IBA Compliance Connection

Your go to source for compliance!

We received a message through the Social Security Administration (SSA)’s online system asking us to verify whether an individual has a deposit account with us. The individual is a customer of ours, but we are not sure whether we should disclose this information. The SSA’s message says that our customer has consented to the release of this information in accordance with the Right to Financial Privacy Act, but the customer’s signature is not included. Instead, the SSA’s message states that our customer’s signature is on file.

by

admin

We do not recommend disclosing the fact that your customer has a deposit account with your bank without receiving a signed and dated statement from your customer authorizing the disclosure that complies with the Right to Financial Privacy Act’s requirements.

The Right to Financial Privacy Act prohibits federal government authorities from accessing information contained in financial records of financial institution customers, unless the federal governmental authority meets certain requirements. A customer’s authorization of the release of financial records must consist of a signed and dated statement that: (1) authorizes the disclosure for a period not exceeding three months, (2) states that the customer may revoke their authorization any time before the records are disclosed, (3) identifies the financial records for which they are authorizing disclosure, (4) specifies the purpose for which and the government authority to which the records may be disclosed, and (5) states the customer’s rights under the Right to Financial Privacy Act.

We do not believe the SSA's message stating that your customer has authorized your bank to verify whether they have a deposit account would meet the Right to Financial Privacy Act’s requirements for a signed and dated customer authorization. We recommend requesting that the SSA provide a signed and dated statement from your customer meeting the Right to Financial Privacy Act’s requirements before verifying that they have an account with your bank.

For resources related to our guidance, please see:

  • Right to Financial Privacy Act, 12 USC 3402 (“Except as provided by section 3403(c) or (d), 3413, or 3414 of this title, no Government authority may have access to or obtain copies of, or the information contained in the financial records of any customer from a financial institution unless the financial records are reasonably described and — (1) such customer has authorized such disclosure in accordance with section 3404 of this title.”)
  • Right to Financial Privacy Act, 12 USC 3401(2) (“‘Financial record’ means an original of, a copy of, or information known to have been derived from, any record held by a financial institution pertaining to a customer’s relationship with the financial institution.”)
  • Right to Financial Privacy Act, 12 USC 3404 (“A customer may authorize disclosure under section 3402(1) of this title if he furnishes to the financial institution and to the Government authority seeking to obtain such disclosure a signed and dated statement which—
  • (1) authorizes such disclosure for a period not in excess of three months;
  • (2) states that the customer may revoke such authorization at any time before the financial records are disclosed;
  • (3) identifies the financial records which are authorized to be disclosed;
  • (4) specifies the purposes for which, and the Government authority to which, such records may be disclosed; and
  • (5) states the customer’s rights under this chapter.”)