Financial Laws Flashcards
(34 cards)
Gramm Leach Bailey Act
(GLBA)
privacy rule- notice
FI and affiliates must provide notice in clear and conspicuous manner of privacy policies and data sharing policies prior to disclosure
timing
1. at time of establishing customer relationship
2. 1 annually during relationship
safe harbor for violation- if have model disclosure form
GLBA privacy rule
disclosure
no disclosure to nonaffiliated unless
- opt out opportunity (that is implemented in 30 days)
- to service provider of FI
- consent
-joint marketing purpose
- necessary for transaction or law
GLBA privacy rule
refuse/resell
non-affiliates can’t reuse/resell info or disclose account # or access code to non affiliate for marketing (unless to a CRA)
GLBA safeguard rule
- adopt info security program (TAP)
- appoint qualified individual to oversee
- conduct risk assessment
- regularly test safeguards
- establish incident response plan
- establish contract requiring service providers to adopt safeguards
GLBA written contracts with service providers
written contracts are required FI under safeguard rule but not FI under privacy rule
state laws that exempt FI from GLBA regulation
- CCPA california
- Virginia VCDPA
- Connecticut
- Colorado CPA
Enforcement - Financial regulators
- federal reserve
- comptroller of currency
- FDIC
- NCUA
- SEC
state level insurance agencies
FTC anything not subject to financial regulator
FCRA importance
1st federal law to regulate use of PI by private businesses
FCRA
consumer report definition
3 components
- form of communication (oral written or any other)
- purpose ( eligibility for credit, employment, insurance, business in general)
- type of info contained inside
- bears on credit worthiness
- standing
- capacity
- character
-general reputation
- personal characteristics
- mode of living
FCRA
not consumer report
communications between affiliates
transmission that is only interactions between consumer and party making communication (ex. bank transaction record)
affiliate sharing info with CRA + consumer opt out opportunity
FCRA
additional requirements for investigative consumer report
(doesn’t apply if employer investigation)/relates to character
- notification to consumer within 3 days
- verification of all negative info before including
- certification to CRA that disclosures to consumers have been made by user and will make required disclosures upon consumer report
FCRA
user of CR
- permissible purpose
- must notify consumer affected by adverse action (business, credit employment with neg impact)
- no resell unless notify CRA of identity of end user and permissible purposes end user will use report for
- adequate records of criteria used for past 3 years (if use prescreened list of preselected qualifications)
FCRA- user
is there a right to amend
NO- user doesn’t need to correct inaccurate info
FCRA
furnishers of PI to CRA requirements
- up to date, accurate info (no cause to believe not accurate)
- notice of any
- consumer dispute
- closure of consumer account
- delinquency within 90 days of collection
- identity theft - notice to consumer of negative info included (30 days)
NO PERMISSIBLE PURPOSE NEEDED
FCRA
permissible purposes to generate CR
needed for CRA and User
court order
credit transaction
consent
employment offer/reassignment
business transaction
credit/prepayment risk
child support
liquidation of financial institution
gov benefit eligibility
underwriting insurance
CRA requirements
current info
- no bankruptcy 10+ years old
- no lien, accounts place in collection, civil judgments, records of arrest, negative info 7+ years old
doesn’t apply to
- criminal convictions
- life insurance transactions 150,000+
- employment salary 75,000+
CRA requirements
complete info
bankruptcy file
- whether case is voluntary withdrawn
- chapter
if # of credit inquiries affects score
if consumer disputes info contained
CRA requirements
accurate info
if consumer dispute must
- reinvestigate within 30 days
- notify furnisher within 5 days + after investigation concluded
if accurate
- written statement must be included in all future disclosures form consumer on dispute
if inaccurate: delete + notify recipients in last 6 months
CRA requirements
consumer access
provide access to
1. info contained in file maintained by CRA
2. info on who disclosures to in last 2 years (employment) or 1 year (other)
3. inquiries received by CRA in last year
4. sources obtained info for CR
Fair and Accurate Credit Transactions Act (FACTA)
individual rights
- free annual credit report form 3 national CRAs
- Equifax
- Experian
- Transunion - only last 4 #s of credit/debit on receipt
- right to explanation of credit score
FACTA
disposal rule
protect upon disposal from
1. unauthorized access
2. misses of info
includes destruction of property containing info (ex. flash drive)
FACTA
red flags rule
financial regulators must create guidelines for FI and creditors to use to guard against identity theft
program must be approved by BOD and have oversight by BOD
FACTA
preemption
stricter laws are preempt unless
1. CA or CO credit score laws
- state insurance laws regulating use of credit based insurance scores
- 7 states with laws regulating frequency of free credit report
Enforcement federal
1st- FTC section 5 authority
2nd- functional regulators (within their jurisdiction)
3rd- CFPB
