Annual Privacy Availability Notice

Anyone know how they are going to get this disclosed to all customers? Sounds like it is just about as easy to send the privacy notice. Not everyone gets a statement. Not all loans have coupons or billing statements and safe deposit box customers only get a notice of renewal.

For sure, you start by putting you disclosure on your web site. Then, review each account type to determine if you have a routine, inexpensive means of communication; e.g. a periodic statement or renewal notice.

Next, figure out how to compare the names of individuals with whom you do not have a means communication and see if they will receive the notice via some other connection. If the customer's only connection with your bank is one where there is no ongoing communication; e.g. an installment loan, then you are simply where you were before.

Your bank had to do some of this analysis when the annual mailings were set up in order to assure that a person with 5 relationships did not receive 5 notices.

Obviously, it would have been better to eliminate the annual notice, but since it is called for in the statute, CFPB could not do that. Clearly, this is a cobbled together option, but I honestly do not see how they could have done much better. The Congressional amendment of the statute was a better idea.

And it remains a good idea. Unfortunately, the Bureau's piecemeal intervention may have an unintended consequence: it could dampen whatever fire there may have been under Congress to act.

We did an analysis of all customers that didn't not have DDA accounts and would send those notices separately. Otherwise, we included the notice in a monthly statement, including the quarterly savings statements as it was cheaper and easier than preparing labels and stuffing envelopes and sending to everyone. I'm thinking we may still have to do the extra mailing and will not have to send with the statements if we can put a statement message on the DDA statements on an annual basis.

I want to make sure I have read this regulation's applicablity correctly, this regulation change will not effect/apply to our affiliated securities company and they will need to continue to send their actual Privacy Notices annually to their customers? That is the way I read the scope of the rule but just wanted to make sure I was reading and processing it correctly.

Clarification please: If there is a group of customers who will not receive statements, is it allowed to go ahead and send the annual privacy notice to them separately?

Also does the link on the Alternative method have to be a direct link to the Privacy Notice on our website or can the link be to our website and the customer can click on the Privacy link?

Thanks

First question: Yes.

Second question: Either. The requirement is that it be publicly available on your site, on its own page (no other information provided on the page), and that it won't require the use of a password, user name or other access credentials, nor will there be any conditions upon accessing the page.

The better approach, I think, is to provide a link directly to the Privacy Statement page, as long as it's not a complex or overly long link. Directing the customer to your home page "and click on the link to our Privacy Policy," while acceptable, could be a problem if your privacy policy is tucked away in a collection of links at the bottom of the page.

I've been asked....does anyone see a problem with omitting the word free from the following example notice from the Reg????? We aren't going to charge or anything....some don't like the wording....

Thanks in advance for any input....


Privacy Notice—Federal law requires us to tell you how we collect, share, and protect your personal information. Our privacy policy has not changed and you may review our policy and practices with respect to your personal information at [Web address] or we will mail you a free copy upon request if you call us at [telephone number]

The regulation says that giving the wording with the word "free" included satisfies the requirement to give the notice. Is it really worth it to change it to something other than the regulator-approved language just because some people don't like the wording?

I agree 100% with you.....I've been asked so I'm checking....

The Bureau apparently wants there to be no hint or implication that the consumer might have to pay for the copy. I don't recommend excising the word "free."

If we can't fit all of the language on a statement message, can we create a statement stuffer with the "example statement" and include it in the statements? It's cheaper than having to do a separate mailing and printing all of those privacy notices.

Thanks, John....

Red Sox....the way I read the final rule, I'd say no to a statement stuffer...the notice has to be ON a statement....

Thanks for your reply Compliance 504. I'm not sure it's completely clear in the final reg: "Convey in a clear and conspicuous manner not less than annually on an account statement, coupon book, or a notice or disclosure you are required or expressly and specifically permitted to issue to the customer under any other provision of the law..."

I did check with our consultants and they advised that it would be permissible.

Accordingly, under the final rule, the Bureau is allowing a notice of availability included on an ‘‘account statement’’ or ‘‘coupon book’’ also to satisfy § 1016.9(c)(2)(ii)(A).

What portion of the word "on" do your consultants not understand? You might want to find some new ones.........

I don't see that the notice of availability MUST be on an account statement or coupon book, only that it may be on those items.

From the applicable section (my emphasis added): or a notice or disclosure you are required or expressly and specifically permitted to issue to the customer under any other provision of law...

I hardly think a completely separate notice such as a statement stuffer is not permitted, considering it would draw much more attention than a blurb on a statement or coupon book that is less likely to be noticed.

"allowing a notice of availability included on"

It doesn't say "with" and I am not going to regurgitate the other reasoning put forth in the preamble to the new regulation.

But hey - knock yourselves out with those statement stuffers and wait for your first exam.

Because it is an annual requirement I have been told that with coupon books for loans with a term longer than 12 months, we either somehow insert a coupon after every 12 months or we only do coupon books for a 12 month period. Either way is an issue. I am thinking this aspect was not thought through completely. John Burnett^^^ had brought it to our attention in another thread.

I am hung up on §1016.9(c)(1)You may reasonably expect that a customer will receive actually notice of your annual privacy notice if: (i)The customer uses your Website to access financial products and services electronically and AGREES to receive notices at the Website, and you post your current privacy notice continuously in a clear and conspicuous manner on the Website.

How does the customer agree to receive the notice at the website. Its seems like they are alluding to e-sign, which makes this alternative method useless. Am I overthinking it?

You make it part of your on-line banking agreement.

9(c)(1) is not new. And the beauty of it is that there's no need to send out the annual statement message reminder that's found in the alternative method in 9(c)(2).

As for the coupon book comment in another thread, the Bureau didn't come right out and say there needs to be more than one notice in the book if it covers more than one year's payments. But because the requirement is that you "[c]onvey in a clear and conspicuous manner not less than annually on an account statement, coupon book, or ...." I don't feel that a single conspicuous notice (on, for example, the inside front cover) would comply, even if common sense suggests it would put the notice in front of the customer each time the coupon book is used.

As I mentioned in another thread, when I asked the Bureau about "statement stuffers" the responding CFPB attorney specifically mentioned that on and with are not synonyms.

Here's a link to that "other thread" that Kathleen and I have both referred to:

http://www.bankersonline.com/forum/ubbthreads.php?ubb=showflat&Number=1976271

Would putting it on the back of the statement with all other required disclosures work? We are going to be revamping ours by deleting the HELOC disclosures as we no longer have that product and replace it with the Privacy statement.

I am questioning if going with this privacy notice method, do we need to place state's privacy laws or mention the states of California ansd Vermont in notice? I am getting confused with state privacy laws and federal rules privacy rules and what needs to stated.

We send out interest earned statements for CDs, if we placed the model language on that notice would that meet the legal requirement for CDs? I know the renewal notices are required, but not sure the interest earned statement are legally required.

but not sure the interest earned statement are legally required.

They are not and IMHO, it would not meet the requirements.

If those interest earned statements are of the "grow your own" variety, they aren't legally required, so you can't use them for piggy-backing the annual notice.

And if they are of the IRS 1099-INT variety, IRS rules won't let you piggy back anything on or with them.

What about printing the notice on the back of our statement stock as a permanent feature? It would be on every deposit and loan statement the customer receives. I believe it would reach the majority of our customers but you'd still have to query for those exceptions once per year.
Any thoughts?

One of the requirements is that it must be conveyed in a clear and conspicuous manner. Statement stock language, particularly on the back, might not be clear and conspicuous.

Guess it would be ok to put the notice of availability on accts that receive periodic stmts and send the actual Privacy Notice to the rest of the customers. (safe dep box only, those with only loans etc) We're a small bank & thus do not send out loan stmts.

Ted Dreyer,

I don't know why a statement message would be considered more clear and conspicuous than permanent language on the back of a required periodic statement. I don't think customer's pay attention to anything that appears on their statements unless they are specifically looking for something.

Seems to me that putting the language on periodic statements as a permanent feature would be a simple solution. However, as others have noted, we would have to do the same thing we have always done in the past and identify those customers that do not receive statements and mail the notice to them separately.

Dolly: I'm not saying that it can't be a permanent message, but it does have to meet the clear and conspicuous standards of 12 CFR 1016.3(b). If it's done right, having a permanent message would probably be OK, but much of the statement language that I have seen is not clear and conspicuous. I'm just saying that anyone doing that should keep the regulation in mind.