IBA Compliance Connection

Your go to source for compliance!

Are there any customer privacy issues if a state-chartered bank files a complaint containing customer information with the OCC about a national bank that is failing to cooperate in resolving a check fraud issue?

by

admin

No, we do not believe there would be privacy issues associated with sharing customer information with the OCC as part of a complaint about a national bank.

The financial privacy provisions in the Illinois Banking Act do not prohibit banks from furnishing financial records to any officer, employee, or agent of the OCC, Federal Reserve, or FDIC. Also, banks may disclose financial records “as necessary to protect against actual or potential fraud, unauthorized transactions, claims, or other liability.” Similarly, Regulation P contains an exception to its privacy requirements “[t]o protect against or prevent actual or potential fraud, unauthorized transactions, claims, or other liability.” We believe that sharing a customer’s information with the OCC in an effort to resolve a check fraud issue would fall under these exceptions. 

The IBA has published several resources on check fraud as part of a Check Fraud Toolkit, which includes a press release template, media talking points and consumer tips, infographics, and more. The IBA also has convened a Check Fraud Task Force to combat the growing threat of check fraud across the state. The task force meets regularly and is working to improve bank-to- bank processes for addressing fraud incidents, educate Illinois consumers on the dangers of check fraud, and engage law enforcement agencies. If your bank is concerned about check fraud and is interested in joining the IBA’s Check Fraud Task Force, please contact Ben Jackson at [email protected]

For resources related to our guidance, please see:

  • Illinois Banking Act, 205 ILCS 5/48.1(b) (“This Section does not prohibit: . . . (2) The examination of any financial records by, or the furnishing of financial records by a bank to, any officer, employee or agent of (i) the Commissioner of Banks and Real Estate, (ii) after May 31, 1997, a state regulatory authority authorized to examine a branch of a State bank located in another state, (iii) the Comptroller of the Currency, (iv) the Federal Reserve Board, or (v) the Federal Deposit Insurance Corporation for use solely in the exercise of his duties as an officer, employee, or agent.”) . . . (18) The disclosure of financial records or information as necessary to protect against actual or potential fraud, unauthorized transactions, claims, or other liability.”)
  • Regulation P, 12 CFR 1016.15(a)(2) (“The requirements for initial notice in § 1016.4(a)(2), for the opt out in §§ 1016.7 and 1016.10, and for service providers and joint marketing in § 1016.13 do not apply when you disclose nonpublic personal information: . . . (ii) To protect against or prevent actual or potential fraud, unauthorized transactions, claims, or other liability.”)