IBA Compliance Connection

Your go to source for compliance!

We understand that the Illinois Banking Act’s privacy provisions apply to both consumer and commercial accounts. Does that mean that we have to send initial and annual privacy notices to all business accounts? We were told that FDIC examiners expect us to send privacy notices to commercial customers.

by

No, the Illinois Banking Act does not require you to provide initial or annual privacy notices to your commercial accountholders. As you noted, the Illinois Banking Act’s privacy provisions apply to both consumer and commercial customers. However, the Illinois law’s provisions do not include any initial or annual notice requirements (except in the context of providing notice of a subpoena, if applicable). The initial and annual privacy notice requirements arise under federal law, Regulation P, and those requirements apply only to consumer customers who are obtaining financial services for personal, family, or household purposes.

If you have a good relationship with your examiners, you may wish to push back on the expectation that you provide initial and annual privacy notices under Regulation P to commercial customers.

For resources related to our guidance, please see:

  • Illinois Banking Act, 205 ILCS 5/48.1 (Illinois law’s financial privacy provisions)
  • Regulation P, 12 CFR 1016.3(i) (“Customer means a consumer who has a customer relationship with you”) and (e) (“Consumer means an individual who obtains or has obtained a financial product or service from you that is to be used primarily for personal, family, or household purposes . . . ”)