Topic: Privacy
-
Does the IBA have any guidance on the EU’s expanded General Data Protection Regulation (“GDPR”) and its potential compliance impact on community banks? While I’m fairly certain that the majority of community banks don’t operate in the EU, most probably do have a handful of customers who reside there and could be covered by the GDPR.
—
by
You are correct that any community bank with customers residing in the European Union (EU) would likely be covered by the GDPR. The GDPR applies to businesses outside of the EU that process personal data when offering goods or services to a natural person who is located in the EU. This is a very broad…
-
If we have individual retirement account (IRA) beneficiaries and a safe deposit box owner that have EU-based mailing addresses, are we subject to the EU’s General Data Protection Regulation (GDPR)?
—
by
Yes, we believe the GDPR would apply to your bank because you process personal data for individuals residing in the European Union (EU) that identifies them or could be used to identify them. The GDPR applies to businesses outside of the EU that process personal data when offering goods or services to a natural person…
-
Since participation in multistate data matching for unpaid child support is voluntary for in-state financial institutions, could our bank suffer any repercussions related to privacy breaches or BSA concerns if it chooses to participate?
—
by
No, we do not believe your bank would suffer any negative repercussions by choosing to participate in multistate data matching for unpaid child support. Federal and Illinois law require financial institutions to share customer data under written agreements with the Illinois Department of Healthcare and Family Services (DHFS), which uses this data to “match” responsible…
-
When we receive a subpoena for financial records, are we always required to notify the customer before responding? What is the definition of financial records, and should these include financial statements and tax returns that were provided to the bank by the customer, or by a third party (such as an accountant)? Or are financial records only those records produced by the bank, such as checking account statements, loan history statements, and the like?
—
by
Yes, generally the Illinois Banking Act requires a bank to notify a customer before responding to a subpoena. However, this requirement does not apply when the “bank is specifically prohibited from notifying the person by order of the court or by applicable State or federal law.” A bank also is prohibited from providing notice of…
-
We would like to combine the paper statements for our customers’ deposit accounts. We currently charge paper statement fees. If a customer currently pays multiple paper statement fees, can we continue charging multiple fees when we issue a single combined statement for the accounts? Also, if we have multiple joint accounts with a single common member, do we need to obtain all of the parties’ consents to a combined statement? For example, say John owns a joint account with his wife and another joint account with his daughter. Does John have the authority to request a combined statement, or would we need his wife and daughter’s written consents?
—
by
We do not recommend charging multiple paper statement fees when providing a single combined paper statement covering multiple accounts. Even if this practice appears to be permitted by the language in your account agreements, we believe it could raise UDAAP issues as to the fairness and business justification for charging multiple paper statement fees for…
-
We are a community bank with some customers who have moved from the United States to the European Union (EU). What should we do to comply with the EU’s General Data Protection Regulation (GDPR)?
—
by
We recommend either bringing your bank into compliance with the GDPR’s requirements or closing all accounts held by any EU resident, in order to avoid the harsh penalties for violations of the GDPR’s requirements. The GDPR broadly applies outside of the EU; it applies to any business that processes personal data when offering goods or…
-
We have received an updated agreement from the Illinois Department of Healthcare and Family Services (DHFS) regarding Financial Institution Data Match (FIDM) services. Are we required to enter into this new agreement? Are there any privacy or liability issues with participating in the data match? Currently, our core processor conducts the data matches and sends the information to the DHFS.
—
by
No, your bank is not required to enter into this new agreement with DHFS, which authorizes multistate child support data sharing, although we believe most Illinois banks will do so. Federal and Illinois law require financial institutions to share customer data under written agreements with the DHFS, which uses this data to “match” responsible relatives…
-
We received a subpoena from an Illinois circuit court for financial information about a customer. The subpoena includes a statement that our bank should “make no disclosure of this subpoena as any such disclosure could impede the investigation being conducted and thereby interfere with the enforcement of the law.” Does this statement override the requirement in the Illinois Banking Act to notify customers before responding to requests for financial information?
—
by
Yes, the statement in the subpoena overrides the general rule that banks must notify a customer before sharing the customer’s financial information in response to a subpoena. You are correct that the Illinois Banking Act generally requires the bank to notify a customer before responding to a subpoena. However, this requirement does not apply when…
-
A man obtained a residential mortgage with our bank. His wife is not on the title to the home, and she is not obligated on the note. From what we understand, the couple is now separated but not yet divorced, and the wife occupies the residence alone. The husband has stopped making the mortgage payments. Can our bank treat the wife as a successor-in-interest on the mortgage and send her information about the loan so that she might take over the payments? We are a small servicer.
—
by
No, we do not believe that your bank should treat the wife as a successor-in-interest to the note or mortgage. Generally, a person becomes a successor-in-interest when an ownership interest in mortgaged property is transferred in one of the ways enumerated in Regulation X, such as a transfer of ownership through a divorce decree or…
-
Are we required to respond to a citation to discover assets or garnishment order from a court in another state? Our bank’s attorney advised that we are not required to respond to an order issued from a Wisconsin court, but we wanted to confirm. If we are not required to respond, how do we communicate to the requester that we do not plan to respond?
—
by
Whether your bank must respond to an out-of-state garnishment order or citation depends on several factors that require legal analysis, which we cannot provide. Consequently, we are not in a position to confirm or contradict your bank counsel’s determination that your bank was not subject to a particular out-of-state court’s garnishment order or citation. An…