Skip to main content
U.S. flag
An official website of the United States government
Dot gov
The .gov means it’s official. 
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.
Https
The site is secure. 
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.
Federal Register Publications

FDIC Federal Register Citations



Home > Regulation & Examinations > Laws & Regulations > FDIC Federal Register Citations




FDIC Federal Register Citations

[Federal Register: October 20, 2000 (Volume 65, Number 204)]

[Proposed Rules]

[Page 63119-63141]

From the Federal Register Online via GPO Access [wais.access.gpo.gov]

[DOCID:fr20oc00-24]

[[Page 63119]]

-----------------------------------------------------------------------

Part II

Department of the Treasury

-----------------------------------------------------------------------

Office of the Comptroller of the Currency

-----------------------------------------------------------------------

Office of Thrift Supervision

-----------------------------------------------------------------------

Federal Reserve System

-----------------------------------------------------------------------

Federal Deposit Insurance Corporation

-----------------------------------------------------------------------

12 CFR Parts 41, 222, 334 and 571

Fair Credit Reporting Regulations; Proposed Rule

[[Page 63120]]

-----------------------------------------------------------------------

DEPARTMENT OF THE TREASURY

Office of the Comptroller of the Currency

12 CFR Part 41

[Docket No. 00-20]

RIN 1557-AB78

FEDERAL RESERVE SYSTEM

12 CFR Part 222

[Regulation V; Docket No. R-1082]

FEDERAL DEPOSIT INSURANCE CORPORATION

12 CFR Part 334

RIN 3064-AC35

DEPARTMENT OF THE TREASURY

Office of Thrift Supervision

12 CFR Part 571

[Docket No. 2000-81]

RIN 1550-AB33

Fair Credit Reporting Regulations

AGENCIES: Office of the Comptroller of the Currency, Treasury (OCC);

Board of Governors of the Federal Reserve System (Board); Federal

Deposit Insurance Corporation (FDIC); and Office of Thrift Supervision,

Treasury (OTS).

ACTION: Joint notice of proposed rulemaking.

-----------------------------------------------------------------------

SUMMARY: The OCC, Board, FDIC, and OTS (Agencies) are publishing for

comment proposed regulations implementing the provisions of the Fair

Credit Reporting Act (FCRA) that permit institutions to communicate

consumer information to their affiliates (affiliate information

sharing) without incurring the obligations of consumer reporting

agencies. These provisions authorize institutions to communicate among

their affiliates: Information as to transactions or experiences between

the consumer and the person making the communication (transaction or

experience information); and ``other'' information (that is,

information covered by the FCRA but not transaction or experience

information), provided that the institution has given notice to the

consumer that the other information may be communicated, the

institution has provided the consumer an opportunity to ``opt out''

(i.e., to direct that the information not be communicated), and the

consumer has not opted out. The proposed regulations explain how to

comply with the affiliate information sharing provisions, addressing

such matters as the content and delivery of the notice to consumers

that ``other'' information may be communicated (opt out notice). The

proposed regulations also implement certain related provisions. The

Agencies have attempted to conform these proposed regulations to the

final regulations implementing the privacy provisions of the Gramm-

Leach-Bliley Act whenever feasible.

DATES: Comments must be received by December 4, 2000.

ADDRESSES: Comments should be directed to:

OCC: Communications Division, Office of the Comptroller of the

Currency, 250 E Street, SW., Washington, D.C. 20219, Attention: Docket

No. 00-20; FAX number (202) 874-5274 or Internet address:

regs.comments@occ.treas.gov. Comments may be inspected and photocopied

at the OCC's Public Reference Room, 250 E Street, SW., Washington D.C.

between 9:00 a.m. and 5:00 p.m. on business days. You can make an

appointment to inspect the comments by calling (202) 874-5043.

Board: Comments, which should refer to Docket No. R-1082, may be

mailed to Ms. Jennifer J. Johnson, Secretary, Board of Governors of the

Federal Reserve System, 20th and C Streets, NW., Washington, D.C. 20551

or mailed electronically to regs.comments@federalreserve.gov. Comments

addressed to Ms. Johnson also may be delivered to the Board's mail room

between 8:45 a.m. and 5:15 p.m. and to the security control room

outside of those hours. Both the mail room and the security control

room are accessible from the courtyard entrance on 20th Street between

Constitution Avenue and C Street, NW. Comments may be inspected in Room

MP-500 between 9:00 a.m. and 5:00 p.m., pursuant to Sec. 261.12, except

as provided in Sec. 261.14, of the Board's Rules Regarding the

Availability of Information, 12 CFR 261.12 and 261.14.

FDIC: Send written comments to Robert E. Feldman, Executive

Secretary, Attention: Comments/OES, Federal Deposit Insurance

Corporation, 550 17th Street, NW., Washington, DC 20429. Comments may

be hand delivered to the guard station at the rear of the 17th Street

building (located on F Street) on business days between 7 a.m. and 5

p.m. (FAX number (202) 898-3838). Comments may be inspected and

photocopied in the FDIC Public Information Center, Room 100, 801 17th

Street, NW., Washington, DC 20429, between 9:00 a.m. and 4:30 p.m. on

business days.

Comments may be submitted to the FDIC electronically over the

Internet at www.fdic.gov. Further information concerning this option

may be found below at ``FDIC's Electronic Public Comment Site.''

Comments also may be mailed electronically to comments@fdic.gov.

OTS: Mail: Send comments to Manager, Dissemination Branch,

Information Management and Services Division, Office of Thrift

Supervision, 1700 G Street, NW., Washington, DC 20552, Attention Docket

No. 2000-81.

Delivery: Hand deliver comments to the Guard's Desk, East Lobby

Entrance, 1700 G Street, NW., from 9:00 a.m. to 4:00 p.m. on business

days, Attention Docket No. 2000-81.

Facsimiles: Send facsimile transmissions to FAX Number (202) 906-

7755, Attention Docket No. 2000-81; or (202) 906-6956 (if comments are

over 25 pages).

E-Mail: Send e-mails to ``public.info@ots.treas.gov'', Attention

Docket No. 2000-81, and include your name and telephone number.

Public Inspection: Interested persons may inspect comments at the

Public Reference Room, 1700 G St. N.W., from 10:00 a.m. until 4:00 p.m.

on Tuesdays and Thursdays or obtain comments and/or an index of

comments by facsimile by telephoning the Public Reference Room at (202)

906-5900 from 9:00 a.m. until 5:00 on business days. Comments and the

related index will also be posted on the OTS Internet Site at

"www.ots.treas.gov''.

FOR FURTHER INFORMATION CONTACT:

OCC: Amy Friend, Assistant Chief Counsel, (202) 874-5200; Michael

Bylsma, Director, Community and Consumer Law, (202) 874-5750; Stephen

Van Meter, Senior Attorney, Community and Consumer Law, (202) 874-5750;

Carol Workman, Compliance Specialist, Community and Consumer Policy,

(202) 874-4858; Deborah Katz, Senior Attorney, Legislative and

Regulatory Activities Division, (202) 874-5090; or Jeffery Abrahamson,

Attorney, Enforcement and Compliance, (202) 874-4800, Office of the

Comptroller of the Currency, 250 E Street, SW., Washington, DC 20219.

Board: James H. Mann, Senior Attorney, (202) 452-2412; or David A.

Stein, Attorney, (202) 452-3667, Division of Consumer and Community

Affairs. For the hearing impaired only, contact Janice Simms,

Telecommunications Device for the Deaf (TDD) (202) 872-4984, Board of

Governors of the Federal Reserve

[[Page 63121]]

System, 20th and C Streets, NW., Washington, DC 20551.

FDIC: James K. Baebel, Assistant Director, Compliance Policy,

Division of Compliance and Consumer Affairs, (202) 942-3086; Deanna

Caldwell, Community Affairs Officer, Division of Compliance and

Consumer Affairs, (202) 736-0141; Nancy Schucker Recchia, Counsel,

Regulations and Legislation Section, (202) 898-8885; A. Ann Johnson,

Counsel, Regulations and Legislation Section, (202) 898-3573; and David

Lafleur, Senior Compliance Examiner, (415) 395-5261, Federal Deposit

Insurance Corporation, 550 17th Street, NW., Washington, DC 20429.

OTS: Christine Harrington, Counsel (Banking and Finance), (202)

906-7957; Paul Robin, Assistant Chief Counsel, (202) 906-6648; or

Elizabeth Baltierra, Program Analyst, Compliance Policy (202) 906-6540,

Office of Thrift Supervision, 1700 G Street, NW., Washington DC 20552.

SUPPLEMENTARY INFORMATION:

I. Background

The FCRA

The FCRA, enacted in 1970, sets standards for the collection,

communication, and use of information bearing on a consumer's credit

worthiness, credit standing, credit capacity, character, general

reputation, personal characteristics, or mode of living. 15 U.S.C.

1681-1681u. In 1996, the Consumer Credit Reporting Reform Act amended

the FCRA extensively (1996 Amendments). Pub. L. 104-208, 110 Stat.

3009.

For many years, to avoid the obligations of consumer reporting

agencies imposed by the FCRA, many institutions avoided making any

communications to affiliated companies of consumer information that

could constitute consumer reports.\1\ The 1996 Amendments, however,

excluded specified types of information sharing with affiliates from

the definition of ``consumer report,'' assuring institutions that

making these communications would not expose them to the obligations of

consumer reporting agencies. In particular, the 1996 Amendments

excluded from the definition of ``consumer report'' the sharing of

``other'' information among affiliates, so long as the consumer, having

been given notice and an opportunity to opt out, did not opt out.

``Other information'' refers to information that is covered by the FCRA

and that is not a report containing information solely as to

transactions or experiences between the consumer and the person making

the report.

---------------------------------------------------------------------------

\1\ The FCRA creates substantial obligations for ``consumer

reporting agencies.'' FCRA, section 603(f); see, e.g., sections 607,

611. These obligations include furnishing consumer reports only for

permissible purposes, maintaining high standards for ensuring the

accuracy of information in consumer reports, resolving customer

disputes, and other matters.

---------------------------------------------------------------------------

The 1996 Amendments prohibited the Agencies from issuing

implementing regulations. 15 U.S.C. 1681s(a)(4) (repealed). The Gramm-

Leach-Bliley Act (GLBA) repealed this prohibition and directed the

Agencies to prescribe jointly such regulations as necessary to carry

out the purposes of the FCRA. Pub. L. Sec. 506, 106-102, 15 U.S.C.

1681s(e).

Coordination With Privacy Regulations

The GLBA sets standards for financial institutions' disclosure of

nonpublic personal information to nonaffiliated third parties (privacy

provisions; Pub. L. 106-102, 15 U.S.C. 6802; see also 15 U.S.C. 6803).

The Agencies published final regulations implementing these privacy

provisions on June 1, 2000 (privacy regulations; 65 FR 35162, June 1,

2000).

The privacy regulations do not ``modify, limit, or supersede the

operation of the Fair Credit Reporting Act.'' 15 U.S.C. 6806. Thus,

both the privacy regulations and the FCRA may apply to an institution's

disclosure of consumer information. Moreover, if a financial

institution provides an opt out notice under the FCRA, that notice must

be included in certain notices mandated by the privacy regulations,

including annual notices to customers. 15 U.S.C. 6803. Therefore, the

Agencies anticipate that financial institutions will design their

information-sharing policies and practices taking into account both the

privacy regulations and the regulations implementing the FCRA.

To ease compliance and promote consistency, the Agencies are

conforming the two regulations where appropriate. For example, the

Agencies are proposing requirements regarding the content and delivery

of the FCRA opt out notice that are generally consistent with the

corresponding provisions of the privacy regulations.

This Proposal and Future Agency Issuances

The FCRA raises many significant issues in addition to affiliate

information sharing. The Agencies are analyzing these issues and expect

to address them in an Advance Notice of Proposed Rulemaking.

Additionally, the Agencies will review a series of questions and

answers regarding the FCRA (Qs & As) that the Agencies (including the

Federal Home Loan Bank Board, predecessor of the OTS) issued in 1971.

These were designed to help financial institutions develop a working

knowledge of the statute. The Agencies will modify or withdraw any Qs &

As that are inconsistent with the FCRA or obsolete.

II. Section-by-Section Analysis

Section __.1 Purpose and Scope

Proposed paragraph ____.1(a) briefly describes the purpose of the

regulations. Proposed paragraph ____.1(b) briefly describes the scope

of the regulations, including the information and institutions subject

to them. (These institutions are identified in more detail in proposed

section ____.3(m) of the Board, FDIC, and OTS regulations.)

Paragraph ____.1(b) also provides that nothing in this part

modifies, limits, or supersedes the standards governing the privacy of

individually identifiable health information promulgated by the

Secretary of Health and Human Services pursuant to sections 262 and 264

of the Health Insurance Portability and Accountability Act (HIPAA) of

1996 (42 U.S.C. 1320d-1320d-8). Certain institutions that possess

medical information about consumers may be covered by these

regulations, the GLBA privacy regulations, and rules promulgated by the

Department of Health and Human Services (HHS) under the authority of

sections 262 and 264 of HIPAA once those regulations are finalized.

Based on the proposed HIPAA rules, it appears likely that there will be

areas of overlap between the HIPAA and the FCRA affiliate information-

sharing rules. For instance under the HIPAA proposal, consumers must

provide affirmative authorization before a ``covered institution'' or

its ``business partner'' may disclose medical information in certain

instances, whereas under these proposed FCRA affiliate information

sharing rules, institutions need only provide consumers with the

opportunity to opt out of disclosures. In cases where the HIPAA

requires consumers to opt in before certain information may be shared,

but this rule allows consumers to opt out of the same sharing, opt in

would be necessary before the information may be shared. The Agencies

will consult with HHS to avoid the imposition of duplicative or

inconsistent requirements.

Section __.2 Examples

Proposed section __.2 clarifies that the examples used in the

regulations and in the sample notice are not exclusive means of

compliance; rather, they are

[[Page 63122]]

intended to provide guidance on how to comply in specific situations.

The Agencies solicit comment on whether to include additional or

different examples, and, more fundamentally, on whether including

examples in the regulations is appropriate and useful. Instead of

addressing specific fact situations through such examples, the Agencies

could periodically issue interagency staff commentaries or questions

and answers.

The Agencies note that an example that mentions a particular

activity does not, by itself, authorize an institution to engage in

that activity. Any such authority must have an independent source.

Section __.3 Definitions

Discussed below are a few key definitions, including: ``affiliate''

(as well as the related terms ``company'' and ``control''); ``clear and

conspicuous''; ``opt out''; ``opt out information''; and ``consumer

report.'' The proposal tracks the statutory language referring to

``transaction or experience information,'' but does not define that

term.

Affiliate

Several FCRA provisions apply to information sharing with persons

``related by common ownership or affiliated by corporate control,''

``related by common ownership or affiliated by common corporate

control,'' or ``affiliated by common ownership or common corporate

control.'' E.g., FCRA, sections 603(d)(2), 615(b)(2), and 624(b)(2).

Proposed paragraph (b) defines ``affiliate'' to refer to all these

relationships between and among companies, and clarifies that ``related

or affiliated by common ownership or affiliated by corporate control or

common corporate control'' means controlling, controlled by, or under

common control with another company.

Consistent with the definitions in the privacy regulations, the

proposal uses a definition of ``control'' that applies exclusively to

the control of a ``company,'' and defines ``company'' to include any

corporation, limited liability company, business trust, general or

limited partnership, association, or similar organization. See proposed

paragraphs (e) (``company'') and (i) (``control''). The definition of

``company'' omits some entities that are ``persons'' under the FCRA--

individuals, estates, cooperatives, governments, and governmental

subdivisions or agencies. The Agencies, however, are not aware of any

circumstances where ``control'' could be exercised over individuals,

government agencies, and other persons that do not fit within the

definition of ``company.'' Comment is solicited on whether the proposed

definition of ``control'' should be expanded to apply to these

additional types of persons.

Clear and Conspicuous

Proposed paragraph (c) defines ``clear and conspicuous'' to mean

that a notice must be reasonably understandable and designed to call

attention to the nature and significance of the information it

contains. The proposed regulations do not mandate the use of any

particular technique for making a notice clear and conspicuous;

instead, they give institutions flexibility in determining how to

comply. An institution may make its notice reasonably understandable

by, for example, using short explanatory sentences or bullet lists and

avoiding legal or highly technical business terminology whenever

possible. An institution may design its notice to call attention to the

nature and significance of the information in the notice by, for

example, using a plain-language heading and a typeface and size that

are easy to read.

Paragraph (c) is consistent with the ``clear and conspicuous''

standard in the privacy regulations. As such, it offers a more detailed

exposition of the standard (particularly with respect to what makes a

notice ``conspicuous'') than some other regulations, such as the

Board's Regulation Z. However, laws other than FCRA--for example, the

Truth in Lending Act--that require clear and conspicuous disclosures,

are beyond the scope of this rulemaking. Accordingly, the standard

proposed here does not affect disclosures required by those laws.

The Agencies request comment on whether institutions have any

particular concerns about compliance with FCRA's clear and conspicuous

standard when FCRA opt out notices are included with the GLBA privacy

provision notices.

Consumer Report

Proposed paragraph (g) parallels the definition in section 603(d)

of the FCRA. Paragraph (g)(2)(ii) excludes from the definition of

``consumer report'' communication among affiliates of a report

containing information solely as to transactions or experiences between

the consumer and the person making the report.\2\

---------------------------------------------------------------------------

\2\ Prior to the 1996 amendments to FCRA, affiliated entities

could not pool their transaction or experience information in a

common database without being considered a consumer reporting

agency. Instead, each affiliate could disclose its own transaction

or experience information to another affiliate directly only in the

same manner as an entity can disclose information to a nonaffiliated

third party. While transaction or experience information has been

excluded from the definition of ``consumer report'' since the FCRA's

initial passage, the 1996 amendments facilitated the disclosure of

such information among affiliates.

---------------------------------------------------------------------------

Paragraph (g)(2)(iii) excludes any communication of ``opt out

information'' if the conditions set out in sections __.4-__.9 are

satisfied. The FCRA, as explained above, uses the term ``other

information'' to refer to information that it covers but that is not

transaction or experience information. This proposal refers to ``other

information'' using the more descriptive term ``opt out information.''

See proposed paragraph (k).

Opt Out

Proposed paragraph (j) defines this term to mean a direction by a

consumer that an institution not communicate opt out information about

the consumer to one or more of the institution's affiliates.

Opt Out Information

As described above, the 1996 Amendments to FCRA excluded from the

definition of ``consumer report'' the sharing of ``other information''

among affiliates, so long as the consumer, having been given notice and

an opportunity to opt out, did not opt out. ``Other information''

refers to information that is covered by the FCRA and that is not a

report containing information solely as to transactions or experiences

between the consumer and the person making the report. The proposed

regulation uses the term ``opt out information'' to describe this

category of information.

Proposed paragraph (k) defines opt out information as information

that (i) bears on a consumer's credit worthiness, credit standing,

credit capacity, character, general reputation, personal

characteristics, or mode of living, (ii) is used or expected to be used

or collected for one of the permissible purposes listed in FCRA (e.g.,

credit transaction, insurance underwriting, employment purposes), and

(iii) is not solely transaction or experience information. Section

____.5(d) gives examples of categories of information that qualify as

opt out information.

Section __.4 Communication of Opt Out Information to Affiliates

Proposed section __.4 describes the conditions that an institution

must meet to ensure that its communication of opt out information to

its affiliates do not constitute consumer reports including

[[Page 63123]]

the requirement that the institution provide an opt out notice.

Section 603(d)(2)(A)(iii) of the FCRA excludes from the definition

of ``consumer report'' the sharing of opt out information among

affiliates if:

it is clearly and conspicuously disclosed to the consumer that the

information may be communicated among such persons and the consumer

is given the opportunity, before the time that the information is

initially communicated, to direct that such information not be

communicated among such persons * * *.

Proposed section ____.4 accordingly provides that opt out

information may be communicated among affiliates without the

communication being a consumer report if: (i) The institution has

provided an opt out notice; (ii) the institution has given the consumer

a reasonable opportunity and means, before the time that it

communicates the information, to opt out; and (iii) the consumer has

not opted out.

Mergers & Acquisitions

In a merger or acquisition situation, the need to provide new opt

out notices to the customers of the entity that ceases to exist will

depend on whether the notices previously given to those customers

accurately reflect the policies and practices of the surviving entity.

If they do, the surviving entity will not be required under the rule to

provide new notices.

Section __.5 Contents of Opt Out Notice

Proposed paragraph (a) provides that an opt out notice must be

clear and conspicuous, and must accurately explain: (i) The categories

of opt out information about the consumer that the institution

communicates; (ii) the categories of affiliates to which the

institution communicates the information; (iii) the consumer's ability

to opt out; and (iv) the means to do so. The Agencies invite comment on

whether financial institutions should also have to disclose in their

FCRA notices how long a consumer has to respond to the opt out notice

before the institution may begin disclosing information about that

consumer to its affiliates, as well as the fact that a consumer can opt

out at any time. These disclosures are not required in the privacy

regulations. The Agencies seek comment on whether the benefits of the

additional disclosures would outweigh the burdens, and, if so, whether

the regulation should require the disclosures to state that a financial

institution will wait 30 days in every instance before sharing consumer

information with affiliates (see proposed section __.6, below, for

additional discussion on reasonable opportunity to opt out).

Proposed paragraph (b) clarifies that an institution's notice may

describe not only the communications of opt out information that the

institution currently plans to make to its affiliates, but also the

communications that it reserves the right to make in the future.

Proposed paragraph (c) explains that an institution may, but need not,

provide the consumer with the option of an opt out that covers only

part of the information or certain affiliates. This would enable an

institution to give consumers a menu of opt out choices if it desires

to do so.

Paragraph (d) explains how an institution can satisfy the

requirement that it categorize the opt out information that it

communicates. Paragraph (d)(2) gives examples of categories of opt out

information, such as information from a consumer's application,

information from a consumer report, information obtained by verifying

representations made by a consumer, and information provided by another

person regarding that person's relationship with a consumer. The first

two categories reflect the legislative history of the 1996 Amendments,

which states in part that the opt out provision ``will clarify that

affiliates within a Holding Company structure can share any application

information * * * and consumer reports, consistent with the FCRA.'' S.

Rep. No. 185, 104th Cong., 1st Sess. 18-19 (1995). The other two

categories represent information that the Agencies believe does not

constitute transaction or experience information when communicated by

the institution that has received it. Paragraph (d)(3) gives a non-

exclusive list of examples of specific items of opt out information

within each category, including a consumer's income, credit score or

credit history, open lines of credit, employment history, marital

status and medical history.

Medical data are especially sensitive for many consumers; if such

data are among the opt out information that an institution communicates

to its affiliates, the institution satisfies the requirement to

categorize that information only if it includes examples of medical

data that it intends to share. The Agencies note that the items listed

in paragraph (d)(3) as examples of information that would be included

within the categories of opt out information are illustrative only.

Those items would not be considered opt out information in cases where

the information is obtained from a source other than those listed in

paragraph (d)(2). Comment is requested as to the appropriateness of

these examples of categories and items of opt out information, and

whether additional or different examples should be used.

The descriptions of the categories of information set out in

proposed paragraph (d)(2) differ somewhat from those in section

__.6(c)(2) of the privacy regulations. The agencies solicit comment on

the extent to which the categories in (d)(2) can be treated as

consistent with similar categories in the privacy regulations (such as

disclosures of information from consumer reporting agencies) in order

to reduce compliance burden and consumer confusion.

Proposed paragraph (e) explains how an institution can satisfy the

requirement that it categorize the affiliates to which it communicates

opt out information.

Paragraph (f) cross-references the sample notice in appendix A,

which presents a further illustration of the content of an opt out

notice.

Section __ .6 Reasonable Opportunity to Opt Out

Proposed paragraph (a) of section ____ .6 states that financial

institutions will provide a reasonable opportunity to opt out by

providing a reasonable period of time for the consumer to opt out from

the time that notice is delivered. Proposed paragraph (b) sets out

examples of what is a reasonable period of time when notices are

provided in person, by mail, or by electronic means. Comment is

requested on whether there are other situations that would suggest a

different reasonable period of time that the Agencies should note by

example. Proposed paragraph (c) explains that a consumer may opt out at

any time.

Section __ .7 Reasonable Means of Opting Out

Proposed paragraph (a) sets forth the general rule that an

institution provides a reasonable means of opting out if it provides a

reasonably convenient method to the consumer to opt out. Examples of

reasonable means of opting out and unreasonable means are set out in

proposed paragraphs (b) and (c), respectively. Proposed paragraph (d)

permits an institution to require each consumer to opt out through a

specific means, as long as that means is reasonable for that consumer.

Section __ .8 Delivery of Opt Out Notices

Proposed paragraph (a) provides that an institution must deliver an

opt out notice so that each consumer can reasonably be expected to

receive actual

[[Page 63124]]

notice. As indicated by the examples provided in proposed paragraph

(b), this is a lesser standard than actual notice. For instance, if an

institution mails a printed copy of its notice to the last known

mailing address of an existing customer, the institution has met its

obligation even if the customer has changed addresses and never

receives the notice.

An institution may give notice in writing or, if the consumer

agrees, electronically. For example, the institution may e-mail its

notice to a customer that conducts electronic transactions and has

agreed to receive electronic notice. The Agencies invite comment on

whether and how the proposed rules governing communications between a

financial institution and a consumer via an electronic medium should be

modified in light of the Electronic Signatures in Global and National

Commerce Act (the E-Sign Act).\3\

---------------------------------------------------------------------------

\3\ Congress recently enacted the E-Sign Act, Pub. L. 106-229,

which addresses the use of electronic records and signatures for

interstate and foreign commerce. This legislation contains general

rules governing the use of electronic records for providing required

information to consumers (such as disclosures and acknowledgments

required by the GLBA). The legal requirement that consumer

disclosures be in writing may be satisfied by an electronic record

if the consumer affirmatively consents and certain other

requirements of the E-Sign Act are met.

---------------------------------------------------------------------------

Proposed paragraph (c) explains that oral notice alone does not

comply with the notice requirement; however, oral notice may be

provided in conjunction with appropriate written or electronic notice.

Proposed paragraph (d) explains that an institution must provide

the notice so that the consumer can retain it or obtain it at a later

time, and gives examples of retention or accessibility.

Proposed paragraph (e) permits an institution to provide a joint

opt out notice with one or more of its affiliates that are identified

in the notice, as long as the notice is accurate with respect to each

entity jointly issuing the notice.

Proposed paragraph (f)(1) sets out rules that apply,

notwithstanding any other provision of the regulations, when two or

more consumers jointly obtain a product or service from an institution

(referred to in the proposed regulation as joint consumers), such as a

joint checking account. For example, an institution may provide a

single opt out notice to joint accountholders. The notice must indicate

whether the institution will consider an opt out by a joint

accountholder as an opt out by all of the associated accountholders, or

whether each accountholder may opt out separately. The institution may

not require all accountholders to opt out before honoring an opt out

direction by one of the joint accountholders. Paragraph (f)(2) gives

examples of these rules.

Section __ .9 Revised Opt Out Notice

Proposed section ____ .9 addresses the situation in which an

institution has provided a consumer with one or more opt out notices

but later decides to communicate opt out information to its affiliates

other than described in those notices. It explains that an institution

must send a revised opt out notice that complies with section ____ .4,

including providing a reasonable means and opportunity to opt out, and

communicating the information only if the consumer has not opted out.

Section __ .10 Time by Which Opt Out Must be Honored

Proposed section ____ .10 explains that if an institution provides

a consumer with an opt out notice, and the consumer opts out, the

institution must comply as soon as reasonably practicable after

receiving the consumer's direction. Comment is solicited on whether the

Agencies should establish a fixed number of days--for example, 30

days--that would be deemed a ``reasonably practicable'' period of time

for complying with a consumer's opt out direction.

Section __.11 Duration of Opt Out

Proposed section ____.11 provides that an opt out continues to

apply to the information and affiliates described in the applicable opt

out notice until revoked by the consumer in writing, or if the consumer

agrees, electronically, as long as the consumer continues to have a

relationship with the institution. If the consumer's relationship with

the institution terminates, the opt out will continue to apply to this

information. However, a new notice and opportunity to opt out must be

provided if the consumer establishes a new relationship with the

institution.

Section __ .12 Prohibition Against Discrimination

Proposed paragraph (a) reminds institutions that they may not

``discriminate against'' a consumer who is an ``applicant'' for credit

because the applicant opts out. The source of this prohibition is the

Equal Credit Opportunity Act (ECOA; 15 U.S.C. 1691 et seq.), which bars

discrimination on a prohibited basis in any aspect of a credit

transaction; one prohibited basis is exercising a right under the

Consumer Credit Protection Act, which includes the FCRA. Proposed

paragraph (b) provides examples of prohibited discrimination against an

applicant. Paragraph (c) notes that the terms ``applicant'' and

``discriminate against'' have the meaning ascribed to these terms in 12

CFR part 202.

Appendix A

Appendix A, which is part of these regulations, contains a sample

notice, part or all of which may be used to facilitate compliance with

the notice requirements. Although use of the sample notice is not

required, institutions using it properly to provide notices will be

deemed to be in compliance.

The Agencies solicit comment on all aspects of the proposed

regulations, including but not limited to those highlighted above.

III. FDIC's Electronic Public Comment Site

The FDIC has included a page on its web site to facilitate the

submission of electronic comments in response to this general

solicitation (the EPC site). The EPC site provides an alternative to

the written letter and may be a more convenient way for you to submit

your comments. Commenting through the EPC site will assist the FDIC to

more accurately and efficiently analyze comments submitted

electronically. If you submit your comments through the EPC site your

comments will receive the same consideration that they would receive if

submitted in hard copy to the FDIC's street address. Information

provided through the EPC site will be used by the FDIC only to assist

in its analysis of the proposed regulation. The FDIC will not use an

individual's name or any other personal identifier of an individual to

retrieve records or information submitted through the EPC site. Like

comments submitted in hard copy to the FDIC's street address, EPC site

comments will be made available in their entirety (including the

commenter's name and address if the commenter chooses to provide them)

for public inspection.

The EPC site will be available on the FDIC's home page at www.fdic.gov. You will be able to provide comments directly on any of

the sections of the proposed regulation as well as the specific

questions that have been asked in the preceding Supplementary

Information section. You will also be able to view the regulation and

Supplementary Information sections that related to your comments

directly on the site. Because the GLBA authorizes promulgation of this

regulation, the FDIC encourages you to provide written comments in the

[[Page 63125]]

spaces provided. Written comments enable the FDIC to thoughtfully

consider possible changes to the proposed regulation.

The FDIC is also interested in your feedback on the EPC site. We

have provided a space for you to comment on the site itself. Answers to

this question will help the FDIC to evaluate the EPC site for use in

future rulemaking.

At the conclusion of the EPC site you will have an opportunity to

provide us with your name, indicate whether you are an individual,

insured depository institution, financial holding company, community-

based organization, trade association, government agency, or other, and

provide the name of the organization you represent, if applicable.

Whether you choose to respond to these questions is entirely up to you.

Any responses received may help the FDIC to better understand the

public comments it receives.

IV. Regulatory Analysis

Paperwork Reduction Act

The Agencies invite comment on: (1) Whether the collections of

information contained in this notice of proposed rulemaking are

necessary for the proper performance of each Agency's functions,

including whether the information has practical utility; (2) the

accuracy of each Agency's estimate of the burden of the proposed

information collections; (3) ways to enhance the quality, utility, and

clarity of the information to be collected; (4) ways to minimize the

burden of the information collections on respondents, including the use

of automated collection techniques or other forms of information

technology; and (5) estimates of capital or start-up costs and costs of

operation, maintenance, and purchases of services to provide

information. No person is required to respond to these collections of

information unless the collections display a currently valid Office of

Management and Budget (OMB) control number. The Agencies are currently

requesting their respective control numbers for these information

collections from OMB.

This proposed regulation contains disclosure requirements for

certain financial institutions and their affiliates. A financial

institution that (a) has affiliates, (b) does not wish to be considered

a consumer reporting agency, and (c) wishes to share consumer

information (other than transaction and experience information) with

its affiliates, must prepare and provide a notice to all its consumers

advising them of their opportunity to opt out of information sharing

with companies in the institution's corporate family. 12 CFR ____ .4.

If a financial institution wishes to share information in a way that is

inconsistent with notices previously given to consumers, the

institution must provide consumers with revised notices. 12 CFR ____

.11. The proposed regulation also contains consumer reporting

provisions. In order for consumers to opt out, they must respond to the

institution's opt out notices. 12 CFR ____ .7. At any time during their

continued relationship with the institution, consumers have the right

to change or update their opt out status with the institution. 12 CFR

____ .10.

FCRA was amended to include disclosure and opt out provisions in

1996, but the Agencies were prohibited from issuing implementing

regulations until 1999. Thus, the collections of information contained

in this proposed rule are not new requirements. During the past three

years, financial institutions have developed systems, policies, and

procedures to bring themselves into compliance with the 1996 FCRA

amendments. In estimating the burden associated with the collections of

information in this proposed regulation, the Agencies took into account

the fact that FCRA-related disclosure and opt out requirements have

already become a usual and customary practice for covered institutions.

However, because the proposed rule is more explicit and detailed than

the statute, some institutions may need to revise their disclosure

policies or their notices, and consumers may need to respond to the

revised notices. The burden associated with these changes to current

practice is represented in the estimates below. In estimating burden,

the Agencies also assumed that if a financial institution provides an

opt out notice under the FCRA, that notice must be included in certain

notices mandated by the GLBA privacy provisions, and will not be sent

out separately. The collection of information requirements contained in

this notice of proposed rulemaking will be submitted to the Office of

Management and Budget for review in accordance with the Paperwork

Reduction Act of 1995 (44 U.S.C. 3507).

The estimated number of bank respondents includes the total

institutions supervised by each of the Agencies that have certain

affiliate relationships. The requirements of the regulation only apply

to institutions that share opt out information with affiliates that do

not wish to be consumer reporting agencies; therefore, the Agencies

cannot currently predict with certainty how many of these institutions

will be subject to the rule. The analysis assumes that all institutions

with certain affiliates will in fact, choose to share opt out

information and thus be subject to the rule.

The estimated number of consumers who will receive opt out notices

is the sum of deposit and loan consumers, and is derived from data in

Board consumer studies. Each Agency's share of the total number of

consumers is based on the share of total deposits, and consumer and

mortgage loans, held by institutions supervised by the Agencies.

Because OTS collects different information about consumer loans than

the other Agencies, OTS estimated the number of thrift borrowers by

dividing total consumer loans outstanding by the average balance, for

different types of consumer loans. The analysis assumes that

institutions will provide separate opt out notices based on product

lines such as loans and deposit accounts, rather than single, combined

notices covering all of the various relationships a consumer may have

with the institution. The Agencies seek comment as to whether

institutions would likely send separate or combined notices.

OCC: Comments on the collections of information should be sent to

the Office of Management and Budget, Paperwork Reduction Project

(1557--to be assigned), Washington, DC 20503, with copies to Jessie

Dunaway, Legislative and Regulatory Activities Division (1557--to be

assigned), Office of the Comptroller of the Currency, 250 E Street, SW,

Washington, DC 20219. The likely respondents are national banks that do

not wish to be considered consumer reporting agencies, but want to

share information (other than transaction or experience information)

with their affiliates.

Estimated number of bank respondents: 737.

Estimated average annual burden hours per bank respondent: 8 hours.

Estimated number of consumer respondents: 94,238,000.

Estimated average annual burden hours per consumer respondent: 5

minutes.

Estimated total annual reporting burden: 7,855,921 hours.

The number of consumer respondents provided by the OCC represents a

conservative estimate based upon the total number of consumers who will

receive an opt out notice. The OCC is using these conservative

estimates because it lacks more precise data on the number of consumers

who will exercise their opt out rights. The OCC expects that the actual

number of consumer respondents will be lower than the estimate provided

above, and invites comment on the number of

[[Page 63126]]

consumers who will respond to the FCRA opt out notices.

Board: In accordance with the Paperwork Reduction Act of 1995 (44

U.S.C. 3506; 5 CFR 1320, appendix A.1), the Board reviewed the notice

of proposed rulemaking under the authority delegated to the Board by

the OMB. Comments on the collections of information should be sent to

Mary M. West, Federal Reserve Board Clearance Officer, Mail Stop 97,

Board of Governors of the Federal Reserve System, Washington, DC 20551,

with a copy to the Office of Management and Budget, Paperwork Reduction

Project (7100--to be assigned), Washington, DC 20503. The likely

respondents are member banks of the Federal Reserve System (other than

national banks), branches and agencies of foreign banks (other than

Federal branches, Federal agencies, and insured State branches of

foreign banks), commercial lending companies owned or controlled by

foreign banks, and organizations operating under section 25 or 25A of

the Federal Reserve Act, that do want to share information (other than

transaction or experience information) with their affiliates.

Estimated number of bank respondents: 996.

Estimated average annual burden hours per bank respondent: 8 hours.

Estimated number of consumer respondents: 39,251,000.

Estimated average annual burden hours per consumer respondent: five

minutes.

Estimated total annual reporting burden: 3,278,885 hours.

FDIC: Comments on the collections of information should be sent to

Steven F. Hanft, Office of the Executive Secretary, Federal Deposit

Insurance Corporation, 550 17th Street, NW., Washington, DC 20429, with

a copy to the Office of Management and Budget, Paperwork Reduction

Project (3064--to be assigned), Washington, DC 20503. The likely

respondents are insured nonmember banks with affiliates, that do not

wish to be considered consumer reporting agencies, and do want to share

information (other than transaction or experience information) with

their affiliates.

Estimated number of bank respondents: 1,640.

Estimated average annual burden hours per bank respondent: 8 hours.

Estimated number of consumer respondents: 24,445,000.

Estimated average annual burden hours per consumer respondent: five

minutes.

Estimated total annual reporting burden: 2,049,389 hours.

OTS: Comments on the collection of information should be sent to

the Dissemination Branch (1550--to be assigned), Office of Thrift

Supervision, 1700 G Street, NW, Washington, DC 20552, with a copy to

the Office of Management and Budget, Paperwork Reduction Project

(1550--to be assigned), Washington, DC 20503. The likely respondents

are savings associations with affiliates that do not wish to be

considered consumer reporting agencies, and do want to share

information (other than transaction or experience information) with

their affiliates, and consumers.

Estimated number of thrift respondents: 762.

Estimated average annual burden hours per thrift respondent: 8

hours.

Estimated number of consumer respondents: 49,925,225.

Estimated average annual burden hours per consumer respondent:

.0833 hours (5 minutes).

Estimated total annual reporting burden: 4,164,867 hours.

Regulatory Flexibility Act

OCC: Pursuant to section 605(b) of the Regulatory Flexibility Act

(5 U.S.C. 601 et seq.), the OCC certifies that this proposal will not

have a significant economic impact on a substantial number of small

entities. Financial institutions have had to notify their consumers of

the right to opt out of affiliate sharing of certain information since

1997. This rulemaking provides guidance to national banks concerning

how they may comply with the statutory requirements, but requires no

new type of disclosure or opt out system. While existing forms may need

to be modified, these modifications are unlikely to result in a

significant economic impact on a substantial number of small entities.

In addition, some of the requirements in the proposed rule have

been designed to correspond to the requirements of the privacy

regulations. For example, under both regulations, financial

institutions, in certain circumstances, must deliver notices to

consumers and to provide consumers an opportunity to opt out of certain

information disclosures. This proposed rule would allow financial

institutions to combine into one notice the notice they must deliver

under FCRA and the notice that they must deliver under the privacy

regulations. Also, institutions may combine their consumers' opt out

responses into one opt out response. By combining the notices they

deliver and the opt out responses they process, financial institutions

will not need to produce additional notices or to process additional

opt out responses under this rule. Because the proposed rule is

designed to minimize FCRA's burden on financial institutions, and

because the FCRA requirements have been effective since 1997, the OCC

believes that this proposed rule will not have a significant economic

impact on a substantial number of small entities. For these reasons, a

regulatory flexibility analysis is not required.

Board: Pursuant to section 605(b) of the Regulatory Flexibility Act

(5 U.S.C. 601 et seq.), the Board certifies that the proposed rule will

not have a significant economic impact on a substantial number of small

entities. As further discussed below, the proposed rule implements law

that has been in effect for some time, corresponds as much as feasible

to the requirements of the Board's Regulation P, would allow

institutions to combine privacy and FCRA notices to consumers, and

would allow institutions to combine consumers' responses to those

notices. Accordingly, a regulatory flexibility analysis is not

required.

Since 1997, the FCRA has provided that the term ``consumer report''

does not include any communication of other information (meaning

information that is not transaction or experience information) among

persons related by common ownership or affiliated by corporate control,

if it is clearly and conspicuously disclosed to the consumer that the

information may be communicated among such persons and the consumer is

given the opportunity, before the time that the information is

initially communicated, to direct that such information not be

communicated among such persons. The proposed regulations would

implement this provision and would provide guidance to certain Board-

regulated institutions on how to comply, but would not substantively

change existing law. No new type of disclosure or opt-out system would

be required. While existing forms may need to be modified, these

modifications are unlikely to result in a significant economic impact

on a substantial number of small entities.

Additionally, the proposed rule is designed to correspond as much

as feasible to the requirements of Regulation P, which governs the

privacy of consumer financial information. Both regulations implement

statutory provisions for the delivery of information-sharing opt out

notices to consumers. The proposed rule would facilitate compliance by

financial institutions with the requirement to provide privacy notices

and the use of opt out notices under the FCRA by allowing the two

notices to be combined

[[Page 63127]]

in a single notice. Similarly, institutions would be allowed to combine

their consumers' opt out responses in a single opt out response. By

choosing to combine the notices they deliver and the opt out responses

they process, financial institutions will not need to produce

additional notices or to process additional opt out responses under

this rule. For these reasons, a regulatory flexibility analysis is not

required.

FDIC: Pursuant to section 605(b) of the Regulatory Flexibility Act

(5 U.S.C. 601 et seq.), the FDIC certifies that the proposed rule will

not have a significant economic impact on a substantial number of small

entities. This conclusion is based on the following facts. The FCRA has

required financial institutions to notify their consumers of the right

to opt out of affiliate sharing of certain information since 1997.

However, prior to the GLBA, the Agencies had no authority to issue

rules to provide financial institutions with guidance to comply with

the FCRA requirements. This proposed rulemaking does not substantively

change the existing statutory requirements, but rather provides

guidance to financial institutions that should minimize any burden

associated with complying with the subject FCRA information sharing

provisions. This proposal requires no new type of disclosure or opt out

system. While existing forms may need to be modified, these

modifications are unlikely to result in a significant economic impact

on a substantial number of small entities. The Agencies have attempted

to minimize any such economic impact by including a sample notice, part

or all of which may be used to facilitate compliance with the notice

requirements.

Further, this proposed rule is designed to be consistent with the

requirements of the regulation governing the privacy of consumer

financial information. Both rules implement statutory requirements for

financial institutions, in certain circumstances, to deliver notices to

consumers and to provide consumers an opportunity to opt out of certain

information disclosures. The Agencies have made the FCRA notice

guidance parallel to the privacy rule requirements, thus facilitating

the delivery of a single notice to consumers. Similarly, institutions

may combine their consumers' opt out responses into one opt out

response. By combining the notices they deliver and the opt out

responses they process, financial institutions will not need to produce

additional notices or to process additional opt out responses under

this rule.

For the above reasons, the FDIC believes that this proposed rule

will not have a significant economic impact on a substantial number of

small entities, and a regulatory flexibility analysis is not required.

OTS: Pursuant to section 605(b) of the Regulatory Flexibility Act

(5 U.S.C. 601 et seq.), the Director of OTS certifies that this

proposed rulemaking would not have a significant economic impact on a

substantial number of small entities. The FCRA has required thrifts to

notify their consumers of the right to opt out of affiliate sharing of

certain information since 1997. However, prior to GLBA, OTS did not

have authority to issue rules to provide thrifts with guidance to

comply with the FCRA. This proposed rulemaking does not substantively

change or add to the existing statutory requirements. It merely

provides thrifts with guidance to help minimize any burden associated

with complying with the FCRA information sharing provisions. This

proposal requires no new type of disclosure or opt out system. While

existing forms may need to be modified, these modifications are

unlikely to result in a significant economic impact on a substantial

number of small entities. The Agencies have attempted to minimize any

such economic impact by including a sample notice, part or all of which

thrifts may use to facilitate the notice requirements.

Further, this proposed rule is designed to be consistent with the

requirements of the regulation governing the privacy of consumer

financial information, 12 CFR part 573. Both rules implement statutory

requirements for financial institutions, in certain circumstances, to

deliver notices to consumers and to provide consumers an opportunity to

opt out of certain information disclosures. The Agencies have made the

FCRA notice guidance parallel to the privacy rule requirements, thus

facilitating the delivery of a single notice to consumers. Similarly,

institutions may combine a consumer's opt out responses into one opt

out response. By combining the notices they deliver and the opt out

responses they process, financial institutions will not need to produce

additional notices or to process additional opt out responses under

this rule. For these reasons, a regulatory flexibility analysis is not

required.

OCC and OTS Executive Order 12866 Determination

The OCC and OTS each has determined that its portion of the

proposed rulemaking is not a significant regulatory action under

Executive Order 12866.

OCC and OTS Unfunded Mandates Reform Act of 1995 Determination

Section 202 of the Unfunded Mandates Reform Act of 1995, 2 U.S.C.

1532 (Unfunded Mandates Act) requires that an agency prepare a

budgetary impact statement before promulgating a rule that includes a

Federal mandate that may result in expenditure by State, local, and

tribal governments, in the aggregate, or by the private sector, of $100

million or more in any one year. If a budgetary impact statement is

required, section 205 of the Unfunded Mandates Act also requires an

agency to identify and consider a reasonable number of regulatory

alternatives before promulgating a rule. The OCC and OTS each has

determined that this proposed rule will not result in expenditures by

State, local, and tribal governments, or by the private sector, of $100

million or more. Accordingly, neither the OCC nor the OTS has prepared

a budgetary impact statement or specifically addressed the regulatory

alternatives considered.

V. Solicitation of Comments on Use of Plain Language

Section 722 of the GLBA requires the Federal banking agencies to

use plain language in all proposed and final rules published after

January 1, 2000. We invite your comments on how to make this proposed

rule easier to understand. For example:

Have we organized the material to suit your needs? If not,

how could this material be better organized?

Are the requirements in the rule clearly stated? If not,

how could the rule be more clearly stated?

Do the regulations contain technical language or jargon

that is not clear? If so, which language requires clarification?

Would a different format (grouping and order of sections,

use of headings, paragraphing) make the regulation easier to

understand? If so, what changes to the format would make the regulation

easier to understand?

Would more, but shorter, sections be better? If so, which

sections should be changed?

What else could we do to make the regulation easier to

understand?

The Agencies solicit comment on whether the inclusion of examples

in the regulation is appropriate. Elevating the fact patterns to safe

harbors in the rule may generate certain problems over time. For

example, changes in technology or practices may ultimately

[[Page 63128]]

impact the fact patterns contained in the examples and require changes

to the regulation. Are there alternative methods to offer illustrative

guidance of the concepts portrayed by the examples?

List of Subjects

12 CFR Part 41

Banks, banking, Credit, National banks, Reporting and recordkeeping

requirements.

12 CFR Part 222

Banks, banking, Credit, Federal Reserve System, Reporting and

recordkeeping requirements, State member banks.

12 CFR Part 334

Banks, banking, Credit, Reporting and recordkeeping requirements.

12 CFR Part 571

Credit, Privacy, Reporting and recordkeeping requirements, Savings

associations.

Office of the Comptroller of the Currency

12 CFR Chapter I

Authority and Issuance

For the reasons set forth in the joint preamble, the OCC proposes

to amend chapter I of title 12 of the Code of Federal Regulations by

adding a new part 41 to read as follows:

PART 41--FAIR CREDIT REPORTING

Sec.

41.1 Purpose and scope.

41.2 Examples.

41.3 Definitions.

41.4 Communication of opt out information to affiliates.

41.5 Contents of opt out notice.

41.6 Reasonable opportunity to opt out.

41.7 Reasonable means of opting out.

41.8 Delivery of opt out notices.

41.9 Revised opt out notice.

41.10 Time by which opt out must be honored.

41.11 Duration of opt out.

41.12 Prohibition against discrimination.

Appendix A to Part 41--Sample Notice

Authority: 12 U.S.C. 93a; 15 U.S.C. 1681s.

Sec. 41.1 Purpose and scope.

(a) Purpose. This part governs the collection, communication, and

use, by the institutions listed in paragraph (b)(2) of this section, of

certain information bearing on a consumer's credit worthiness, credit

standing, credit capacity, character, general reputation, personal

characteristics, or mode of living.

(b) Scope. (1) Information covered. This part applies to

information that is used or expected to be used or collected in whole

or in part for the purpose of serving as a factor in establishing a

consumer's eligibility for credit, insurance, employment, or any other

purpose authorized under section 604 of the Fair Credit Reporting Act

(15 U.S.C. 1681b).

(2) Institutions covered. This part applies to national banks, and

Federal branches and Federal agencies of foreign banks (collectively

referred to as ``bank'').

(3) Relation to other laws. Nothing in this part modifies, limits,

or supersedes the standards governing the privacy of individually

identifiable health information promulgated by the Secretary of Health

and Human Services under the authority of sections 262 and 264 of the

Health Insurance Portability and Accountability Act of 1996 (42 U.S.C.

1320d-1320d-8).

Sec. 41.2 Examples.

The examples used in this part and the sample notice in appendix A

to this part are not exclusive. Compliance with an example or use of

the sample notice, to the extent applicable, constitutes compliance

with this part.

Sec. 41.3 Definitions.

As used in this part, unless the context requires otherwise:

(a) Act means the Fair Credit Reporting Act (15 U.S.C. 1681 et

seq.).

(b) Affiliate. (1) In general. The term means any company that is

related or affiliated by common ownership, or affiliated by corporate

control or common corporate control, with another company.

(2) Related or affiliated by common ownership or affiliated by

corporate control or common corporate control. This means controlling,

controlled by, or under common control with, another company.

(c) Clear and conspicuous. (1) In general. The term means that a

notice is reasonably understandable and is designed to call attention

to the nature and significance of the information it contains.

(2) Examples. (i) Reasonably understandable. A bank makes its

notice reasonably understandable if it:

(A) Presents the information in the notice in clear and concise

sentences, paragraphs, and sections;

(B) Uses short explanatory sentences or bullet lists whenever

possible;

(C) Uses definite, concrete, everyday words and active voice

whenever possible;

(D) Avoids multiple negatives;

(E) Avoids legal and highly technical business terminology whenever

possible; and

(F) Avoids explanations that are imprecise and are readily subject

to different interpretations.

(ii) Designed to call attention. A bank designs its notice to call

attention to the nature and significance of the information it contains

if it:

(A) Uses a plain-language heading to call attention to the notice;

(B) Uses a typeface and type size that are easy to read;

(C) Provides wide margins and ample line spacing;

(D) Uses boldface or italics for key words; and

(E) In a form that combines the bank's notice with other

information, uses distinctive type sizes, styles, and graphic devices,

such as shading or sidebars.

(iii) Notice on a web page. If a bank provides a notice on a web

page, the bank designs its notice to call attention to the nature and

significance of the information it contains if the bank:

(A) Places either the notice, or a link that connects directly to

the notice and that is labeled appropriately to convey the importance,

nature, and relevance of the notice, on a page that consumers access

often, such as a page on which transactions are conducted;

(B) Uses text or visual cues to encourage scrolling down the page

if necessary to view the entire notice; and

(C) Ensures that other elements on the web page (such as text,

graphics, links, or sound) do not detract attention from the notice.

(d) Communication includes written, oral, and electronic

communication; provided that the term includes electronic communication

to a consumer only if the consumer agrees to receive the communication

electronically.

(e) Company means any corporation, limited liability company,

business trust, general or limited partnership, association, or similar

organization.

(f) Consumer means an individual.

(g) Consumer report. (1) In general. The term means any written,

oral, or other communication of any information by a consumer reporting

agency bearing on a consumer's credit worthiness, credit standing,

credit capacity, character, general reputation, personal

characteristics, or mode of living which is used or expected to be used

or collected in whole or in part for the purpose of serving as a factor

in establishing the consumer's eligibility for:

(i) Credit or insurance to be used primarily for personal, family,

or household purposes;

(ii) Employment purposes; or

[[Page 63129]]

(iii) Any other purpose authorized under section 604 of the Act (15

U.S.C. 1681b).

(2) Exclusions. The term does not include:

(i) Any report containing information solely as to transactions or

experiences between the consumer and the person making the report;

(ii) Any communication of that information among affiliates;

(iii) Any communication among affiliates of opt out information if

the conditions in Secs. 41.4 through 41.9 are satisfied;

(iv) Any authorization or approval of a specific extension of

credit directly or indirectly by the issuer of a credit card or similar

device;

(v) Any report in which a person who has been requested by a third

party to make a specific extension of credit directly or indirectly to

a consumer conveys his or her decision with respect to such request, if

the third party advises the consumer of the name and address of the

person to whom the request was made, and the person makes the

disclosures to the consumer required under section 615 of the Act (15

U.S.C. 1681m); or

(vi) A communication described in section 603(o) of the Act (15

U.S.C. 1681a(o)).

(h) Consumer reporting agency means any person which, for monetary

fees, dues or on a cooperative nonprofit basis, regularly engages in

whole or in part in the practice of assembling or evaluating consumer

credit information or other information on consumers for the purpose of

furnishing consumer reports to third parties, and which uses any means

or facility of interstate commerce for the purpose of preparing or

furnishing consumer reports.

(i) Control of a company means:

(1) Ownership, control, or power to vote 25 percent or more of the

outstanding shares of any class of voting security of the company,

directly or indirectly, or acting through one or more other persons;

(2) Control in any manner over the election of a majority of the

directors, trustees, or general partners (or individuals exercising

similar functions) of the company; or

(3) The power to exercise, directly or indirectly, a controlling

influence over the management or policies of the company, as the Office

of the Comptroller of the Currency determines.

(j) Opt out means a direction by a consumer that a bank not

communicate opt out information about the consumer to one or more of

its affiliates.

(k) Opt out information means information that:

(1) Bears on a consumer's credit worthiness, credit standing,

credit capacity, character, general reputation, personal

characteristics, or mode of living;

(2) Is used or expected to be used or collected in whole or in part

to serve as a factor in establishing the consumer's eligibility for

credit or another purpose listed in section 604 of the Act (15 U.S.C.

1681b); and

(3) Is not a report containing information solely as to

transactions or experiences between the consumer and the person

reporting or communicating the information.

(l) Person means any individual, partnership, corporation, trust,

estate, cooperative, association, government or governmental

subdivision or agency, or other entity.

Sec. 41.4 Communication of opt out information to affiliates.

A bank's communication to its affiliates of opt out information

about a consumer is not a consumer report if:

(a) The bank has provided the consumer with an opt out notice;

(b) The bank has given the consumer a reasonable opportunity and

means, before the bank communicates the information to its affiliates,

to opt out; and

(c) The consumer has not opted out.

Sec. 41.5 Contents of opt out notice.

(a) In general. An opt out notice must be clear and conspicuous,

and must accurately explain:

(1) The categories of opt out information about the consumer that a

bank communicates to its affiliates;

(2) The categories of affiliates to which the bank communicates the

information;

(3) The consumer's ability to opt out; and

(4) A reasonable means for the consumer to opt out.

(b) Future communications. A bank's notice may describe:

(1) Categories of opt out information about the consumer that the

bank reserves the right to communicate to its affiliates in the future

but does not currently communicate; and

(2) Categories of affiliates to which the bank reserves the right

in the future to communicate, but to which the bank does not currently

communicate, opt out information about the consumer.

(c) Partial opt out. A bank may allow a consumer to select certain

opt out information or certain affiliates, with respect to which the

consumer wishes to opt out.

(d) Examples of categories of information that a bank communicates.

(1) A bank satisfies the requirement to categorize the opt out

information that it communicates if the bank lists the categories in

paragraph (d)(2) of this section, as applicable, and a few examples to

illustrate the types of information in each category. These examples

may include those in paragraph (d)(3) of this section, if applicable.

(2) Categories of opt out information may include information:

(i) From a consumer's application;

(ii) From a consumer credit report;

(iii) Obtained by verifying representations made by a consumer; or

(iv) Provided by another person regarding its employment, credit,

or other relationship with a consumer.

(3) Examples of information within a category listed in paragraph

(d)(2) of this section include a consumer's:

(i) Income;

(ii) Credit score or credit history with others;

(iii) Open lines of credit with others;

(iv) Employment history with others;

(v) Marital status; and

(vi) Medical history.

(4) A bank does not satisfy the requirement if it communicates or

reserves the right to communicate individually identifiable health

information (as described in section 1171(6)(B) of the Social Security

Act (42 U.S.C. 1320d(6)(B)) but omits illustrative examples of this

information.

(e) Examples of categories of affiliates. (1) A bank satisfies the

requirement to categorize the affiliates to which it communicates opt

out information if it lists the categories in paragraph (e)(2) of this

section, as applicable, and a few examples to illustrate the types of

affiliates in each category.

(2) Categories of affiliates may include:

(i) Financial service providers; and

(ii) Non-financial companies.

(f) Sample notice. A sample notice is included in appendix A to

this part.

Sec. 41.6 Reasonable opportunity to opt out.

(a) In general. A bank provides a reasonable opportunity to opt out

if it provides a reasonable period of time following the delivery of

the opt out notice for the consumer to opt out.

(b) Examples of reasonable period of time: (1) In person. A bank

hand-delivers an opt out notice to the consumer and provides at least

30 days from the date it delivered the notice.

(2) By mail. A bank mails an opt out notice to a consumer and

provides at least 30 days from the date it mailed the notice.

(3) By electronic means. A bank notifies the consumer

electronically,

[[Page 63130]]

and it provides at least 30 days after the date that the consumer

acknowledges receipt of the electronic notice.

(c) Continuing opportunity to opt out. A consumer may opt out at

any time.

Sec. 41.7 Reasonable means of opting out.

(a) General rule. A bank provides a consumer with a reasonable

means of opting out if it provides a reasonably convenient method to

opt out.

(b) Reasonably convenient methods. Examples of reasonably

convenient methods include:

(1) Designating check-off boxes in a prominent position on the

relevant forms included with the opt out notice;

(2) Including a reply form together with the opt out notice;

(3) Providing an electronic means to opt out, such as a form that

can be electronically mailed or a process at the bank's web site, if

the consumer agrees to the electronic delivery of information; or

(4) Providing a toll-free telephone number that consumers may call

to opt out.

(c) Methods not reasonably convenient. Examples of methods that are

not reasonably convenient include:

(1) Requiring a consumer to write his or her own letter to a bank;

or

(2) Referring in a revised notice to a check-off box that a bank

included with a previous notice but that the bank does not include with

the revised notice.

(d) Requiring specific means of opting out. A bank may require each

consumer to opt out through a specific means, as long as that means is

reasonable for that consumer.

Sec. 41.8 Delivery of opt out notices.

(a) In general. A bank must deliver an opt out notice so that each

consumer can reasonably be expected to receive actual notice in writing

or, if the consumer agrees, electronically.

(b) Examples of expectation of actual notice. (1) A bank may

reasonably expect that a consumer will receive actual notice if it:

(i) Hand-delivers a printed copy of the notice to the consumer;

(ii) Mails a printed copy of the notice to the last known mailing

address of the consumer; or

(iii) For the consumer who conducts transactions electronically,

posts the notice on its electronic site and requires the consumer to

acknowledge receipt of the notice as a necessary step to obtaining a

particular product or service;

(2) A bank may not reasonably expect that a consumer will receive

actual notice if it:

(i) Only posts a sign in its branch or office or generally

publishes advertisements presenting its notice; or (ii) Sends the

notice via electronic mail to a consumer who does not obtain a product

or service from the bank electronically.

(c) Oral description insufficient. A bank may not provide an opt

out notice solely by orally explaining the notice, either in person or

over the telephone.

(d) Retention or accessibility. (1) In general. A bank must provide

an opt out notice so that it can be retained or obtained at a later

time by the consumer in writing or, if the consumer agrees,

electronically.

(2) Examples of retention or accessibility. A bank provides the

notice so that it can be retained or obtained at a later time if the

bank:

(i) Hand-delivers a printed copy of the notice to the consumer;

(ii) Mails a printed copy of the notice to the last known address

of the consumer upon request of the consumer; or

(iii) Makes the bank's current notice available on a web site (or a

link to another web site) for the consumer who obtains a product or

service electronically and who agrees to receive the notice at the web

site.

(e) Joint notice with affiliates. A bank may provide a joint notice

with one or more affiliates as long as the notice identifies each

person providing it and is accurate with respect to each.

(f) Joint relationships. (1) In general. Notwithstanding any other

provision in this part, if two or more consumers jointly obtain a

product or service from a bank (joint consumers), the following rules

apply:

(i) The bank may provide a single notice to all of the joint

consumers.

(ii) Any of the joint consumers has the opportunity to opt out.

(iii) The bank may treat an opt out direction by a joint consumer

either as:

(A) Applying to all of the joint consumers; or

(B) Applying to that particular joint consumer.

(iv) The bank must explain in its opt out notice which of the two

policies set forth in paragraph (f)(1)(iii) of this section it will

follow.

(v) If the bank follows the policy set forth in paragraph

(f)(1)(iii)(B) of this section, by treating the opt out of a joint

consumer as applying to that particular joint consumer, the bank must

also permit:

(A) A joint consumer to opt out on behalf of other joint consumers;

and

(B) One or more joint consumers to notify the bank of their opt out

directions in a single response.

(vi) A bank may not require all joint consumers to opt out before

it implements any opt out direction.

(vii) If a bank receives an opt out by a particular joint consumer

that does not apply to the others, the bank may disclose information

about the others as long as no information is disclosed about the

consumer who opted out.

(2) Example. If consumers A and B, who have different addresses,

have a joint checking account with a bank and arrange for the bank to

send statements to A's address, the bank may do any of the following,

but it must explain in its opt out notice which opt out policy the bank

will follow. The bank may send a single opt out notice to A's address

and:

(i) Treat an opt out direction by A as applying to the entire

account. If the bank does so and A opts out, the bank may not require B

to opt out as well before implementing A's opt out direction.

(ii) Treat A's opt out direction as applying to A only. If the bank

does so, it must also permit:

(A) A and B to opt out for each other; and

(B) A and B to notify the bank of their opt out directions in a

single response (such as on a single form) if they choose to give

separate opt out directions.

(iii) If A opts out only for A, and B does not opt out, the bank

may disclose opt out information only about B, and not about A and B

jointly.

Sec. 41.9 Revised opt out notice.

If a bank has provided a consumer with one or more opt out notices

and plans to communicate opt out information to its affiliates about

the consumer other than as described in those notices, the bank must

provide the consumer with a revised opt out notice that complies with

Secs. 41.4 through 41.8.

Sec. 41.10 Time by which opt out must be honored.

If a bank provides a consumer with an opt out notice and the

consumer opts out, the bank must comply with the opt out as soon as

reasonably practicable after the bank receives it.

Sec. 41.11 Duration of opt out.

An opt out remains effective until revoked by the consumer in

writing or electronically, as long as the consumer continues to have a

relationship with the bank. If the consumer's relationship with the

bank terminates, the opt out will continue to apply to this

information. However, a new notice and opportunity to opt out must be

provided if the consumer establishes a new relationship with the bank.

Sec. 41.12 Prohibition against discrimination.

(a) In general. If a consumer is an applicant for credit, a bank

must not discriminate against the consumer if the

[[Page 63131]]

consumer opts out of the bank's communication of opt out information to

it affiliates.

(b) Examples of discrimination against an applicant. A bank

discriminates against an applicant if it:

(1) Denies the applicant credit because the applicant opts out;

(2) Varies the terms of credit adversely to the applicant such as

by providing less favorable pricing terms to an applicant who opts out;

or

(3) Applies more stringent credit underwriting standards to the

applicant because the applicant opts out.

(c) Regulation B. The terms ``applicant'' and ``discriminate

against'' in Sec. 41.12 have the same meanings ascribed to them in 12

CFR part 202.

Appendix A to Part 41--Sample Notice

This appendix contains a sample notice to facilitate compliance

with the notice requirements of this part. An institution may use

applicable disclosures in this sample to provide notices required by

this part.

Notice of Your Opportunity To Opt Out of Information Sharing With

Companies in Our Corporate Family

Information We Can Share With Our Corporate Family About You--

Unless You Tell Us Not to

What Information: Unless you tell us not to, [Financial

Institution] may share with companies in our corporate family

information about you including:

Information we obtain from your application, such as

[provide illustrative examples, such as ``your income'' or ``your

marital status''];

Information we obtain from a consumer report, such as

[provide illustrative examples, such as ``your credit score or

credit history''];

Information we obtain to verify representations made by

you, such as [provide illustrative examples, such as ``your open

lines of credit'']; and

Information we obtain from a person regarding its

employment, credit, or other relationship with you, such as [provide

illustrative examples, such as ``your employment history''].

Shared With Whom: Companies in our corporate family who may

receive this information are:

Financial service providers, such as [provide

illustrative examples, such as ``mortgage bankers, broker-dealers,

and insurance agents'']; and

Non-financial companies, such as [provide illustrative

examples, such as ``retailers, direct marketers, airlines, and

publishers''].

How To Tell Us Not To Share This Information With Our Corporate

Family

If you prefer that we not share this information with companies

in our corporate family, you may direct us not to share this

information by doing the following [insert one or more of the

reasonable means of opting out listed below \1\]: [call us toll free

at {insert toll free number}]; or [visit our web site at {insert web

site address} and {provide further instructions how to use the web

site option}]; or [e-mail us at {insert the e-mail address}]; or

[fill out and tear off the bottom of this sheet and mail to the

following address: {insert address}]; or [check the appropriate box

on the attached form {attach form} and mail to the following

address: {insert address}].

---------------------------------------------------------------------------

\1\ If the financial institution is using its web site or an e-

mail address as the only method by which a consumer may opt out, the

consumer must agree to the electronic delivery of information.

Note: Your direction in this paragraph covers certain

information about you that we might otherwise share with our

corporate family. We may share other information about you with our

---------------------------------------------------------------------------

corporate family as permitted by law.

Dated: September 22, 2000.

John D. Hawke, Jr.,

Comptroller of the Currency.

Federal Reserve System

12 CFR Chapter II

Authority and Issuance

For the reasons set forth in the joint preamble, chapter II of

title 12 of the Code of Federal Regulations is proposed to be amended

by adding a new part 222 to read as follows:

PART 222 FAIR CREDIT REPORTING (REGULATION V)

Sec.

222.1 Purpose and scope.

222.2 Examples.

222.3 Definitions.

222.4 Communication of opt out information to affiliates.

222.5 Contents of opt out notice.

222.6 Reasonable opportunity to opt out.

222.7 Reasonable means of opting out.

222.8 Delivery of opt out notices.

222.9 Revised opt out notice.

222.10 Time by which opt out must be honored.

222.11 Duration of opt out.

222.12 Prohibition against discrimination.

Appendix A to Part 222--Sample Notice

Authority: 15 U.S.C. 1681s.

Sec. 222.1 Purpose and scope.

(a) Purpose. This part governs the collection, communication, and

use, by the institutions listed in paragraph (b)(2) of this section, of

certain information bearing on a consumer's credit worthiness, credit

standing, credit capacity, character, general reputation, personal

characteristics, or mode of living.

(b) Scope. (1) Information covered. This part applies to

information that is used or expected to be used or collected in whole

or in part for the purpose of serving as a factor in establishing a

consumer's eligibility for credit, insurance, employment, or any other

purpose authorized under section 604 of the Fair Credit Reporting Act

(15 U.S.C. 1681b).

(2) Institutions covered. This part applies to member banks of the

Federal Reserve System (other than national banks), branches and

agencies of foreign banks (other than Federal branches, Federal

agencies, and insured State branches of foreign banks), commercial

lending companies owned or controlled by foreign banks, and

organizations operating under section 25 or 25A of the Federal Reserve

Act (12 U.S.C. 601-604a, 611-631).

(3) Relation to other laws. Nothing in this part modifies, limits,

or supersedes the standards governing the privacy of individually

identifiable health information promulgated by the Secretary of Health

and Human Services under the authority of sections 262 and 264 of the

Health Insurance Portability and Accountability Act of 1996 (42 U.S.C.

1320d-1320d-8).

Sec. 222.2 Examples.

The examples used in this part and the sample notice in appendix A

to this part are not exclusive. Compliance with an example or use of

the sample notice, to the extent applicable, constitutes compliance

with this part.

Sec. 222.3 Definitions.

As used in this part, unless the context requires otherwise:

(a) Act means the Fair Credit Reporting Act (15 U.S.C. 1681 et

seq.).

(b) Affiliate. (1) In general. The term means any company that is

related or affiliated by common ownership, or affiliated by corporate

control or common corporate control, with another company.

(2) Related or affiliated by common ownership or affiliated by

corporate control or common corporate control. This means controlling,

controlled by, or under common control with, another company.

(c) Clear and conspicuous. (1) In general. The term means that a

notice is reasonably understandable and is designed to call attention

to the nature and significance of the information it contains.

(2) Examples. (i) Reasonably understandable. You make your notice

reasonably understandable if you:

(A) Present the information in the notice in clear and concise

sentences, paragraphs, and sections;

(B) Use short explanatory sentences or bullet lists whenever

possible;

[[Page 63132]]

(C) Use definite, concrete, everyday words and active voice

whenever possible;

(D) Avoid multiple negatives;

(E) Avoid legal and highly technical business terminology whenever

possible; and

(F) Avoid explanations that are imprecise and are readily subject

to different interpretations.

(ii) Designed to call attention. You design your notice to call

attention to the nature and significance of the information it contains

if you:

(A) Use a plain-language heading to call attention to the notice;

(B) Use a typeface and type size that are easy to read;

(C) Provide wide margins and ample line spacing;

(D) Use boldface or italics for key words; and

(E) In a form that combines your notice with other information, use

distinctive type sizes, styles, and graphic devices, such as shading or

sidebars.

(iii) Notice on a web page. If you provide a notice on a web page,

you design your notice to call attention to the nature and significance

of the information it contains if you:

(A) Place either the notice, or a link that connects directly to

the notice and that is labeled appropriately to convey the importance,

nature, and relevance of the notice, on a page that consumers access

often, such as a page on which transactions are conducted;

(B) Use text or visual cues to encourage scrolling down the page if

necessary to view the entire notice; and

(C) Ensure that other elements on the web page (such as text,

graphics, links, or sound) do not detract attention from the notice.

(d) Communication includes written, oral, and electronic

communication; provided that the term includes electronic communication

to a consumer only if the consumer agrees to receive the communication

electronically.

(e) Company means any corporation, limited liability company,

business trust, general or limited partnership, association, or similar

organization.

(f) Consumer means an individual.

(g) Consumer report. (1) In general. The term means any written,

oral, or other communication of any information by a consumer reporting

agency bearing on a consumer's credit worthiness, credit standing,

credit capacity, character, general reputation, personal

characteristics, or mode of living which is used or expected to be used

or collected in whole or in part for the purpose of serving as a factor

in establishing the consumer's eligibility for:

(i) Credit or insurance to be used primarily for personal, family,

or household purposes;

(ii) Employment purposes; or

(iii) Any other purpose authorized under section 604 of the Act (15

U.S.C. 1681b).

(2) Exclusions. The term does not include:

(i) Any report containing information solely as to transactions or

experiences between the consumer and the person making the report;

(ii) Any communication of that information among affiliates;

(iii) Any communication among affiliates of opt out information if

the conditions in Secs. 222.4 through 222.9 are satisfied;

(iv) Any authorization or approval of a specific extension of

credit directly or indirectly by the issuer of a credit card or similar

device;

(v) Any report in which a person who has been requested by a third

party to make a specific extension of credit directly or indirectly to

a consumer conveys his or her decision with respect to such request, if

the third party advises the consumer of the name and address of the

person to whom the request was made, and the person makes the

disclosures to the consumer required under section 615 of the Act (15

U.S.C. 1681m); or

(vi) A communication described in section 603(o) of the Act (15

U.S.C. 1681a(o)).

(h) Consumer reporting agency means any person which, for monetary

fees, dues or on a cooperative nonprofit basis, regularly engages in

whole or in part in the practice of assembling or evaluating consumer

credit information or other information on consumers for the purpose of

furnishing consumer reports to third parties, and which uses any means

or facility of interstate commerce for the purpose of preparing or

furnishing consumer reports.

(i) Control of a company means:

(1) Ownership, control, or power to vote 25 percent or more of the

outstanding shares of any class of voting security of the company,

directly or indirectly, or acting through one or more other persons;

(2) Control in any manner over the election of a majority of the

directors, trustees, or general partners (or individuals exercising

similar functions) of the company;

(3) The power to exercise, directly or indirectly, a controlling

influence over the management or policies of the company, as the Board

determines.

(j) Opt out means a direction by a consumer that you not

communicate opt out information about the consumer to one or more of

your affiliates.

(k) Opt out information means information that:

(1) Bears on a consumer's credit worthiness, credit standing,

credit capacity, character, general reputation, personal

characteristics, or mode of living;

(2) Is used or expected to be used or collected in whole or in part

to serve as a factor in establishing the consumer's eligibility for

credit or another purpose listed in section 604 of the Act (15 U.S.C.

1681b); and

(3) Is not a report containing information solely as to

transactions or experiences between the consumer and the person

reporting or communicating the information.

(1) Person means any individual, partnership, corporation, trust,

estate, cooperative, association, government or governmental

subdivision or agency, or other entity.

(m) You means a member bank of the Federal Reserve System (other

than a national bank), a branch or agency of a foreign bank (other than

a Federal branch, Federal agency, or insured State branch of a foreign

bank), a commercial lending company owned or controlled by a foreign

bank, or an organization operating under section 25 or 25A of the

Federal Reserve Act (12 U.S.C. 601-604a, 611-631).

Sec. 222.4 Communication of opt out information to affiliates.

Your communication to your affiliates of opt out information about

a consumer is not a consumer report if:

(a) You have provided the consumer with an opt out notice;

(b) You have given the consumer a reasonable opportunity and means,

before you communicate the information to your affiliates, to opt out;

and

(c) The consumer has not opted out.

Sec. 222.5 Contents of opt out notice.

(a) In general. An opt out notice must be clear and conspicuous,

and must accurately explain:

(1) The categories of opt out information about the consumer that

you communicate to your affiliates;

(2) The categories of affiliates to which you communicate the

information;

(3) The consumer's ability to opt out; and

(4) A reasonable means for the consumer to opt out.

(b) Future communications. Your notice may describe:

(1) Categories of opt out information about the consumer that you

reserve the

[[Page 63133]]

right to communicate to your affiliates in the future but do not

currently communicate; and

(2) Categories of affiliates to which you reserve the right in the

future to communicate, but to which you do not currently communicate,

opt out information about the consumer.

(c) Partial opt out. You may allow a consumer to select certain opt

out information or certain affiliates, with respect to which the

consumer wishes to opt out.

(d) Examples of categories of information that you communicate. (1)

You satisfy the requirement to categorize the opt out information that

you communicate if you list the categories in paragraph (d)(2) of this

section, as applicable, and a few examples to illustrate the types of

information in each category. These examples may include those in

paragraph (d)(3) of this section, if applicable.

(2) Categories of opt out information may include information:

(i) From a consumer's application;

(ii) From a consumer credit report;

(iii) Obtained by verifying representations made by a consumer; or

(iv) Provided by another person regarding its employment, credit,

or other relationship with a consumer.

(3) Examples of information within a category listed in paragraph

(d)(2) of this section include a consumer's:

(i) Income;

(ii) Credit score or credit history with others;

(iii) Open lines of credit with others;

(iv) Employment history with others;

(v) Marital status; and

(vi) Medical history.

(4) You do not satisfy the requirement if you communicate or

reserve the right to communicate individually identifiable health

information (as described in section 1171(6)(B) of the Social Security

Act (42 U.S.C. 1320d(6)(B)) but omit illustrative examples of this

information.

(e) Examples of categories of affiliates. (1) You satisfy the

requirement to categorize the affiliates to which you communicate opt

out information if you list the categories in paragraph (e)(2) of this

section, as applicable, and a few examples to illustrate the types of

affiliates in each category.

(2) Categories of affiliates may include:

(i) Financial service providers; and

(ii) Non-financial companies.

(f) Sample notice. A sample notice is included in appendix A to

this part.

Sec. 222.6 Reasonable opportunity to opt out.

(a) In general. You provide a reasonable opportunity to opt out if

you provide a reasonable period of time following the delivery of the

opt out notice for the consumer to opt out.

(b) Examples of reasonable period of time: (1) In person. You hand-

deliver an opt out notice to the consumer and provide at least 30 days

from the date you delivered the notice.

(2) By mail. You mail an opt out notice to a consumer and provide

at least 30 days from the date you mailed the notice.

(3) By electronic means. You notify the consumer electronically,

and you provide at least 30 days after the date that the consumer

acknowledges receipt of the electronic notice.

(c) Continuing opportunity to opt out. A consumer may opt out at

any time.

Sec. 222.7 Reasonable means of opting out.

(a) General rule. You provide a consumer with a reasonable means of

opting out if you provide a reasonably convenient method to opt out.

(b) Reasonably convenient methods. Examples of reasonably

convenient methods include:

(1) Designating check-off boxes in a prominent position on the

relevant forms included with the opt out notice;

(2) Including a reply form together with the opt out notice;

(3) Providing an electronic means to opt out, such as a form that

can be electronically mailed or a process at your web site, if the

consumer agrees to the electronic delivery of information; or

(4) Providing a toll-free telephone number that consumers may call

to opt out.

(c) Methods not reasonably convenient. Examples of methods that are

not reasonably convenient include:

(1) Requiring a consumer to write his or her own letter to you; or

(2) Referring in a revised notice to a check-off box that you

included with a previous notice but that you do not include with the

revised notice.

(d) Requiring specific means of opting out. You may require each

consumer to opt out through a specific means, as long as that means is

reasonable for that consumer.

Sec. 222.8 Delivery of opt out notices.

(a) In general. You must deliver an opt out notice so that each

consumer can reasonably be expected to receive actual notice in writing

or, if the consumer agrees, electronically.

(b) Examples of expectation of actual notice. (1) You may

reasonably expect that a consumer will receive actual notice if you:

(i) Hand-deliver a printed copy of the notice to the consumer;

(ii) Mail a printed copy of the notice to the last known mailing

address of the consumer; or

(iii) For the consumer who conducts transactions electronically,

post the notice on your electronic site and require the consumer to

acknowledge receipt of the notice as a necessary step to obtaining a

particular product or service;

(2) You may not reasonably expect that a consumer will receive

actual notice if you:

(i) Only post a sign in your branch or office or generally publish

advertisements presenting your notice; or

(ii) Send the notice via electronic mail to a consumer who does not

obtain a product or service from you electronically.

(c) Oral description insufficient. You may not provide an opt out

notice solely by orally explaining the notice, either in person or over

the telephone.

(d) Retention or accessibility. (1) In general. You must provide an

opt out notice so that it can be retained or obtained at a later time

by the consumer in writing or, if the consumer agrees, electronically.

(2) Examples of retention or accessibility. You provide the notice

so that it can be retained or obtained at a later time if you:

(i) Hand-deliver a printed copy of the notice to the consumer;

(ii) Mail a printed copy of the notice to the last known address of

the consumer upon request of the consumer; or

(iii) Make your current notice available on a web site (or a link

to another web site) for the consumer who obtains a product or service

electronically and who agrees to receive the notice at the web site.

(e) Joint notice with affiliates. You may provide a joint notice

with one or more affiliates as long as the notice identifies each

person providing it and is accurate with respect to each.

(f) Joint relationships. (1) In general. Notwithstanding any other

provision in this part, if two or more consumers jointly obtain a

product or service from you (joint consumers), the following rules

apply:

(i) You may provide a single notice to all of the joint consumers.

(ii) Any of the joint consumers has the opportunity to opt out.

(iii) You may treat an opt out direction by a joint consumer either

as:

(A) Applying to all of the joint consumers; or

(B) Applying to that particular joint consumer.

(iv) You must explain in your opt out notice which of the two

policies set

[[Page 63134]]

forth in paragraph (f)(1)(iii) of this section you will follow.

(v) If you follow the policy set forth in paragraph (f)(1)(iii)(B)

of this section, by treating the opt out of a joint consumer as

applying to that particular joint consumer, you must also permit:

(A) A joint consumer to opt out on behalf of other joint consumers;

and

(B) One or more joint consumers to notify you of their opt out

directions in a single response.

(vi) You may not require all joint consumers to opt out before you

implement any opt out direction.

(vii) If you receive an opt out by a particular joint consumer that

does not apply to the others, you may disclose information about the

others as long as no information is disclosed about the consumer who

opted out.

(2) Example. If consumers A and B, who have different addresses,

have a joint checking account with you and arrange for you to send

statements to A's address, you may do any of the following, but you

must explain in your opt out notice which opt out policy you will

follow. You may send a single opt out notice to A's address and:

(i) Treat an opt out direction by A as applying to the entire

account. If you do so and A opts out, you may not require B to opt out

as well before implementing A's opt out direction.

(ii) Treat A's opt out direction as applying to A only. If you do

so, you must also permit:

(A) A and B to opt out for each other; and

(B) A and B to notify you of their opt out directions in a single

response (such as on a single form) if they choose to give separate opt

out directions.

(iii) If A opts out only for A, and B does not opt out, you may

disclose opt out information only about B, and not about A and B

jointly.

Sec. 222.9 Revised opt out notice.

If you have provided a consumer with one or more opt out notices

and plan to communicate opt out information to your affiliates about

the consumer other than as described in those notices, you must provide

the consumer with a revised opt out notice that complies with

Secs. 222.4 through 222.8.

Sec. 222.10 Time by which opt out must be honored.

If you provide a consumer with an opt out notice and the consumer

opts out, you must comply with the opt out as soon as reasonably

practicable after you receive it.

Sec. 222.11 Duration of opt out.

An opt out remains effective until revoked by the consumer in

writing or electronically, as long as the consumer continues to have a

relationship with you. If the consumer's relationship with you

terminates, the opt out will continue to apply to this information.

However, a new notice and opportunity to opt out must be provided if

the consumer establishes a new relationship with you.

Sec. 222.12 Prohibition against discrimination.

(a) In general. If a consumer is an applicant for credit, you must

not discriminate against the consumer if the consumer opts out of your

communication of opt out information to your affiliates.

(b) Examples of discrimination against an applicant. You

discriminate against an applicant if you:

(1) Deny the applicant credit because the applicant opts out;

(2) Vary the terms of credit adversely to the applicant such as by

providing less favorable pricing terms to an applicant who opts out; or

(3) Apply more stringent credit underwriting standards to the

applicant because the applicant opts out.

(c) Regulation B. The terms ``applicant'' and ``discriminate

against'' in Sec. 222.12 have the same meanings ascribed to them in 12

CFR part 202.

Appendix A to Part 222--Sample Notice

This appendix contains a sample notice to facilitate compliance

with the notice requirements of this part. An institution may use

applicable disclosures in this sample to provide notices required by

this part.

Notice of Your Opportunity to Opt Out of Information Sharing With

Companies in Our Corporate Family

Information We Can Share With Our Corporate Family About You--

Unless You Tell Us Not To

What Information: Unless you tell us not to, [Financial

Institution] may share with companies in our Corporate family

information about you including:

Information we obtain from your application, such as

[provide illustrative examples, such as ``your income'' or ``your

marital status''];

Information we obtain from a consumer report, such as

[provide illustrative examples, such as ``your credit score or

credit history''];

Information we obtain to verify representations made by

you, such as [provide illustrative examples, such as ``your open

lines of credit'']; and

Information we obtain from a person regarding its

employment, credit, or other relationship with you, such as [provide

illustrative examples, such as ``your employment history''].

Shared With Whom: Companies in our corporate family who may

receive this information are:

Financial service providers, such as [provide

illustrative examples, such as ``mortgage bankers, broker-dealers,

and insurance agents'']; and

Non-financial companies, such as [provide illustrative

examples, such as ``retailers, direct marketers, airlines, and

publishers''].

How To Tell Us Not To Share This Information With Our Corporate

Family

If you prefer that we not share this information with companies

in our corporate family, you may direct us not to share this

information by doing the following [insert one or more of the

reasonable means of opting out listed below \1\]: [call us toll free

at {insert toll free number}]; or [visit our web site at {insert web

site address} and {provide further instructions how to use the web

site option}]; or [e-mail us at {insert the e-mail address}]; or

[fill out and tear off the bottom of this sheet and mail to the

following address: {insert address}]; or [check the appropriate box

on the attached form {attach form} and mail to the following

address: {insert address}].

\1\ If the financial institution is using its web site or an e-

mail address as the only method by which a consumer may opt out, the

consumer must agree to the electronic delivery of information.

Note: Your direction in this paragraph covers certain

information about you that we might otherwise share with our

corporate family. We may share other information about you with our

---------------------------------------------------------------------------

corporate family as permitted by law.

By order of the Board of Governors of the Federal Reserve

System, October 11, 2000.

Jennifer J. Johnson,

Secretary of the Board.

Federal Deposit Insurance Corporation

12 CFR Chapter III

Authority and Issuance

For the reasons set out in the joint preamble, chapter III of title

12 of the Code of Federal Regulations is proposed to be amended by

adding a new part 334 to read as follows:

PART 334--FAIR CREDIT REPORTING

Sec.

334.1 Purpose and scope.

334.2 Examples.

334.3 Definitions.

334.4 Communication of opt out information to affiliates.

334.5 Contents of opt out notice.

334.6 Reasonable opportunity to opt out.

334.7 Reasonable means of opting out.

334.8 Delivery of opt out notices.

334.9 Revised opt out notice.

334.10 Time by which opt out must be honored.

334.11 Duration of opt out.

334.12 Prohibition against discrimination.

Appendix A to Part 222--Sample Notice

Authority: 15 U.S.C. 1681s; 12 U.S.C. 1819(a)(Tenth).

[[Page 63135]]

Sec. 334.1 Purpose and scope.

(a) Purpose. This part governs the collection, communication, and

use, by the institutions listed in paragraph (b)(2) of this section, of

certain information bearing on a consumer's credit worthiness, credit

standing, credit capacity, character, general reputation, personal

characteristics, or mode of living.

(b) Scope. (1) Information covered. This part applies to

information that is used or expected to be used or collected in whole

or in part for the purpose of serving as a factor in establishing a

consumer's eligibility for credit, insurance, employment, or any other

purpose authorized under section 604 of the Fair Credit Reporting Act

(15 U.S.C. 1681b).

(2) Institutions covered. This part applies to banks insured by the

FDIC (other than members of the Federal Reserve System) and insured

state branches of foreign banks.

(3) Relation to other laws. Nothing in this part modifies, limits,

or supersedes the standards governing the privacy of individually

identifiable health information promulgated by the Secretary of Health

and Human Services under the authority of sections 262 and 264 of the

Health Insurance Portability and Accountability Act of 1996 (42 U.S.C.

1320d-1320d-8).

Sec. 334.2 Examples.

The examples used in this part and the sample notice in appendix A

to this part are not exclusive. Compliance with an example or use of

the sample notice, to the extent applicable, constitutes compliance

with this part.

Sec. 334.3 Definitions.

As used in this part, unless the context requires otherwise:

(a) Act means the Fair Credit Reporting Act (15 U.S.C. 1681 et

seq.).

(b) Affiliate. (1) In general. The term means any company that is

related or affiliated by common ownership, or affiliated by corporate

control or common corporate control, with another company.

(2) Related or affiliated by common ownership or affiliated by

corporate control or common corporate control. This means controlling,

controlled by, or under common control with, another company.

(c) Clear and conspicuous. (1) In general. The term means that a

notice is reasonably understandable and is designed to call attention

to the nature and significance of the information it contains.

(2) Examples. (i) Reasonably understandable. You make your notice

reasonably understandable if you:

(A) Present the information in the notice in clear and concise

sentences, paragraphs, and sections;

(B) Use short explanatory sentences or bullet lists whenever

possible;

(C) Use definite, concrete, everyday words and active voice

whenever possible;

(D) Avoid multiple negatives;

(E) Avoid legal and highly technical business terminology whenever

possible; and

(F) Avoid explanations that are imprecise and are readily subject

to different interpretations.

(ii) Designed to call attention. You design your notice to call

attention to the nature and significance of the information it contains

if you:

(A) Use a plain-language heading to call attention to the notice;

(B) Use a typeface and type size that are easy to read;

(C) Provide wide margins and ample line spacing;

(D) Use boldface or italics for key words; and

(E) In a form that combines your notice with other information, use

distinctive type sizes, styles, and graphic devices, such as shading or

sidebars.

(iii) Notice on a web page. If you provide a notice on a web page,

you design your notice to call attention to the nature and significance

of the information it contains if:

(A) You place either the notice, or a link that connects directly

to the notice and that is labeled appropriately to convey the

importance, nature, and relevance of the notice, on a page that

consumers access often, such as a page on which transactions are

conducted;

(B) You use text or visual cues to encourage scrolling down the

page if necessary to view the entire notice; and

(C) You ensure that other elements on the web page (such as text,

graphics, links, or sound) do not detract attention from the notice.

(d) Communication includes written, oral, and electronic

communication; provided that the term includes electronic communication

to a consumer only if the consumer agrees to receive the communication

electronically.

(e) Company means any corporation, limited liability company,

business trust, general or limited partnership, association, or similar

organization.

(f) Consumer means an individual.

(g) Consumer report. (1) In general. The term means any written,

oral, or other communication of any information by a consumer reporting

agency bearing on a consumer's credit worthiness, credit standing,

credit capacity, character, general reputation, personal

characteristics, or mode of living which is used or expected to be used

or collected in whole or in part for the purpose of serving as a factor

in establishing the consumer's eligibility for:

(i) Credit or insurance to be used primarily for personal, family,

or household purposes;

(ii) Employment purposes; or

(iii) Any other purpose authorized under section 604 of the Act (15

U.S.C. 1681b).

(2) Exclusions. The term does not include:

(i) Any report containing information solely as to transactions or

experiences between the consumer and the person making the report;

(ii) Any communication of that information among affiliates;

(iii) Any communication among affiliates of opt out information if

the conditions in Secs. 334.4 through 334.9 are satisfied;

(iv) Any authorization or approval of a specific extension of

credit directly or indirectly by the issuer of a credit card or similar

device;

(v) Any report in which a person who has been requested by a third

party to make a specific extension of credit directly or indirectly to

a consumer conveys his or her decision with respect to such request, if

the third party advises the consumer of the name and address of the

person to whom the request was made, and the person makes the

disclosures to the consumer required under section 615 of the Act (15

U.S.C. 1681m); or

(vi) A communication described in section 603(o) of the Act (15

U.S.C. 1681a(o)).

(h) Consumer reporting agency means any person which, for monetary

fees, dues or on a cooperative nonprofit basis, regularly engages in

whole or in part in the practice of assembling or evaluating consumer

credit information or other information on consumers for the purpose of

furnishing consumer reports to third parties, and which uses any means

or facility of interstate commerce for the purpose of preparing or

furnishing consumer reports.

(i) Control of a company means:

(1) Ownership, control, or power to vote 25 percent or more of the

outstanding shares of any class of voting security of the company,

directly or indirectly, or acting through one or more other persons;

(2) Control in any manner over the election of a majority of the

directors,

[[Page 63136]]

trustees, or general partners (or individuals exercising similar

functions) of the company; or

(3) The power to exercise, directly or indirectly, a controlling

influence over the management or policies of the company, as the FDIC

determines.

(j) Opt out means a direction by a consumer that you not

communicate opt out information about the consumer to one or more of

your affiliates.

(k) Opt out information means information that:

(1) Bears on a consumer's credit worthiness, credit standing,

credit capacity, character, general reputation, personal

characteristics, or mode of living;

(2) Is used or expected to be used or collected in whole or in part

to serve as a factor in establishing the consumer's eligibility for

credit or another purpose listed in section 604 of the Act (15 U.S.C.

1681b); and

(3) Is not a report containing information solely as to

transactions or experiences between the consumer and the person

reporting or communicating the information.

(l) Person means any individual, partnership, corporation, trust,

estate, cooperative, association, government or governmental

subdivision or agency, or other entity.

(m) You means banks insured by the FDIC (other than members of the

Federal Reserve System) and insured state branches of foreign banks.

Sec. 334.4 Communication of opt out information to affiliates.

Your communication to your affiliates of opt out information about

a consumer is not a consumer report if:

(a) You have provided the consumer with an opt out notice;

(b) You have given the consumer a reasonable opportunity and means,

before you communicate the information to your affiliates, to opt out;

and

(c) The consumer has not opted out.

Sec. 334.5 Contents of opt out notice.

(a) In general. An opt out notice must be clear and conspicuous,

and must accurately explain:

(1) The categories of opt out information about the consumer that

you communicate to your affiliates;

(2) The categories of affiliates to which you communicate the

information;

(3) The consumer's ability to opt out; and

(4) A reasonable means for the consumer to opt out.

(b) Future communications. Your notice may describe:

(1) Categories of opt out information about the consumer that you

reserve the right to communicate to your affiliates in the future but

do not currently communicate; and

(2) Categories of affiliates to which you reserve the right in the

future to communicate, but to which you do not currently communicate,

opt out information about the consumer.

(c) Partial opt out. You may allow a consumer to select certain opt

out information or certain affiliates, with respect to which the

consumer wishes to opt out.

(d) Examples of categories of information that you communicate. (1)

You satisfy the requirement to categorize the opt out information that

you communicate if you list the categories in paragraph (d)(2) of this

section, as applicable, and a few examples to illustrate the types of

information in each category. These examples may include those in

paragraph (d)(3) of this section, if applicable.

(2) Categories of opt out information may include information:

(i) From a consumer's application;

(ii) From a consumer credit report;

(iii) Obtained by verifying representations made by a consumer; and

(iv) Provided by another person regarding its employment, credit,

or other relationship with a consumer.

(3) Examples of information within a category listed in paragraph

(d)(2) of this section include a consumer's:

(i) Income;

(ii) Credit score or credit history with others;

(iii) Open lines of credit with others;

(iv) Employment history with others;

(v) Marital status; and

(vi) Medical history.

(4) You do not satisfy the requirement if you communicate or

reserve the right to communicate individually identifiable health

information (as described in section 1171(6)(B) of the Social Security

Act (42 U.S.C. 1320d(6)(B)) but omit illustrative examples of this

information.

(e) Examples of categories of affiliates. (1) You satisfy the

requirement to categorize the affiliates to which you communicate opt

out information if you list the categories in paragraph (e)(2) of this

section, as applicable, and a few examples to illustrate the types of

affiliates in each category.

(2) Categories of affiliates may include:

(i) Financial service providers; and

(ii) Non-financial companies.

(f) Sample notice. A sample notice is included in appendix A to

this part.

Sec. 334.6 Reasonable opportunity to opt out.

(a) In general. You provide a reasonable opportunity to opt out if

you provide a reasonable period of time following the delivery of the

opt out notice for the consumer to opt out.

(b) Examples of reasonable period of time: (1) In person. You hand-

deliver an opt out notice to the consumer and provide at least 30 days

from the date you delivered the notice.

(2) By mail. You mail an opt out notice to a consumer and provide

at least 30 days from the date you mailed the notice.

(3) By electronic means. You notify the consumer electronically,

and you provide at least 30 days after the date that the consumer

acknowledges receipt of the electronic notice.

(c) Continuing opportunity to opt out. A consumer may opt out at

any time.

Sec. 334.7 Reasonable means of opting out.

(a) General rule. You provide a consumer with a reasonable means of

opting out if you provide a reasonably convenient method to opt out.

(b) Reasonably convenient methods. Examples of reasonably

convenient methods include:

(1) Designating check-off boxes in a prominent position on the

relevant forms included with the opt out notice;

(2) Including a reply form together with the opt out notice;

(3) Providing an electronic means to opt out, such as a form that

can be electronically mailed or a process at your web site, if the

consumer agrees to the electronic delivery of information; or

(4) Providing a toll-free telephone number that consumers may call

to opt out.

(c) Methods not reasonably convenient. Examples of methods that are

not reasonably convenient include:

(1) Requiring a consumer to write his or her own letter to you; or

(2) Referring in a revised notice to a check-off box that you

included with a previous notice but that you do not include with the

revised notice.

(d) Requiring specific means of opting out. You may require each

consumer to opt out through a specific means, as long as that means is

reasonable for that consumer.

Sec. 334.8 Delivery of opt out notices.

(a) In general. You must deliver an opt out notice so that each

consumer can reasonably be expected to receive actual notice in writing

or, if the consumer agrees, electronically.

(b) Examples of expectation of actual notice. (1) You may

reasonably expect that a consumer will receive actual notice if you:

[[Page 63137]]

(i) Hand-deliver a printed copy of the notice to the consumer;

(ii) Mail a printed copy of the notice to the last known mailing

address of the consumer; or

(iii) For the consumer who conducts transactions electronically,

post the notice on your electronic site and require the consumer to

acknowledge receipt of the notice as a necessary step to obtaining a

particular product or service;

(2) You may not reasonably expect that a consumer will receive

actual notice if you:

(i) Only post a sign in your branch or office or generally publish

advertisements presenting your notice; or

(ii) Send the notice via electronic mail to a consumer who does not

obtain a product or service from you electronically.

(c) Oral description insufficient. You may not provide an opt out

notice solely by orally explaining the notice, either in person or over

the telephone.

(d) Retention or accessibility. (1) In general. You must provide an

opt out notice so that it can be retained or obtained at a later time

by the consumer in writing or, if the consumer agrees, electronically.

(2) Examples of retention or accessibility. You provide the notice

so that it can be retained or obtained at a later time if you:

(i) Hand-deliver a printed copy of the notice to the consumer;

(ii) Mail a printed copy of the notice to the last known address of

the consumer upon request of the consumer; or

(iii) Make your current notice available on a web site (or a link

to another web site) for the consumer who obtains a product or service

electronically and who agrees to receive the notice at the web site.

(e) Joint notice with affiliates. You may provide a joint notice

with one or more affiliates as long as the notice identifies each

person providing it and is accurate with respect to each.

(f) Joint relationships. (1) In general. Notwithstanding any other

provision in this part, if two or more consumers jointly obtain a

product or service from you (joint consumers), the following rules

apply:

(i) You may provide a single notice to all of the joint consumers.

(ii) Any of the joint consumers has the opportunity to opt out.

(iii) You may treat an opt out direction by a joint consumer either

as:

(A) Applying to all of the joint consumers; or

(B) Applying to that particular joint consumer.

(iv) You must explain in your opt out notice which of the two

policies set forth in paragraph (f)(1)(iii) of this section you will

follow.

(v) If you follow the policy set forth in paragraph (f)(1)(iii)(B)

of this section, by treating the opt out of a joint consumer as

applying to that particular joint consumer, you must also permit:

(A) A joint consumer to opt out on behalf of other joint consumers;

and

(B) One or more joint consumers to notify you of their opt out

directions in a single response.

(vi) You may not require all joint consumers to opt out before you

implement any opt out direction.

(vii) If you receive an opt out by a particular joint consumer that

does not apply to the others, you may disclose information about the

others as long as no information is disclosed about the consumer who

opted out.

(2) Example. If consumers A and B, who have different addresses,

have a joint checking account with you and arrange for you to send

statements to A's address, you may do any of the following, but you

must explain in your opt out notice which opt out policy you will

follow. You may send a single opt out notice to A's address and:

(i) Treat an opt out direction by A as applying to the entire

account. If you do so and A opts out, you may not require B to opt out

as well before implementing A's opt out direction.

(ii) Treat A's opt out direction as applying to A only. If you do

so, you must also permit:

(A) A and B to opt out for each other; and

(B) A and B to notify you of their opt out directions in a single

response (such as on a single form) if they choose to give separate opt

out directions.

(iii) If A opts out only for A, and B does not opt out, you may

disclose opt out information only about B, and not about A and B

jointly.

Sec. 334.9 Revised opt out notice.

If you have provided a consumer with one or more opt out notices

and plan to communicate opt out information to your affiliates about

the consumer, other than as described in those notices, you must

provide the consumer with a revised opt out notice that complies with

Secs. 334.4 through 334.8.

Sec. 334.10 Time by which opt out must be honored.

If you provide a consumer with an opt out notice and the consumer

opts out, you must comply with the opt out as soon as reasonably

practicable after you receive it.

Sec. 334.11 Duration of opt out.

An opt out remains effective until revoked by the consumer in

writing or electronically, as long as the consumer continues to have a

relationship with the institution. If the consumer's relationship with

the institution terminates, the opt out will continue to apply to this

information. However, a new notice and opportunity to opt out must be

provided if the consumer establishes a new relationship with the

institution.

Sec. 334.12 Prohibition against discrimination.

(a) In general. If a consumer is an applicant for credit, you must

not discriminate against the consumer if the consumer opts out of the

your communication of opt out information to your affiliates.

(b) Examples of discrimination against an applicant. You

discriminate against an applicant if you:

(1) Deny the applicant credit because the applicant opts out;

(2) Vary the terms of credit adversely to the applicant such as by

providing less favorable pricing terms to an applicant who opts out; or

(3) Apply more stringent credit underwriting standards to the

applicant because the applicant opts out.

(c) Regulation B. The terms ``applicant'' and ``discriminate

against'' in Sec. 334.12 have the same meanings ascribed to them in 12

CFR part 202.

Appendix A to Part 334--Sample Notice

This appendix contains a sample notice to facilitate compliance

with the notice requirements of this part. An institution may use

applicable disclosures in this sample to provide notices required by

this part.

Notice of Your Opportunity To Opt Out of Information Sharing With

Companies in Our Corporate Family

Information We Can Share With Our Corporate Family About You--

Unless You Tell Us Not to

What Information: Unless you tell us not to, [Financial

Institution] may share with companies in our corporate family

information about you including:

Information we obtain from your application, such as

[provide illustrative examples, such as ``your income'' or ``your

marital status''];

Information we obtain from a consumer report, such as

[provide illustrative examples, such as ``your credit score or

credit history''];

Information we obtain to verify representations made by

you, such as [provide illustrative examples, such as ``your open

lines of credit'']; and

Information we obtain from a person regarding its

employment, credit, or other relationship with you, such as [provide

[[Page 63138]]

illustrative examples, such as ``your employment history''].

Shared With Whom: Companies in our corporate family who may

receive this information are:

Financial service providers, such as [provide

illustrative examples, such as ``mortgage bankers, broker-dealers,

and insurance agents'']; and

Non-financial companies, such as [provide illustrative

examples, such as ``retailers, direct marketers, airlines, and

publishers''].

How To Tell Us Not To Share This Information With Our Corporate

Family

If you prefer that we not share this information with companies

in our corporate family, you may direct us not to share this

information by doing the following [insert one or more of the

reasonable means of opting out listed below\1\]: [call us toll free

at {insert toll free number}]; or [visit our web site at {insert web

site address} and {provide further instructions how to use the web

site option}]; or [e-mail us at {insert the e-mail address}]; or

[fill out and tear off the bottom of this sheet and mail to the

following address: {insert address}]; or [check the appropriate box

on the attached form {attach form} and mail to the following

address: {insert address}].

---------------------------------------------------------------------------

\1\ If the financial institution is using its web site or an e-

mail address as the only method by which a consumer may opt out, the

consumer must agree to the electronic delivery of information.

Note: Your direction in this paragraph covers certain

information about you that we might otherwise share with our

corporate family. We may share other information about you with our

---------------------------------------------------------------------------

corporate family as permitted by law.

By order of the Board of Directors, Federal Deposit Insurance

Corporation.

Dated at Washington, D.C., this 25th day of September, 2000.

Robert E. Feldman,

Executive Secretary.

Office of Thrift Supervision

12 CFR Chapter V

Authority and Issuance

For the reasons set out in the joint preamble, OTS proposes to

amend chapter V of title 12 of the Code of Federal Regulations by

adding a new part 571 to read as follows:

PART 571--FAIR CREDIT REPORTING

Sec.

571.1 Purpose and scope.

571.2 Examples.

571.3 Definitions.

571.4 Communication of opt out information to affiliates.

571.5 Content of opt out notice.

571.6 Reasonable opportunity to opt out.

571.7 Reasonable means of opting out.

571.8 Delivery of opt out notice.

571.9 Revised opt out notice.

571.10 Time by which opt out must be honored.

571.11 Duration of opt out.

571.12 Prohibition against discrimination.

Appendix A to Part 571--Sample Notice

Authority: 12 U.S.C. 1462a, 1463, 1464, 1467a, 1828; 15 U.S.C.

1681s.

Sec. 571.1 Purpose and scope.

(a) Purpose. This part governs the collection, communication, and

use, by the institutions listed in paragraph (b)(2) of this section, of

certain information bearing on a consumer's credit worthiness, credit

standing, credit capacity, character, general reputation, personal

characteristics, or mode of living.

(b) Scope. (1) Information covered. This part applies to

information that is used or expected to be used or collected in whole

or in part for the purpose of serving as a factor in establishing a

consumer's eligibility for credit, insurance, employment, or any other

purpose authorized under section 604 of the Fair Credit Reporting Act

(15 U.S.C. 1681b).

(2) Institutions covered. This part applies to savings associations

whose deposits are insured by the Federal Deposit Insurance

Corporation.

(3) Relation to other laws. Nothing in this part modifies, limits,

or supersedes the standards governing the privacy of individually

identifiable health information promulgated by the Secretary of Health

and Human Services under the authority of sections 262 and 264 of the

Health Insurance Portability and Accountability Act of 1996 (42 U.S.C.

1320d-1320d-8).

Sec. 571.2 Examples.

The examples used in this part and the model form in appendix A to

this part are not exclusive. Compliance with an example or use of the

sample notice, to the extent applicable, constitutes compliance with

this part.

Sec. 571.3 Definitions.

As used in this part, unless the context requires otherwise:

(a) Act means the Fair Credit Reporting Act (15 U.S.C. 1681 et

seq.).

(b) Affiliate. (1) In general. The term means any company that is

related or affiliated by common ownership, or affiliated by corporate

control or common corporate control, with another company.

(2) Related or affiliated by common ownership or affiliated by

corporate control or common corporate control. This means controlling,

controlled by, or under common control with, another company.

(c) Clear and conspicuous. (1) In general. The term means that a

notice is reasonably understandable and is designed to call attention

to the nature and significance of the information it contains.

(2) Examples. (i) Reasonably understandable. You make your notice

reasonably understandable if you:

(A) Present the information in the notice in clear and concise

sentences, paragraphs, and sections;

(B) Use short explanatory sentences or bullet lists whenever

possible;

(C) Use definite, concrete, everyday words and active voice

whenever possible;

(D) Avoid multiple negatives;

(E) Avoid legal and highly technical business terminology whenever

possible; and

(F) Avoid explanations that are imprecise and are readily subject

to different interpretations.

(ii) Designed to call attention. You design your notice to call

attention to the nature and significance of the information it contains

if you:

(A) Use a plain-language heading to call attention to the notice;

(B) Use a typeface and type size that are easy to read;

(C) Provide wide margins and ample line spacing;

(D) Use boldface or italics for key words; and

(E) In a form that combines your notice with other information, use

distinctive type sizes, styles, and graphic devices, such as shading or

sidebars.

(iii) Notice on a web page. If you provide a notice on a web page,

you design your notice to call attention to the nature and significance

of the information it contains if:

(A) You place either the notice, or a link that connects directly

to the notice and that is labeled appropriately to convey the

importance, nature, and relevance of the notice, on a page that

consumers access often, such as a page on which transactions are

conducted;

(B) You use text or visual cues to encourage scrolling down the

page if necessary to view the entire notice; and

(C) You ensure that other elements on the web page (such as text,

graphics, links, or sound) do not detract attention from the notice.

(d) Communication includes written, oral, and electronic

communication; provided that the term includes electronic communication

to a consumer only if the consumer agrees to receive the communication

electronically.

(e) Company means any corporation, limited liability company,

business

[[Page 63139]]

trust, general or limited partnership, association, or similar

organization.

(f) Consumer means an individual.

(g) Consumer report. (1) In general. The term means any written,

oral, or other communication of any information by a consumer reporting

agency bearing on a consumer's credit worthiness, credit standing,

credit capacity, character, general reputation, personal

characteristics, or mode of living which is used or expected to be used

or collected in whole or in part for the purpose of serving as a factor

in establishing the consumer's eligibility for:

(i) Credit or insurance to be used primarily for personal, family,

or household purposes;

(ii) Employment purposes; or

(iii) Any other purpose authorized under section 604 of the Act (15

U.S.C. 1681b).

(2) Exclusions. The term does not include:

(i) Any report containing information solely as to transactions or

experiences between the consumer and the person making the report;

(ii) Any communication of that information among affiliates;

(iii) Any communication among affiliates of opt out information if

the conditions in Secs. 571.4 through 571.9 are satisfied;

(iv) Any authorization or approval of a specific extension of

credit directly or indirectly by the issuer of a credit card or similar

device;

(v) Any report in which a person who has been requested by a third

party to make a specific extension of credit directly or indirectly to

a consumer conveys his or her decision with respect to such request, if

the third party advises the consumer of the name and address of the

person to whom the request was made, and the person makes the

disclosures to the consumer required under section 615 of the Act (15

U.S.C. 1681m); or

(vi) A communication described in section 603(o) of the Act (15

U.S.C. 1681a(o)).

(h) Consumer reporting agency means any person which, for monetary

fees, dues or on a cooperative nonprofit basis, regularly engages in

whole or in part in the practice of assembling or evaluating consumer

credit information or other information on consumers for the purpose of

furnishing consumer reports to third parties, and which uses any means

or facility of interstate commerce for the purpose of preparing or

furnishing consumer reports.

(i) Control of a company means:

(1) Ownership, control, or power to vote 25 percent or more of the

outstanding shares of any class of voting security of the company,

directly or indirectly, or acting through one or more other persons;

(2) Control in any manner over the election of a majority of the

directors, trustees, or general partners (or individuals exercising

similar functions) of the company; or

(3) The power to exercise, directly or indirectly, a controlling

influence over the management or policies of the company, as OTS

determines.

(j) Opt out means a direction by a consumer that you not

communicate opt out information about the consumer to one or more of

your affiliates.

(k) Opt out information means information that:

(1) Bears on a consumer's credit worthiness, credit standing,

credit capacity, character, general reputation, personal

characteristics, or mode of living;

(2) Is used or expected to be used or collected in whole or in part

to serve as a factor in establishing the consumer's eligibility for

credit or another purpose listed in section 604 of the Act (15 U.S.C.

1681b); and

(3) Is not a report containing information solely as to

transactions or experiences between the consumer and the person

reporting or communicating the information.

(l) Person means any individual, partnership, corporation, trust,

estate, cooperative, association, government or governmental

subdivision or agency, or other entity.

(m) You means savings associations whose deposits are insured by

the Federal Deposit Insurance Corporation.

Sec. 571.4 Communication of opt out information to affiliates.

Your communication to your affiliates of opt out information about

a consumer is not a consumer report if:

(a) You have provided the consumer with an opt out notice;

(b) You have given the consumer a reasonable opportunity and means,

before you communicate the information to your affiliates, to opt out;

and

(c) The consumer has not opted out.

Sec. 571.5 Content of opt out notice.

(a) In general. An opt out notice must be clear and conspicuous,

and must accurately explain:

(1) The categories of opt out information about the consumer that

you communicate to your affiliates;

(2) The categories of affiliates to which you communicate the

information;

(3) The consumer's ability to opt out; and

(4) A reasonable means for the consumer to opt out.

(b) Future communications. Your notice may describe:

(1) Categories of opt out information about the consumer that you

reserve the right to communicate to your affiliates in the future but

do not currently communicate; and

(2) Categories of affiliates to which you reserve the right in the

future to communicate, but to which you do not currently communicate,

opt out information about the consumer.

(c) Partial opt out. You may allow a consumer to select certain opt

out information or certain affiliates, with respect to which the

consumer wishes to opt out.

(d) Examples of categories of information that you communicate. (1)

You satisfy the requirement to categorize the opt out information that

you communicate if you list the categories in paragraph (d)(2) of this

section, as applicable, and a few examples to illustrate the types of

information in each category. These examples may include those in

paragraph (d)(3) of this section, if applicable.

(2) Categories of opt out information may include information:

(i) From a consumer's application;

(ii) From a consumer credit report;

(iii) Obtained by verifying representations made by a consumer; or

(iv) Provided by another person regarding its employment, credit,

or other relationship with a consumer.

(3) Examples of information within a category listed in paragraph

(d)(2) of this section include a consumer's:

(i) Income;

(ii) Credit score or credit history with others;

(iii) Open lines of credit with others;

(iv) Employment history with others;

(v) Marital status; and

(vi) Medical history.

(4) You do not satisfy the requirement if you communicate or

reserve the right to communicate individually identifiable health

information (as described in section 1171(6)(B) of the Social Security

Act (42 U.S.C. 1320d(6)(B)) but omit illustrative examples of this

information.

(e) Examples of categories of affiliates. (1) You satisfy the

requirement to categorize the affiliates to which you communicate opt

out information if you list the categories in paragraph (e)(2) of this

section, as applicable, and a few examples to illustrate the types of

affiliates in each category.

(2) Categories of affiliates may include:

(i) Financial service providers; and

[[Page 63140]]

(ii) Non-financial companies.

(f) Sample notice. A sample notice is included in appendix A to

this part.

Sec. 571.6 Reasonable opportunity to opt out.

(a) In general. You provide a reasonable opportunity to opt out if

you provide a reasonable period of time following the delivery of the

opt out notice for the consumer to opt out.

(b) Examples of reasonable period of time: (1) In person. You hand-

deliver an opt out notice to the consumer and provide at least 30 days

from the date you delivered the notice.

(2) By mail. You mail an opt out notice to a consumer and provide

at least 30 days from the date you mailed the notice.

(3) By electronic means. You notify the consumer electronically,

and you provide at least 30 days after the date that the consumer

acknowledges receipt of the electronic notice.

(c) Continuing opportunity to opt out. A consumer may opt out at

any time.

Sec. 571.7 Reasonable means of opting out.

(a) General rule. You provide a consumer with a reasonable means of

opting out if you provide a reasonably convenient method to opt out.

(b) Reasonably convenient methods. Examples of reasonably

convenient methods include:

(1) Designating check-off boxes in a prominent position on the

relevant forms included with the opt out notice;

(2) Including a reply form together with the opt out notice;

(3) Providing an electronic means to opt out, such as a form that

can be electronically mailed or a process at your web site, if the

consumer agrees to the electronic delivery of information; or

(4) Providing a toll-free telephone number that consumers may call

to opt out.

(c) Methods that are not reasonably convenient. Examples of methods

that are not reasonably convenient include:

(1) Requiring a consumer to write his or her own letter to you; or

(2) Referring in a revised notice to a check-off box that you

included with a previous notice but that you do not include with the

revised notice.

(d) Requiring specific means of opting out. You may require each

consumer to opt out through a specific means, as long as that means is

reasonable for that consumer.

Sec. 571.8 Delivery of opt out notice.

(a) In general. You must deliver an opt out notice so that each

consumer can reasonably be expected to receive actual notice in writing

or, if the consumer agrees, electronically.

(b) Examples of expectation of actual notice. (1) You may

reasonably expect that a consumer will receive actual notice if you:

(i) Hand-deliver a printed copy of the notice to the consumer;

(ii) Mail a printed copy of the notice to the last known mailing

address of the consumer; or

(iii) For the consumer who conducts transactions electronically,

post the notice on your electronic site and require the consumer to

acknowledge receipt of the notice as a necessary step to obtaining a

particular product or service;

(iv) You may not reasonably expect that a consumer will receive

actual notice if you:

(A) Only post a sign in your branch or office or generally publish

advertisements presenting your notice; or

(B) Send the notice via electronic mail to a consumer who does not

obtain a product or service from you electronically.

(c) Oral description insufficient. You may not provide an opt out

notice solely by orally explaining the notice, either in person or over

the telephone.

(d) Retention or accessibility. (1) In general. You must provide an

opt out notice so that it can be retained or obtained at a later time

by the consumer in writing or, if the consumer agrees, electronically.

(2) Examples of retention or accessibility. You provide the notice

so that it can be retained or obtained at a later time if you:

(i) Hand-deliver a printed copy of the notice to the consumer;

(ii) Mail a printed copy of the notice to the last known address of

the consumer upon request of the consumer; or

(iii) Make your current notice available on a web site (or a link

to another web site) for the consumer who obtains a product or service

electronically and who agrees to receive the notice at the web site.

(e) Joint notice with affiliates. You may provide a joint notice

with one or more affiliates as long as the notice identifies each

person providing it and is accurate with respect to each.

(f) Joint relationships. (1) In general. Notwithstanding any other

provision in this part, if two or more consumers jointly obtain a

product or service from you (joint consumers), the following rules

apply:

(i) You may provide a single notice to all of the joint consumers.

(ii) Any of the joint consumers has the opportunity to opt out.

(iii) You may treat an opt out direction by a joint consumer either

as:

(A) Applying to all of the joint consumers; or

(B) Applying to that particular joint consumer.

(iv) You must explain in your opt out notice which of the two

policies set forth in paragraph (f)(1)(iii) of this section you will

follow.

(v) If you follow the policy set forth in paragraph (f)(1)(iii)(B)

of this section, by treating the opt out of a joint consumer as

applying to that particular joint consumer, you must also permit:

(A) A joint consumer to opt out on behalf of other joint consumers;

and

(B) One or more joint consumers to notify you of their opt out

directions in a single response.

(vi) You may not require all joint consumers to opt out before you

implement any opt out direction.

(vii) If you receive an opt out by a particular joint consumer that

does not apply to the others, you may disclose information about the

others as long as no information is disclosed about the consumer who

opted out.

(2) Example. If consumers A and B, who have different addresses,

have a joint checking account with you and arrange for you to send

statements to A's address, you may do any of the following, but you

must explain in your opt out notice which opt out policy you will

follow. You may send a single opt out notice to A's address and:

(i) Treat an opt out direction by A as applying to the entire

account. If you do so and A opts out, you may not require B to opt out

as well before implementing A's opt out direction.

(ii) Treat A's opt out direction as applying to A only. If you do

so, you must also permit:

(A) A and B to opt out for each other; and

(B) A and B to notify you of their opt out directions in a single

response (such as on a single form) if they choose to give separate opt

out directions.

(iii) If A opts out only for A, and B does not opt out, you may

disclose opt out information only about B, and not about A and B

jointly.

Sec. 571.9 Revised opt out notice.

If you have provided a consumer with one or more opt out notices

and plan to communicate opt out information to your affiliates about

the consumer, other than as described in those notices, you must

provide the consumer with a revised opt out notice that complies with

Secs. 571.4 through 571.8.

Sec. 571.10 Time by which opt out must be honored.

If you provide a consumer with an opt out notice and the consumer

opts out,

[[Page 63141]]

you must comply with the opt out as soon as reasonably practicable

after you receive it.

Sec. 571.11 Duration of opt out.

An opt out remains effective until revoked by the consumer in

writing or electronically, as long as the consumer continues to have a

relationship with the institution. If the consumer's relationship with

the institution terminates, the opt out will continue to apply to this

information. However, a new notice and opportunity to opt out must be

provided if the consumer establishes a new relationship with the

institution.

Sec. 571.12 Prohibition against discrimination.

(a) In general. You must not discriminate against a consumer who is

an applicant for credit because the consumer opts out of your

communication of opt out information to your affiliates.

(b) Examples of discrimination against an applicant. You

discriminate against an applicant if you:

(1) Deny the applicant credit because the applicant opts out;

(2) Vary the terms of credit adversely to the applicant such as by

providing less favorable pricing terms to an applicant who opts out; or

(3) Apply more stringent credit underwriting standards to the

applicant because the applicant opts out.

(c) Regulation B. The terms ``applicant'' and ``discriminate

against'' in this section have the same meanings ascribed to them in 12

CFR part 202.

Appendix A to Part 571--Sample Notice

This appendix contains a sample notice to facilitate compliance

with the notice requirements of this part. An institution may use

applicable disclosures in this sample to provide notices required by

this part.

Notice of Your Opportunity to Opt Out of Information Sharing With

Companies in Our Corporate Family

Information We Can Share With Our Corporate Family About You--

Unless You Tell Us Not to

What Information: Unless you tell us not to, [Financial

Institution] may share with companies in our corporate family

information about you including:

Information we obtain from your application, such as

[provide illustrative examples, such as ``your income'' or ``your

marital status''];

Information we obtain from a consumer report, such as

[provide illustrative examples, such as ``your credit score or

credit history''];

Information we obtain to verify representations made by

you, such as [provide illustrative examples, such as ``your open

lines of credit'']; and

Information we obtain from a person regarding its

employment, credit, or other relationship with you, such as [provide

illustrative examples, such as ``your employment history''].

Shared With Whom: Companies in our corporate family who may

receive this information are:

Financial service providers, such as [provide

illustrative examples, such as ``mortgage bankers, broker-dealers,

and insurance agents'']; and

Non-financial companies, such as [provide illustrative

examples, such as ``retailers, direct marketers, airlines, and

publishers''].

How To Tell Us Not To Share This Information With Our Corporate

Family

If you prefer that we not share this information with companies

in our corporate family, you may direct us not to share this

information by doing the following [insert one or more of the

reasonable means of opting out listed below\1\]: [call us toll free

at {insert toll free number}]; or [visit our web site at {insert web

site address} and {provide further instructions how to use the web

site option}]; or [e-mail us at {insert the e-mail address}]; or

[fill out and tear off the bottom of this sheet and mail to the

following address: {insert address}]; or [check the appropriate box

on the attached form {attach form} and mail to the following

address: {insert address}].

Note: Your direction in this paragraph covers certain

information about you that we might otherwise share with our

corporate family. We may share other information about you with our

corporate family as permitted by law.

\1\ If the financial institution is using its web site or an e-

mail address as the only method by which a consumer may opt out, the

consumer must agree to the electronic delivery of information.

Dated: September 29, 2000.

By the Office of Thrift Supervision.

Ellen Seidman,

Director.

[FR Doc. 00-26601 Filed 10-19-00; 8:45 am]

BILLING CODE 4810-33-P; 6210-01P; 6714-01-P; 6720-01-P

Last Updated10/20/2000 regs@fdic.gov

Last Updated: August 4, 2024