Topic: Privacy
-
Can our bank receive a fee for referring commercial loan customers that our bank cannot accommodate to a lending network? We do not pass on the customers’ information to the network. When we know that we cannot accommodate a customer with a commercial loan, we provide the customer with contact information for the lending network. If the customer can find financing through the network, we receive a referral fee.
—
by
Yes, we believe that your bank may accept a fee for referring commercial customers to a lending network. We are not aware of any Illinois or federal laws that would prohibit such an arrangement, and because these are commercial loans, RESPA’s limitations on referrals do not apply. In addition, because your bank does not disclose…
-
Can a correspondent bank that requires fingerprinting to login to their online system to retrieve statements retain the fingerprint on their server without violating Illinois and federal privacy laws?
—
by
Yes, we believe that a correspondent bank may retain customer fingerprints on its server without violating Illinois and federal privacy laws. Neither Illinois nor federal financial institution privacy laws prohibit banks from storing biometric data, such as fingerprints. The Illinois Personal Information Protection Act (PIPA) requires banks to implement and maintain reasonable security measures to…
-
We received a letter from an approved Department on Aging provider agency requesting a customer’s financial information. Can we rely on this letter to release our customer’s financial records? The Illinois Banking Act requires the Department on Aging to present a subpoena, but the Adult Protective Services Act requires only a “written request.”
—
by
No, we do not believe that you should rely on a letter to release your customer’s financial records to the Department on Aging’s approved provider agency. You may release your customer’s financial records only in response to a subpoena from the approved provider agency, or when your institution suspects that an elderly customer or customer…
-
The attorney representing a deceased customer’s estate has requested information about the customer’s credit life insurance policy on her mortgaged residential real estate. To facilitate the information request, the attorney would like to present us with a small estate affidavit and the customer’s death certificate. Can we provide this information to the attorney? We know the customer’s estate includes real property, so is it proper for us to rely on a small estate affidavit? Or should we require letters of office?
—
by
Yes, we believe that your bank may release information about your deceased customer’s credit life insurance policy to the estate’s attorney. However, we recommend consulting with your bank counsel to determine what documentation would be sufficient to establish that the attorney is acting in a fiduciary or representative capacity on behalf of your customer’s estate…
-
Is it permissible to include the loan number on recordable documents such as the mortgage? Is there a reason why we should or should not include the loan number on recorded documents?
—
by
Yes, it is permissible to display your bank’s internal loan number on recorded documents such as mortgages. An interagency interpretive letter confirms that placing a borrower’s account number on recorded documents does not violate the privacy provisions in the Gramm-Leach-Bliley Act and Regulation P, under an exception for actions “necessary to effect, administer, or enforce…
-
An internal audit revealed a record of a cashier’s check that is stale. We would like to contact the purchaser to determine if the check was ever provided to the payee or if the purchaser would like the check to be reissued. Our records indicate that a husband and wife co-owned an account with us, and the wife purchased the cashier’s check when she closed the account. We believe the account was closed as part of the couple’s divorce. Should we contact both account owners or just the wife, who was the only one to actually purchase the check?
—
by
In our view, you should reach out to the purchaser of the cashier’s check (the wife) if you wish to determine whether the check was ever delivered to the payee. Regulation P generally prohibits a bank from disclosing nonpublic personal information about a consumer, including “the fact that an individual is or has been one…
-
We receive many citations to discover assets for individuals who have no accounts with us. Can we charge a fee for searching for and reviewing accounts to comply with the citation?
—
by
No, we do not believe that it would be prudent to charge a fee for searching for and reviewing financial records of non-customers, although this practice is not expressly prohibited in Illinois or federal law. The Illinois Banking Act’s privacy provisions allow a bank to be reimbursed for any costs incurred in producing a customer’s…
-
We know that we must notify a customer before responding to a subpoena, and we have a formal process in place for sending those notifications. Can a loan officer notify an applicant about a subpoena before we send our formal notice? It may be several days before the notice is generated through our typical process, and we want to notify the applicant as soon as possible. The subpoena involves civil matter in the county court and does not contain any language delaying or restricting notice to the customer.
—
by
Yes, we believe a loan officer may inform an applicant that the bank has received a subpoena regarding the applicant. As you note, the Illinois Banking Act requires the bank to notify a customer before responding to a subpoena, but the law does not specify which bank employee or department must provide the notice. We…
-
As a state-chartered bank, are we subject to the EU’s General Data Protection Regulation (GDPR)? For example, we have just one CD customer in Ireland.
—
by
Yes, we believe that the GDPR would apply to your bank because you have one customer who resides in the European Union (EU). The GDPR applies to businesses outside of the EU that process personal data when offering goods or services to a natural person who is located in the EU. This is a very…