Siggghhh, a bank examiner just told one of my clients: The annual notice has not been eliminated because the amendment to the regulation is only proposed, not final.

"You [censored] meathead, when they change the statute it no longer makes any difference what the regulation says, the statute controls!"

If you get the same dude, a copy of their examination procedures should be all the evidence you need to supply. (Repeating my statement might not be in your best, long term interests.)

Another dig that I have had clients use with examiners like this..."So does that also mean I can go back to just providing $100 next business day for Reg CC case-by-case holds?"

sounds like we need to start to a "what you should never say to an examiner" thread.

Have any changes been made to the regulation yet to match up to the statute (from the FAST Act amendments with regard to eliminating the annual privacy notice)?

Nope.

At a recent regulator roundtable discussion I listened to, the panel addressed that. They basically said the FAST Act law that was passed overrides everything else, and institutions are safe in following the law. They said a proposal will be out to revise the regulation...eventually...sometime.....

It's like the Bureau discovered that the exam procedures have changed because the law effectively changed the regulatory requirements (all points made earlier), so they don't need to mess with updating the regulation. Um, no. Anyone looking at the regulation and not understanding the back-story of the tardy regulation amendment will be following the rule with the annual notice requirement. It's high time the CFPB followed through.

So we share information with an affiliate that requires we provide opt-out. I believe the FAST exemptions from annual privacy notice mailings extend only to specific exemptions in Reg P, not FCRA. So in my situation, must we continue with an annual mailing?

It is my understanding that if you include your FCRA opt-out on the Reg P model privacy form, then yes, you must continue the annual mailing. If, however, you provide a separate FCRA opt-out, then you can avoid sending the annual privacy notice and opt-out. The FCRA does not require an annual opt-out mailing, but you would have to send the privacy notice/opt-out annually if you take the optional approach and use the Reg P privacy notice for the delivery of your FCRA opt-out.

From the preamble to the July 1, 2016 proposal:
Section 624 of the FCRA and Regulation V also permit (but do not require) financial institutions to incorporate any opt-out disclosures provided under section 624 of the FCRA and subpart C of Regulation V into privacy notices provided pursuant to the GLBA and Regulation P.

Thanks. I agree. I don't really see providing two notices as optimal even though it would help us with annual mailings. Affiliate opt-out is new for us and it is really complicating our notice process.