff to identify those clients they could possibly call on to refer to the affiliate.

    1. Does the fact that the Retail staff is making the referral negate the FCRA affiliate sharing information?
    2. Our affiliate already has access to obtain information about Bank customers (through a CRM platform). Do you think this raises red flags?
    3. If we begin sharing information, are we correct in:
    a. We would need to revise our Privacy Policy to include an opt-out option?
    b. We would need to mail our revised Privacy Policy to each consumer who has a relationship with us?
    c. The current alternative delivery method we use would cease because consumers would have opt-out rights?
    4. Is there a timing requirement in which we must provide the revised Privacy Policy. We understand that we can’t share until we have provided the consumer a reasonable time to opt-out.

    #11069
    rcooper
    Member

    1. Does the fact that the Retail staff is making the referral negate the FCRA affiliate sharing information? No, you would still be sharing eligibility information with an affiliate for marketing purposes.

    2. Our affiliate already has access to obtain information about Bank customers (through a CRM platform). Do you think this raises red flags? Yes, it does raise red flags. 1022.21(b)(2) says:
    “Receiving eligibility information from an affiliate, including through a common database. You may receive eligibility information from an affiliate in various ways, including when the affiliate places that information into a common database that you may access.”

    It could be difficult to determine/prove that your affiliate didn’t access the database for marketing purposes or that one of the exceptions to the opt-out applied (pre-existing relationship, communication initiated by consumer, authorization/request by consumer to receive solicitations, etc.) Either your affiliate shouldn’t have access to your database or you should provide the opt-out.

    3. If we begin sharing information, are we correct in:
    a. We would need to revise our Privacy Policy to include an opt-out option? Correct 1022.24 provides details on what is considered a reasonable opportunity to opt-out.
    b. We would need to mail our revised Privacy Policy to each consumer who has a relationship with us? Correct
    c. The current alternative delivery method we use would cease because consumers would have opt-out rights?
    Probably, but take a look at pages 28-30 of the final rule linked here: https://files.consumerfinance.gov/f/201410_cfpb_final-rule_annual-privacy-notice.pdf.
    And this article seems to provide a good summary: https://bankbryancave.com/2015/03/complying-with-the-rules-when-posting-privacy-notices-online/

    4. Is there a timing requirement in which we must provide the revised Privacy Policy. We understand that we can’t share until we have provided the consumer a reasonable time to opt-out. Review 1022.24.

Viewing 2 posts - 1 through 2 (of 2 total)
  • You must be logged in to reply to this topic.