On July 1, the CFPB issued a proposed rule to amend Regulation P, which implements the Gramm-Leach-Bliley Act (GLBA) and requires, among other things, financial institutions to provide their customers with an annual notice that describes their privacy policies and procedures. The proposed amendment would implement a December 2015 statutory change in Section 75001 of the “Fixing America’s Surface Transportation Act” (FAST Act). Pursuant to the FAST Act, the GLBA was amended so that financial institutions meeting certain criteria no longer need to send annual privacy notices. The CFPB’s recently issued proposed rule would amend Regulation P to implement the GLBA amendment. The CFPB’s proposed rule would further amend Regulation P to (i) provide timing requirements for the delivery of annual privacy notices for a financial institution that may originally qualify for the annual notice exception but then later changes its policies or practices so that it no longer meets the exception criteria; (ii) remove the Regulation P provision that allows financial institutions to post privacy notices online because the CFPB “believes the alternative delivery method will no longer be used in light of the annual notice exception”; and (iii) make a technical correction to one of its definitions.
On August 29, the FTC announced that it is requesting public comment on its Standards for Safeguarding Customer Information Rule (the Safeguards Rule). As required by the Gramm-Leach-Bliley Act, the Commission promulgated the Safeguards Rule to require all “financial institutions” over which the FTC maintains authority to “develop, implement and maintain a comprehensive information security program for handling customer information” (emphasis added). The FTC seeks comments on several specific questions relating to (i) the Safeguards Rule’s economic impact and benefits; (ii) potential conflict between the Safeguards Rule and state, local, or other federal laws or regulations; and (iii) how technological, economic, or other industry changes will affect the Safeguards Rule. Comments are due by November 7, 2016.
On December 4, President Obama signed into law H.R. 22, the “Fixing America’s Surface Transportation Act” (FAST Act). Although a transportation bill on its surface, the bill also contains various provisions that are intended to provide regulatory relief to community banks and improve the efficiency of state financial regulation. Significant provisions in the bill include: (i) establishing a process that allows parties, including banks and other stakeholders, to petition the CFPB for “rural” or “underserved” designations in certain areas for the purposes of the CFPB’s ability-to-repay rule; (ii) expanding the CFPB’s ability to exempt creditors serving rural or underserved areas from escrow requirements; (iii) granting greater flexibility to the CFPB in regards to treating a balloon loan as a qualified mortgage, if a community bank or creditor operating in a rural or underserved area extended the loan; (iv) increasing the threshold for 18-month exam cycles for well-capitalized banks from $500 million to $1 billion; and (v) authorizing the Nationwide Mortgage Licensing System – which state regulators use to license various nonbank financial services industries, such as money transmitters, payday lenders, and debt collectors – to process background checks for non-mortgage license applicants.
On May 7, the CFPB issued a proposed rule that would provide financial institutions an alternative method for delivering annual privacy notices. The Gramm-Leach-Bliley Act (GLBA) and Regulation P require financial institutions to, among other things, provide annual privacy notices to customers—either in writing or electronically with consumer consent. Industry generally has criticized the current annual notice requirement as ineffective and burdensome, with most financial institutions providing the notices by U.S. postal mail. The proposed rule would allow financial institutions, under certain circumstances, to comply with the GLBA annual privacy notice delivery requirements by (i) continuously posting the notice in a clear and conspicuous manner on a page of their websites, without requiring a login or similar steps to access the notice; and (ii) mailing the notices promptly to customers who request them by phone. Read more…