IBA Compliance Connection

Your go to source for compliance!

How long should we keep mail returned as undeliverable, such as privacy notices and bank statements?

by

admin

Disclaimer: The Electronic Commerce Security Act (ECSA) was repealed and replaced with the Uniform Electronic Transaction Act (UETA), effective June 25, 2021. Please note that this change may affect the continued accuracy of this guidance as it pertains to the ECSA.

We are unaware of any recordkeeping requirements for mail that has been sent to customers and returned as undeliverable.

While we do not believe you are required to retain undelivered mail per se, there are of course various recordkeeping requirements that may apply to the contents of the returned mail. Examples include adverse action letters sent pursuant to Regulation B and privacy notices sent pursuant to Regulation P, among others. However, records of these may be retained in electronic form, and in our view, also maintaining contemporaneous records of the dates and content of the returned mail (which can be reproduced along with a copy of the record that has been retained electronically) should be sufficient to establish compliance with any applicable notice or other delivery requirements.

We do note that some banking-related message boards on the Internet contain discussions arguing that undelivered mail involves a risk that it “may fall into the wrong hands.” While we would never question any serious discussion of risk, we fail to see any unique risk inherent in retaining returned undelivered mail as part of the bank’s records, as presumably it would be accorded the same safeguards as other bank records.

For resources related to our guidance, please see:

  • Regulation B, 12 CFR 1002.12(b)(1) (“For 25 months (12 months for business credit, except as provided in paragraph (b)(5) of this section) after the date that a creditor notifies an applicant of action taken on an application or of incompleteness, the creditor shall retain in original form or a copy thereof: Any application that it receives, any information required to be obtained concerning characteristics of the applicant to monitor compliance with the Act and this part or other similar law, and any other written or recorded information used in evaluating the application and not returned to the applicant at the applicant's request; A copy of the following documents if furnished to the applicant in written form (or, if furnished orally, any notation or memorandum made by the creditor): The notification of action taken; and The statement of specific reasons for adverse action; and Any written statement submitted by the applicant alleging a violation of the Act or this part.”)
  • Regulation B, 12 CFR 1002.12(b)(5) (“With regard to a business that had gross revenues in excess of $1 million in its preceding fiscal year, or an extension of trade credit, credit incident to a factoring agreement, or other similar types of business credit, the creditor shall retain records for at least 60 days after notifying the applicant of the action taken. If within that time period the applicant requests in writing the reasons for adverse action or that records be retained, the creditor shall retain records for 12 months.”)

  • Regulation P, 12 CFR 1016.9(e)(1)  For customers only, you must provide the initial notice required by § 1016.4(a)(1), the annual notice required by § 1016.5(a), and the revised notice required by § 1016.8 so that the customer can retain them or obtain them later in writing or, if the customer agrees, electronically.”)

  • Electronic Signatures in Global and National Commerce (ESIGN) Act, 15 USC 7001(a)(1) (“Notwithstanding any statute, regulation, or other rule of law (other than this subchapter and subchapter II), with respect to any transaction in or affecting interstate or foreign commerce — (1) a signature, contract, or other record relating to such transaction may not be denied legal effect, validity, or enforceability solely because it is in electronic form . . . .”)

  • Financial Institutions Electronic Documents and Digital Signature Act, 205 ILCS 705/10(a) (“If in the regular course of business, a financial institution possesses, records, or generates any document, representation, image, substitute check, reproduction, or combination thereof . . . that accurately reproduces, comprises, or records the agreement, transaction, act, occurrence, or event . . . [it] shall have the same force and effect under the laws of this State as one comprised, recorded, or created on paper or other tangible form by writing, typing, printing, or similar means.”)

  • Electronic Commerce Security Act, 5 ILCS 175/5-110 (“Information, records, and signatures shall not be denied legal effect, validity, or enforceability solely on the grounds that they are in electronic form.”)

  • Electronic Commerce Security Act, 5 ILCS 175/5-115(b)(2) (“Where a rule of law requires information to be ‘written’ or ‘in writing’, or provides for certain consequences if it is not, an electronic record satisfies that rule of law . . . The provisions of this Section shall not apply to any rule of law governing the creation or execution of a will or trust, living will, or healthcare power of attorney . . . .”)