Privacy Laws Regulation the Financial Industry

Lakukan tugas rumah & ujian kamu dengan baik sekarang menggunakan Quizwiz!

The Fair Credit Reporting Act ("FCRA") The Gramm-Leach-Bliley Act ("GLBA") The Dodd-Frank Wall Street Reform and Consumer Protection Act ("Dodd-Frank" Act") The Bank Secrecy Act

name the four main federal laws that regulat the processing of personal information in the financial industry.

(1) consumer reporting agencies (e.g., Equifax, Transunion) (2) users of consumer reports (e.g., the person or entity requesting the consumer report).

the FCRA primarily applies to two things: _____ and _____.

"opt out" notice prior to sharing non-public personal information ("NPI") with unaffiliated third parties.

the GLBA also requires domestic financial institutions to provide _______ prior to _______

a clear, conspicuous, and accurate statement of the company's privacy practices. it should also include what information the company collects about its consumers and customers, with whom it shares the information, and how it protects or safeguards the information.

the GLBA's privacy notice must be _____, _____ and ________. and it should include _______, ______, and ______

(1) banks, (2) credit unions, (3)securities firms, (4) pay day lenders, (5) debt collectors, and others.

the jurisdiction of the CFPB includes

(1) consumer reporting agencies may only furnish consumer reports to persons having a "permissible purpose." (2) consumer reporting agencies must ensure that their consumer reports do not contain prohibited information . (3) Consumer reporting agencies must follow reasonable procedures to assure the accuracy of information contained in consumer reports. (4) every consumer agency must, upon request, clearly and accurately disclose to the consumer all information in the consumer's file at the time of the request. and must disclose every person that procured the consumer's report for employment purposes within the last two years (and for all other purposes within the last year). (5) if the completeness or accuracy of any information contained in a consumer's file at a consumer reporting agency is disputed by the consumer, and the consumer notifies the agency of the dispute, the agency must, free of charge, conduct a reasonable re-investigation to determine whether the disputed information is accurate. (6) all nationwide consumer reporting agencies must provide a free copy of a consumer's report upon request of the consumer

under the FCRA, consumer reporting agencies have 6 main responsibilities. name them

a consumer is a person who obtains or has obtained a financial product or service from a financial institution that is to be used primarily for personal, family, or household purposes. a customer is a consumer with a continuing relationship with a financial institution. (ex: opining a credit card account with a financial institution, leasing an automobile, gearing a lona for a mortage, etc). (it is the nature of the relationship that defines who is a cusotmer or a consumer).

under the GLBA, what is the difference between "customers" and "consumers?"

Permissible purposes include use in connection with (1) credit transactions, (2) employment purposes, (3) underwriting of insurance, and (4) eligibility for a license. (1) as ordered by a court or federal grand jury subpoena, (2) as instructed by the consumer in writing, (3) when there is a legitimate business need, in connection with a business transaction that is initiated by the consumer, (4) to review a consumers account to determine whether the consumer continues to meet the terms of the account, or (5) for use by state and local officials in connection with the determination of child support payments, or modifications and enforcement thereof.

what are 4 main permissible purposes for a person to have a consumer report? What are ____ other permissible purposes

customer's name, address, income, social security number, and other account-related information.

what are examples of NPI under the GLBA?

(1) mail and (2) in person delivery. there may be other accepted ways to deliver depending on the type of business. for example, an online lender may post its notice on its website and require online customers to acknowledge receipt as a necessary part of a loan application.

what are the two main ways in which the GLBA's privacy notice may be delivered to customers? are there other acceptable ways to deliver? explain.

bankruptcies more than ten years old and other adverse information, such as accounts placed in collection that are more than seven years old.

what information is prohibited from consumer reports?

identity theft refers to fraud committed or attempted using the identifying information of another person without authority.

what is identity theft?

The mission of the CFPB is to protect consumers by carrying out federal consumer financial laws. The CFPB writes rules, supervises companies, and enforces federal consumer financial protection laws. the CFPD also restricts unfair, deceptive, or abusive acts or practices, takes consumer complaints, promotes financial education, monitors financial markets for new risks to consumers, and enforces laws that outlaw discrimination and other unfair treamtent in consumer finance.

what is the mission of the CFPB? how is this accomplished?

(1) to increase the accuracy and fairness of credit reporting and (2) to limit the use of consumer reports to permissible purposes, such as for employment and the underwriting of insurance.

what is the two main purposes of the FCRA?

$10,000 reported to the IRS per the regulations using a Currency Transaction Report, Form 4789.

BSA generally requires currency transactions over ____ be reported to ______, using ____.

For $3,000 or more in currency.

BSA regulations also cover purchases of bank checks, drafts, cashier's checks, money orders or traveler's checks for ______.

(1) keep records of cash purchases of negotiable instruments, (2) file reports of cash purchases of these negotiable instruments of more than $10,000 (daily aggregate amount, and (3) report suspicious activity that might signify money laundering, tax evasion, or other criminal activities.

BSA requires financial institutions to (1) ______, (2) _______, and (3)______.

From up to $5,500 for violations of laws and regulations, to $27,500 if violations are unsafe, unsound or reckless, to up to $1.1 millions for "knowing" violations.

Banking and related financial institutions that fail to comply with GLBA requires may be subject to penalties under the Financial Institutions Reform, Recovery and Enforcement Act. FIRREA penalties range from _____

State attorney generals and the FTC

Besides consumers, who has the power to enforce the FCRA?

(1) Users must have a permissible purpose (2) Users must provide certification to the consumer reporting agency of the permissible purpose and certifies that the report will not be used for any other purpose. (3) Users must notify consumers when adverse actions are taken

Consumer reporting agencies are required to provide notice of their obligations to users of consumer report. What 3 things must the notice contain?

FACTA preempts stricter state laws in most areas, although states retain some powers to enact laws addressing identity theft.

Does FACTA preempt state laws? explain.

banks, auto dealers, savings and loans, credit unions, insurance companies, brokerages, and securities firms.

Domestic financial institutions typically include (1)_____, (2)______, (3)______, (4)_____, (5)_____, (6)______, and (7)_____.

Requires truncation of credit and debit card numbers, so that receipts do not reveal the full credit or debit card number.

FACTS requires what from credit card numbers?

Except for payment information that appears in a coded form and does not identify the medical provider. The consumer must provide consent to the user of the report, or the information must be coded

FCRA limits the use of medical information obtained from consumer reporting agencies, except for _____ What must happen in order for medical information to used for an insurance transaction?

FCRA permits creditors and insurers to obtain limited consumer report information for use in connection with firm unsolicited offers of credit or insurance, under certain circumstances and condition. this practice is known as "prescreening," and typically involves obtaining from a consumer reporting agency a list of consumers who meet certain pre-established criteria.

FCRA permits "prescreening." What is "prescreening?"

Promulgates rules but enforcement powers remains with banking regulators.

For depository institutions with sasets of $10 billion or less, CFPB does what?

the practice of obtaining customer information from financial institutions under false pretenses

GLBA also prohibits "pretexting," which is _____.

A consumer report is any written, oral, or auxiliary communication of any information by a consumer reporting agency bearing on a consumer's credit worthiness, credit standing, credit capacity, character, general reputation, personal characteristics, or motion of living which is used in establishing the consumer's eligibility for (a) credit or insurance; (b) employment purposes; or (c) license

How does the FCRA define a consumer report?

A consumer reporting agency is any entity that regularly engages in the practice of assembling or evaluating consumer credit information or other information on consumers for the purpose of furnishing consumer reports to third parties.

How does the FCRA define a consumer reporting agency?

any personally identifiable financial information that a financial institution collects about an individual in connection with providing a financial product or service, unless that information is otherwise publicly available.

NPI under the GLBA includes______

institutions that are "significantly engaged" in financial activities in the United States. Domestic financial institutions

The GLBA applies to _____, also known as _______.

prohibits domestic institutions from disclosing their customers' account numbers to non-affiliated companies when it comes to telemarketing, direct mail marketing or marketing through email.

The GLBA prohibits domestic financial institutions from doing what with telemarketers?

(1) The Privacy Rule and (2) the Safeguards Rule.

The GLBA sets forth two important rules that domestic financial institutions must adhere to: (1) _____ and (2) ______.

The "Financial Services Modernization Act." was enacted in 1999.

The Gramm-Leach-Bliley Act ("GLBA"), also known as the _________, was enacted in ______.

Ability to promulgate broad rules to implement modified "Know Your Customer" requirements and to otherwise deter money laundering

The International Money Laundering Abatement and Anti-Terrorist Financing Act of 2001 gve the treasury secretary the ability to_____.

5 years

Under BSA, how long must records be maintained?

Only those with a "high degree of usefulness."

Under BSA, not all records must be maintained. What records must be maintained?

Domestic financial institutions are required to provide an initial privacy notice to all customers when the customer relationship is established and annually thereafter. (1) store personal financial information in a secure manner, (2) provide notice of their policies regarding the sharing of personal financial information, and (3) provide consumers with the choice to opt out of sharing some personal financial information.

Under the GLBA's privacy rule, _____ Financial institutions are also required to ____

(1) If a financial institution shares information with outside companies that provide essential services like data processing or servicing accounts; (2) the disclosure is legally required; (3) a financial institution shares customer data with outside service providers that market the financial company's products or services.

Under what three circumstances does a consumer not have a right to opt out under the GLBA?

must certify to the consumer reporting agency their permissible purpose and also certify that the information contained in the consumer report will not be used for any other purpose

Users of consumer reports have 3 main responsibilities: (1) users must certify ________ and also certify that ______.

(1) the consumer is notified within three days after the report was requested and (2) a certification of the notification is provided to the consumer reporting agency. request a complete and accurate disclosure of the nature and scope of the investigation.

With respect to investigative consumer report, a person may not obtain an investigative consumer report on any consumer unless (1) _______ and (2) _______. a consumer may, within a reasonable period of time after receiving the notification, ______.

requires "creditor" and "financial institutions" to address the risk of identity theft by developing and implementing writtent identity theft prevention programs to help identify, detect, and respond to patterns, practices, or specific activities -- known as red flags -- that could indicate identity theft

The "Red Flag Rule" requires _____

the USA PATRIOT Act. money laundering

The BSA and the _______ Act provide financial institutions with broad discretion in detecting and preventing _____.

Of 1970, also known as the Currency and Foreign Transactions Reporting Act, requires financial institutions in the U.S. to assist government agencies in detecting and preventing money laundering. specifically, financial institutions must keep records and file reports on certain financial transactions in excess of $10,000 (but this does not include credit secured by real property).

The Bank Secrecy Act ("BSA") of _____, also known as the ________, requires ________. Specifically, ____

"abusive acts and practices" an abuse act or practice is one that (1) materially interferes with the ability of a consumer to understand a term or condition of a consumer financial product or service or (2) takes unreasonable advantage of (i) a lack of understanding on the part of the consumer of the material risks, costs, or conditions of the product or serve; (ii) the inability of the consumer to protect its interests in selecting or using a consumer financial product or service; or (iii) the reasonable reliance by the consumer on a covered person to act in the interests of the consumer.

The CFPB can also bring enforcement actions for unfairness and deception. in addition, the CFPB also has power to enforce against _________, which are (1)_____ or (2) _____.

All non-depository financial institutions, and all depository instutitions with more than $10 billion in assets.

The CFPB has enforcement authority over all _____, and _____

The Dodd-Frank Act established the Consumer Financial Protection Bureau ("CFPB"), which is an independent agency of the U.S. government responsible for consumer protection in the financial sector.

The Dodd-Frank Act established what Bureau? describe it.

Fair and Accurate Credit Transactions Act of 2003 of 2003 to include a "Red Flags" Rule designed to combat identify theft and the Disposal Rule.

The FACTA (which stands for _____), of _______ amended the FCRA to include ______ and _____

"investigative consumer reports." Investigative consumer reports are consumer reports in which information on a consumer's character, general reputation, personal characteristics, or mode of living is obtained through personal interviews with persons having knowledge of the consumer, including neighbors, friends, or associates of the consumer.

The FCRA also regulates a special class of reports called _______, which are________.

1970. Fair and Accurate Credit Transactions Act of 2003.

The FCRA was enacted in _______ and then subsequently updated by the ____________ Act of ______

Yes.

Can a reporting agency furnish a consumer report with the express written consent of the consumer?

from $5,000 per day for federal consumer privacy law violations to $25,000 per day for reckless violations, and $1 million for knowing violations. State attorney generals are also authorized to bring civil actions to its law or regulations

Civil penalties for violating Dodd-Frank can vary, from _____

(1) Be liable to the consumer in an amount up to $1,000 per violation, and at least $2,500 for willful violations. (2) a successful claimant may also be entitled to reasonable attorney's fees and costs, and (3) may be entitled to punitive damages

A person who willfully fails to comply with any requrement imposed by the FCRA may be (1) _______, (2) _______, and (3) _____.

request a free copy of his report within 60 days of receiving the adverse notice.

If a consumer receives an adverse decisions based on is or her consumer report, the consumer may _______.

(1) before the offer is made, establish the criteria that will be relied upon to make the offer and to grant credit or insurance; and (2) maintain such criteria on file for a three-year period beginning on the date on which the offer is made to each consumer.

If any person intends to use prescreened lists, that person must do two things:

the updates "include prominent disclosures designed to prevent consumers from confusing these 'free' offers with the federally mandated free annual file disclosures." Such disclosure must be "easily readable."

In 2010, the FTC issued new rules updating the manner of disclosure required by the companies advertising "free credit reports." The updates include _______.

(1) administrative security, which includes program definition, management of workforce risk, employee training and vendor oversight (2) technical security, which covers computer systems, networks and applications in addition to access controls and encryption (3) physical security, which includes facilities, environmental safeguard, business continuity and disaster recovery.

In according with GLBA's safeguard rule, a financial institution must provide the following three levels of security for consumer information:

(1) the employer or its agent complies with the procedures set forth in the FCRA; (2) no credit information is used; and (3) a summary describing the nature and scope of the inquiry is provided to the employee if an adverse action is taken based on the investigation.

Investigations are not treated as consumer reports as long as (1) ____, (2) ____, (3) ____.

There is no private right of action under GLBA, but failure to comply with certain notice requirements may be considered a deceptive trade practice by state and federal authorities.

Is there a private right of action under GLBA? explain.

When sharing personal information with non-affiliated third parties. No notice is required if the financial institution is sharing personal information with an affiliate. An affiliate is a company that controls, is controlled by, or is under common control with the financial institution.

Opt-out notice is only required under the GLBA when ______. No notice is required when _____. what is an affiliate.

To alert government agencies to potentially suspicious transactions. (1) when a financial institution suspects that an insider is committing (or aiding the commission of) a crime, regardless of dollar amount; (2) when the entity detects a possible crime involving $5,000 or more an has a substantial basis for identifying the subject; (3) when the entity detects a possible crime involving $25,000 or more (even if it has no substantial basis for identifying a suspect); and (4) when the entity suspects currency transactions aggregating $5,000 or more that involve potential money laundering or a violation of the act.

SARs are used to _____ a SAR must be filed with the Department of Treasury's Financial Crimes Enforcement Network in what 4 circumstances?

Section 314(b) of the USA PATRIOT Act for example bank trade groups and associations (1) suspected of engaging in possible terrorist activity or (2) money laundering.

Section _______ of the _________ Act encourages financial institutiones and financial institution associates (for example _______) to share information on individuals, entities, organizations, and countries (1) ________ or (2) ______

determine what measures are reasonable based on the sensitivity of the information, the costs and benefits of different disposal methods and changes in technology.

The standard for the proper disposal of information derived from a consumer report is flexible and allows the organizations and individuals covered by the Disposal rule to _____.

(1) provide notice of the adverse action to the consumer, (2) disclose the name, address, and telephone number of the consumer reporting agency furnishing the information to the user, and (3) notify the consumer about his right to request a free copy of his consumer report from the consumer reporting agency if the request is made within sixty days of receiving the adverse notice

Users of consumer reports have 3 main responsibilities: (2) if a user of a consumer report takes any adverse action with respect to any consumer that is based in whole or in part on any information contained in a consumer report, the user must (1) _________, (2) ________, and (3) _______.

employment purposes must receive certification from the user of the report that the user has written authorization from the consumer to obtain the report. that the information they obtained will not violate any federal or state equal opportunity law and that fi an adverse action is taken based on the report, a copy of the report and a summary of the consumer's rights will be provided to the consumer.

Users of consumer reports have 3 main responsibilities: (3) before furnishing a consumer report for ___________, a consumer reporting agency must _________. the consumer agency must also receive certification from the user of the consumer report that _____

Civil and criminal penalties. $500 per occurrence reporting requirement $25,000 and $100,000 $100,000 and $1,000,000 $10,000 and 5 years inprisonment

Violations of the BSA may result in both _____ and ______. with respect to _____, negligent violation of any regulation of the BSA may result in a fine of up to _____. Willful violations of any ______ requirement may result in a penalty of between _______ and _____. The _______ Act incresed the maximum civil penalties for certain violation to between ____ and _____. ____ penalties of up to _____ and _____ are also authorized.

Depends upon the type of financial institution. Banks, credit unions, and other affiliated financial institutions are regulated by multiple federal agencies, including the Office of the Comptroller of the Currency, the Federal Reserve Board, the FDIC, Office of Thrift Supervision, and the National Credit Union Administration. The Securities and Exchange Commission ("SEC"), is the designated agency for brokers, dealers, investment advisers, and investment companies. The FTC is repsonsible for regulating all other financial institutions not subject to the enforcement authority of another regulator

What agency is responsible for enforcing the GLBA? Explain?

(1) adverse actions based on information obtained from a consumer credit report -- (2) adverse actions based on information obtained from third parties that are not consumer reporting agencies -- if this adverse action is taken, the the user must clearly and accurately disclose to the consumer his right to be informed of the nature of the information that was relied upon, if the consumer makes a written request within 60 days of notification. the user must then provide the disclosure within a reasonable period of time following the consumer's written request. (3) adverse actions based on information obtained from affiliates -- if this adverse action is taken, then the user must inform the consumer that he may obtain a disclosure of the nature of the information relied upon by making a written request within 60 days of receiving the adverse notice, the user must then disclose the nature of the information no later than 30 after receiving the request.

What are 3 types of adverse actions that can be taken as result of obtaining or reviewing the information contained within a consumer credit report?

(1) Information-sharing regulations and participation in the cooperative efforts to deter money laundering (2) Know Your Customer rules, including the identification of beneficial owners of accounts (3) Development and implementation of formal money-laundering programs (4) Bank Secrecy Act expansions, including new reporting and record-keeping requirements for different industries (such as broker-dealers) and currency transactions.

What are the USA Patriot Acts 4 main compliance requirements?

(1) promote the financial stability of the United States by improving accountability and transparancy within the financial system, (2) end "too big to fail," (3) protect the american taxpayer by ending bailouts, and (4) protect american consumers from abusive financial services practices.

What are the four purposes of the Dodd-Frank Act?

(1) Currency Transaction Reports ("CTRs"), and (2) Suspicious Activity Reports ("SARs")

What are the two primary means that banks used to satisfy the requirements of the BSA?

according to the disposal rule, any business or individual who uses a consumer report for a business purpose must ensure the proper disposal of information in the consumer report to protect against "unauthorized access to or use of the information." The FTC, the banking regulators and the CFPB.

What is the FACTA's disposal rule? when did it go into effect? who enforces the disposal rule?

2010

When was the Dodd-Frank Act enacted?

Funds transfers governed by the Electronic Fund Transfer Act, and those made through an automated clearinghouse, ATM or point-of-sale system.

Which funds are exempt from BSA?

as to deposit account records, a financial institution must keep the depositor's taxpayer identification number, signature cards and checks in excess of $100 that are drawn or issued and payable by the bank. with regard to certificates of deposit, the financial institution must obtain the customer name and address, a description of the CD and the date of the transaction For wire transfers or direct deposits, a financial institution must maintain all deposit slips or credit tickets for transactions over $100.

how does BSA treat deposit account records? how does BSA treat certificates of deposit? how does BSA treat wire transfers or direct deposits?

30 days.

how long does a consumer reporting agency have to investigate a dispute and remove or correct the disputed item in a credit report?

a private right of action in federal court. FTC, CFPB, and state attorney's general. Under the Dodd-Frank Act, rule-making authority shifted from the FTC to the CFPB.

if a consumer believes that the FCRA has been violated, then they may enforce the FCRA provisions through_____. Who are the three main entities that enforce violations of FCRA? Which entity has rule making authority?

Must develop a written information security plan protecting customer information.

in accordance with GLBA's Safeguard rule, domestic financial institutions must develop _____.

appropriate to (1) the company's size and complexity, (2) the nature and scope of its activities; and (3) the sensitivity of the customer information it handles

in accordance with GLBA's safeguard rule, a domestic institution's written information security plan must be approproiate to (1) _____, (2) _____, and (3) ______.

(1) designate one more more employees to coordinate its information security program; (2) identify and assess the risks to customer information in each relevant area of the company's operation, and evaluate the effectiveness of the current safeguards for controlling these risks; (3) design and implement a safeguards program, and regularly monitor and test it; (4) select service providers that can maintain appropriate safeguards, make sure your contract requires them to maintain safeguards, and oversee their handling of customer information; and (5) evaluate and adjust the program in light of relevant circumstances, including changes in the firm's business or operations, or the results of security testing and monitoring.

in accordance with GLBA's safeguard rule, a domestic institution's written information security plan must do 5 things:

Must be reasonable, and the financial institution must provide a reasonable amount of time for the customer to opt out (for example, 30 days).

in according with the privacy rule under the GLBA, the mechanism fo opting out must be_____, and _____.


Set pelajaran terkait

Chapter 1 Managerial Accounting & Cost Concepts

View Set

Theory and Methods- Functionalists (structural theory/consensus theory)

View Set

Smart Choice L1 Unit 9 - What can you do there?

View Set

Chapter 1: Nurse's Role in Health Assessment: Collecting and Analyzing Data

View Set