January 26, 2001
Both the OCC and the FDIC have recently issued guidance designed to help banks comply with the new privacy rules. Although the rules became effective last November 13, compliance is not mandatory until July 1. However, it is important that banks be prepared and take all the necessary steps to be in full compliance by the deadline.
The OCC has issued an advisory letter, AL-2001-2, on “Privacy Preparedness.” The advisory outlines steps banks should be taking, while an attached questionnaire will help banks assess their readiness. During 2001 quarterly reviews, OCC examiners will discuss the advisory with banks, using it as a guide to gauge how the bank is progressing in its privacy compliance program.
According to the advisory, before July 1 banks should have inventoried existing information practices, evaluated agreements with non-affiliates, established any needed opt-out mechanisms, developed or revised privacy policies to coordinate them with the new privacy rules, developed privacy notices and a plan to deliver them, set up employee training and compliance systems and developed a plan for implementation. The advisory letter is available at www.occ.treas.gov/advlst01.htm.
The FDIC is publishing a Privacy Rule Handbook (FIL 3-2001) which explains the basic requirements of the new rule, provides suggestions for banks to meet the requirements, and suggests steps banks can take to monitor compliance. The handbook also offers a glossary of key terms, a concise outline of the rule’s requirements and flowcharts to help bankers understand how the rule works. The book explains how the privacy rule affects the use of customer information, the steps that management must take to comply with the requirements, ways that banks can develop privacy compliance programs, and how to maintain compliance after July 1. The handbook also offers a list of helpful resources for banks.
In addition to printed guidance, the OCC is offering a telephone seminar on February 13 (11:00 am to 12:30 pm EST) and February 14 (3:00 pm to 4:30 pm EST). The seminar, run by OCC privacy specialists, will review the key parts of the rule and outline what examiners expect, both before and after July 1, and offer suggestions on how to address problems in compliance. Cost is $99 for national banks and $125 for others. Additional information and registration materials are available at www.occ.treas.gov.