We are adding a hyperlink to a third party vendor for a credt card application. The credit card company process the application and makes the credit decision. With the hyperlink to we have to have a pop up or speed bump telling consumers they are leaving the bank site? Do we have to have a disclaimer about the third party link? Do we have to say something about the third party having its own privacy policy?..I just want to do what is necessary to be in compliance and I am not sure what all is necessary to do this correctly? I have done some searches but nothing has been definitive..Help is appreciated. Thank you.

Yes, you need a speedbump. It doesn't need to be fancy. "Notice: you are leaving xxx bank's website and entering a site owned and operated by an independent company. Do you wish to proceed?"

Speedbumps are a recommended action. There is no regulatory requirement, but they are advised as a best practice because you want your customer/user to know that management of the site they're going to is different. Privacy policies, cookie policies and the use of data may change. Risk mitigation is what it is about.