PowerPoint download


Published on

  • Be the first to comment

  • Be the first to like this

PowerPoint download

  1. 1. Update on Patriot Act & Consumer Privacy Issues Tom Levandowski, Senior Vice President & Assistant General Counsel Wachovia Corporation Monday March 17, 2003
  2. 2. Patriot Act – General Scope <ul><ul><li>USA PATRIOT Act of 2001 delegates to Financial Crimes Enforcement Network (FinCEN) responsibility for setting requirements for financial institutions to establish: </li></ul></ul><ul><ul><ul><ul><li>anti-money laundering compliance, and </li></ul></ul></ul></ul><ul><ul><ul><ul><li>customer identification programs (in cooperation </li></ul></ul></ul></ul><ul><ul><ul><ul><li>with federal functional regulators). </li></ul></ul></ul></ul>
  3. 3. Patriot Act – General Scope <ul><ul><li>USA PATRIOT Act of 2001 </li></ul></ul><ul><ul><ul><li>Definition of ``financial institution'' - extremely broad and includes: </li></ul></ul></ul><ul><ul><ul><ul><li>institutions that are already subject to federal regulation such as banks, savings associations, money services businesses, and credit unions (and others) </li></ul></ul></ul></ul><ul><ul><ul><ul><li>also includes, among other non-bank entities, pawnbrokers, loan or finance companies ; trust companies, private bankers, telegraph companies, sellers of vehicles, insurance companies, & travel agencies (and others) </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Loan or Finance Company = Guarantor? Secondary Market? Securitzation Trust? </li></ul></ul></ul></ul>
  4. 4. Patriot Act <ul><ul><li>FinCEN Information-Sharing Rule </li></ul></ul><ul><ul><ul><li>Effective Date - 9/26/02, </li></ul></ul></ul><ul><ul><ul><li>General Purpose - Encourages information sharing among financial institutions and Federal government law enforcement agencies to identify, prevent, and deter money laundering and terrorist activity. </li></ul></ul></ul><ul><ul><ul><li>Scope - FinCEN, on behalf of a requesting Federal law enforcement agency, may require a financial institution to search its records to determine whether it maintains or has maintained accounts for, or has engaged in transactions with, any specified individual, entity, or organization.  </li></ul></ul></ul>
  5. 5. Patriot Act <ul><ul><li>FinCEN Information-Sharing Rule </li></ul></ul><ul><ul><li>Applicable to? </li></ul></ul><ul><ul><ul><li>FinCEN has authority to request information from any financial institution defined in the BSA, notwithstanding that FinCEN has not yet extended BSA regulations to all such financial institutions . </li></ul></ul></ul><ul><ul><ul><li>Although all financial institutions should be on notice that FinCEN may contact them for information, such information requests, as a practical matter, will initially be made only to those financial institutions for which FinCEN possesses contact information </li></ul></ul></ul><ul><ul><ul><ul><li>Generally speaking, financial institutions that already are subject to BSA reporting obligations such as the requirement to file suspicious activity reports. </li></ul></ul></ul></ul>
  6. 6. Patriot Act <ul><ul><li>FinCEN Information-Sharing Rule </li></ul></ul><ul><ul><ul><li>Obligations upon receiving an information request:   </li></ul></ul></ul><ul><ul><ul><ul><li>Expeditiously search for such accounts or transactions with each individual, entity, or organization named in FinCEN's request.   </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Report matches back to FinCEN, rather than the requesting law enforcement agency   </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Only use information request to report matching information to FinCEN, to determine whether to establish or maintain an account or to engage in a transaction, or to assist the financial institution in complying with its anti-money laundering program </li></ul></ul></ul></ul>
  7. 7. Patriot Act <ul><ul><li>FinCEN Information-Sharing Rule </li></ul></ul><ul><ul><ul><li>Obligations upon receiving an information request:   </li></ul></ul></ul><ul><ul><ul><ul><li>Not disclose the fact that FinCEN has requested or obtained information </li></ul></ul></ul></ul><ul><ul><ul><ul><ul><li>the closing of an account for, or the refusal to open an account or to conduct a transaction is not a prohibited disclosure  </li></ul></ul></ul></ul></ul><ul><ul><ul><ul><li>Adequately safeguard the confidentiality of information requested from FinCEN . </li></ul></ul></ul></ul><ul><ul><ul><ul><ul><li>Deemed satisfied to the extent that a financial institution applies to information requests those procedures that the institution has established under GLBA to protect customers' NPI. </li></ul></ul></ul></ul></ul>
  8. 8. Patriot Act <ul><ul><li>FinCEN Information-Sharing Rule </li></ul></ul><ul><ul><ul><li>Obligations upon receiving an information request:   </li></ul></ul></ul><ul><ul><ul><ul><li>Information requests and responses will be accomplished, at least in the short term, through a combination of conventional electronic mail and facsimile transmission. </li></ul></ul></ul></ul><ul><ul><ul><ul><li>  </li></ul></ul></ul></ul><ul><ul><ul><ul><li>A financial institution must designate one person to be the point of contact at the institution regarding the request and to receive similar requests for information from FinCEN in the future.   </li></ul></ul></ul></ul>
  9. 9. Patriot Act <ul><ul><li>Section 352(a) of the Patriot Act </li></ul></ul><ul><ul><li>Effective Date - April 24, 2002 </li></ul></ul><ul><ul><li>General Scope - amended Bank Secrecy Act to require every financial institution to establish an anti-money laundering program that includes, at a minimum: </li></ul></ul><ul><ul><ul><li>The development of internal policies, procedures, and controls; </li></ul></ul></ul><ul><ul><ul><li>The designation of a compliance officer; </li></ul></ul></ul><ul><ul><ul><li>An ongoing employee training program; and </li></ul></ul></ul><ul><ul><ul><li>An independent audit function to test programs.  </li></ul></ul></ul>
  10. 10. Patriot Act <ul><ul><li>FinCEN Anti-Money Laundering Rule Under S. 352 </li></ul></ul><ul><ul><li>On April 29, 2002, FinCEN issued a series of interim final rules implementing section 352 of the Act. </li></ul></ul><ul><ul><ul><li>Rules prescribe requirements for anti-money laundering programs for banks, savings associations, and credit unions (and other “bank-type” entities) </li></ul></ul></ul>
  11. 11. Patriot Act <ul><ul><li>FinCEN Anti-Money Laundering Rule Under S. 352 </li></ul></ul><ul><ul><li>On April 29, 2002, FinCEN temporarily deferred, until 10/24/02, the application of S. 352 to certain other financial institutions including loan & finance companies. </li></ul></ul><ul><ul><li>Deferred application of S. 352 again on 11/6/02 until rule issued for exempt “financial institutions”.  </li></ul></ul><ul><ul><li>Anti-Money Laundering NPRM will be issued for “loan & finance companies” & other “financial institutions” sometime “soon”. </li></ul></ul>
  12. 12. Patriot Act – What’s Coming for Banks <ul><ul><li>Customer Identification Programs - Bank Rule </li></ul></ul><ul><ul><ul><li>Proposed rule issued July 2002 </li></ul></ul></ul><ul><ul><ul><li>Structure of Proposed Rule </li></ul></ul></ul><ul><ul><ul><ul><li>Notice to Consumers </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Minimum Data Collection Requirements </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Minimum Data Verification Procedures at the time of Account opening </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Data-Matching with Government supplied lists </li></ul></ul></ul></ul>
  13. 13. Patriot Act – What’s Coming for Banks <ul><ul><li>Customer Identification Programs - Bank Rule </li></ul></ul><ul><ul><ul><li>Extensive public comments received – issuance of final rule postponed. </li></ul></ul></ul><ul><ul><ul><li>Final Rule will be issued “soon”. Parts of proposed rule will be changed considerably. </li></ul></ul></ul><ul><ul><ul><ul><li>Record keeping </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Model Notices </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Signatories </li></ul></ul></ul></ul><ul><ul><ul><li>“ Student loan” exemption – highly unlikely. </li></ul></ul></ul>
  14. 14. Patriot Act – What’s Coming for Non-Banks <ul><ul><li>Anti-Money Laundering NPRM </li></ul></ul><ul><ul><li>Customer Identification Program NPRM </li></ul></ul><ul><ul><ul><li>Expected to be identical to “bank” rule with minor adjustments tailored to fit “non-bank” entities </li></ul></ul></ul><ul><ul><li>A key issue under both upcoming NPRMs is how “loan & finance company” will be defined. </li></ul></ul><ul><ul><ul><li>Applicable to originating lenders only? Downstream entities that touch or acquire title to loans? </li></ul></ul></ul>
  15. 15. Patriot Act <ul><ul><li>3/6/03 Industry Meeting with Treasury </li></ul></ul><ul><ul><li>The case we made </li></ul></ul><ul><ul><ul><li>Low Risk of Money Laundering </li></ul></ul></ul><ul><ul><ul><li>Current process satisfies CIP objectives (except for data match) </li></ul></ul></ul><ul><ul><ul><li>Only origination lenders need comply with CIP </li></ul></ul></ul><ul><ul><li>Treasury’s Response </li></ul></ul><ul><ul><ul><li>Focused on anti-money laundering . Questions Treasury asked are instructive: </li></ul></ul></ul><ul><ul><ul><ul><li>Do we conduct additional data gathering or follow other additional customer identification procedures concerning loan applicants based on applicant’s citizenship (e.g., if the applicant is from Yemen)? </li></ul></ul></ul></ul>
  16. 16. Patriot Act <ul><ul><li>3/6/03 Industry Meeting with Treasury </li></ul></ul><ul><ul><li>Treasury’s Response - focused on anti-$$ laundering </li></ul></ul><ul><ul><ul><ul><li>What % of loan disbursements are made using individual check? What % of individual disbursement checks are delivered to the school? </li></ul></ul></ul></ul><ul><ul><ul><ul><li>What % of loan checks are made copayable to the borrower and the school? </li></ul></ul></ul></ul><ul><ul><ul><ul><li>When sending disbursements to a school via EFT the first time (i.e., for a new school customer), are steps taken to verify that the school account is actually owned by the school? Do we periodically verify the school account information? </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Do we monitor early large prepayments and the source of prepayment? E.g., Foreign wires? </li></ul></ul></ul></ul>
  17. 17. Patriot Act <ul><ul><li>3/6/03 Industry Meeting with Treasury </li></ul></ul><ul><ul><li>Treasury’s Response - focused on anti-$$ laundering </li></ul></ul><ul><ul><ul><ul><li>When purchasing loans on the secondary market from another lender for the first time, what due diligence is performed to understand the selling lender’s anti-money laundering program? </li></ul></ul></ul></ul><ul><ul><ul><ul><li>If there’s an ongoing purchase arrangement with another lender, does the purchaser periodically review the seller’s anti-money laundering program?  </li></ul></ul></ul></ul><ul><ul><ul><li>Urged a “best practices” approach to anti-$$ laundering (i.e., “Know Your Customer”) </li></ul></ul></ul>
  18. 18. Patriot Act <ul><ul><li>3/6/03 Industry Meeting with Treasury </li></ul></ul><ul><ul><li>Treasury input at meeting and in subsequent e-mail: “Based on our discussion, it sounds like many of the things that you already do have a beneficial effect with respect to money laundering risks.” </li></ul></ul><ul><ul><li>Same “beneficial effect” should apply to CIP compliance. </li></ul></ul>
  19. 19. Telemarketing Sales Rule <ul><li>Final “Amended” Rule issued 1/29/03 </li></ul><ul><li>Relevant Provisions for Student Lending: </li></ul><ul><ul><li>Central ‘‘do not-call’’ registry </li></ul></ul><ul><ul><ul><li>Supplements current company specific ‘‘do-not-call’’ provision </li></ul></ul></ul><ul><ul><ul><li>Allows a consumer to stop telemarketing calls on behalf of all companies within the FTC’s jurisdiction by placing his/her telephone number on the registry. </li></ul></ul></ul><ul><ul><ul><ul><li>Telemarketing calls : calls to solicit goods & services. </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Neither company-specific list nor nationwide registry prevents calls to consumer to administer or service an account. </li></ul></ul></ul></ul>
  20. 20. Telemarketing Sales Rule <ul><li>Relevant Provisions for Student Lending: </li></ul><ul><ul><li>“ Established business relationship”exception – Cannot stop telemarketing calls when consumer has established business relationship with company on whose behalf the call is made, unless consumer has asked to be on company-specific do-not-call list. </li></ul></ul><ul><ul><ul><li>A relationship between a seller & a consumer based on: </li></ul></ul></ul><ul><ul><ul><ul><li>… a financial transaction between the consumer and seller within 18 months immediately preceding the date of a telemarketing call, or </li></ul></ul></ul></ul><ul><ul><ul><ul><li>the consumer’s inquiry or application regarding a product or service offered by the seller, within the three (3) months immediately preceding the date of a telemarketing call. </li></ul></ul></ul></ul>
  21. 21. Telemarketing Sales Rule <ul><li>Relevant Provisions for Student Lending: </li></ul><ul><ul><li>‘‘ Established business relationship’’exception </li></ul></ul><ul><ul><ul><li>Financial transaction within 18 months of telemarketing call measured from “ the date of the last payment or transaction, not from the first payment.” </li></ul></ul></ul><ul><ul><ul><ul><li>Clearly applies to last actual payment </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Last scheduled payment? = final activity known and agreed-upon at beginning of ongoing financial relationship. Important per extended in-school periods or deferrals. </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Continuing activities that indicate current, ongoing relationship: payments, interest accrual, interest billing notices, acceptance of financial benefits from federal government. </li></ul></ul></ul></ul>
  22. 22. Telemarketing Sales Rule <ul><li>Relevant Provisions for Student Lending: </li></ul><ul><ul><li>‘‘ Established business relationship’’exception </li></ul></ul><ul><ul><ul><li>Applicable to Affiliates? </li></ul></ul></ul><ul><ul><ul><ul><li>Affiliates will fall within the exemption only to extent that the consumer would reasonably expect the affiliate to be included given the nature and type of goods or services offered and the identity of the affiliate. </li></ul></ul></ul></ul><ul><ul><ul><ul><li>The consumer’s expectations of receiving the call from the affiliate are the measure against which the breadth of the exemption must be judged. </li></ul></ul></ul></ul>
  23. 23. Telemarketing Sales Rule <ul><li>Relevant Provisions for Student Lending: </li></ul><ul><ul><li>Do-not-call Registry: </li></ul></ul><ul><ul><ul><li>President signed the Omnibus appropriations bill into law, providing funding to allow the Federal Trade Commission to begin to develop the national Do Not Call registry. </li></ul></ul></ul><ul><ul><ul><li>Consumers will have the opportunity to sign up for the registry sometime this summer, and the registry should be fully functional and available to telemarketers by September. </li></ul></ul></ul>
  24. 24. Telemarketing Sales Rule <ul><li>Relevant Provisions for Student Lending Effective 3/31/03 : </li></ul><ul><ul><li>Permits consumers who have put their numbers on the national “do-not call” registry to provide permission to call to any specific seller by an express written agreement </li></ul></ul><ul><ul><li>Telemarketers must disclose a variety of information, including identity of seller, that purpose of call is to sell goods or services, & nature of goods or services </li></ul></ul><ul><ul><li>Prohibits disclosing or receiving, for consideration, unencrypted consumer account numbers for use in telemarketing, except when the disclosure or receipt is to process a payment for goods or services or a charitable contribution pursuant to a transaction </li></ul></ul>
  25. 25. Telemarketing Sales Rule <ul><li>Relevant Provisions for Student Lending Effective 3/31/03 : </li></ul><ul><ul><li>Prohibits telemarketers from abandoning any outbound telephone call, and provides safe harbor from liability if telemarketer: </li></ul></ul><ul><ul><ul><li>abandons no more than 3% of all calls answered by a person; </li></ul></ul></ul><ul><ul><ul><li>allows the telephone to ring for 15 seconds or 4 rings; </li></ul></ul></ul><ul><ul><ul><li>whenever a sales representative is unavailable within 2 seconds of a person’s answering the call, plays a recorded message stating the name and telephone number of the seller on whose behalf the call was placed; & </li></ul></ul></ul><ul><ul><ul><li>maintains records documenting compliance. </li></ul></ul></ul>
  26. 26. Telemarketing Sales Rule <ul><li>Relevant Provisions for Student Lending Effective 3/31/03: </li></ul><ul><ul><li>Requires telemarketers to transmit the telephone number, and name, when available, of the telemarketer to any caller identification service ; </li></ul></ul><ul><ul><li>Prohibits denying or interfering in any way with a consumer’s right to be placed on a ‘‘do-not-call’’ list; </li></ul></ul><ul><ul><li>Clarifies that facsimile transmissions, electronic mail, and other similar methods of delivery are direct mail for purposes of the direct mail exemption . </li></ul></ul>
  27. 27. State Privacy Developments <ul><li>CA SB 1 (Speier) “Opt-in” Law </li></ul><ul><ul><li>Reintroduced 12/2/02 </li></ul></ul><ul><ul><li>Passed Senate Judiciary Committee and passed the Senate on March 3 rd . Bill has been sent to the Assembly. </li></ul></ul><ul><ul><li>Speier’s fourth attempt at enacting state financial privacy legislation that would be more restrictive than GLBA. </li></ul></ul>
  28. 28. State Privacy Developments <ul><li>CA SB 1 (Speier) “Opt-in” Law </li></ul><ul><ul><li>Bill would provide consumers with specified notice and choices on the sharing of their personal financial information by financial services companies. </li></ul></ul><ul><ul><ul><li>Requires an opt-in for non-affiliated 3rd parties </li></ul></ul></ul><ul><ul><ul><li>Requires opt-out for affiliated parties </li></ul></ul></ul>
  29. 29. State Privacy Developments <ul><li>SD HB 1085 – </li></ul><ul><ul><li>Introduced 1/24/03; passed Commerce Committee on 1/30/03 </li></ul></ul><ul><ul><li>Requires financial institution to obtain consent before sharing a consumer's personally identifiable information with nonaffiliated third parties. </li></ul></ul><ul><li>State “opt-in” initiatives blueprint for federal legislation? </li></ul><ul><ul><li>Financial Services Roundtable’s new privacy task force proposal tracks CA SB 1/SD HB 1085. </li></ul></ul>
  30. 30. State Privacy Developments <ul><li>MO SB 61 (nearly identical to CA SB 168) </li></ul><ul><ul><li>02/03/03 - Hearing Conducted in Senate Judiciary & Civil & Criminal </li></ul></ul><ul><ul><li>No private individual or entity shall: </li></ul></ul><ul><ul><ul><li>Intentionally communicate or otherwise make available to the general public in any manner an individual' s SSN; </li></ul></ul></ul><ul><ul><ul><li>Print an individual's SSN on any card required for the individual to access products or services provided by the person or entity; </li></ul></ul></ul><ul><ul><ul><li>Require an individual to disclose his or her SSN to enter into a commercial transaction; </li></ul></ul></ul>
  31. 31. State Privacy Developments <ul><li>MO SB 61 (nearly identical to CA SB 168) </li></ul><ul><ul><li>Require an individual to transmit his or her SSN over the Internet unless the connection is secure or the SSN is encrypted; </li></ul></ul><ul><ul><li>Require an individual to use his or her SSN to access an Internet Web site; </li></ul></ul><ul><ul><li>Print an individual's SSN on any materials that are mailed to the individual </li></ul></ul>
  32. 32. State Privacy Developments <ul><li>Identity Theft </li></ul><ul><ul><li>CA SB 168 </li></ul></ul><ul><ul><ul><li>New Credit Bureau Requirements: Credit bureaus must offer consumers the ability to freeze their credit files and to &quot;thaw&quot; them with a special PIN (online or by phone) when they want to apply for credit themselves. </li></ul></ul></ul><ul><ul><ul><li>Lenders cannot check credit history on frozen account (absent consumer use of PIN to “thaw” account). </li></ul></ul></ul>
  33. 33. State Privacy Developments <ul><li>Identity Theft </li></ul><ul><ul><li>CA SB 168 </li></ul></ul><ul><ul><ul><li>The three major credit bureaus, Equifax, Experian and Trans Union, have the same general process for using the new freeze and thaw. </li></ul></ul></ul><ul><ul><ul><li>Account can be “thawed” by consumer for a specific creditor and for specific date range. Cost applies to “thaw”. </li></ul></ul></ul><ul><ul><ul><li>There is no charge to “freeze” for identity theft victims who have a police report of identity theft, but others will be charged. </li></ul></ul></ul>
  34. 34. State Privacy Developments <ul><li>Identity Theft </li></ul><ul><ul><li>CA AB 655. Effective 7/1/02. </li></ul></ul><ul><ul><ul><li>Requires users of credit reports to: </li></ul></ul></ul><ul><ul><ul><ul><li>Resolve address discrepancies before funding a loan . </li></ul></ul></ul></ul><ul><ul><ul><ul><li>M ust take reasonable steps to verify - - to a reasonable degree of certainty - - an applicant's address if addresses on credit application and credit report vary. </li></ul></ul></ul></ul>
  35. 35. State Privacy Developments <ul><li>Identity Theft </li></ul><ul><ul><li>CA AB 655. </li></ul></ul><ul><ul><ul><li>Requires users of credit reports to: </li></ul></ul></ul><ul><ul><ul><ul><li>Resolve security alerts in credit report before funding a loan (i.e. credit report contains a clearly identifiable notification, consisting of more than a tradeline, that information in the report has been blocked as the result of an identity theft). </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Must not lend money without taking reasonable steps to verify the consumer's identity and to confirm that the credit transaction is not the result of identity theft. </li></ul></ul></ul></ul>
  36. 36. State Privacy Developments <ul><li>Identity Theft </li></ul><ul><ul><li>CA AB 655. </li></ul></ul><ul><ul><ul><li>Lender cannot sell a loan (affiliate exception) </li></ul></ul></ul><ul><ul><ul><ul><li>with security freeze on credit bureau profile or </li></ul></ul></ul></ul><ul><ul><ul><ul><li>in the event the consumer has provided sufficient information in writing that the consumer is not obligated to pay the debt because she is identity theft victim. </li></ul></ul></ul></ul><ul><ul><ul><ul><ul><li>Creditor’s obligation arises where written information gives creditor reasonable grounds to determine that statement of identity theft is not frivolous. </li></ul></ul></ul></ul></ul>
  37. 37. State Privacy Developments <ul><li>Identity Theft </li></ul><ul><ul><li>Proposed CA SB 25 Introduced 12/2/02 </li></ul></ul><ul><ul><ul><li>Provides that any person who uses a consumer credit report in connection with the approval of specified credit transactions may not extend credit or complete the transaction without taking reasonable steps to verify the applicant's identity. </li></ul></ul></ul><ul><ul><ul><li>The bill would also extend the existing private-sector ban on the public posting or display of Social Security numbers to state and local agencies. </li></ul></ul></ul>