Privacy Law Changes

Last week, President Obama signed into law a bundle of legislation referred to as the FAST Act. While the FAST Act was primarily a transportation bill, it did contain a number of provisions regarding the BSA Training and Banking Regulations Compliance Consulting amy11 - Privacy Law Changesfinancial services industry. One amendment of particular note interest relates to Section 503 of the Gramm-Leach-Bliley Act (GLBA). It states:

(f) EXCEPTION TO ANNUAL NOTICE REQUIREMENT.—A financial institution that—

(1) provides nonpublic personal information only in accordance with the provisions of subsection (b)(2) or (e) of section 502 or regulations prescribed under section 504(b), and (2) has not changed its policies and practices with regard to disclosing nonpublic personal information from the policies and practices that were disclosed in the most recent disclosure sent to consumers in accordance with this section, shall not be required to provide an annual disclosure under this section until such time as the financial institution fails to comply with any criteria described in paragraph (1) or (2).

In other words, this amendment eliminates the annual privacy notice requirement if you don’t share in a manner that requires an opt-out under GLBA AND requires banks to send out privacy disclosures only when their privacy policies and practices have changed.

While there is obviously no regulation as of yet, this law was effective on December 4, 2015. We are in the camp that the law is the law and you can take advantage of this immediately. If you do, keep in mind you may need to educate you examiners as we are hearing many haven’t even heard of this change in the law yet.

We plan to address this further in our January 2016 newsletter in a couple weeks.

Amy Kudlacek

Regulation P Updated – Finally

Finally!!  On August 10th, the CFPB announced it had finalized amendments to Regulation P.  And to think it only took a little under three years to get it done!  BSA Training and Banking Regulations Compliance Consulting amy11 - Regulation P Updated - Finally


Back in December 2015, we alerted you that President Obama signed the FAST Act into law, which effectively eliminated the annual privacy notice requirement for banks whose sharing practices:


  1. Do not require an opt-out under the Gramm-Leach-Bliley Act; and,
  2. Have not changed since the last time they sent their Privacy Notice.


Our advice to banks at the time was that the law is the law and they could begin to follow the FAST Act rules right away.  Many have and to our knowledge did not experience any difficulties with their examiners.  Others were a little hesitant to follow the law until a regulation was finalized.  Thankfully, the wait is over.


Amy Kudlacek