PowerPoint download

  • 327 views
Uploaded on

 

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
327
On Slideshare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
3
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Consumer Protection Developments Shelly Repp, General Counsel National Council of Higher Education Loan Programs Tom Levandowski, Senior Vice President & Assistant General Counsel Wachovia Corporation Monday May 19th
  • 2. Telemarketing Sales Rule - Unsolicited Marketing
    • Final “Amended” Rule issued 1/29/03
    • Relevant Provisions for Student Lending:
      • Central ‘‘do not-call’’ registry
        • Supplements current company specific ‘‘do-not-call’’ provision
        • Allows a consumer to stop telemarketing calls on behalf of all companies within the FTC’s jurisdiction by placing his/her telephone number on the registry.
          • Telemarketing calls : calls to solicit goods & services.
          • Neither company-specific list nor nationwide registry prevents calls to consumer to administer or service an account.
  • 3. Telemarketing Sales Rule - Unsolicited Marketing
    • Relevant Provisions for Student Lending:
      • Central Do-not-call Registry:
        • Beginning in July, consumers will be able to list their telephone numbers on a national “do not call” registry.
        • The list will be available to telemarketers beginning in September and enforcement begins in October.
        • Telemarketers must scrub their internal marketing lists against this list as of October and at least once every 90 days thereafter. Violators could face fines up to $11,000 per violation.
  • 4. Telemarketing Sales Rule - Unsolicited Marketing
    • Relevant Provisions for Student Lending:
      • Central ‘‘do not-call’’ registry
        • Student Loan Examples of Telemarketing Calls:
          • Current Consolidation Loans Marketing Activity
  • 5. Telemarketing Sales Rule - Unsolicited Marketing
    • Relevant Provisions for Student Lending:
      • “ Established business relationship”exception – Can’t stop telemarketing calls from or an behalf of company with whom consumer has established business relationship , unless consumer has asked to be on company-specific do-not-call list.
      • A relationship b/n seller & a consumer based on:
        • … a financial transaction b/n consumer & seller within 18 months immediately preceding the date of a telemarketing call, or
        • the consumer’s inquiry or application regarding a product or service offered by the seller, w/n 3 months immediately preceding date of call .
  • 6. Telemarketing Sales Rule - Unsolicited Marketing
    • Relevant Provisions for Student Lending:
      • ‘‘ Established business relationship’’exception
        • Financial transaction w/n 18 months of call measured from “ the date of the last payment or transaction, not from the first payment.”
          • Clearly applies to last actual payment. What about loans with extended in-school periods or deferrals?
            • Argue relationship continues at least through last scheduled payment = final activity known and agreed-upon at beginning of ongoing financial relationship.
  • 7. Telemarketing Sales Rule - Unsolicited Marketing
    • Relevant Provisions for Student Lending:
      • ‘‘ Established business relationship’’exception
        • Continuing activities that indicate current, ongoing relationship: payments, interest accrual, interest billing notices, consumer acceptance of financial benefits from federal government .
        • Applicable to Affiliates?
          • Affiliates will fall within the exemption only to extent that the consumer would reasonably expect the affiliate to be included given the nature and type of goods or services offered and the identity of the affiliate.
          • E.g. Unbundled guaranty agencies; banks
  • 8. Telemarketing Sales Rule - Unsolicited Marketing
    • Relevant Provisions for Student Lending Effective 3/31/03:
      • Prohibits telemarketers from abandoning any outbound telephone call, and provides safe harbor from liability if telemarketer observes specified service levels for abandonment rate, phone rings, “dead-air” time & maintains records documenting compliance;
      • Requires telemarketers to transmit the telephone number, and name, when available, of the telemarketer to any caller identification service;
  • 9. Patriot Act – General Scope
      • USA PATRIOT Act of 2001 delegates to Financial Crimes Enforcement Network (FinCEN) responsibility for setting requirements for financial institutions to establish:
          • anti-money laundering compliance, and
          • customer identification programs (in cooperation
          • with federal functional regulators).
  • 10. Patriot Act – General Scope
      • USA PATRIOT Act of 2001
        • Definition of ``financial institution'' - extremely broad and includes:
          • institutions that are already subject to federal regulation such as banks, savings associations, & credit unions
          • also includes, among other non-bank entities, pawnbrokers, loan or finance companies ; trust companies, telegraph companies, sellers of vehicles, insurance companies, & travel agencies (and others)
          • Loan or Finance Company = Guarantor? School (Perkins; Graduate Stafford)? Secondary Market? Securitzation Trust?
  • 11. Patriot Act – What’s Coming for Banks
      • Customer Identification Programs - Bank Rule
        • Final Rule issued 4/30; Published 5/9
        • Structure of Final Rule
          • Notice to Consumers
          • Minimum Data Collection & Retention Requirements
          • Minimum Data Verification Procedures at the time of Account opening
          • Data-Matching with Government supplied lists
  • 12. OFAC Datamatching
      • Office of Foreign Assets Control (in Treasury Dept) administers and enforces economic sanctions against targeted foreign countries, terrorists and terrorist organizations, and narcotic traffickers in furtherance of U.S. foreign policy and national security objectives.
      • Student loans (Staffords, PLUS, Perkins, Private, etc.) must be data-matched against OFAC lists prior to disbursement. Loans shouldn’t be funded on “hits” without OFAC approval (i.e “license”).
  • 13. OFAC/Patriot Act
      • HEA Reauthorization
      • Financial Partners proposal to have DOE perform all datamatching under OFAC, Patriot Act and Bank Secrecy Act on behalf of Title IV participants.
  • 14. Patriot Act
      • Section 352(a) of the Patriot Act
      • Effective Date - April 24, 2002
      • General Scope - amended Bank Secrecy Act to require every financial institution to establish an anti-money laundering program that includes, at a minimum:
        • The development of internal anti-money laundering policies, procedures, and controls;
        • The designation of a compliance officer;
        • An ongoing employee training program; and
        • An independent audit function to test programs. 
  • 15. Patriot Act
      • Section 352(a) of the Patriot Act
      • Example of Money Laundering in Student Lending ?
        • E.g. Borrower takes out FFELP loan - - “good money - - and pays it back in a lump sum foreign wire from an overseas account owned by someone with known terrorist connections - - “dirty money”.
  • 16. Patriot Act
      • FinCEN Anti-Money Laundering Rule Under S. 352
      • On April 29, 2002, FinCEN issued a series of interim final rules implementing section 352 of the Act.
        • Rules prescribe requirements for anti-money laundering programs for banks, savings associations, and credit unions (and other “bank-type” entities)
  • 17. Patriot Act
      • FinCEN Anti-Money Laundering Rule Under S. 352
      • On April 29, 2002, FinCEN temporarily deferred, until 10/24/02, the application of S. 352 to certain other financial institutions including loan & finance companies.
      • Deferred application of S. 352 again on 11/6/02 until rule issued for exempt “financial institutions”. 
      • Anti-Money Laundering NPRM will be issued for “loan & finance companies” & other “financial institutions” sometime “soon”.
  • 18. Patriot Act
      • 3/6/03 Industry Meeting with Treasury
      • Treasury input at meeting and in subsequent e-mail: “Based on our discussion, it sounds like many of the things that you already do have a beneficial effect with respect to money laundering risks.”
      • Same “beneficial effect” should apply to CIP compliance.
  • 19. Patriot Act – What’s Coming for Non-Banks
      • Anti-Money Laundering NPRM
      • Customer Identification Program NPRM
        • Expected to be identical to “bank” rule with minor adjustments tailored to fit “non-bank” entities
      • A key issue under both upcoming NPRMs is how “loan & finance company” will be defined.
        • Applicable to originating lenders (e.g., banks, schools who make loans) only? Downstream entities that touch or acquire title to loans?
  • 20. State Privacy Developments Aimed at GLBA
    • CA SB 1 (Speier) “Opt-in” Law
      • Reintroduced 12/2/02
      • Passed Senate Judiciary Committee and passed the Senate on March 3 rd . Bill has been sent to the Assembly.
      • Speier’s fourth attempt at enacting state financial privacy legislation that would be more restrictive than GLBA.
  • 21. State Privacy Developments Aimed at GLBA
    • CA SB 1 (Speier) “Opt-in” Law
      • Bill would provide consumers with specified notice and choices on the sharing of their personal financial information by financial services companies.
        • Requires an opt-in for non-affiliated 3rd parties
        • Requires opt-out for affiliated parties
  • 22. State Privacy Developments Constraining SSN Use
    • Proposed MO SB 61 (nearly identical to CA SB 168 enacted in 2001)
      • No private individual or entity shall:
        • Intentionally communicate or otherwise make available to the general public in any manner an individual' s SSN;
        • Print an individual's SSN on any card required for the individual to access products or services provided by the person or entity;
        • Require an individual to disclose his or her SSN to enter into a commercial transaction.
  • 23. State Privacy Developments Constraining SSN Use
    • Proposed MO SB 61 (nearly identical to CA SB 168 enacted in 2001)
      • Require an individual to transmit his or her SSN over the Internet unless the connection is secure or the SSN is encrypted;
      • Require an individual to use his or her SSN to access an Internet Web site;
      • Print an individual's SSN on any materials that are mailed to the individual
  • 24. State Privacy Developments Constraining SSN Use
    • Proposed MO SB 61 (nearly identical to CA SB 168 enacted in 2001)
      • Print an individual's SSN on any materials that are mailed to the individual
        • As under CA SB 168, options for complying with mail prohibition:
          • Substitute unique identifier
          • Eliminate reference to account number
          • Bar code or scramble SSN
  • 25. State Privacy Developments Constraining SSN Use
    • Proposed CA AB 763 - SSN confidentiality: Bill would prohibit the mailing of a document on which an SSN may be printed if it is a postcard or if the SSN is visible without opening the envelope.
    • Proposed CA SB 25 - The bill would extend the existing private-sector ban on the public posting or display of Social Security numbers (SB 168 Requirements) to state and local agencies.
  • 26. Federal Privacy Legislative Issues
    • HEA Reauthorization – Financial Partners proposal authorizing comprehensive use of SSNs
    • FCRA Extension. On January 1, 2004, a key preemption provision in the Fair Credit Reporting Act (FCRA) will expire.
      • This provision prohibits individual states from enacting laws that regulate the sharing of credit information between affiliates, among other issues.
      • Expiration of this preemption would open the way for state and local governments to enact conflicting laws governing the collection and sharing of credit information.
  • 27. Federal Privacy Legislative Issues
    • FCRA Extension.
      • Financial Institutions lobbying aggressively
      • The Federal Reserve Board and the Dept of Treasury have publicly endorsed the renewal of the FCRA preemption.
      • 2 Bills have been introduced to extend the FCRA preemption
  • 28. Federal Privacy Legislative Issues
    • S. 745 (Senator Feinstein) – Introduced April 2003.
    • Sets a national standard for protection of personal information, including SSNs and other health and financial data
    • 2-Tiered Approach:
      • For the most sensitive personal information, such as SSNs, and health and financial data, companies must obtain individual’s explicit permission prior to selling, renting or licensing such information to 3 rd Parties.
      • For nonsensitive personal information such as names and addresses, companies that wish to collect, sell or market that dat must give individuals an opportunity to opt-out.
  • 29. Federal Privacy Legislative Issues
    • S. 745 (Senator Feinstein) – Introduced April 2003.
    • Prohibits sale or display of SSNs to public but allows business to share these numbers with other businesses and government entities
    • Permits businesses to share financial information with their affiliates or joint venture partners, unless the customer opts-out
    • Prohibits a business from denying service to a customer who refuses to provide her SSN number, except in cases where the SSN is needed.
  • 30. Federal GLBA Enforcement Actions
    • On April 07, 2003, OCC assessed civil penalties against a bank loan officer and a loan processor who sent thousands of loan files (with non-public personal information) in an unsecure, unencrypted email to an unaffilated 3 rd -party. The customers' info was never compromised, but the very fact that it could have been was enough for the OCC to assess penalties.
    • The loan officers consented to permanent removals from banking and to civil money penalties of $20,000 and $10,000 respectively.
    • OCC indicated it will “respond aggressively if they find that bank employees are misusing customer information, or placing it at risk of unauthorized disclosure.”
  • 31. Federal GLBA Enforcement Actions
    • Their actions violated privacy regulations (e.g. GLBA ISP requirements) and constituted unsafe and unsound banking practices.
    • In addition to the permanent removals and civil money penalties, the loan officers also consented to personal cease and desist orders requiring them to disclose the OCC’s enforcement act to present and future employers involved in the transfer of nonpublic personal information to federal insured depository institutions.
    • FFELP consequence? Lenders at risk when sending borrower NPI in unsecure emails to trading partners or borrowers (e.g., disb rosters, counseling results, online certification requests, borrower data files, customer service responses, etc.).
  • 32. Identity Theft
    • For the 3 rd consecutive year, identity theft topped the list of consumer complaints logged by the Federal Trade Commission
    • Dollar loss consumers attribute to all fraud and identity theft ballooned from $160 MM in 2001 to $343 MM in 2002 (probably due to increased awareness of reporting mechanism).
  • 33. State Privacy Developments – Identity Theft
    • R ecent reforms to prevent ID theft
      • CA SB 1386 - Effective July 1, 2003.
      • Requires a business or a State agency that maintains computerized data that includes personal information, as defined, to disclose any breach of the security of that data to any California resident whose unencrypted personal information was, or is reasonably believed to have been, acquired by an unauthorized person.
      • Notice, written or electronic, must be must be given in most expedient time possible and without unreasonable delay
  • 34. State Privacy Developments – Identity Theft
    • Recent reforms to prevent ID theft
      • SB 1386 -  Notification Requirement for 3 rd Party Service Providers.
        • Any agency or business that maintains computerized data that includes personal information it does not own shall notify the owner of the information of any breach of the security of the data if the personal information was, or is reasonably believed to have been, acquired by an unauthorized person.
        • Notice must be given immediately following discovery.
  • 35. State Privacy Developments – Identity Theft
    • R ecent reforms to prevent ID theft
      • SB 1386 -  Remedies
        • Any customer injured by a violation of this title may institute a civil action to recover damages.
        • Any business that violates, proposes to violate, or has violated this title may be enjoined.
        • The rights and remedies available under this section are cumulative to each other and to any other rights and remedies available under law.
  • 36. State Privacy Developments – Identity Theft
    • CA SB 168
        • New Credit Bureau Requirements: Credit bureaus must offer consumers the ability to freeze their credit files and to "thaw" them with a special PIN (online or by phone) when they want to apply for credit themselves.
        • Lenders cannot check credit history on frozen account (absent consumer use of PIN to “thaw” account).
  • 37. State Privacy Developments – Identity Theft
    • CA SB 168
        • The three major credit bureaus, Equifax, Experian and Trans Union, have the same general process for using the new freeze and thaw.
        • Account can be “thawed” by consumer for a specific creditor and for specific date range. Cost applies to “thaw”.
        • There is no charge to “freeze” for identity theft victims who have a police report of identity theft, but others will be charged.
  • 38. State Privacy Developments – Identity Theft
    • Proposed AB 46, introduced 12/2/02
      • Would prohibit any:
        • university or college located in CA from using a student’s social security number for identification in a manner that is available to the public or to an unauthorized 3 rd party, and
        • would prohibit employer from requiring an employee to use his or her social security number for any purpose other than taxes.
  • 39. State Privacy Developments – Identity Theft
    • CA AB 655. Effective 7/1/02.
    • Requires users of credit reports to:
      • Resolve address discrepancies before funding a loan .
      • Resolve security alerts in credit report before funding or selling a loan
    • Significant penalties/damages for noncompliance.
  • 40. State Privacy Developments – Identity Theft
    • Proposed CA AB 1294 - Identity theft: debt collectors:
    • Bill would require a debt collector to stop collecting a consumer debt for 30 business days when an alleged debtor provides the collector with information on the alleged debtor's status as an identity theft victim and other information as specified.
    • Requires the collector to review and consider the information submitted and to cease collections if the information reasonably establishes that the alleged debtor did not incur the debt.
  • 41. Consumer Protection Developments
    • QUESTIONS?