Topic: Third Party Risk
-
Are you aware of any state or federal rules or guidance that would prohibit a bank from passing credit repair and credit rescore fees on to the customer?
—
by
From what you have told us, the “credit repair and rescore” vendor offers two types of services. The vendor will (1) file disputes about inaccurate items to consumer reporting agencies and, (2) after a debt is paid, quickly obtain a new credit score (a “rapid rescore”). While we are not aware of any laws that…
-
We’re looking into sharing information with unaffiliated third parties and are researching privacy law. Does Illinois privacy law or federal privacy law apply? Do we have to collect customer opt-ins or allow for opt-outs?
—
by
Both Illinois and federal privacy laws apply to the sharing information with unaffiliated third parties. Your institution needs to comply with both the federal opt-out requirement and the Illinois opt-in requirements. The Illinois Department of Financial and Professional Regulation (IDFPR) has issued an Interpretive Letter that explains the relationship between the Illinois and federal privacy…
-
We use a third party service provider for our rewards checking. They informed us that they will be running a promotion with a cash prize for the winner of a sports bracket tournament. Should we be concerned?
—
by
We would strongly recommend consulting with legal counsel before going ahead with this promotion. Although we cannot offer any legal advice, we would have concerns with this kind of promotion under the federal lottery prohibition and the Illinois Criminal Code’s prohibitions on gambling. As to federal law, the Federal Deposit Insurance Act states that a…
-
If we discovered some evidence that a vendor may have sold customer names and addresses without our permission, do we need to notify customers?
—
by
At this point, we do not (and from what you have told us, the bank does not) have enough information to determine whether you will have to notify customers of this situation. Depending on your investigation and information provided by the third party service provider, federal and/or Illinois law may require the bank to notify…