OCC Issues Guidance on Fair Credit Privacy Compliance
The OCC has issued guidance designed to help banks comply with the Fair Credit Reporting Act (FCRA) requirements regarding sharing of customer information among affiliates. According to Comptroller Jerry Hawke, "The guidance provides examples of practices being used by banks that we believe constitute effective ways of complying with the law. These are examples of approaches actually being used by national banks to convey meaningful information to their customers about the treatment of personal data."
In 1996, Congress amended the FCRA to allow banks to share information with their affiliates. This information sharing can include consumer reports and information on loan applications, as long as the bank clearly informs the customer of its intent to share the information and allows the customer an opportunity to "opt out." The OCC advisory is designed to help banks effectively communicate the disclosures to customers and provide a meaningful opportunity to opt out.
In response to industry concerns, the advisory clearly states that its purpose is "to provide examples from a sampling of existing bank practices" which are "not examination standards and are not intended to be an exclusive description of the various ways in which banks can meet their existing obligations under the FCRA, nor do they impose any new obligations on banks."
The advisory encourages banks to tell customers about the kind of information that will be shared, with whom the information will be shared, and point out how information sharing can benefit customers (e.g., by allowing the bank to customize product offerings). The advisory also offers tips on how to make the disclosures sufficiently clear and conspicuous, and ways to meet the opt-out obligation.
Copies of OCC Advisory Letter 99-3 are available on the OCC web site at www.occ.treas.gov.