What disclosures are we required to make available on our bank’s website?

Below is a non-exhaustive list of the disclosures and notices that you may choose to post or may be required to post on your bank’s website. This list may be incomplete depending on the products and services you offer or advertise on your website, some of which may trigger additional disclosure requirements. 

Privacy Notices

The Gramm–Leach–Bliley Act (GLBA) generally requires financial institutions to provide initial privacy policy disclosures to new customers and to send annual privacy notices to all customers (unless the institution qualifies for an exemption to the annual notice requirement). For consumers who conduct transactions electronically, a financial institution can post an initial privacy notice “on the electronic site and require the consumer to acknowledge receipt of the notice as a necessary step to obtaining a particular financial product or service.” Institutions also may provide the annual privacy notice to customers who have agreed to receive notices at the website by posting their “current privacy notice continuously in a clear and conspicuous manner on the website.” However, you are not required to post privacy notices on your website if you provide them in another form in compliance with Regulation P’s notice requirements.

Logos — Member FDIC, Equal Housing Lender

The FDIC’s Advertisement of Membership rule generally requires banks to include the “Member FDIC” or “Member of FDIC” statement in advertisements, defined as “a commercial message, in any medium, that is designed to attract public attention or patronage to a product or business.” In 2020, the FDIC issued an Advisory Opinion (not currently available on the FDIC’s website) declaring that the “Member FDIC” statement should appear on any website page “that touts either the bank itself or one of its products or services.”

Similarly, the FDIC’s Fair Housing Act regulations require that a copy of the “Equal Housing Lender” or “Equal Housing Opportunity” logotype be prominently indicated in “any form of advertising of any loan for the purpose of purchasing, constructing, improving, repairing, or maintaining a dwelling or any loan secured by a dwelling . . . in a manner appropriate to the advertising medium and format utilized.” Consequently, we recommend posting the “Equal Housing Lender” or “Equal Housing Opportunity” logo on any page of your website that advertises or provides information on dwelling-related loan products.

Illinois Community Reinvestment Act

As an Illinois-charted bank, you are a “covered financial institution” under the Illinois Community Reinvestment Act. As such, you are required to post a “State of Illinois Community Reinvestment Notice” in the public lobby of each of your offices and on your website.

Although the federal Community Reinvestment Act (CRA) requires banks to post a CRA notice in the public lobby of their main office and in each of their branches, we are not aware of a similar requirement to post the CRA notice on bank websites.

Savings Account Openings

The Truth in Savings Act requires depository institutions to provide consumers opening deposit accounts with disclosures about the account’s interest rate and fees. Regulation DD provides that when a consumer uses electronic means, such as a website, to open an account or request a service, the required disclosures must be provided before an account is opened or a service is provided.

These disclosures may be provided on your website if the consumer consents to receiving electronic disclosures in accordance with the federal E-Sign Act. Also, if a consumer requests account disclosures and is not present at your institution, you may deliver them by mail or electronically if the consumer agrees, “without regard to the consumer consent or other provisions of the E-Sign Act.” However, your bank is not required to provide the disclosures electronically if you provide them in another form.

Credit Card Agreements

If your bank is a “card issuer” under Regulation Z (meaning a consumer is legally obligated to your bank under the terms of a credit card agreement), you must post and maintain the credit card agreements you are required to send to the CFPB on your website. These agreements generally include the credit card agreements you offer to the public that are not eligible for an exception to the CFPB submission requirement, such as the de minimus exception for issuers of “fewer than 10,000 open credit card accounts as of the last business day of the calendar quarter.”

Online Applications for Adjustable-Rate Mortgages

Under Regulation Z, if a lender allows a consumer to apply for an adjustable-rate mortgage loan online, the creditor must provide the required disclosures for variable rate transactions in electronic form, “such as with the application form on its Web site.”

For resources related to our guidance, please see:

  • Regulation P, 12 CFR 1016.4(a) (“You must provide a clear and conspicuous notice that accurately reflects your privacy policies and practices to:

(1) Customer. An individual who becomes your customer, not later than when you establish a customer relationship, except as provided in paragraph (e) of this section; and

(2) Consumer. A consumer, before you disclose any nonpublic personal information about the consumer to any nonaffiliated third party, if you make such a disclosure other than as authorized by §§ 1016.14 and 1016.15 of this part.”)

  • Regulation P, 12 CFR 1016.5(a)(1) (“Except as provided by paragraph (e) of this section, you must provide a clear and conspicuous notice to customers that accurately reflects your privacy policies and practices not less than annually during the continuation of the customer relationship. Annually means at least once in any period of 12 consecutive months during which that relationship exists. You may define the 12-consecutive-month period, but you must apply it to the customer on a consistent basis.”)
  • Regulation P, 12 CFR 1016.5(e)(1) (“Exception to annual privacy notice requirement. (1) When exception available. You are not required to deliver an annual privacy notice if you:

(i) Provide nonpublic personal information to nonaffiliated third parties only in accordance with the provisions of § 1016.13, § 1016.14, or § 1016.15; and

(ii) Have not changed your policies and practices with regard to disclosing nonpublic personal information from the policies and practices that were disclosed to the customer under § 1016.6(a)(2) through (5) and (9) in the most recent privacy notice provided pursuant to this part.”)

  • Regulation P, 12 CFR 1016.9(a) (“You must provide any privacy notices and opt out notices, including short-form initial notices, that this part requires so that each consumer can reasonably be expected to receive actual notice in writing or, if the consumer agrees, electronically.”)
  • Regulation P, 12 CFR 1016.9(b)(1) (“You may reasonably expect that a consumer will receive actual notice if you:

                                                            *     *     *     *     *

(iii) For the consumer who conducts transactions electronically:

     (A) In the case of financial institutions other than those described in § 1016.3(l)(3)
     of this part, post the notice on the electronic site and require the consume
     to acknowledge receipt of the notice as a necessary step to obtaining a particular
     financial product or service; or

     (B) In the case of financial institutions described in § 1016.3(l)(3), clearly and
     conspicuously post the notice on the electronic site and require the consumer to
     acknowledge receipt of the notice as a necessary step to obtaining a particular
     financial product or service;

(iv) For an isolated transaction with the consumer, such as an ATM transaction, post the notice on the ATM screen and require the consumer to acknowledge receipt of the notice as a necessary step to obtaining the particular financial product or service.”)

  • Regulation P, 12 CFR 1016.9(c) (“You may reasonably expect that a customer will receive actual notice of your annual privacy notice if:

(1) The customer uses your website to access financial products and services electronically and agrees to receive notices at the website, and you post your current privacy notice continuously in a clear and conspicuous manner on the website

(2) The customer has requested that you refrain from sending any information regarding the customer relationship, and your current privacy notice remains available to the customer upon request.”)

  • FDIC Advertisement of Membership Rules, 12 CFR 328.3(c)(1) (“Except as provided in § 328.3(d), each insured depository institution shall include the official advertising statement prescribed in § 328.3(b) in all advertisements that either promote deposit products and services or promote non-specific banking products and services offered by the institution. For purposes of this § 328.3, an advertisement promotes non-specific banking products and services if it includes the name of the insured depository institution but does not list or describe particular products or services offered by the institution. An example of such an advertisement would be, ‘Anytown Bank, offering a full range of banking services.’”)
  • FDIC Advertisement of Membership Rules, 12 CFR 328.3(a) (“The term ‘advertisement,’ as used in this subpart, shall mean a commercial message, in any medium, that is designed to attract public attention or patronage to a product or business.”)
  • FDIC Advisory Opinion, FDIC 00-10 — Whether the Rules Regarding the Use of the FDIC Logo Apply to Insured Institution Web Sites (November 3, 2000) (“Is the official advertising statement required on X's transactional Internet banking pages? . . . we do not consider web pages that allow customers to conduct transactions or review statements and contain no other information to be advertisements. Thus, the official advertising statement is not required on such web pages. However, a transactional web page that also includes information touting either the bank or one of its products or services would be an advertisement. As an advertisement it would require the official advertising statement, unless it was subject to one of the exceptions to the requirement under section 328.3(c).”) [The FDIC has informed the IBA that it has removed all of its advisory opinions from its website due to a high risk of staleness. We have provided links to archived versions of the advisory opinions for your convenience. If you have a question about an advisory opinion, the FDIC recommends that you contact your FDIC Field Office, which you can find by clicking here.]
  • FDIC Fair Housing Act Regulations, 12 CFR 338.3(a)(1) (“Any FDIC-supervised institution which directly or through third parties engages in any form of advertising of any loan for the purpose of purchasing, constructing, improving, repairing, or maintaining a dwelling or any loan secured by a dwelling shall prominently indicate in such advertisement, in a manner appropriate to the advertising medium and format utilized, that the bank makes such loans without regard to race, color, religion, national origin, sex, handicap, or familial status.

(1) With respect to written and visual advertisements, this paragraph (a) may be satisfied by including in the advertisement a copy of the logotype with the Equal Housing Lender legend contained in the Equal Housing Lender poster prescribed in § 338.4(b) or a copy of the logotype with the Equal Housing Opportunity legend contained in the Equal Housing Opportunity poster prescribed in 24 CFR 110.25(a) of the United States Department of Housing and Urban Development’s regulations.”)

  • Illinois CRA, 205 ILCS 735/5 (“‘Covered financial institution’ means a bank chartered under the Illinois Banking Act, a savings bank chartered under the Illinois Savings Bank Act, a credit union incorporated under the Illinois Credit Union Act, an entity licensed under the Illinois Residential Mortgage License Act of 1987 which lent or originated 50 or more residential mortgage loans in the previous calendar year, and any other financial institution under the jurisdiction of the Department as designated by rule by the Secretary.”)
  • Illinois CRA, 205 ILCS 735/35-20 (“Each covered financial institution shall provide, in the public lobby of each of its offices, if any, and on its website, a public notice that is substantially similar to the following:

STATE OF ILLINOIS COMMUNITY REINVESTMENT NOTICE

The Department of Financial and Professional Regulation (Department) evaluates our performance in meeting the financial services needs of this community, including the needs of low-income to moderate-income households. The Department takes this evaluation into account when deciding on certain applications submitted by us for approval by the Department. Your involvement is encouraged. You may obtain a copy of our evaluation. You may also submit signed, written comments about our performance in meeting community financial services needs to the Department.”)

  • IDFPR, Illinois Community Reinvestment Act Supervisory Statement (May 5, 2021) (“[T]he Division of Banking (DOB) has yet to issue evaluations for DOB covered financial institutions. Accordingly, while this Statement remains in effect, DOB will consider the following notice substantially similar to the notice shown above:

‘STATE OF ILLINOIS COMMUNITY REINVESTMENT NOTICE

The Department of Financial and Professional Regulation (Department) evaluates our performance in meeting the financial services needs of this community, including the needs of low-income to moderate-income households. The Department takes this evaluation into account when deciding on certain applications submitted by us for approval by the Department. Your involvement is encouraged. You may obtain a copy of our evaluation once the Department completes our first evaluation. You may also submit signed, written comments about our performance in meeting community financial services needs to the Department. We will update this notice when our first evaluation has been issued.’”)

  • FDIC CRA Regulations, 12 CFR 345.44 (“A bank shall provide in the public lobby of its main office and each of its branches the appropriate public notice set forth in Appendix B of this part.”)
  • FDIC CRA Regulations, 12 CFR 345, Appendix B, CRA Notice
  • Truth in Savings Act, 12 USC 4301(b) (“It is the purpose of this chapter to require the clear and uniform disclosure of (1) the rates of interest which are payable on deposit accounts by depository institutions; and (2) the fees that are assessable against deposit accounts, so that consumers can make a meaningful comparison between the competing claims of depository institutions with regard to deposit accounts.”)

(i) General. A depository institution shall provide account disclosures to a consumer before an account is opened or a service is provided, whichever is earlier. An institution is deemed to have provided a service when a fee required to be disclosed is assessed. Except as provided in paragraph (a)(1)(ii) of this section, if the consumer is not present at the institution when the account is opened or the service is provided and has not already received the disclosures, the institution shall mail or deliver the disclosures no later than 10 business days after the account is opened or the service is provided, whichever is earlier.”)

(ii) Timing of electronic disclosures. If a consumer who is not present at the institution uses electronic means (for example, an Internet Web site) to open an account or request a service, the disclosures required under paragraph (a)(1) of this section must be provided before the account is opened or the service is provided.”)

  • Regulation DD, 12 CFR 1030.3 (a) (“Depository institutions shall make the disclosures required by §§ 1030.4 through 1030.6 of this part, as applicable, clearly and conspicuously, in writing, and in a form the consumer may keep. The disclosures required by this part may be provided to the consumer in electronic form, subject to compliance with the consumer consent and other applicable provisions of the Electronic Signatures in Global and National Commerce Act (E-Sign Act) (15 U.S.C. 7001 et seq.). The disclosures required by §§ 1030.4(a)(2) and 1030.8 may be provided to the consumer in electronic form without regard to the consumer consent or other provisions of the E-Sign Act in the circumstances set forth in those sections. Disclosures for each account offered by an institution may be presented separately or combined with disclosures for the institution's other accounts, as long as it is clear which disclosures are applicable to the consumer’s account.”)
  • E-Sign Act, 15 USC 7001(c)(1) (“Notwithstanding subsection (a), if a statute, regulation, or other rule of law requires that information relating to a transaction or transactions in or affecting interstate or foreign commerce be provided or made available to a consumer in writing, the use of an electronic record to provide or make available (whichever is required) such information satisfies the requirement that such information be in writing if

(A) the consumer has affirmatively consented to such use and has not withdrawn such consent;

(B) the consumer, prior to consenting, is provided with a clear and conspicuous statement . . .

(C) the consumer (i) prior to consenting, is provided with a statement of the hardware and software requirements for access to and retention of the electronic records; and (ii) consents electronically, or confirms his or her consent electronically, in a manner that reasonably demonstrates that the consumer can access information in the electronic form that will be used to provide the information that is the subject of the consent; . . .”)

  • Regulation DD, 12 CFR 1030.4(a)(2)(i) (“A depository institution shall provide account disclosures to a consumer upon request. If a consumer who is not present at the institution makes a request, the institution shall mail or deliver the disclosures within a reasonable time after it receives the request and may provide the disclosures in paper form, or electronically if the consumer agrees.”)
  • Regulation DD, Official Interpretations, Paragraph 4(a)(2)(i), Comment 4 (“Use of electronic means. If a consumer who is not present at the institution makes a request for account disclosures, including a request made by telephone, email, or via the institution’s Web site, the institution may send the disclosures in paper form or, if the consumer agrees, may provide the disclosures electronically, such as to an email address that the consumer provides for that purpose, or on the institution’s Web site, without regard to the consumer consent or other provisions of the E-Sign Act. The regulation does not require an institution to provide, nor a consumer to agree to receive, the disclosures required by § 1030.4(a)(2) in electronic form.”)
  • Regulation Z, 12 CFR 1026.58(a) (“The requirements of this section apply to any card issuer that issues credit cards under a credit card account under an open-end (not home-secured) consumer credit plan.”)
  • Regulation Z, 12 CFR 1026.58(b)(4) (“For purposes of this section, ‘card issuer’ or ‘issuer’ means the entity to which a consumer is legally obligated, or would be legally obligated, under the terms of a credit card agreement.”)
  • Regulation Z, 12 CFR 1026.58(b)(1) (“For purposes of this section, ‘agreement’ or ‘credit card agreement’ means the written document or documents evidencing the terms of the legal obligation, or the prospective legal obligation, between a card issuer and a consumer for a credit card account under an open-end (not home-secured) consumer credit plan. ‘Agreement’ or ‘credit card agreement’ also includes the pricing information, as defined in § 1026.58(b)(7).”)
  • Regulation Z, 12 CFR 1026.58(d)(1) (“Except as provided below, a card issuer must post and maintain on its publicly available Web site the credit card agreements that the issuer is required to submit to the Bureau under § 1026.58(c). With respect to an agreement offered solely for accounts under one or more private label credit card plans, an issuer may fulfill this requirement by posting and maintaining the agreement in accordance with the requirements of this section on the publicly available Web site of at least one of the merchants at which credit cards issued under each private label credit card plan with 10,000 or more open accounts may be used.”)
  • Regulation Z, 12 CFR 1026.58(c)(1) (“A card issuer must make quarterly submissions to the Bureau, in the form and manner specified by the Bureau. Quarterly submissions must be sent to the Bureau no later than the first business day on or after January 31, April 30, July 31, and October 31 of each year. Each submission must contain:

(i) Identifying information about the card issuer and the agreements submitted, including the issuer's name, address, and identifying number (such as an RSSD ID number or tax identification number);

(ii) The credit card agreements that the card issuer offered to the public as of the last business day of the preceding calendar quarter that the card issuer has not previously submitted to the Bureau;

(iii) Any credit card agreement previously submitted to the Bureau that was amended during the preceding calendar quarter and that the card issuer offered to the public as of the last business day of the preceding calendar quarter, as described in § 1026.58(c)(3); and

(iv) Notification regarding any credit card agreement previously submitted to the Bureau that the issuer is withdrawing, as described in § 1026.58(c)(4), (c)(5), (c)(6), and (c)(7).”)

  • Regulation Z, 12 CFR 1026.58(c)(5) (“De minimis exception. (i) A card issuer is not required to submit any credit card agreements to the Bureau if the card issuer had fewer than 10,000 open credit card accounts as of the last business day of the calendar quarter. . . .”)
  • Regulation Z, 12 CFR 1026.58(c)(6) (“Private label credit card exception. (i) A card issuer is not required to submit to the Bureau a credit card agreement if, as of the last business day of the calendar quarter, the agreement: (A) Is offered for accounts under one or more private label credit card plans each of which has fewer than 10,000 open accounts; and (B) Is not offered to the public other than for accounts under such a plan. . . .”)
  • Regulation Z, 12 CFR 1026.58(c)(7) (“Product testing exception. (i) A card issuer is not required to submit to the Bureau a credit card agreement if, as of the last business day of the calendar quarter, the agreement:  (A) Is offered as part of a product test offered to only a limited group of consumers for a limited period of time;  (B) Is used for fewer than 10,000 open accounts; and  (C) Is not offered to the public other than in connection with such a product test. . . .”)
  • Regulation Z, 12 CFR 1026.19(b) (“Certain variable-rate transactions. Except as provided in paragraph (d) of this section, if the annual percentage rate may increase after consummation in a transaction secured by the consumer’s principal dwelling with a term greater than one year, the following disclosures must be provided at the time an application form is provided or before the consumer pays a non-refundable fee, whichever is earlier (except that the disclosures may be delivered or placed in the mail not later than three business days following receipt of a consumer's application when the application reaches the creditor by telephone, or through an intermediary agent or broker) . . .”)
  • Regulation Z, Official Interpretations, Paragraph 1026.19(c), Comment 1(i) (“If a consumer accesses an ARM loan application electronically (other than as described under ii. below), such as online at a home computer, the creditor must provide the disclosures in electronic form (such as with the application form on its Web site) in order to meet the requirement to provide disclosures in a timely manner on or with the application. If the creditor instead mailed paper disclosures to the consumer, this requirement would not be met.”)