Financial Laws

Question 1

Gramm Leach Bailey Act
(GLBA)
privacy rule- notice

Answer 1

FI and affiliates must provide notice in clear and conspicuous manner of privacy policies and data sharing policies prior to disclosure

timing
1. at time of establishing customer relationship
2. 1 annually during relationship

safe harbor for violation- if have model disclosure form

Question 2

GLBA privacy rule

disclosure

Answer 2

no disclosure to nonaffiliated unless
- opt out opportunity (that is implemented in 30 days)
- to service provider of FI
- consent
-joint marketing purpose
- necessary for transaction or law

Question 3

GLBA privacy rule

refuse/resell

Answer 3

non-affiliates can’t reuse/resell info or disclose account # or access code to non affiliate for marketing (unless to a CRA)

Question 4

GLBA safeguard rule

Answer 4

1. adopt info security program (TAP)
2. appoint qualified individual to oversee
3. conduct risk assessment
4. regularly test safeguards
5. establish incident response plan
6. establish contract requiring service providers to adopt safeguards

Question 5

GLBA written contracts with service providers

Answer 5

written contracts are required FI under safeguard rule but not FI under privacy rule

Question 6

state laws that exempt FI from GLBA regulation

Answer 6

1. CCPA california
2. Virginia VCDPA
3. Connecticut
4. Colorado CPA

Question 7

Enforcement - Financial regulators

Answer 7

1. federal reserve
2. comptroller of currency
3. FDIC
4. NCUA
5. SEC
   state level insurance agencies

FTC anything not subject to financial regulator

Question 8

FCRA importance

Answer 8

1st federal law to regulate use of PI by private businesses

Question 9

FCRA

consumer report definition

Answer 9

3 components

1. form of communication (oral written or any other)
2. purpose ( eligibility for credit, employment, insurance, business in general)
3. type of info contained inside
   - bears on credit worthiness
   - standing
   - capacity
   - character
   -general reputation
   - personal characteristics
   - mode of living

Question 10

FCRA

not consumer report

Answer 10

communications between affiliates

transmission that is only interactions between consumer and party making communication (ex. bank transaction record)

affiliate sharing info with CRA + consumer opt out opportunity

Question 11

FCRA

additional requirements for investigative consumer report

Answer 11

(doesn’t apply if employer investigation)/relates to character

1. notification to consumer within 3 days
2. verification of all negative info before including
3. certification to CRA that disclosures to consumers have been made by user and will make required disclosures upon consumer report

Question 12

FCRA

user of CR

Answer 12

1. permissible purpose
2. must notify consumer affected by adverse action (business, credit employment with neg impact)
3. no resell unless notify CRA of identity of end user and permissible purposes end user will use report for
4. adequate records of criteria used for past 3 years (if use prescreened list of preselected qualifications)

Question 13

FCRA- user

is there a right to amend

Answer 13

NO- user doesn’t need to correct inaccurate info

Question 14

FCRA

furnishers of PI to CRA requirements

Answer 14

1. up to date, accurate info (no cause to believe not accurate)
2. notice of any
   - consumer dispute
   - closure of consumer account
   - delinquency within 90 days of collection
   - identity theft
3. notice to consumer of negative info included (30 days)

NO PERMISSIBLE PURPOSE NEEDED

Question 15

FCRA

permissible purposes to generate CR

needed for CRA and User

Answer 15

court order
credit transaction
consent
employment offer/reassignment
business transaction
credit/prepayment risk
child support
liquidation of financial institution
gov benefit eligibility
underwriting insurance

Question 16

CRA requirements
current info

Answer 16

1. no bankruptcy 10+ years old
2. no lien, accounts place in collection, civil judgments, records of arrest, negative info 7+ years old

doesn’t apply to
- criminal convictions
- life insurance transactions 150,000+
- employment salary 75,000+

Question 17

CRA requirements
complete info

Answer 17

bankruptcy file
- whether case is voluntary withdrawn
- chapter

if # of credit inquiries affects score

if consumer disputes info contained

Question 18

CRA requirements
accurate info

Answer 18

if consumer dispute must
- reinvestigate within 30 days
- notify furnisher within 5 days + after investigation concluded

if accurate
- written statement must be included in all future disclosures form consumer on dispute

if inaccurate: delete + notify recipients in last 6 months

Question 19

CRA requirements
consumer access

Answer 19

provide access to
1. info contained in file maintained by CRA
2. info on who disclosures to in last 2 years (employment) or 1 year (other)
3. inquiries received by CRA in last year
4. sources obtained info for CR

Question 20

Fair and Accurate Credit Transactions Act (FACTA)
individual rights

Answer 20

1. free annual credit report form 3 national CRAs
   - Equifax
   - Experian
   - Transunion
2. only last 4 #s of credit/debit on receipt
3. right to explanation of credit score

Question 21

FACTA
disposal rule

Answer 21

protect upon disposal from
1. unauthorized access
2. misses of info

includes destruction of property containing info (ex. flash drive)

Question 22

FACTA
red flags rule

Answer 22

financial regulators must create guidelines for FI and creditors to use to guard against identity theft

program must be approved by BOD and have oversight by BOD

Question 23

FACTA
preemption

Answer 23

stricter laws are preempt unless
1. CA or CO credit score laws

2. state insurance laws regulating use of credit based insurance scores
3. 7 states with laws regulating frequency of free credit report

Question 24

Enforcement federal

Answer 24

1st- FTC section 5 authority
2nd- functional regulators (within their jurisdiction)
3rd- CFPB

Question 25

enforcement state

Answer 25

state attorney general - must notify federal authority before filing suit and they have right to intervene private right of action - willful-actual or statutory, punitive, attorneys fees/costs, damage to CRA -negligence- actual, attorneys fees/costs - criminal (doesn't apply to furnishers) - fine and kjail up to 2 years

Question 26

Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010

Answer 26

created consumer financial protection bureau which 1. enforces federal consumer finance laws 2. rule making authority over covered persons or service providers 3. monitors authority against consumer risk 4. enforcement authority over non-depository financial institutions and depository institutions with more than 10 billion in assets

Question 27

right to financial privacy act of 1978

Answer 27

governs federal government agencies (not state) and financial institutions that have financial records of customers (not financial records of corporations)

Question 28

right to financial privacy act of 1978 no access or copying

Answer 28

federal government agency may not access or copy financial records of customers unless - customer authorization - response to admin/ judicial subpoena - response to search warrant - response to formal written request by gov agency

Question 29

right to financial privacy act of 1978 disclosure

Answer 29

financial institution may not disclose financial records until - receive written certification by gov agency that it has complied with law - exception applies - info related to criminal violation - disclose to perfect security interest - processing for loan

Question 30

right of financial privacy act of 1978 enforcement

Answer 30

private cause of action

Question 31

bank secrecy act of 1970 (BSA) record keeping

Answer 31

financial institutions must maintain records that have high degree of usefulness in criminal tax or regulatory investigations or proceedings or national security investigations keep for 5 years

Question 32

bank secrecy act of 1970 (BSA) reporting

Answer 32

financial institutions must report their: - transactions 10,000+ both US and foreign - purchase of monetary instruments 3,000+ any: - suspicious transaction relevant to possible violation of law or regulation within 30 days of initial detection - transaction 10,000+ IN COINS OR CURRENCY - transportation of financial instruments - foreign financial accounts and transactions

Question 33

BSA enforcement

Answer 33

treasury department - civil penalties DOJ- criminal penalties

Question 34

BSA USA-Patriot act

Answer 34

1. anti-money laundering program put in place - designated compliance officer - employee training - audit function to test programs 2. know your customer requirement for foreigner - detect and report instances of money laundering through accounts 3. no accounts with foreign banks that have no physical presence in US 4. must create non-public registry of beneficial owners of certain business entities that do business in US