IBA Compliance Connection

Your go to source for compliance!

We are a federal savings bank owned by a mid-tier holding company that is owned by a mutual holding company. All three entities have the same board members and officers. Do we need to list our holding companies as affiliates on our privacy notice if we do not share information with them?

by

No, we do not believe that you need to list your bank’s holding companies on your initial, annual, or revised privacy notices if you do not share information with them.

Under Regulation P, the holding companies that own your bank are considered your affiliates. However, if you “do not disclose, and do not wish to reserve the right to disclose, nonpublic personal information about customers or former customers to affiliates,” you may simply state that fact on the notice. If using the model privacy form, your bank make may insert “[name of financial institution] does not share with our affiliates” next to “Affiliates” in lieu of naming your affiliates.

For resources related to our guidance, please see:

  • Regulation P, 12 CFR 1016.6(c)(5) (“If you do not disclose, and do not wish to reserve the right to disclose, nonpublic personal information about customers or former customers to affiliates or nonaffiliated third parties except as authorized under §§ 1016.14 and 1016.15, you may simply state that fact, in addition to the information you must provide under paragraphs (a)(1), (a)(8), (a)(9), and (b) of this section.”)
  • Regulation P, Appendix — Model Privacy Form, Instructions (“As required by § 1016.6(a)(3) of this part, where [affiliate information] appears, the financial institution must: . . . (ii) If it has affiliates but does not share personal information, state: ‘[name of financial institution] does not share with our affiliates’; or . . .”)