CA 16-3:
Revised Interagency Examination Procedures for Regulation P
OF THE FEDERAL RESERVE SYSTEM
WASHINGTON, D.C. 20551
DIVISION OF CONSUMER
AND COMMUNITY AFFAIRS
June 8, 2016
TO THE OFFICERS AND MANAGERS IN CHARGE OF CONSUMER AFFAIRS SECTIONS
Revised Interagency Examination Procedures for Regulation P
Applicability to Community Banking Organizations:This guidance applies to all state member banks supervised by the Federal Reserve, including those with total consolidated assets of $10 billion or less.
The Task Force on Consumer Compliance of the Federal Financial Institutions Examination Council recently developed the attached interagency examination procedures for Regulation P – Privacy of Consumer Financial Information. These revised examination procedures supersede the Regulation P interagency examination procedures transmitted with CA 15-7.
The revised examination procedures incorporate amendments made by section 75001 of the Fixing America’s Surface Transportation Act (FAST Act) to section 503 of the Gramm-Leach-Bliley Act (GLBA). GLBA section 503, which is implemented by Regulation P, generally requires a financial institution to provide annual notice to its customers of its policies and practices with respect to disclosing and protecting nonpublic personal information. Section 75001 was effective upon enactment on December 4, 2015 and establishes an exception to this annual privacy notice requirement.
Specifically, the exception in section 75001 applies to any financial institution that: (1) solely shares nonpublic personal information in accordance with the provisions of GLBA sections 502(b)(2) or 502(e) or regulations prescribed under GLBA section 504; and (2) has not changed its policies and practices with regard to disclosing nonpublic personal information since its most recent disclosure to its customers. Beginning on December 4, 2015, if a financial institution meets these conditions, it is not required to provide an annual privacy notice to its customers and, accordingly, should not be cited either for failing to provide an annual privacy notice or for providing an annual privacy notice using an improper delivery method.
Section 75001 does not affect the GLBA/Regulation P content and delivery requirements in cases where a financial institution is still required to provide annual notice of its privacy policies and practices to its customers.
If you have any questions, please contact Amal Patel, Senior Supervisory Consumer Financial Services Analyst, at (202) 912-7879, or Tim Robertson, Manager, at (202) 452-2565. In addition, questions may be sent via the Board’s public website.1
signed by
Carol A. Evans
Assistant Director
Division of Consumer
and Community Affairs
CA 15-7 “Revised Interagency Examination Procedures for Regulation P” (October 5, 2011)