Skip Header

Federal Deposit
Insurance Corporation

Each depositor insured to at least $250,000 per insured bank



Home > Regulation & Examinations > Laws & Regulations > FDIC Federal Register Citations




FDIC Federal Register Citations

[Federal Register: October 20, 2000 (Volume 65, Number 204)]
[Proposed Rules]               
[Page 63119-63141]
From the Federal Register Online via GPO Access [wais.access.gpo.gov]
[DOCID:fr20oc00-24]                         


[[Page 63119]]
   
  
-----------------------------------------------------------------------

Part II


Department of the Treasury

-----------------------------------------------------------------------

Office of the Comptroller of the Currency

-----------------------------------------------------------------------

Office of Thrift Supervision

-----------------------------------------------------------------------

Federal Reserve System

-----------------------------------------------------------------------

Federal Deposit Insurance Corporation

-----------------------------------------------------------------------

12 CFR Parts 41, 222, 334 and 571


Fair Credit Reporting Regulations; Proposed Rule


[[Page 63120]]


-----------------------------------------------------------------------

DEPARTMENT OF THE TREASURY

Office of the Comptroller of the Currency

12 CFR Part 41

[Docket No. 00-20]
RIN 1557-AB78

FEDERAL RESERVE SYSTEM

12 CFR Part 222

[Regulation V; Docket No. R-1082]

FEDERAL DEPOSIT INSURANCE CORPORATION

12 CFR Part 334

RIN 3064-AC35

DEPARTMENT OF THE TREASURY

Office of Thrift Supervision

12 CFR Part 571

[Docket No. 2000-81]
RIN 1550-AB33

 
Fair Credit Reporting Regulations

AGENCIES: Office of the Comptroller of the Currency, Treasury (OCC); 
Board of Governors of the Federal Reserve System (Board); Federal 
Deposit Insurance Corporation (FDIC); and Office of Thrift Supervision, 
Treasury (OTS).

ACTION: Joint notice of proposed rulemaking.

-----------------------------------------------------------------------

SUMMARY: The OCC, Board, FDIC, and OTS (Agencies) are publishing for 
comment proposed regulations implementing the provisions of the Fair 
Credit Reporting Act (FCRA) that permit institutions to communicate 
consumer information to their affiliates (affiliate information 
sharing) without incurring the obligations of consumer reporting 
agencies. These provisions authorize institutions to communicate among 
their affiliates: Information as to transactions or experiences between 
the consumer and the person making the communication (transaction or 
experience information); and ``other'' information (that is, 
information covered by the FCRA but not transaction or experience 
information), provided that the institution has given notice to the 
consumer that the other information may be communicated, the 
institution has provided the consumer an opportunity to ``opt out'' 
(i.e., to direct that the information not be communicated), and the 
consumer has not opted out. The proposed regulations explain how to 
comply with the affiliate information sharing provisions, addressing 
such matters as the content and delivery of the notice to consumers 
that ``other'' information may be communicated (opt out notice). The 
proposed regulations also implement certain related provisions. The 
Agencies have attempted to conform these proposed regulations to the 
final regulations implementing the privacy provisions of the Gramm-
Leach-Bliley Act whenever feasible.

DATES: Comments must be received by December 4, 2000.

ADDRESSES: Comments should be directed to:
    OCC: Communications Division, Office of the Comptroller of the 
Currency, 250 E Street, SW., Washington, D.C. 20219, Attention: Docket 
No. 00-20; FAX number (202) 874-5274 or Internet address: 
regs.comments@occ.treas.gov. Comments may be inspected and photocopied 
at the OCC's Public Reference Room, 250 E Street, SW., Washington D.C. 
between 9:00 a.m. and 5:00 p.m. on business days. You can make an 
appointment to inspect the comments by calling (202) 874-5043.
    Board: Comments, which should refer to Docket No. R-1082, may be 
mailed to Ms. Jennifer J. Johnson, Secretary, Board of Governors of the 
Federal Reserve System, 20th and C Streets, NW., Washington, D.C. 20551 
or mailed electronically to regs.comments@federalreserve.gov. Comments 
addressed to Ms. Johnson also may be delivered to the Board's mail room 
between 8:45 a.m. and 5:15 p.m. and to the security control room 
outside of those hours. Both the mail room and the security control 
room are accessible from the courtyard entrance on 20th Street between 
Constitution Avenue and C Street, NW. Comments may be inspected in Room 
MP-500 between 9:00 a.m. and 5:00 p.m., pursuant to Sec. 261.12, except 
as provided in Sec. 261.14, of the Board's Rules Regarding the 
Availability of Information, 12 CFR 261.12 and 261.14.
    FDIC: Send written comments to Robert E. Feldman, Executive 
Secretary, Attention: Comments/OES, Federal Deposit Insurance 
Corporation, 550 17th Street, NW., Washington, DC 20429. Comments may 
be hand delivered to the guard station at the rear of the 17th Street 
building (located on F Street) on business days between 7 a.m. and 5 
p.m. (FAX number (202) 898-3838). Comments may be inspected and 
photocopied in the FDIC Public Information Center, Room 100, 801 17th 
Street, NW., Washington, DC 20429, between 9:00 a.m. and 4:30 p.m. on 
business days.
    Comments may be submitted to the FDIC electronically over the 
Internet at www.fdic.gov. Further information concerning this option 
may be found below at ``FDIC's Electronic Public Comment Site.'' 
Comments also may be mailed electronically to comments@fdic.gov.
    OTS: Mail: Send comments to Manager, Dissemination Branch, 
Information Management and Services Division, Office of Thrift 
Supervision, 1700 G Street, NW., Washington, DC 20552, Attention Docket 
No. 2000-81.
    Delivery: Hand deliver comments to the Guard's Desk, East Lobby 
Entrance, 1700 G Street, NW., from 9:00 a.m. to 4:00 p.m. on business 
days, Attention Docket No. 2000-81.
    Facsimiles: Send facsimile transmissions to FAX Number (202) 906-
7755, Attention Docket No. 2000-81; or (202) 906-6956 (if comments are 
over 25 pages).
    E-Mail: Send e-mails to ``public.info@ots.treas.gov'', Attention 
Docket No. 2000-81, and include your name and telephone number.
    Public Inspection: Interested persons may inspect comments at the 
Public Reference Room, 1700 G St. N.W., from 10:00 a.m. until 4:00 p.m. 
on Tuesdays and Thursdays or obtain comments and/or an index of 
comments by facsimile by telephoning the Public Reference Room at (202) 
906-5900 from 9:00 a.m. until 5:00 on business days. Comments and the 
related index will also be posted on the OTS Internet Site at 
"www.ots.treas.gov''.

FOR FURTHER INFORMATION CONTACT:
    OCC: Amy Friend, Assistant Chief Counsel, (202) 874-5200; Michael 
Bylsma, Director, Community and Consumer Law, (202) 874-5750; Stephen 
Van Meter, Senior Attorney, Community and Consumer Law, (202) 874-5750; 
Carol Workman, Compliance Specialist, Community and Consumer Policy, 
(202) 874-4858; Deborah Katz, Senior Attorney, Legislative and 
Regulatory Activities Division, (202) 874-5090; or Jeffery Abrahamson, 
Attorney, Enforcement and Compliance, (202) 874-4800, Office of the 
Comptroller of the Currency, 250 E Street, SW., Washington, DC 20219.
    Board: James H. Mann, Senior Attorney, (202) 452-2412; or David A. 
Stein, Attorney, (202) 452-3667, Division of Consumer and Community 
Affairs. For the hearing impaired only, contact Janice Simms, 
Telecommunications Device for the Deaf (TDD) (202) 872-4984, Board of 
Governors of the Federal Reserve

[[Page 63121]]

System, 20th and C Streets, NW., Washington, DC 20551.
    FDIC: James K. Baebel, Assistant Director, Compliance Policy, 
Division of Compliance and Consumer Affairs, (202) 942-3086; Deanna 
Caldwell, Community Affairs Officer, Division of Compliance and 
Consumer Affairs, (202) 736-0141; Nancy Schucker Recchia, Counsel, 
Regulations and Legislation Section, (202) 898-8885; A. Ann Johnson, 
Counsel, Regulations and Legislation Section, (202) 898-3573; and David 
Lafleur, Senior Compliance Examiner, (415) 395-5261, Federal Deposit 
Insurance Corporation, 550 17th Street, NW., Washington, DC 20429.
    OTS: Christine Harrington, Counsel (Banking and Finance), (202) 
906-7957; Paul Robin, Assistant Chief Counsel, (202) 906-6648; or 
Elizabeth Baltierra, Program Analyst, Compliance Policy (202) 906-6540, 
Office of Thrift Supervision, 1700 G Street, NW., Washington DC 20552.

SUPPLEMENTARY INFORMATION:

I. Background

The FCRA

    The FCRA, enacted in 1970, sets standards for the collection, 
communication, and use of information bearing on a consumer's credit 
worthiness, credit standing, credit capacity, character, general 
reputation, personal characteristics, or mode of living. 15 U.S.C. 
1681-1681u. In 1996, the Consumer Credit Reporting Reform Act amended 
the FCRA extensively (1996 Amendments). Pub. L. 104-208, 110 Stat. 
3009.
    For many years, to avoid the obligations of consumer reporting 
agencies imposed by the FCRA, many institutions avoided making any 
communications to affiliated companies of consumer information that 
could constitute consumer reports.\1\ The 1996 Amendments, however, 
excluded specified types of information sharing with affiliates from 
the definition of ``consumer report,'' assuring institutions that 
making these communications would not expose them to the obligations of 
consumer reporting agencies. In particular, the 1996 Amendments 
excluded from the definition of ``consumer report'' the sharing of 
``other'' information among affiliates, so long as the consumer, having 
been given notice and an opportunity to opt out, did not opt out. 
``Other information'' refers to information that is covered by the FCRA 
and that is not a report containing information solely as to 
transactions or experiences between the consumer and the person making 
the report.
---------------------------------------------------------------------------

    \1\ The FCRA creates substantial obligations for ``consumer 
reporting agencies.'' FCRA, section 603(f); see, e.g., sections 607, 
611. These obligations include furnishing consumer reports only for 
permissible purposes, maintaining high standards for ensuring the 
accuracy of information in consumer reports, resolving customer 
disputes, and other matters.
---------------------------------------------------------------------------

    The 1996 Amendments prohibited the Agencies from issuing 
implementing regulations. 15 U.S.C. 1681s(a)(4) (repealed). The Gramm-
Leach-Bliley Act (GLBA) repealed this prohibition and directed the 
Agencies to prescribe jointly such regulations as necessary to carry 
out the purposes of the FCRA. Pub. L. Sec. 506, 106-102, 15 U.S.C. 
1681s(e).

Coordination With Privacy Regulations

    The GLBA sets standards for financial institutions' disclosure of 
nonpublic personal information to nonaffiliated third parties (privacy 
provisions; Pub. L. 106-102, 15 U.S.C. 6802; see also 15 U.S.C. 6803). 
The Agencies published final regulations implementing these privacy 
provisions on June 1, 2000 (privacy regulations; 65 FR 35162, June 1, 
2000).
    The privacy regulations do not ``modify, limit, or supersede the 
operation of the Fair Credit Reporting Act.'' 15 U.S.C. 6806. Thus, 
both the privacy regulations and the FCRA may apply to an institution's 
disclosure of consumer information. Moreover, if a financial 
institution provides an opt out notice under the FCRA, that notice must 
be included in certain notices mandated by the privacy regulations, 
including annual notices to customers. 15 U.S.C. 6803. Therefore, the 
Agencies anticipate that financial institutions will design their 
information-sharing policies and practices taking into account both the 
privacy regulations and the regulations implementing the FCRA.
    To ease compliance and promote consistency, the Agencies are 
conforming the two regulations where appropriate. For example, the 
Agencies are proposing requirements regarding the content and delivery 
of the FCRA opt out notice that are generally consistent with the 
corresponding provisions of the privacy regulations.

This Proposal and Future Agency Issuances

    The FCRA raises many significant issues in addition to affiliate 
information sharing. The Agencies are analyzing these issues and expect 
to address them in an Advance Notice of Proposed Rulemaking. 
Additionally, the Agencies will review a series of questions and 
answers regarding the FCRA (Qs & As) that the Agencies (including the 
Federal Home Loan Bank Board, predecessor of the OTS) issued in 1971. 
These were designed to help financial institutions develop a working 
knowledge of the statute. The Agencies will modify or withdraw any Qs & 
As that are inconsistent with the FCRA or obsolete.

II. Section-by-Section Analysis

Section __.1  Purpose and Scope

    Proposed paragraph ____.1(a) briefly describes the purpose of the 
regulations. Proposed paragraph ____.1(b) briefly describes the scope 
of the regulations, including the information and institutions subject 
to them. (These institutions are identified in more detail in proposed 
section ____.3(m) of the Board, FDIC, and OTS regulations.)
    Paragraph ____.1(b) also provides that nothing in this part 
modifies, limits, or supersedes the standards governing the privacy of 
individually identifiable health information promulgated by the 
Secretary of Health and Human Services pursuant to sections 262 and 264 
of the Health Insurance Portability and Accountability Act (HIPAA) of 
1996 (42 U.S.C. 1320d-1320d-8). Certain institutions that possess 
medical information about consumers may be covered by these 
regulations, the GLBA privacy regulations, and rules promulgated by the 
Department of Health and Human Services (HHS) under the authority of 
sections 262 and 264 of HIPAA once those regulations are finalized. 
Based on the proposed HIPAA rules, it appears likely that there will be 
areas of overlap between the HIPAA and the FCRA affiliate information-
sharing rules. For instance under the HIPAA proposal, consumers must 
provide affirmative authorization before a ``covered institution'' or 
its ``business partner'' may disclose medical information in certain 
instances, whereas under these proposed FCRA affiliate information 
sharing rules, institutions need only provide consumers with the 
opportunity to opt out of disclosures. In cases where the HIPAA 
requires consumers to opt in before certain information may be shared, 
but this rule allows consumers to opt out of the same sharing, opt in 
would be necessary before the information may be shared. The Agencies 
will consult with HHS to avoid the imposition of duplicative or 
inconsistent requirements.

Section __.2  Examples

    Proposed section __.2 clarifies that the examples used in the 
regulations and in the sample notice are not exclusive means of 
compliance; rather, they are

[[Page 63122]]

intended to provide guidance on how to comply in specific situations.
    The Agencies solicit comment on whether to include additional or 
different examples, and, more fundamentally, on whether including 
examples in the regulations is appropriate and useful. Instead of 
addressing specific fact situations through such examples, the Agencies 
could periodically issue interagency staff commentaries or questions 
and answers.
    The Agencies note that an example that mentions a particular 
activity does not, by itself, authorize an institution to engage in 
that activity. Any such authority must have an independent source.

Section __.3  Definitions

    Discussed below are a few key definitions, including: ``affiliate'' 
(as well as the related terms ``company'' and ``control''); ``clear and 
conspicuous''; ``opt out''; ``opt out information''; and ``consumer 
report.'' The proposal tracks the statutory language referring to 
``transaction or experience information,'' but does not define that 
term.
Affiliate
    Several FCRA provisions apply to information sharing with persons 
``related by common ownership or affiliated by corporate control,'' 
``related by common ownership or affiliated by common corporate 
control,'' or ``affiliated by common ownership or common corporate 
control.'' E.g., FCRA, sections 603(d)(2), 615(b)(2), and 624(b)(2). 
Proposed paragraph (b) defines ``affiliate'' to refer to all these 
relationships between and among companies, and clarifies that ``related 
or affiliated by common ownership or affiliated by corporate control or 
common corporate control'' means controlling, controlled by, or under 
common control with another company.
    Consistent with the definitions in the privacy regulations, the 
proposal uses a definition of ``control'' that applies exclusively to 
the control of a ``company,'' and defines ``company'' to include any 
corporation, limited liability company, business trust, general or 
limited partnership, association, or similar organization. See proposed 
paragraphs (e) (``company'') and (i) (``control''). The definition of 
``company'' omits some entities that are ``persons'' under the FCRA--
individuals, estates, cooperatives, governments, and governmental 
subdivisions or agencies. The Agencies, however, are not aware of any 
circumstances where ``control'' could be exercised over individuals, 
government agencies, and other persons that do not fit within the 
definition of ``company.'' Comment is solicited on whether the proposed 
definition of ``control'' should be expanded to apply to these 
additional types of persons.
Clear and Conspicuous
    Proposed paragraph (c) defines ``clear and conspicuous'' to mean 
that a notice must be reasonably understandable and designed to call 
attention to the nature and significance of the information it 
contains. The proposed regulations do not mandate the use of any 
particular technique for making a notice clear and conspicuous; 
instead, they give institutions flexibility in determining how to 
comply. An institution may make its notice reasonably understandable 
by, for example, using short explanatory sentences or bullet lists and 
avoiding legal or highly technical business terminology whenever 
possible. An institution may design its notice to call attention to the 
nature and significance of the information in the notice by, for 
example, using a plain-language heading and a typeface and size that 
are easy to read.
    Paragraph (c) is consistent with the ``clear and conspicuous'' 
standard in the privacy regulations. As such, it offers a more detailed 
exposition of the standard (particularly with respect to what makes a 
notice ``conspicuous'') than some other regulations, such as the 
Board's Regulation Z. However, laws other than FCRA--for example, the 
Truth in Lending Act--that require clear and conspicuous disclosures, 
are beyond the scope of this rulemaking. Accordingly, the standard 
proposed here does not affect disclosures required by those laws.
    The Agencies request comment on whether institutions have any 
particular concerns about compliance with FCRA's clear and conspicuous 
standard when FCRA opt out notices are included with the GLBA privacy 
provision notices.
Consumer Report
    Proposed paragraph (g) parallels the definition in section 603(d) 
of the FCRA. Paragraph (g)(2)(ii) excludes from the definition of 
``consumer report'' communication among affiliates of a report 
containing information solely as to transactions or experiences between 
the consumer and the person making the report.\2\
---------------------------------------------------------------------------

    \2\ Prior to the 1996 amendments to FCRA, affiliated entities 
could not pool their transaction or experience information in a 
common database without being considered a consumer reporting 
agency. Instead, each affiliate could disclose its own transaction 
or experience information to another affiliate directly only in the 
same manner as an entity can disclose information to a nonaffiliated 
third party. While transaction or experience information has been 
excluded from the definition of ``consumer report'' since the FCRA's 
initial passage, the 1996 amendments facilitated the disclosure of 
such information among affiliates.
---------------------------------------------------------------------------

    Paragraph (g)(2)(iii) excludes any communication of ``opt out 
information'' if the conditions set out in sections __.4-__.9 are 
satisfied. The FCRA, as explained above, uses the term ``other 
information'' to refer to information that it covers but that is not 
transaction or experience information. This proposal refers to ``other 
information'' using the more descriptive term ``opt out information.'' 
See proposed paragraph (k).
Opt Out
    Proposed paragraph (j) defines this term to mean a direction by a 
consumer that an institution not communicate opt out information about 
the consumer to one or more of the institution's affiliates.
Opt Out Information
    As described above, the 1996 Amendments to FCRA excluded from the 
definition of ``consumer report'' the sharing of ``other information'' 
among affiliates, so long as the consumer, having been given notice and 
an opportunity to opt out, did not opt out. ``Other information'' 
refers to information that is covered by the FCRA and that is not a 
report containing information solely as to transactions or experiences 
between the consumer and the person making the report. The proposed 
regulation uses the term ``opt out information'' to describe this 
category of information.
    Proposed paragraph (k) defines opt out information as information 
that (i) bears on a consumer's credit worthiness, credit standing, 
credit capacity, character, general reputation, personal 
characteristics, or mode of living, (ii) is used or expected to be used 
or collected for one of the permissible purposes listed in FCRA (e.g., 
credit transaction, insurance underwriting, employment purposes), and 
(iii) is not solely transaction or experience information. Section 
____.5(d) gives examples of categories of information that qualify as 
opt out information.

Section __.4  Communication of Opt Out Information to Affiliates

    Proposed section __.4 describes the conditions that an institution 
must meet to ensure that its communication of opt out information to 
its affiliates do not constitute consumer reports including

[[Page 63123]]

the requirement that the institution provide an opt out notice.
    Section 603(d)(2)(A)(iii) of the FCRA excludes from the definition 
of ``consumer report'' the sharing of opt out information among 
affiliates if:

it is clearly and conspicuously disclosed to the consumer that the 
information may be communicated among such persons and the consumer 
is given the opportunity, before the time that the information is 
initially communicated, to direct that such information not be 
communicated among such persons * * *.

    Proposed section ____.4 accordingly provides that opt out 
information may be communicated among affiliates without the 
communication being a consumer report if: (i) The institution has 
provided an opt out notice; (ii) the institution has given the consumer 
a reasonable opportunity and means, before the time that it 
communicates the information, to opt out; and (iii) the consumer has 
not opted out.
Mergers & Acquisitions
    In a merger or acquisition situation, the need to provide new opt 
out notices to the customers of the entity that ceases to exist will 
depend on whether the notices previously given to those customers 
accurately reflect the policies and practices of the surviving entity. 
If they do, the surviving entity will not be required under the rule to 
provide new notices.

Section __.5  Contents of Opt Out Notice

    Proposed paragraph (a) provides that an opt out notice must be 
clear and conspicuous, and must accurately explain: (i) The categories 
of opt out information about the consumer that the institution 
communicates; (ii) the categories of affiliates to which the 
institution communicates the information; (iii) the consumer's ability 
to opt out; and (iv) the means to do so. The Agencies invite comment on 
whether financial institutions should also have to disclose in their 
FCRA notices how long a consumer has to respond to the opt out notice 
before the institution may begin disclosing information about that 
consumer to its affiliates, as well as the fact that a consumer can opt 
out at any time. These disclosures are not required in the privacy 
regulations. The Agencies seek comment on whether the benefits of the 
additional disclosures would outweigh the burdens, and, if so, whether 
the regulation should require the disclosures to state that a financial 
institution will wait 30 days in every instance before sharing consumer 
information with affiliates (see proposed section __.6, below, for 
additional discussion on reasonable opportunity to opt out).
    Proposed paragraph (b) clarifies that an institution's notice may 
describe not only the communications of opt out information that the 
institution currently plans to make to its affiliates, but also the 
communications that it reserves the right to make in the future. 
Proposed paragraph (c) explains that an institution may, but need not, 
provide the consumer with the option of an opt out that covers only 
part of the information or certain affiliates. This would enable an 
institution to give consumers a menu of opt out choices if it desires 
to do so.
    Paragraph (d) explains how an institution can satisfy the 
requirement that it categorize the opt out information that it 
communicates. Paragraph (d)(2) gives examples of categories of opt out 
information, such as information from a consumer's application, 
information from a consumer report, information obtained by verifying 
representations made by a consumer, and information provided by another 
person regarding that person's relationship with a consumer. The first 
two categories reflect the legislative history of the 1996 Amendments, 
which states in part that the opt out provision ``will clarify that 
affiliates within a Holding Company structure can share any application 
information * * * and consumer reports, consistent with the FCRA.'' S. 
Rep. No. 185, 104th Cong., 1st Sess. 18-19 (1995). The other two 
categories represent information that the Agencies believe does not 
constitute transaction or experience information when communicated by 
the institution that has received it. Paragraph (d)(3) gives a non-
exclusive list of examples of specific items of opt out information 
within each category, including a consumer's income, credit score or 
credit history, open lines of credit, employment history, marital 
status and medical history.
    Medical data are especially sensitive for many consumers; if such 
data are among the opt out information that an institution communicates 
to its affiliates, the institution satisfies the requirement to 
categorize that information only if it includes examples of medical 
data that it intends to share. The Agencies note that the items listed 
in paragraph (d)(3) as examples of information that would be included 
within the categories of opt out information are illustrative only. 
Those items would not be considered opt out information in cases where 
the information is obtained from a source other than those listed in 
paragraph (d)(2). Comment is requested as to the appropriateness of 
these examples of categories and items of opt out information, and 
whether additional or different examples should be used.
    The descriptions of the categories of information set out in 
proposed paragraph (d)(2) differ somewhat from those in section 
__.6(c)(2) of the privacy regulations. The agencies solicit comment on 
the extent to which the categories in (d)(2) can be treated as 
consistent with similar categories in the privacy regulations (such as 
disclosures of information from consumer reporting agencies) in order 
to reduce compliance burden and consumer confusion.
    Proposed paragraph (e) explains how an institution can satisfy the 
requirement that it categorize the affiliates to which it communicates 
opt out information.
    Paragraph (f) cross-references the sample notice in appendix A, 
which presents a further illustration of the content of an opt out 
notice.

Section __ .6  Reasonable Opportunity to Opt Out

    Proposed paragraph (a) of section ____ .6 states that financial 
institutions will provide a reasonable opportunity to opt out by 
providing a reasonable period of time for the consumer to opt out from 
the time that notice is delivered. Proposed paragraph (b) sets out 
examples of what is a reasonable period of time when notices are 
provided in person, by mail, or by electronic means. Comment is 
requested on whether there are other situations that would suggest a 
different reasonable period of time that the Agencies should note by 
example. Proposed paragraph (c) explains that a consumer may opt out at 
any time.

Section __ .7  Reasonable Means of Opting Out

    Proposed paragraph (a) sets forth the general rule that an 
institution provides a reasonable means of opting out if it provides a 
reasonably convenient method to the consumer to opt out. Examples of 
reasonable means of opting out and unreasonable means are set out in 
proposed paragraphs (b) and (c), respectively. Proposed paragraph (d) 
permits an institution to require each consumer to opt out through a 
specific means, as long as that means is reasonable for that consumer.

Section __ .8  Delivery of Opt Out Notices

    Proposed paragraph (a) provides that an institution must deliver an 
opt out notice so that each consumer can reasonably be expected to 
receive actual

[[Page 63124]]

notice. As indicated by the examples provided in proposed paragraph 
(b), this is a lesser standard than actual notice. For instance, if an 
institution mails a printed copy of its notice to the last known 
mailing address of an existing customer, the institution has met its 
obligation even if the customer has changed addresses and never 
receives the notice.
    An institution may give notice in writing or, if the consumer 
agrees, electronically. For example, the institution may e-mail its 
notice to a customer that conducts electronic transactions and has 
agreed to receive electronic notice. The Agencies invite comment on 
whether and how the proposed rules governing communications between a 
financial institution and a consumer via an electronic medium should be 
modified in light of the Electronic Signatures in Global and National 
Commerce Act (the E-Sign Act).\3\
---------------------------------------------------------------------------

    \3\ Congress recently enacted the E-Sign Act, Pub. L. 106-229, 
which addresses the use of electronic records and signatures for 
interstate and foreign commerce. This legislation contains general 
rules governing the use of electronic records for providing required 
information to consumers (such as disclosures and acknowledgments 
required by the GLBA). The legal requirement that consumer 
disclosures be in writing may be satisfied by an electronic record 
if the consumer affirmatively consents and certain other 
requirements of the E-Sign Act are met.
---------------------------------------------------------------------------

    Proposed paragraph (c) explains that oral notice alone does not 
comply with the notice requirement; however, oral notice may be 
provided in conjunction with appropriate written or electronic notice.
    Proposed paragraph (d) explains that an institution must provide 
the notice so that the consumer can retain it or obtain it at a later 
time, and gives examples of retention or accessibility.
    Proposed paragraph (e) permits an institution to provide a joint 
opt out notice with one or more of its affiliates that are identified 
in the notice, as long as the notice is accurate with respect to each 
entity jointly issuing the notice.
    Proposed paragraph (f)(1) sets out rules that apply, 
notwithstanding any other provision of the regulations, when two or 
more consumers jointly obtain a product or service from an institution 
(referred to in the proposed regulation as joint consumers), such as a 
joint checking account. For example, an institution may provide a 
single opt out notice to joint accountholders. The notice must indicate 
whether the institution will consider an opt out by a joint 
accountholder as an opt out by all of the associated accountholders, or 
whether each accountholder may opt out separately. The institution may 
not require all accountholders to opt out before honoring an opt out 
direction by one of the joint accountholders. Paragraph (f)(2) gives 
examples of these rules.

Section __ .9  Revised Opt Out Notice

    Proposed section ____ .9 addresses the situation in which an 
institution has provided a consumer with one or more opt out notices 
but later decides to communicate opt out information to its affiliates 
other than described in those notices. It explains that an institution 
must send a revised opt out notice that complies with section ____ .4, 
including providing a reasonable means and opportunity to opt out, and 
communicating the information only if the consumer has not opted out.

Section __ .10  Time by Which Opt Out Must be Honored

    Proposed section ____ .10 explains that if an institution provides 
a consumer with an opt out notice, and the consumer opts out, the 
institution must comply as soon as reasonably practicable after 
receiving the consumer's direction. Comment is solicited on whether the 
Agencies should establish a fixed number of days--for example, 30 
days--that would be deemed a ``reasonably practicable'' period of time 
for complying with a consumer's opt out direction.

Section __.11  Duration of Opt Out

    Proposed section ____.11 provides that an opt out continues to 
apply to the information and affiliates described in the applicable opt 
out notice until revoked by the consumer in writing, or if the consumer 
agrees, electronically, as long as the consumer continues to have a 
relationship with the institution. If the consumer's relationship with 
the institution terminates, the opt out will continue to apply to this 
information. However, a new notice and opportunity to opt out must be 
provided if the consumer establishes a new relationship with the 
institution.

Section __ .12  Prohibition Against Discrimination

    Proposed paragraph (a) reminds institutions that they may not 
``discriminate against'' a consumer who is an ``applicant'' for credit 
because the applicant opts out. The source of this prohibition is the 
Equal Credit Opportunity Act (ECOA; 15 U.S.C. 1691 et seq.), which bars 
discrimination on a prohibited basis in any aspect of a credit 
transaction; one prohibited basis is exercising a right under the 
Consumer Credit Protection Act, which includes the FCRA. Proposed 
paragraph (b) provides examples of prohibited discrimination against an 
applicant. Paragraph (c) notes that the terms ``applicant'' and 
``discriminate against'' have the meaning ascribed to these terms in 12 
CFR part 202.

Appendix A

    Appendix A, which is part of these regulations, contains a sample 
notice, part or all of which may be used to facilitate compliance with 
the notice requirements. Although use of the sample notice is not 
required, institutions using it properly to provide notices will be 
deemed to be in compliance.
    The Agencies solicit comment on all aspects of the proposed 
regulations, including but not limited to those highlighted above.

III. FDIC's Electronic Public Comment Site

    The FDIC has included a page on its web site to facilitate the 
submission of electronic comments in response to this general 
solicitation (the EPC site). The EPC site provides an alternative to 
the written letter and may be a more convenient way for you to submit 
your comments. Commenting through the EPC site will assist the FDIC to 
more accurately and efficiently analyze comments submitted 
electronically. If you submit your comments through the EPC site your 
comments will receive the same consideration that they would receive if 
submitted in hard copy to the FDIC's street address. Information 
provided through the EPC site will be used by the FDIC only to assist 
in its analysis of the proposed regulation. The FDIC will not use an 
individual's name or any other personal identifier of an individual to 
retrieve records or information submitted through the EPC site. Like 
comments submitted in hard copy to the FDIC's street address, EPC site 
comments will be made available in their entirety (including the 
commenter's name and address if the commenter chooses to provide them) 
for public inspection.
    The EPC site will be available on the FDIC's home page at www.fdic.gov. You will be able to provide comments directly on any of 
the sections of the proposed regulation as well as the specific 
questions that have been asked in the preceding Supplementary 
Information section. You will also be able to view the regulation and 
Supplementary Information sections that related to your comments 
directly on the site. Because the GLBA authorizes promulgation of this 
regulation, the FDIC encourages you to provide written comments in the

[[Page 63125]]

spaces provided. Written comments enable the FDIC to thoughtfully 
consider possible changes to the proposed regulation.
    The FDIC is also interested in your feedback on the EPC site. We 
have provided a space for you to comment on the site itself. Answers to 
this question will help the FDIC to evaluate the EPC site for use in 
future rulemaking.
    At the conclusion of the EPC site you will have an opportunity to 
provide us with your name, indicate whether you are an individual, 
insured depository institution, financial holding company, community-
based organization, trade association, government agency, or other, and 
provide the name of the organization you represent, if applicable. 
Whether you choose to respond to these questions is entirely up to you. 
Any responses received may help the FDIC to better understand the 
public comments it receives.

IV. Regulatory Analysis

Paperwork Reduction Act

    The Agencies invite comment on: (1) Whether the collections of 
information contained in this notice of proposed rulemaking are 
necessary for the proper performance of each Agency's functions, 
including whether the information has practical utility; (2) the 
accuracy of each Agency's estimate of the burden of the proposed 
information collections; (3) ways to enhance the quality, utility, and 
clarity of the information to be collected; (4) ways to minimize the 
burden of the information collections on respondents, including the use 
of automated collection techniques or other forms of information 
technology; and (5) estimates of capital or start-up costs and costs of 
operation, maintenance, and purchases of services to provide 
information. No person is required to respond to these collections of 
information unless the collections display a currently valid Office of 
Management and Budget (OMB) control number. The Agencies are currently 
requesting their respective control numbers for these information 
collections from OMB.
    This proposed regulation contains disclosure requirements for 
certain financial institutions and their affiliates. A financial 
institution that (a) has affiliates, (b) does not wish to be considered 
a consumer reporting agency, and (c) wishes to share consumer 
information (other than transaction and experience information) with 
its affiliates, must prepare and provide a notice to all its consumers 
advising them of their opportunity to opt out of information sharing 
with companies in the institution's corporate family. 12 CFR ____ .4. 
If a financial institution wishes to share information in a way that is 
inconsistent with notices previously given to consumers, the 
institution must provide consumers with revised notices. 12 CFR ____ 
.11. The proposed regulation also contains consumer reporting 
provisions. In order for consumers to opt out, they must respond to the 
institution's opt out notices. 12 CFR ____ .7. At any time during their 
continued relationship with the institution, consumers have the right 
to change or update their opt out status with the institution. 12 CFR 
____ .10.
    FCRA was amended to include disclosure and opt out provisions in 
1996, but the Agencies were prohibited from issuing implementing 
regulations until 1999. Thus, the collections of information contained 
in this proposed rule are not new requirements. During the past three 
years, financial institutions have developed systems, policies, and 
procedures to bring themselves into compliance with the 1996 FCRA 
amendments. In estimating the burden associated with the collections of 
information in this proposed regulation, the Agencies took into account 
the fact that FCRA-related disclosure and opt out requirements have 
already become a usual and customary practice for covered institutions. 
However, because the proposed rule is more explicit and detailed than 
the statute, some institutions may need to revise their disclosure 
policies or their notices, and consumers may need to respond to the 
revised notices. The burden associated with these changes to current 
practice is represented in the estimates below. In estimating burden, 
the Agencies also assumed that if a financial institution provides an 
opt out notice under the FCRA, that notice must be included in certain 
notices mandated by the GLBA privacy provisions, and will not be sent 
out separately. The collection of information requirements contained in 
this notice of proposed rulemaking will be submitted to the Office of 
Management and Budget for review in accordance with the Paperwork 
Reduction Act of 1995 (44 U.S.C. 3507).
    The estimated number of bank respondents includes the total 
institutions supervised by each of the Agencies that have certain 
affiliate relationships. The requirements of the regulation only apply 
to institutions that share opt out information with affiliates that do 
not wish to be consumer reporting agencies; therefore, the Agencies 
cannot currently predict with certainty how many of these institutions 
will be subject to the rule. The analysis assumes that all institutions 
with certain affiliates will in fact, choose to share opt out 
information and thus be subject to the rule.
    The estimated number of consumers who will receive opt out notices 
is the sum of deposit and loan consumers, and is derived from data in 
Board consumer studies. Each Agency's share of the total number of 
consumers is based on the share of total deposits, and consumer and 
mortgage loans, held by institutions supervised by the Agencies. 
Because OTS collects different information about consumer loans than 
the other Agencies, OTS estimated the number of thrift borrowers by 
dividing total consumer loans outstanding by the average balance, for 
different types of consumer loans. The analysis assumes that 
institutions will provide separate opt out notices based on product 
lines such as loans and deposit accounts, rather than single, combined 
notices covering all of the various relationships a consumer may have 
with the institution. The Agencies seek comment as to whether 
institutions would likely send separate or combined notices.
    OCC: Comments on the collections of information should be sent to 
the Office of Management and Budget, Paperwork Reduction Project 
(1557--to be assigned), Washington, DC 20503, with copies to Jessie 
Dunaway, Legislative and Regulatory Activities Division (1557--to be 
assigned), Office of the Comptroller of the Currency, 250 E Street, SW, 
Washington, DC 20219. The likely respondents are national banks that do 
not wish to be considered consumer reporting agencies, but want to 
share information (other than transaction or experience information) 
with their affiliates.
    Estimated number of bank respondents: 737.
    Estimated average annual burden hours per bank respondent: 8 hours.
    Estimated number of consumer respondents: 94,238,000.
    Estimated average annual burden hours per consumer respondent: 5 
minutes.
    Estimated total annual reporting burden: 7,855,921 hours.
    The number of consumer respondents provided by the OCC represents a 
conservative estimate based upon the total number of consumers who will 
receive an opt out notice. The OCC is using these conservative 
estimates because it lacks more precise data on the number of consumers 
who will exercise their opt out rights. The OCC expects that the actual 
number of consumer respondents will be lower than the estimate provided 
above, and invites comment on the number of

[[Page 63126]]

consumers who will respond to the FCRA opt out notices.
    Board: In accordance with the Paperwork Reduction Act of 1995 (44 
U.S.C. 3506; 5 CFR 1320, appendix A.1), the Board reviewed the notice 
of proposed rulemaking under the authority delegated to the Board by 
the OMB. Comments on the collections of information should be sent to 
Mary M. West, Federal Reserve Board Clearance Officer, Mail Stop 97, 
Board of Governors of the Federal Reserve System, Washington, DC 20551, 
with a copy to the Office of Management and Budget, Paperwork Reduction 
Project (7100--to be assigned), Washington, DC 20503. The likely 
respondents are member banks of the Federal Reserve System (other than 
national banks), branches and agencies of foreign banks (other than 
Federal branches, Federal agencies, and insured State branches of 
foreign banks), commercial lending companies owned or controlled by 
foreign banks, and organizations operating under section 25 or 25A of 
the Federal Reserve Act, that do want to share information (other than 
transaction or experience information) with their affiliates.
    Estimated number of bank respondents: 996.
    Estimated average annual burden hours per bank respondent: 8 hours.
    Estimated number of consumer respondents: 39,251,000.
    Estimated average annual burden hours per consumer respondent: five 
minutes.
    Estimated total annual reporting burden: 3,278,885 hours.
    FDIC: Comments on the collections of information should be sent to 
Steven F. Hanft, Office of the Executive Secretary, Federal Deposit 
Insurance Corporation, 550 17th Street, NW., Washington, DC 20429, with 
a copy to the Office of Management and Budget, Paperwork Reduction 
Project (3064--to be assigned), Washington, DC 20503. The likely 
respondents are insured nonmember banks with affiliates, that do not 
wish to be considered consumer reporting agencies, and do want to share 
information (other than transaction or experience information) with 
their affiliates.
    Estimated number of bank respondents: 1,640.
    Estimated average annual burden hours per bank respondent: 8 hours.
    Estimated number of consumer respondents: 24,445,000.
    Estimated average annual burden hours per consumer respondent: five 
minutes.
    Estimated total annual reporting burden: 2,049,389 hours.
    OTS: Comments on the collection of information should be sent to 
the Dissemination Branch (1550--to be assigned), Office of Thrift 
Supervision, 1700 G Street, NW, Washington, DC 20552, with a copy to 
the Office of Management and Budget, Paperwork Reduction Project 
(1550--to be assigned), Washington, DC 20503. The likely respondents 
are savings associations with affiliates that do not wish to be 
considered consumer reporting agencies, and do want to share 
information (other than transaction or experience information) with 
their affiliates, and consumers.
    Estimated number of thrift respondents: 762.
    Estimated average annual burden hours per thrift respondent: 8 
hours.
    Estimated number of consumer respondents: 49,925,225.
    Estimated average annual burden hours per consumer respondent: 
.0833 hours (5 minutes).
    Estimated total annual reporting burden: 4,164,867 hours.

Regulatory Flexibility Act

    OCC: Pursuant to section 605(b) of the Regulatory Flexibility Act 
(5 U.S.C. 601 et seq.), the OCC certifies that this proposal will not 
have a significant economic impact on a substantial number of small 
entities. Financial institutions have had to notify their consumers of 
the right to opt out of affiliate sharing of certain information since 
1997. This rulemaking provides guidance to national banks concerning 
how they may comply with the statutory requirements, but requires no 
new type of disclosure or opt out system. While existing forms may need 
to be modified, these modifications are unlikely to result in a 
significant economic impact on a substantial number of small entities.
    In addition, some of the requirements in the proposed rule have 
been designed to correspond to the requirements of the privacy 
regulations. For example, under both regulations, financial 
institutions, in certain circumstances, must deliver notices to 
consumers and to provide consumers an opportunity to opt out of certain 
information disclosures. This proposed rule would allow financial 
institutions to combine into one notice the notice they must deliver 
under FCRA and the notice that they must deliver under the privacy 
regulations. Also, institutions may combine their consumers' opt out 
responses into one opt out response. By combining the notices they 
deliver and the opt out responses they process, financial institutions 
will not need to produce additional notices or to process additional 
opt out responses under this rule. Because the proposed rule is 
designed to minimize FCRA's burden on financial institutions, and 
because the FCRA requirements have been effective since 1997, the OCC 
believes that this proposed rule will not have a significant economic 
impact on a substantial number of small entities. For these reasons, a 
regulatory flexibility analysis is not required.
    Board: Pursuant to section 605(b) of the Regulatory Flexibility Act 
(5 U.S.C. 601 et seq.), the Board certifies that the proposed rule will 
not have a significant economic impact on a substantial number of small 
entities. As further discussed below, the proposed rule implements law 
that has been in effect for some time, corresponds as much as feasible 
to the requirements of the Board's Regulation P, would allow 
institutions to combine privacy and FCRA notices to consumers, and 
would allow institutions to combine consumers' responses to those 
notices. Accordingly, a regulatory flexibility analysis is not 
required.
    Since 1997, the FCRA has provided that the term ``consumer report'' 
does not include any communication of other information (meaning 
information that is not transaction or experience information) among 
persons related by common ownership or affiliated by corporate control, 
if it is clearly and conspicuously disclosed to the consumer that the 
information may be communicated among such persons and the consumer is 
given the opportunity, before the time that the information is 
initially communicated, to direct that such information not be 
communicated among such persons. The proposed regulations would 
implement this provision and would provide guidance to certain Board-
regulated institutions on how to comply, but would not substantively 
change existing law. No new type of disclosure or opt-out system would 
be required. While existing forms may need to be modified, these 
modifications are unlikely to result in a significant economic impact 
on a substantial number of small entities.
    Additionally, the proposed rule is designed to correspond as much 
as feasible to the requirements of Regulation P, which governs the 
privacy of consumer financial information. Both regulations implement 
statutory provisions for the delivery of information-sharing opt out 
notices to consumers. The proposed rule would facilitate compliance by 
financial institutions with the requirement to provide privacy notices 
and the use of opt out notices under the FCRA by allowing the two 
notices to be combined

[[Page 63127]]

in a single notice. Similarly, institutions would be allowed to combine 
their consumers' opt out responses in a single opt out response. By 
choosing to combine the notices they deliver and the opt out responses 
they process, financial institutions will not need to produce 
additional notices or to process additional opt out responses under 
this rule. For these reasons, a regulatory flexibility analysis is not 
required.
    FDIC: Pursuant to section 605(b) of the Regulatory Flexibility Act 
(5 U.S.C. 601 et seq.), the FDIC certifies that the proposed rule will 
not have a significant economic impact on a substantial number of small 
entities. This conclusion is based on the following facts. The FCRA has 
required financial institutions to notify their consumers of the right 
to opt out of affiliate sharing of certain information since 1997. 
However, prior to the GLBA, the Agencies had no authority to issue 
rules to provide financial institutions with guidance to comply with 
the FCRA requirements. This proposed rulemaking does not substantively 
change the existing statutory requirements, but rather provides 
guidance to financial institutions that should minimize any burden 
associated with complying with the subject FCRA information sharing 
provisions. This proposal requires no new type of disclosure or opt out 
system. While existing forms may need to be modified, these 
modifications are unlikely to result in a significant economic impact 
on a substantial number of small entities. The Agencies have attempted 
to minimize any such economic impact by including a sample notice, part 
or all of which may be used to facilitate compliance with the notice 
requirements.
    Further, this proposed rule is designed to be consistent with the 
requirements of the regulation governing the privacy of consumer 
financial information. Both rules implement statutory requirements for 
financial institutions, in certain circumstances, to deliver notices to 
consumers and to provide consumers an opportunity to opt out of certain 
information disclosures. The Agencies have made the FCRA notice 
guidance parallel to the privacy rule requirements, thus facilitating 
the delivery of a single notice to consumers. Similarly, institutions 
may combine their consumers' opt out responses into one opt out 
response. By combining the notices they deliver and the opt out 
responses they process, financial institutions will not need to produce 
additional notices or to process additional opt out responses under 
this rule.
    For the above reasons, the FDIC believes that this proposed rule 
will not have a significant economic impact on a substantial number of 
small entities, and a regulatory flexibility analysis is not required.
    OTS: Pursuant to section 605(b) of the Regulatory Flexibility Act 
(5 U.S.C. 601 et seq.), the Director of OTS certifies that this 
proposed rulemaking would not have a significant economic impact on a 
substantial number of small entities. The FCRA has required thrifts to 
notify their consumers of the right to opt out of affiliate sharing of 
certain information since 1997. However, prior to GLBA, OTS did not 
have authority to issue rules to provide thrifts with guidance to 
comply with the FCRA. This proposed rulemaking does not substantively 
change or add to the existing statutory requirements. It merely 
provides thrifts with guidance to help minimize any burden associated 
with complying with the FCRA information sharing provisions. This 
proposal requires no new type of disclosure or opt out system. While 
existing forms may need to be modified, these modifications are 
unlikely to result in a significant economic impact on a substantial 
number of small entities. The Agencies have attempted to minimize any 
such economic impact by including a sample notice, part or all of which 
thrifts may use to facilitate the notice requirements.
    Further, this proposed rule is designed to be consistent with the 
requirements of the regulation governing the privacy of consumer 
financial information, 12 CFR part 573. Both rules implement statutory 
requirements for financial institutions, in certain circumstances, to 
deliver notices to consumers and to provide consumers an opportunity to 
opt out of certain information disclosures. The Agencies have made the 
FCRA notice guidance parallel to the privacy rule requirements, thus 
facilitating the delivery of a single notice to consumers. Similarly, 
institutions may combine a consumer's opt out responses into one opt 
out response. By combining the notices they deliver and the opt out 
responses they process, financial institutions will not need to produce 
additional notices or to process additional opt out responses under 
this rule. For these reasons, a regulatory flexibility analysis is not 
required.

OCC and OTS Executive Order 12866 Determination

    The OCC and OTS each has determined that its portion of the 
proposed rulemaking is not a significant regulatory action under 
Executive Order 12866.

OCC and OTS Unfunded Mandates Reform Act of 1995 Determination

    Section 202 of the Unfunded Mandates Reform Act of 1995, 2 U.S.C. 
1532 (Unfunded Mandates Act) requires that an agency prepare a 
budgetary impact statement before promulgating a rule that includes a 
Federal mandate that may result in expenditure by State, local, and 
tribal governments, in the aggregate, or by the private sector, of $100 
million or more in any one year. If a budgetary impact statement is 
required, section 205 of the Unfunded Mandates Act also requires an 
agency to identify and consider a reasonable number of regulatory 
alternatives before promulgating a rule. The OCC and OTS each has 
determined that this proposed rule will not result in expenditures by 
State, local, and tribal governments, or by the private sector, of $100 
million or more. Accordingly, neither the OCC nor the OTS has prepared 
a budgetary impact statement or specifically addressed the regulatory 
alternatives considered.

V. Solicitation of Comments on Use of Plain Language

    Section 722 of the GLBA requires the Federal banking agencies to 
use plain language in all proposed and final rules published after 
January 1, 2000. We invite your comments on how to make this proposed 
rule easier to understand. For example:
     Have we organized the material to suit your needs? If not, 
how could this material be better organized?
     Are the requirements in the rule clearly stated? If not, 
how could the rule be more clearly stated?
     Do the regulations contain technical language or jargon 
that is not clear? If so, which language requires clarification?
     Would a different format (grouping and order of sections, 
use of headings, paragraphing) make the regulation easier to 
understand? If so, what changes to the format would make the regulation 
easier to understand?
     Would more, but shorter, sections be better? If so, which 
sections should be changed?
     What else could we do to make the regulation easier to 
understand?
    The Agencies solicit comment on whether the inclusion of examples 
in the regulation is appropriate. Elevating the fact patterns to safe 
harbors in the rule may generate certain problems over time. For 
example, changes in technology or practices may ultimately

[[Page 63128]]

impact the fact patterns contained in the examples and require changes 
to the regulation. Are there alternative methods to offer illustrative 
guidance of the concepts portrayed by the examples?

List of Subjects

12 CFR Part 41

    Banks, banking, Credit, National banks, Reporting and recordkeeping 
requirements.

12 CFR Part 222

    Banks, banking, Credit, Federal Reserve System, Reporting and 
recordkeeping requirements, State member banks.

12 CFR Part 334

    Banks, banking, Credit, Reporting and recordkeeping requirements.

12 CFR Part 571

    Credit, Privacy, Reporting and recordkeeping requirements, Savings 
associations.

Office of the Comptroller of the Currency

12 CFR Chapter I

Authority and Issuance

    For the reasons set forth in the joint preamble, the OCC proposes 
to amend chapter I of title 12 of the Code of Federal Regulations by 
adding a new part 41 to read as follows:

PART 41--FAIR CREDIT REPORTING

Sec.
41.1   Purpose and scope.
41.2   Examples.
41.3   Definitions.
41.4   Communication of opt out information to affiliates.
41.5   Contents of opt out notice.
41.6   Reasonable opportunity to opt out.
41.7   Reasonable means of opting out.
41.8   Delivery of opt out notices.
41.9   Revised opt out notice.
41.10   Time by which opt out must be honored.
41.11   Duration of opt out.
41.12   Prohibition against discrimination.

Appendix A to Part 41--Sample Notice

    Authority: 12 U.S.C. 93a; 15 U.S.C. 1681s.


Sec. 41.1  Purpose and scope.

    (a) Purpose. This part governs the collection, communication, and 
use, by the institutions listed in paragraph (b)(2) of this section, of 
certain information bearing on a consumer's credit worthiness, credit 
standing, credit capacity, character, general reputation, personal 
characteristics, or mode of living.
    (b) Scope. (1) Information covered. This part applies to 
information that is used or expected to be used or collected in whole 
or in part for the purpose of serving as a factor in establishing a 
consumer's eligibility for credit, insurance, employment, or any other 
purpose authorized under section 604 of the Fair Credit Reporting Act 
(15 U.S.C. 1681b).
    (2) Institutions covered. This part applies to national banks, and 
Federal branches and Federal agencies of foreign banks (collectively 
referred to as ``bank'').
    (3) Relation to other laws. Nothing in this part modifies, limits, 
or supersedes the standards governing the privacy of individually 
identifiable health information promulgated by the Secretary of Health 
and Human Services under the authority of sections 262 and 264 of the 
Health Insurance Portability and Accountability Act of 1996 (42 U.S.C. 
1320d-1320d-8).


Sec. 41.2  Examples.

    The examples used in this part and the sample notice in appendix A 
to this part are not exclusive. Compliance with an example or use of 
the sample notice, to the extent applicable, constitutes compliance 
with this part.


Sec. 41.3  Definitions.

    As used in this part, unless the context requires otherwise:
    (a) Act means the Fair Credit Reporting Act (15 U.S.C. 1681 et 
seq.).
    (b) Affiliate. (1) In general. The term means any company that is 
related or affiliated by common ownership, or affiliated by corporate 
control or common corporate control, with another company.
    (2) Related or affiliated by common ownership or affiliated by 
corporate control or common corporate control. This means controlling, 
controlled by, or under common control with, another company.
    (c) Clear and conspicuous. (1) In general. The term means that a 
notice is reasonably understandable and is designed to call attention 
to the nature and significance of the information it contains.
    (2) Examples. (i) Reasonably understandable. A bank makes its 
notice reasonably understandable if it:
    (A) Presents the information in the notice in clear and concise 
sentences, paragraphs, and sections;
    (B) Uses short explanatory sentences or bullet lists whenever 
possible;
    (C) Uses definite, concrete, everyday words and active voice 
whenever possible;
    (D) Avoids multiple negatives;
    (E) Avoids legal and highly technical business terminology whenever 
possible; and
    (F) Avoids explanations that are imprecise and are readily subject 
to different interpretations.
    (ii) Designed to call attention. A bank designs its notice to call 
attention to the nature and significance of the information it contains 
if it:
    (A) Uses a plain-language heading to call attention to the notice;
    (B) Uses a typeface and type size that are easy to read;
    (C) Provides wide margins and ample line spacing;
    (D) Uses boldface or italics for key words; and
    (E) In a form that combines the bank's notice with other 
information, uses distinctive type sizes, styles, and graphic devices, 
such as shading or sidebars.
    (iii) Notice on a web page. If a bank provides a notice on a web 
page, the bank designs its notice to call attention to the nature and 
significance of the information it contains if the bank:
    (A) Places either the notice, or a link that connects directly to 
the notice and that is labeled appropriately to convey the importance, 
nature, and relevance of the notice, on a page that consumers access 
often, such as a page on which transactions are conducted;
    (B) Uses text or visual cues to encourage scrolling down the page 
if necessary to view the entire notice; and
    (C) Ensures that other elements on the web page (such as text, 
graphics, links, or sound) do not detract attention from the notice.
    (d) Communication includes written, oral, and electronic 
communication; provided that the term includes electronic communication 
to a consumer only if the consumer agrees to receive the communication 
electronically.
    (e) Company means any corporation, limited liability company, 
business trust, general or limited partnership, association, or similar 
organization.
    (f) Consumer means an individual.
    (g) Consumer report. (1) In general. The term means any written, 
oral, or other communication of any information by a consumer reporting 
agency bearing on a consumer's credit worthiness, credit standing, 
credit capacity, character, general reputation, personal 
characteristics, or mode of living which is used or expected to be used 
or collected in whole or in part for the purpose of serving as a factor 
in establishing the consumer's eligibility for:
    (i) Credit or insurance to be used primarily for personal, family, 
or household purposes;
    (ii) Employment purposes; or

[[Page 63129]]

    (iii) Any other purpose authorized under section 604 of the Act (15 
U.S.C. 1681b).
    (2) Exclusions. The term does not include:
    (i) Any report containing information solely as to transactions or 
experiences between the consumer and the person making the report;
    (ii) Any communication of that information among affiliates;
    (iii) Any communication among affiliates of opt out information if 
the conditions in Secs. 41.4 through 41.9 are satisfied;
    (iv) Any authorization or approval of a specific extension of 
credit directly or indirectly by the issuer of a credit card or similar 
device;
    (v) Any report in which a person who has been requested by a third 
party to make a specific extension of credit directly or indirectly to 
a consumer conveys his or her decision with respect to such request, if 
the third party advises the consumer of the name and address of the 
person to whom the request was made, and the person makes the 
disclosures to the consumer required under section 615 of the Act (15 
U.S.C. 1681m); or
    (vi) A communication described in section 603(o) of the Act (15 
U.S.C. 1681a(o)).
    (h) Consumer reporting agency means any person which, for monetary 
fees, dues or on a cooperative nonprofit basis, regularly engages in 
whole or in part in the practice of assembling or evaluating consumer 
credit information or other information on consumers for the purpose of 
furnishing consumer reports to third parties, and which uses any means 
or facility of interstate commerce for the purpose of preparing or 
furnishing consumer reports.
    (i) Control of a company means:
    (1) Ownership, control, or power to vote 25 percent or more of the 
outstanding shares of any class of voting security of the company, 
directly or indirectly, or acting through one or more other persons;
    (2) Control in any manner over the election of a majority of the 
directors, trustees, or general partners (or individuals exercising 
similar functions) of the company; or
    (3) The power to exercise, directly or indirectly, a controlling 
influence over the management or policies of the company, as the Office 
of the Comptroller of the Currency determines.
    (j) Opt out means a direction by a consumer that a bank not 
communicate opt out information about the consumer to one or more of 
its affiliates.
    (k) Opt out information means information that:
    (1) Bears on a consumer's credit worthiness, credit standing, 
credit capacity, character, general reputation, personal 
characteristics, or mode of living;
    (2) Is used or expected to be used or collected in whole or in part 
to serve as a factor in establishing the consumer's eligibility for 
credit or another purpose listed in section 604 of the Act (15 U.S.C. 
1681b); and
    (3) Is not a report containing information solely as to 
transactions or experiences between the consumer and the person 
reporting or communicating the information.
    (l) Person means any individual, partnership, corporation, trust, 
estate, cooperative, association, government or governmental 
subdivision or agency, or other entity.


Sec. 41.4  Communication of opt out information to affiliates.

    A bank's communication to its affiliates of opt out information 
about a consumer is not a consumer report if:
    (a) The bank has provided the consumer with an opt out notice;
    (b) The bank has given the consumer a reasonable opportunity and 
means, before the bank communicates the information to its affiliates, 
to opt out; and
    (c) The consumer has not opted out.


Sec. 41.5  Contents of opt out notice.

    (a) In general. An opt out notice must be clear and conspicuous, 
and must accurately explain:
    (1) The categories of opt out information about the consumer that a 
bank communicates to its affiliates;
    (2) The categories of affiliates to which the bank communicates the 
information;
    (3) The consumer's ability to opt out; and
    (4) A reasonable means for the consumer to opt out.
    (b) Future communications. A bank's notice may describe:
    (1) Categories of opt out information about the consumer that the 
bank reserves the right to communicate to its affiliates in the future 
but does not currently communicate; and
    (2) Categories of affiliates to which the bank reserves the right 
in the future to communicate, but to which the bank does not currently 
communicate, opt out information about the consumer.
    (c) Partial opt out. A bank may allow a consumer to select certain 
opt out information or certain affiliates, with respect to which the 
consumer wishes to opt out.
    (d) Examples of categories of information that a bank communicates. 
(1) A bank satisfies the requirement to categorize the opt out 
information that it communicates if the bank lists the categories in 
paragraph (d)(2) of this section, as applicable, and a few examples to 
illustrate the types of information in each category. These examples 
may include those in paragraph (d)(3) of this section, if applicable.
    (2) Categories of opt out information may include information:
    (i) From a consumer's application;
    (ii) From a consumer credit report;
    (iii) Obtained by verifying representations made by a consumer; or
    (iv) Provided by another person regarding its employment, credit, 
or other relationship with a consumer.
    (3) Examples of information within a category listed in paragraph 
(d)(2) of this section include a consumer's:
    (i) Income;
    (ii) Credit score or credit history with others;
    (iii) Open lines of credit with others;
    (iv) Employment history with others;
    (v) Marital status; and
    (vi) Medical history.
    (4) A bank does not satisfy the requirement if it communicates or 
reserves the right to communicate individually identifiable health 
information (as described in section 1171(6)(B) of the Social Security 
Act (42 U.S.C. 1320d(6)(B)) but omits illustrative examples of this 
information.
    (e) Examples of categories of affiliates. (1) A bank satisfies the 
requirement to categorize the affiliates to which it communicates opt 
out information if it lists the categories in paragraph (e)(2) of this 
section, as applicable, and a few examples to illustrate the types of 
affiliates in each category.
    (2) Categories of affiliates may include:
    (i) Financial service providers; and
    (ii) Non-financial companies.
    (f) Sample notice. A sample notice is included in appendix A to 
this part.


Sec. 41.6  Reasonable opportunity to opt out.

    (a) In general. A bank provides a reasonable opportunity to opt out 
if it provides a reasonable period of time following the delivery of 
the opt out notice for the consumer to opt out.
    (b) Examples of reasonable period of time: (1) In person. A bank 
hand-delivers an opt out notice to the consumer and provides at least 
30 days from the date it delivered the notice.
    (2) By mail. A bank mails an opt out notice to a consumer and 
provides at least 30 days from the date it mailed the notice.
    (3) By electronic means. A bank notifies the consumer 
electronically,

[[Page 63130]]

and it provides at least 30 days after the date that the consumer 
acknowledges receipt of the electronic notice.
    (c) Continuing opportunity to opt out. A consumer may opt out at 
any time.


Sec. 41.7  Reasonable means of opting out.

    (a) General rule. A bank provides a consumer with a reasonable 
means of opting out if it provides a reasonably convenient method to 
opt out.
    (b) Reasonably convenient methods. Examples of reasonably 
convenient methods include:
    (1) Designating check-off boxes in a prominent position on the 
relevant forms included with the opt out notice;
    (2) Including a reply form together with the opt out notice;
    (3) Providing an electronic means to opt out, such as a form that 
can be electronically mailed or a process at the bank's web site, if 
the consumer agrees to the electronic delivery of information; or
    (4) Providing a toll-free telephone number that consumers may call 
to opt out.
    (c) Methods not reasonably convenient. Examples of methods that are 
not reasonably convenient include:
    (1) Requiring a consumer to write his or her own letter to a bank; 
or
    (2) Referring in a revised notice to a check-off box that a bank 
included with a previous notice but that the bank does not include with 
the revised notice.
    (d) Requiring specific means of opting out. A bank may require each 
consumer to opt out through a specific means, as long as that means is 
reasonable for that consumer.


Sec. 41.8  Delivery of opt out notices.

    (a) In general. A bank must deliver an opt out notice so that each 
consumer can reasonably be expected to receive actual notice in writing 
or, if the consumer agrees, electronically.
    (b) Examples of expectation of actual notice. (1) A bank may 
reasonably expect that a consumer will receive actual notice if it:
    (i) Hand-delivers a printed copy of the notice to the consumer;
    (ii) Mails a printed copy of the notice to the last known mailing 
address of the consumer; or
    (iii) For the consumer who conducts transactions electronically, 
posts the notice on its electronic site and requires the consumer to 
acknowledge receipt of the notice as a necessary step to obtaining a 
particular product or service;
    (2) A bank may not reasonably expect that a consumer will receive 
actual notice if it:
    (i) Only posts a sign in its branch or office or generally 
publishes advertisements presenting its notice; or (ii) Sends the 
notice via electronic mail to a consumer who does not obtain a product 
or service from the bank electronically.
    (c) Oral description insufficient. A bank may not provide an opt 
out notice solely by orally explaining the notice, either in person or 
over the telephone.
    (d) Retention or accessibility. (1) In general. A bank must provide 
an opt out notice so that it can be retained or obtained at a later 
time by the consumer in writing or, if the consumer agrees, 
electronically.
    (2) Examples of retention or accessibility. A bank provides the 
notice so that it can be retained or obtained at a later time if the 
bank:
    (i) Hand-delivers a printed copy of the notice to the consumer;
    (ii) Mails a printed copy of the notice to the last known address 
of the consumer upon request of the consumer; or
    (iii) Makes the bank's current notice available on a web site (or a 
link to another web site) for the consumer who obtains a product or 
service electronically and who agrees to receive the notice at the web 
site.
    (e) Joint notice with affiliates. A bank may provide a joint notice 
with one or more affiliates as long as the notice identifies each 
person providing it and is accurate with respect to each.
    (f) Joint relationships. (1) In general. Notwithstanding any other 
provision in this part, if two or more consumers jointly obtain a 
product or service from a bank (joint consumers), the following rules 
apply:
    (i) The bank may provide a single notice to all of the joint 
consumers.
    (ii) Any of the joint consumers has the opportunity to opt out.
    (iii) The bank may treat an opt out direction by a joint consumer 
either as:
    (A) Applying to all of the joint consumers; or
    (B) Applying to that particular joint consumer.
    (iv) The bank must explain in its opt out notice which of the two 
policies set forth in paragraph (f)(1)(iii) of this section it will 
follow.
    (v) If the bank follows the policy set forth in paragraph 
(f)(1)(iii)(B) of this section, by treating the opt out of a joint 
consumer as applying to that particular joint consumer, the bank must 
also permit:
    (A) A joint consumer to opt out on behalf of other joint consumers; 
and
    (B) One or more joint consumers to notify the bank of their opt out 
directions in a single response.
    (vi) A bank may not require all joint consumers to opt out before 
it implements any opt out direction.
    (vii) If a bank receives an opt out by a particular joint consumer 
that does not apply to the others, the bank may disclose information 
about the others as long as no information is disclosed about the 
consumer who opted out.
    (2) Example. If consumers A and B, who have different addresses, 
have a joint checking account with a bank and arrange for the bank to 
send statements to A's address, the bank may do any of the following, 
but it must explain in its opt out notice which opt out policy the bank 
will follow. The bank may send a single opt out notice to A's address 
and:
    (i) Treat an opt out direction by A as applying to the entire 
account. If the bank does so and A opts out, the bank may not require B 
to opt out as well before implementing A's opt out direction.
    (ii) Treat A's opt out direction as applying to A only. If the bank 
does so, it must also permit:
    (A) A and B to opt out for each other; and
    (B) A and B to notify the bank of their opt out directions in a 
single response (such as on a single form) if they choose to give 
separate opt out directions.
    (iii) If A opts out only for A, and B does not opt out, the bank 
may disclose opt out information only about B, and not about A and B 
jointly.


Sec. 41.9  Revised opt out notice.

    If a bank has provided a consumer with one or more opt out notices 
and plans to communicate opt out information to its affiliates about 
the consumer other than as described in those notices, the bank must 
provide the consumer with a revised opt out notice that complies with 
Secs. 41.4 through 41.8.


Sec. 41.10  Time by which opt out must be honored.

    If a bank provides a consumer with an opt out notice and the 
consumer opts out, the bank must comply with the opt out as soon as 
reasonably practicable after the bank receives it.


Sec. 41.11  Duration of opt out.

    An opt out remains effective until revoked by the consumer in 
writing or electronically, as long as the consumer continues to have a 
relationship with the bank. If the consumer's relationship with the 
bank terminates, the opt out will continue to apply to this 
information. However, a new notice and opportunity to opt out must be 
provided if the consumer establishes a new relationship with the bank.


Sec. 41.12  Prohibition against discrimination.

    (a) In general. If a consumer is an applicant for credit, a bank 
must not discriminate against the consumer if the

[[Page 63131]]

consumer opts out of the bank's communication of opt out information to 
it affiliates.
    (b) Examples of discrimination against an applicant. A bank 
discriminates against an applicant if it:
    (1) Denies the applicant credit because the applicant opts out;
    (2) Varies the terms of credit adversely to the applicant such as 
by providing less favorable pricing terms to an applicant who opts out; 
or
    (3) Applies more stringent credit underwriting standards to the 
applicant because the applicant opts out.
    (c) Regulation B. The terms ``applicant'' and ``discriminate 
against'' in Sec. 41.12 have the same meanings ascribed to them in 12 
CFR part 202.

Appendix A to Part 41--Sample Notice

    This appendix contains a sample notice to facilitate compliance 
with the notice requirements of this part. An institution may use 
applicable disclosures in this sample to provide notices required by 
this part.

Notice of Your Opportunity To Opt Out of Information Sharing With 
Companies in Our Corporate Family

Information We Can Share With Our Corporate Family About You--
Unless You Tell Us Not to

    What Information: Unless you tell us not to, [Financial 
Institution] may share with companies in our corporate family 
information about you including:
     Information we obtain from your application, such as 
[provide illustrative examples, such as ``your income'' or ``your 
marital status''];
     Information we obtain from a consumer report, such as 
[provide illustrative examples, such as ``your credit score or 
credit history''];
     Information we obtain to verify representations made by 
you, such as [provide illustrative examples, such as ``your open 
lines of credit'']; and
     Information we obtain from a person regarding its 
employment, credit, or other relationship with you, such as [provide 
illustrative examples, such as ``your employment history''].
    Shared With Whom: Companies in our corporate family who may 
receive this information are:
     Financial service providers, such as [provide 
illustrative examples, such as ``mortgage bankers, broker-dealers, 
and insurance agents'']; and
     Non-financial companies, such as [provide illustrative 
examples, such as ``retailers, direct marketers, airlines, and 
publishers''].

How To Tell Us Not To Share This Information With Our Corporate 
Family

    If you prefer that we not share this information with companies 
in our corporate family, you may direct us not to share this 
information by doing the following [insert one or more of the 
reasonable means of opting out listed below \1\]: [call us toll free 
at {insert toll free number}]; or [visit our web site at {insert web 
site address} and {provide further instructions how to use the web 
site option}]; or [e-mail us at {insert the e-mail address}]; or 
[fill out and tear off the bottom of this sheet and mail to the 
following address: {insert address}]; or [check the appropriate box 
on the attached form {attach form} and mail to the following 
address: {insert address}].
---------------------------------------------------------------------------

    \1\ If the financial institution is using its web site or an e-
mail address as the only method by which a consumer may opt out, the 
consumer must agree to the electronic delivery of information.

    Note: Your direction in this paragraph covers certain 
information about you that we might otherwise share with our 
corporate family. We may share other information about you with our 
---------------------------------------------------------------------------
corporate family as permitted by law.


    Dated: September 22, 2000.
John D. Hawke, Jr.,
Comptroller of the Currency.

Federal Reserve System

    12 CFR Chapter II

Authority and Issuance

    For the reasons set forth in the joint preamble, chapter II of 
title 12 of the Code of Federal Regulations is proposed to be amended 
by adding a new part 222 to read as follows:

PART 222  FAIR CREDIT REPORTING (REGULATION V)

Sec.
222.1   Purpose and scope.
222.2   Examples.
222.3   Definitions.
222.4   Communication of opt out information to affiliates.
222.5   Contents of opt out notice.
222.6   Reasonable opportunity to opt out.
222.7   Reasonable means of opting out.
222.8   Delivery of opt out notices.
222.9   Revised opt out notice.
222.10   Time by which opt out must be honored.
222.11   Duration of opt out.
222.12   Prohibition against discrimination.

Appendix A to Part 222--Sample Notice

    Authority: 15 U.S.C. 1681s.


Sec. 222.1  Purpose and scope.

    (a) Purpose. This part governs the collection, communication, and 
use, by the institutions listed in paragraph (b)(2) of this section, of 
certain information bearing on a consumer's credit worthiness, credit 
standing, credit capacity, character, general reputation, personal 
characteristics, or mode of living.
    (b) Scope. (1) Information covered. This part applies to 
information that is used or expected to be used or collected in whole 
or in part for the purpose of serving as a factor in establishing a 
consumer's eligibility for credit, insurance, employment, or any other 
purpose authorized under section 604 of the Fair Credit Reporting Act 
(15 U.S.C. 1681b).
    (2) Institutions covered. This part applies to member banks of the 
Federal Reserve System (other than national banks), branches and 
agencies of foreign banks (other than Federal branches, Federal 
agencies, and insured State branches of foreign banks), commercial 
lending companies owned or controlled by foreign banks, and 
organizations operating under section 25 or 25A of the Federal Reserve 
Act (12 U.S.C. 601-604a, 611-631).
    (3) Relation to other laws. Nothing in this part modifies, limits, 
or supersedes the standards governing the privacy of individually 
identifiable health information promulgated by the Secretary of Health 
and Human Services under the authority of sections 262 and 264 of the 
Health Insurance Portability and Accountability Act of 1996 (42 U.S.C. 
1320d-1320d-8).


Sec. 222.2  Examples.

    The examples used in this part and the sample notice in appendix A 
to this part are not exclusive. Compliance with an example or use of 
the sample notice, to the extent applicable, constitutes compliance 
with this part.


Sec. 222.3  Definitions.

    As used in this part, unless the context requires otherwise:
    (a) Act means the Fair Credit Reporting Act (15 U.S.C. 1681 et 
seq.).
    (b) Affiliate. (1) In general. The term means any company that is 
related or affiliated by common ownership, or affiliated by corporate 
control or common corporate control, with another company.
    (2) Related or affiliated by common ownership or affiliated by 
corporate control or common corporate control. This means controlling, 
controlled by, or under common control with, another company.
    (c) Clear and conspicuous. (1) In general. The term means that a 
notice is reasonably understandable and is designed to call attention 
to the nature and significance of the information it contains.
    (2) Examples. (i) Reasonably understandable. You make your notice 
reasonably understandable if you:
    (A) Present the information in the notice in clear and concise 
sentences, paragraphs, and sections;
    (B) Use short explanatory sentences or bullet lists whenever 
possible;

[[Page 63132]]

    (C) Use definite, concrete, everyday words and active voice 
whenever possible;
    (D) Avoid multiple negatives;
    (E) Avoid legal and highly technical business terminology whenever 
possible; and
    (F) Avoid explanations that are imprecise and are readily subject 
to different interpretations.
    (ii) Designed to call attention. You design your notice to call 
attention to the nature and significance of the information it contains 
if you:
    (A) Use a plain-language heading to call attention to the notice;
    (B) Use a typeface and type size that are easy to read;
    (C) Provide wide margins and ample line spacing;
    (D) Use boldface or italics for key words; and
    (E) In a form that combines your notice with other information, use 
distinctive type sizes, styles, and graphic devices, such as shading or 
sidebars.
    (iii) Notice on a web page. If you provide a notice on a web page, 
you design your notice to call attention to the nature and significance 
of the information it contains if you:
    (A) Place either the notice, or a link that connects directly to 
the notice and that is labeled appropriately to convey the importance, 
nature, and relevance of the notice, on a page that consumers access 
often, such as a page on which transactions are conducted;
    (B) Use text or visual cues to encourage scrolling down the page if 
necessary to view the entire notice; and
    (C) Ensure that other elements on the web page (such as text, 
graphics, links, or sound) do not detract attention from the notice.
    (d) Communication includes written, oral, and electronic 
communication; provided that the term includes electronic communication 
to a consumer only if the consumer agrees to receive the communication 
electronically.
    (e) Company means any corporation, limited liability company, 
business trust, general or limited partnership, association, or similar 
organization.
    (f) Consumer means an individual.
    (g) Consumer report. (1) In general. The term means any written, 
oral, or other communication of any information by a consumer reporting 
agency bearing on a consumer's credit worthiness, credit standing, 
credit capacity, character, general reputation, personal 
characteristics, or mode of living which is used or expected to be used 
or collected in whole or in part for the purpose of serving as a factor 
in establishing the consumer's eligibility for:
    (i) Credit or insurance to be used primarily for personal, family, 
or household purposes;
    (ii) Employment purposes; or
    (iii) Any other purpose authorized under section 604 of the Act (15 
U.S.C. 1681b).
    (2) Exclusions. The term does not include:
    (i) Any report containing information solely as to transactions or 
experiences between the consumer and the person making the report;
    (ii) Any communication of that information among affiliates;
    (iii) Any communication among affiliates of opt out information if 
the conditions in Secs. 222.4 through 222.9 are satisfied;
    (iv) Any authorization or approval of a specific extension of 
credit directly or indirectly by the issuer of a credit card or similar 
device;
    (v) Any report in which a person who has been requested by a third 
party to make a specific extension of credit directly or indirectly to 
a consumer conveys his or her decision with respect to such request, if 
the third party advises the consumer of the name and address of the 
person to whom the request was made, and the person makes the 
disclosures to the consumer required under section 615 of the Act (15 
U.S.C. 1681m); or
    (vi) A communication described in section 603(o) of the Act (15 
U.S.C. 1681a(o)).
    (h) Consumer reporting agency means any person which, for monetary 
fees, dues or on a cooperative nonprofit basis, regularly engages in 
whole or in part in the practice of assembling or evaluating consumer 
credit information or other information on consumers for the purpose of 
furnishing consumer reports to third parties, and which uses any means 
or facility of interstate commerce for the purpose of preparing or 
furnishing consumer reports.
    (i) Control of a company means:
    (1) Ownership, control, or power to vote 25 percent or more of the 
outstanding shares of any class of voting security of the company, 
directly or indirectly, or acting through one or more other persons;
    (2) Control in any manner over the election of a majority of the 
directors, trustees, or general partners (or individuals exercising 
similar functions) of the company;
    (3) The power to exercise, directly or indirectly, a controlling 
influence over the management or policies of the company, as the Board 
determines.
    (j) Opt out means a direction by a consumer that you not 
communicate opt out information about the consumer to one or more of 
your affiliates.
    (k) Opt out information means information that:
    (1) Bears on a consumer's credit worthiness, credit standing, 
credit capacity, character, general reputation, personal 
characteristics, or mode of living;
    (2) Is used or expected to be used or collected in whole or in part 
to serve as a factor in establishing the consumer's eligibility for 
credit or another purpose listed in section 604 of the Act (15 U.S.C. 
1681b); and
    (3) Is not a report containing information solely as to 
transactions or experiences between the consumer and the person 
reporting or communicating the information.
    (1) Person means any individual, partnership, corporation, trust, 
estate, cooperative, association, government or governmental 
subdivision or agency, or other entity.
    (m) You means a member bank of the Federal Reserve System (other 
than a national bank), a branch or agency of a foreign bank (other than 
a Federal branch, Federal agency, or insured State branch of a foreign 
bank), a commercial lending company owned or controlled by a foreign 
bank, or an organization operating under section 25 or 25A of the 
Federal Reserve Act (12 U.S.C. 601-604a, 611-631).


Sec. 222.4  Communication of opt out information to affiliates.

    Your communication to your affiliates of opt out information about 
a consumer is not a consumer report if:
    (a) You have provided the consumer with an opt out notice;
    (b) You have given the consumer a reasonable opportunity and means, 
before you communicate the information to your affiliates, to opt out; 
and
    (c) The consumer has not opted out.


Sec. 222.5  Contents of opt out notice.

    (a) In general. An opt out notice must be clear and conspicuous, 
and must accurately explain:
    (1) The categories of opt out information about the consumer that 
you communicate to your affiliates;
    (2) The categories of affiliates to which you communicate the 
information;
    (3) The consumer's ability to opt out; and
    (4) A reasonable means for the consumer to opt out.
    (b) Future communications. Your notice may describe:
    (1) Categories of opt out information about the consumer that you 
reserve the

[[Page 63133]]

right to communicate to your affiliates in the future but do not 
currently communicate; and
    (2) Categories of affiliates to which you reserve the right in the 
future to communicate, but to which you do not currently communicate, 
opt out information about the consumer.
    (c) Partial opt out. You may allow a consumer to select certain opt 
out information or certain affiliates, with respect to which the 
consumer wishes to opt out.
    (d) Examples of categories of information that you communicate. (1) 
You satisfy the requirement to categorize the opt out information that 
you communicate if you list the categories in paragraph (d)(2) of this 
section, as applicable, and a few examples to illustrate the types of 
information in each category. These examples may include those in 
paragraph (d)(3) of this section, if applicable.
    (2) Categories of opt out information may include information:
    (i) From a consumer's application;
    (ii) From a consumer credit report;
    (iii) Obtained by verifying representations made by a consumer; or
    (iv) Provided by another person regarding its employment, credit, 
or other relationship with a consumer.
    (3) Examples of information within a category listed in paragraph 
(d)(2) of this section include a consumer's:
    (i) Income;
    (ii) Credit score or credit history with others;
    (iii) Open lines of credit with others;
    (iv) Employment history with others;
    (v) Marital status; and
    (vi) Medical history.
    (4) You do not satisfy the requirement if you communicate or 
reserve the right to communicate individually identifiable health 
information (as described in section 1171(6)(B) of the Social Security 
Act (42 U.S.C. 1320d(6)(B)) but omit illustrative examples of this 
information.
    (e) Examples of categories of affiliates. (1) You satisfy the 
requirement to categorize the affiliates to which you communicate opt 
out information if you list the categories in paragraph (e)(2) of this 
section, as applicable, and a few examples to illustrate the types of 
affiliates in each category.
    (2) Categories of affiliates may include:
    (i) Financial service providers; and
    (ii) Non-financial companies.
    (f) Sample notice. A sample notice is included in appendix A to 
this part.


Sec. 222.6  Reasonable opportunity to opt out.

    (a) In general. You provide a reasonable opportunity to opt out if 
you provide a reasonable period of time following the delivery of the 
opt out notice for the consumer to opt out.
    (b) Examples of reasonable period of time: (1) In person. You hand-
deliver an opt out notice to the consumer and provide at least 30 days 
from the date you delivered the notice.
    (2) By mail. You mail an opt out notice to a consumer and provide 
at least 30 days from the date you mailed the notice.
    (3) By electronic means. You notify the consumer electronically, 
and you provide at least 30 days after the date that the consumer 
acknowledges receipt of the electronic notice.
    (c) Continuing opportunity to opt out. A consumer may opt out at 
any time.


Sec. 222.7  Reasonable means of opting out.

    (a) General rule. You provide a consumer with a reasonable means of 
opting out if you provide a reasonably convenient method to opt out.
    (b) Reasonably convenient methods. Examples of reasonably 
convenient methods include:
    (1) Designating check-off boxes in a prominent position on the 
relevant forms included with the opt out notice;
    (2) Including a reply form together with the opt out notice;
    (3) Providing an electronic means to opt out, such as a form that 
can be electronically mailed or a process at your web site, if the 
consumer agrees to the electronic delivery of information; or
    (4) Providing a toll-free telephone number that consumers may call 
to opt out.
    (c) Methods not reasonably convenient. Examples of methods that are 
not reasonably convenient include:
    (1) Requiring a consumer to write his or her own letter to you; or
    (2) Referring in a revised notice to a check-off box that you 
included with a previous notice but that you do not include with the 
revised notice.
    (d) Requiring specific means of opting out. You may require each 
consumer to opt out through a specific means, as long as that means is 
reasonable for that consumer.


Sec. 222.8  Delivery of opt out notices.

    (a) In general. You must deliver an opt out notice so that each 
consumer can reasonably be expected to receive actual notice in writing 
or, if the consumer agrees, electronically.
    (b) Examples of expectation of actual notice. (1) You may 
reasonably expect that a consumer will receive actual notice if you:
    (i) Hand-deliver a printed copy of the notice to the consumer;
    (ii) Mail a printed copy of the notice to the last known mailing 
address of the consumer; or
    (iii) For the consumer who conducts transactions electronically, 
post the notice on your electronic site and require the consumer to 
acknowledge receipt of the notice as a necessary step to obtaining a 
particular product or service;
    (2) You may not reasonably expect that a consumer will receive 
actual notice if you:
    (i) Only post a sign in your branch or office or generally publish 
advertisements presenting your notice; or
    (ii) Send the notice via electronic mail to a consumer who does not 
obtain a product or service from you electronically.
    (c) Oral description insufficient. You may not provide an opt out 
notice solely by orally explaining the notice, either in person or over 
the telephone.
    (d) Retention or accessibility. (1) In general. You must provide an 
opt out notice so that it can be retained or obtained at a later time 
by the consumer in writing or, if the consumer agrees, electronically.
    (2) Examples of retention or accessibility. You provide the notice 
so that it can be retained or obtained at a later time if you:
    (i) Hand-deliver a printed copy of the notice to the consumer;
    (ii) Mail a printed copy of the notice to the last known address of 
the consumer upon request of the consumer; or
    (iii) Make your current notice available on a web site (or a link 
to another web site) for the consumer who obtains a product or service 
electronically and who agrees to receive the notice at the web site.
    (e) Joint notice with affiliates. You may provide a joint notice 
with one or more affiliates as long as the notice identifies each 
person providing it and is accurate with respect to each.
    (f) Joint relationships. (1) In general. Notwithstanding any other 
provision in this part, if two or more consumers jointly obtain a 
product or service from you (joint consumers), the following rules 
apply:
    (i) You may provide a single notice to all of the joint consumers.
    (ii) Any of the joint consumers has the opportunity to opt out.
    (iii) You may treat an opt out direction by a joint consumer either 
as:
    (A) Applying to all of the joint consumers; or
    (B) Applying to that particular joint consumer.
    (iv) You must explain in your opt out notice which of the two 
policies set

[[Page 63134]]

forth in paragraph (f)(1)(iii) of this section you will follow.
    (v) If you follow the policy set forth in paragraph (f)(1)(iii)(B) 
of this section, by treating the opt out of a joint consumer as 
applying to that particular joint consumer, you must also permit:
    (A) A joint consumer to opt out on behalf of other joint consumers; 
and
    (B) One or more joint consumers to notify you of their opt out 
directions in a single response.
    (vi) You may not require all joint consumers to opt out before you 
implement any opt out direction.
    (vii) If you receive an opt out by a particular joint consumer that 
does not apply to the others, you may disclose information about the 
others as long as no information is disclosed about the consumer who 
opted out.
    (2) Example. If consumers A and B, who have different addresses, 
have a joint checking account with you and arrange for you to send 
statements to A's address, you may do any of the following, but you 
must explain in your opt out notice which opt out policy you will 
follow. You may send a single opt out notice to A's address and:
    (i) Treat an opt out direction by A as applying to the entire 
account. If you do so and A opts out, you may not require B to opt out 
as well before implementing A's opt out direction.
    (ii) Treat A's opt out direction as applying to A only. If you do 
so, you must also permit:
    (A) A and B to opt out for each other; and
    (B) A and B to notify you of their opt out directions in a single 
response (such as on a single form) if they choose to give separate opt 
out directions.
    (iii) If A opts out only for A, and B does not opt out, you may 
disclose opt out information only about B, and not about A and B 
jointly.


Sec. 222.9  Revised opt out notice.

    If you have provided a consumer with one or more opt out notices 
and plan to communicate opt out information to your affiliates about 
the consumer other than as described in those notices, you must provide 
the consumer with a revised opt out notice that complies with 
Secs. 222.4 through 222.8.


Sec. 222.10  Time by which opt out must be honored.

    If you provide a consumer with an opt out notice and the consumer 
opts out, you must comply with the opt out as soon as reasonably 
practicable after you receive it.


Sec. 222.11  Duration of opt out.

    An opt out remains effective until revoked by the consumer in 
writing or electronically, as long as the consumer continues to have a 
relationship with you. If the consumer's relationship with you 
terminates, the opt out will continue to apply to this information. 
However, a new notice and opportunity to opt out must be provided if 
the consumer establishes a new relationship with you.


Sec. 222.12  Prohibition against discrimination.

    (a) In general. If a consumer is an applicant for credit, you must 
not discriminate against the consumer if the consumer opts out of your 
communication of opt out information to your affiliates.
    (b) Examples of discrimination against an applicant. You 
discriminate against an applicant if you:
    (1) Deny the applicant credit because the applicant opts out;
    (2) Vary the terms of credit adversely to the applicant such as by 
providing less favorable pricing terms to an applicant who opts out; or
    (3) Apply more stringent credit underwriting standards to the 
applicant because the applicant opts out.
    (c) Regulation B. The terms ``applicant'' and ``discriminate 
against'' in Sec. 222.12 have the same meanings ascribed to them in 12 
CFR part 202.

Appendix A to Part 222--Sample Notice

    This appendix contains a sample notice to facilitate compliance 
with the notice requirements of this part. An institution may use 
applicable disclosures in this sample to provide notices required by 
this part.

Notice of Your Opportunity to Opt Out of Information Sharing With 
Companies in Our Corporate Family

Information We Can Share With Our Corporate Family About You--
Unless You Tell Us Not To

    What Information: Unless you tell us not to, [Financial 
Institution] may share with companies in our Corporate family 
information about you including:
     Information we obtain from your application, such as 
[provide illustrative examples, such as ``your income'' or ``your 
marital status''];
     Information we obtain from a consumer report, such as 
[provide illustrative examples, such as ``your credit score or 
credit history''];
     Information we obtain to verify representations made by 
you, such as [provide illustrative examples, such as ``your open 
lines of credit'']; and
     Information we obtain from a person regarding its 
employment, credit, or other relationship with you, such as [provide 
illustrative examples, such as ``your employment history''].
    Shared With Whom: Companies in our corporate family who may 
receive this information are:
     Financial service providers, such as [provide 
illustrative examples, such as ``mortgage bankers, broker-dealers, 
and insurance agents'']; and
     Non-financial companies, such as [provide illustrative 
examples, such as ``retailers, direct marketers, airlines, and 
publishers''].

How To Tell Us Not To Share This Information With Our Corporate 
Family

    If you prefer that we not share this information with companies 
in our corporate family, you may direct us not to share this 
information by doing the following [insert one or more of the 
reasonable means of opting out listed below \1\]: [call us toll free 
at {insert toll free number}]; or [visit our web site at {insert web 
site address} and {provide further instructions how to use the web 
site option}]; or [e-mail us at {insert the e-mail address}]; or 
[fill out and tear off the bottom of this sheet and mail to the 
following address: {insert address}]; or [check the appropriate box 
on the attached form {attach form} and mail to the following 
address: {insert address}].

    \1\ If the financial institution is using its web site or an e-
mail address as the only method by which a consumer may opt out, the 
consumer must agree to the electronic delivery of information.

    Note: Your direction in this paragraph covers certain 
information about you that we might otherwise share with our 
corporate family. We may share other information about you with our 
---------------------------------------------------------------------------
corporate family as permitted by law.


    By order of the Board of Governors of the Federal Reserve 
System, October 11, 2000.
Jennifer J. Johnson,
Secretary of the Board.

Federal Deposit Insurance Corporation

    12 CFR Chapter III

Authority and Issuance

    For the reasons set out in the joint preamble, chapter III of title 
12 of the Code of Federal Regulations is proposed to be amended by 
adding a new part 334 to read as follows:

PART 334--FAIR CREDIT REPORTING

Sec.
334.1   Purpose and scope.
334.2   Examples.
334.3   Definitions.
334.4   Communication of opt out information to affiliates.
334.5   Contents of opt out notice.
334.6   Reasonable opportunity to opt out.
334.7   Reasonable means of opting out.
334.8   Delivery of opt out notices.
334.9   Revised opt out notice.
334.10   Time by which opt out must be honored.
334.11   Duration of opt out.
334.12   Prohibition against discrimination.

Appendix A to Part 222--Sample Notice


    Authority: 15 U.S.C. 1681s; 12 U.S.C. 1819(a)(Tenth).

[[Page 63135]]

Sec. 334.1  Purpose and scope.

    (a) Purpose. This part governs the collection, communication, and 
use, by the institutions listed in paragraph (b)(2) of this section, of 
certain information bearing on a consumer's credit worthiness, credit 
standing, credit capacity, character, general reputation, personal 
characteristics, or mode of living.
    (b) Scope. (1) Information covered. This part applies to 
information that is used or expected to be used or collected in whole 
or in part for the purpose of serving as a factor in establishing a 
consumer's eligibility for credit, insurance, employment, or any other 
purpose authorized under section 604 of the Fair Credit Reporting Act 
(15 U.S.C. 1681b).
    (2) Institutions covered. This part applies to banks insured by the 
FDIC (other than members of the Federal Reserve System) and insured 
state branches of foreign banks.
    (3) Relation to other laws. Nothing in this part modifies, limits, 
or supersedes the standards governing the privacy of individually 
identifiable health information promulgated by the Secretary of Health 
and Human Services under the authority of sections 262 and 264 of the 
Health Insurance Portability and Accountability Act of 1996 (42 U.S.C. 
1320d-1320d-8).


Sec. 334.2  Examples.

    The examples used in this part and the sample notice in appendix A 
to this part are not exclusive. Compliance with an example or use of 
the sample notice, to the extent applicable, constitutes compliance 
with this part.


Sec. 334.3  Definitions.

    As used in this part, unless the context requires otherwise:
    (a) Act means the Fair Credit Reporting Act (15 U.S.C. 1681 et 
seq.).
    (b) Affiliate. (1) In general. The term means any company that is 
related or affiliated by common ownership, or affiliated by corporate 
control or common corporate control, with another company.
    (2) Related or affiliated by common ownership or affiliated by 
corporate control or common corporate control. This means controlling, 
controlled by, or under common control with, another company.
    (c) Clear and conspicuous. (1) In general. The term means that a 
notice is reasonably understandable and is designed to call attention 
to the nature and significance of the information it contains.
    (2) Examples. (i) Reasonably understandable. You make your notice 
reasonably understandable if you:
    (A) Present the information in the notice in clear and concise 
sentences, paragraphs, and sections;
    (B) Use short explanatory sentences or bullet lists whenever 
possible;
    (C) Use definite, concrete, everyday words and active voice 
whenever possible;
    (D) Avoid multiple negatives;
    (E) Avoid legal and highly technical business terminology whenever 
possible; and
    (F) Avoid explanations that are imprecise and are readily subject 
to different interpretations.
    (ii) Designed to call attention. You design your notice to call 
attention to the nature and significance of the information it contains 
if you:
    (A) Use a plain-language heading to call attention to the notice;
    (B) Use a typeface and type size that are easy to read;
    (C) Provide wide margins and ample line spacing;
    (D) Use boldface or italics for key words; and
    (E) In a form that combines your notice with other information, use 
distinctive type sizes, styles, and graphic devices, such as shading or 
sidebars.
    (iii) Notice on a web page. If you provide a notice on a web page, 
you design your notice to call attention to the nature and significance 
of the information it contains if:
    (A) You place either the notice, or a link that connects directly 
to the notice and that is labeled appropriately to convey the 
importance, nature, and relevance of the notice, on a page that 
consumers access often, such as a page on which transactions are 
conducted;
    (B) You use text or visual cues to encourage scrolling down the 
page if necessary to view the entire notice; and
    (C) You ensure that other elements on the web page (such as text, 
graphics, links, or sound) do not detract attention from the notice.
    (d) Communication includes written, oral, and electronic 
communication; provided that the term includes electronic communication 
to a consumer only if the consumer agrees to receive the communication 
electronically.
    (e) Company means any corporation, limited liability company, 
business trust, general or limited partnership, association, or similar 
organization.
    (f) Consumer means an individual.
    (g) Consumer report. (1) In general. The term means any written, 
oral, or other communication of any information by a consumer reporting 
agency bearing on a consumer's credit worthiness, credit standing, 
credit capacity, character, general reputation, personal 
characteristics, or mode of living which is used or expected to be used 
or collected in whole or in part for the purpose of serving as a factor 
in establishing the consumer's eligibility for:
    (i) Credit or insurance to be used primarily for personal, family, 
or household purposes;
    (ii) Employment purposes; or
    (iii) Any other purpose authorized under section 604 of the Act (15 
U.S.C. 1681b).
    (2) Exclusions. The term does not include:
    (i) Any report containing information solely as to transactions or 
experiences between the consumer and the person making the report;
    (ii) Any communication of that information among affiliates;
    (iii) Any communication among affiliates of opt out information if 
the conditions in Secs. 334.4 through 334.9 are satisfied;
    (iv) Any authorization or approval of a specific extension of 
credit directly or indirectly by the issuer of a credit card or similar 
device;
    (v) Any report in which a person who has been requested by a third 
party to make a specific extension of credit directly or indirectly to 
a consumer conveys his or her decision with respect to such request, if 
the third party advises the consumer of the name and address of the 
person to whom the request was made, and the person makes the 
disclosures to the consumer required under section 615 of the Act (15 
U.S.C. 1681m); or
    (vi) A communication described in section 603(o) of the Act (15 
U.S.C. 1681a(o)).
    (h) Consumer reporting agency means any person which, for monetary 
fees, dues or on a cooperative nonprofit basis, regularly engages in 
whole or in part in the practice of assembling or evaluating consumer 
credit information or other information on consumers for the purpose of 
furnishing consumer reports to third parties, and which uses any means 
or facility of interstate commerce for the purpose of preparing or 
furnishing consumer reports.
    (i) Control of a company means:
    (1) Ownership, control, or power to vote 25 percent or more of the 
outstanding shares of any class of voting security of the company, 
directly or indirectly, or acting through one or more other persons;
    (2) Control in any manner over the election of a majority of the 
directors,

[[Page 63136]]

trustees, or general partners (or individuals exercising similar 
functions) of the company; or
    (3) The power to exercise, directly or indirectly, a controlling 
influence over the management or policies of the company, as the FDIC 
determines.
    (j) Opt out means a direction by a consumer that you not 
communicate opt out information about the consumer to one or more of 
your affiliates.
    (k) Opt out information means information that:
    (1) Bears on a consumer's credit worthiness, credit standing, 
credit capacity, character, general reputation, personal 
characteristics, or mode of living;
    (2) Is used or expected to be used or collected in whole or in part 
to serve as a factor in establishing the consumer's eligibility for 
credit or another purpose listed in section 604 of the Act (15 U.S.C. 
1681b); and
    (3) Is not a report containing information solely as to 
transactions or experiences between the consumer and the person 
reporting or communicating the information.
    (l) Person means any individual, partnership, corporation, trust, 
estate, cooperative, association, government or governmental 
subdivision or agency, or other entity.
    (m) You means banks insured by the FDIC (other than members of the 
Federal Reserve System) and insured state branches of foreign banks.


Sec. 334.4  Communication of opt out information to affiliates.

    Your communication to your affiliates of opt out information about 
a consumer is not a consumer report if:
    (a) You have provided the consumer with an opt out notice;
    (b) You have given the consumer a reasonable opportunity and means, 
before you communicate the information to your affiliates, to opt out; 
and
    (c) The consumer has not opted out.


Sec. 334.5  Contents of opt out notice.

    (a) In general. An opt out notice must be clear and conspicuous, 
and must accurately explain:
    (1) The categories of opt out information about the consumer that 
you communicate to your affiliates;
    (2) The categories of affiliates to which you communicate the 
information;
    (3) The consumer's ability to opt out; and
    (4) A reasonable means for the consumer to opt out.
    (b) Future communications. Your notice may describe:
    (1) Categories of opt out information about the consumer that you 
reserve the right to communicate to your affiliates in the future but 
do not currently communicate; and
    (2) Categories of affiliates to which you reserve the right in the 
future to communicate, but to which you do not currently communicate, 
opt out information about the consumer.
    (c) Partial opt out. You may allow a consumer to select certain opt 
out information or certain affiliates, with respect to which the 
consumer wishes to opt out.
    (d) Examples of categories of information that you communicate. (1) 
You satisfy the requirement to categorize the opt out information that 
you communicate if you list the categories in paragraph (d)(2) of this 
section, as applicable, and a few examples to illustrate the types of 
information in each category. These examples may include those in 
paragraph (d)(3) of this section, if applicable.
    (2) Categories of opt out information may include information:
    (i) From a consumer's application;
    (ii) From a consumer credit report;
    (iii) Obtained by verifying representations made by a consumer; and
    (iv) Provided by another person regarding its employment, credit, 
or other relationship with a consumer.
    (3) Examples of information within a category listed in paragraph 
(d)(2) of this section include a consumer's:
    (i) Income;
    (ii) Credit score or credit history with others;
    (iii) Open lines of credit with others;
    (iv) Employment history with others;
    (v) Marital status; and
    (vi) Medical history.
    (4) You do not satisfy the requirement if you communicate or 
reserve the right to communicate individually identifiable health 
information (as described in section 1171(6)(B) of the Social Security 
Act (42 U.S.C. 1320d(6)(B)) but omit illustrative examples of this 
information.
    (e) Examples of categories of affiliates. (1) You satisfy the 
requirement to categorize the affiliates to which you communicate opt 
out information if you list the categories in paragraph (e)(2) of this 
section, as applicable, and a few examples to illustrate the types of 
affiliates in each category.
    (2) Categories of affiliates may include:
    (i) Financial service providers; and
    (ii) Non-financial companies.
    (f) Sample notice. A sample notice is included in appendix A to 
this part.


Sec. 334.6  Reasonable opportunity to opt out.

    (a) In general. You provide a reasonable opportunity to opt out if 
you provide a reasonable period of time following the delivery of the 
opt out notice for the consumer to opt out.
    (b) Examples of reasonable period of time: (1) In person. You hand-
deliver an opt out notice to the consumer and provide at least 30 days 
from the date you delivered the notice.
    (2) By mail. You mail an opt out notice to a consumer and provide 
at least 30 days from the date you mailed the notice.
    (3) By electronic means. You notify the consumer electronically, 
and you provide at least 30 days after the date that the consumer 
acknowledges receipt of the electronic notice.
    (c) Continuing opportunity to opt out. A consumer may opt out at 
any time.


Sec. 334.7  Reasonable means of opting out.

    (a) General rule. You provide a consumer with a reasonable means of 
opting out if you provide a reasonably convenient method to opt out.
    (b) Reasonably convenient methods. Examples of reasonably 
convenient methods include:
    (1) Designating check-off boxes in a prominent position on the 
relevant forms included with the opt out notice;
    (2) Including a reply form together with the opt out notice;
    (3) Providing an electronic means to opt out, such as a form that 
can be electronically mailed or a process at your web site, if the 
consumer agrees to the electronic delivery of information; or
    (4) Providing a toll-free telephone number that consumers may call 
to opt out.
    (c) Methods not reasonably convenient. Examples of methods that are 
not reasonably convenient include:
    (1) Requiring a consumer to write his or her own letter to you; or
    (2) Referring in a revised notice to a check-off box that you 
included with a previous notice but that you do not include with the 
revised notice.
    (d) Requiring specific means of opting out. You may require each 
consumer to opt out through a specific means, as long as that means is 
reasonable for that consumer.


Sec. 334.8  Delivery of opt out notices.

    (a) In general. You must deliver an opt out notice so that each 
consumer can reasonably be expected to receive actual notice in writing 
or, if the consumer agrees, electronically.
    (b) Examples of expectation of actual notice. (1) You may 
reasonably expect that a consumer will receive actual notice if you:

[[Page 63137]]

    (i) Hand-deliver a printed copy of the notice to the consumer;
    (ii) Mail a printed copy of the notice to the last known mailing 
address of the consumer; or
    (iii) For the consumer who conducts transactions electronically, 
post the notice on your electronic site and require the consumer to 
acknowledge receipt of the notice as a necessary step to obtaining a 
particular product or service;
    (2) You may not reasonably expect that a consumer will receive 
actual notice if you:
    (i) Only post a sign in your branch or office or generally publish 
advertisements presenting your notice; or
    (ii) Send the notice via electronic mail to a consumer who does not 
obtain a product or service from you electronically.
    (c) Oral description insufficient. You may not provide an opt out 
notice solely by orally explaining the notice, either in person or over 
the telephone.
    (d) Retention or accessibility. (1) In general. You must provide an 
opt out notice so that it can be retained or obtained at a later time 
by the consumer in writing or, if the consumer agrees, electronically.
    (2) Examples of retention or accessibility. You provide the notice 
so that it can be retained or obtained at a later time if you:
    (i) Hand-deliver a printed copy of the notice to the consumer;
    (ii) Mail a printed copy of the notice to the last known address of 
the consumer upon request of the consumer; or
    (iii) Make your current notice available on a web site (or a link 
to another web site) for the consumer who obtains a product or service 
electronically and who agrees to receive the notice at the web site.
    (e) Joint notice with affiliates. You may provide a joint notice 
with one or more affiliates as long as the notice identifies each 
person providing it and is accurate with respect to each.
    (f) Joint relationships. (1) In general. Notwithstanding any other 
provision in this part, if two or more consumers jointly obtain a 
product or service from you (joint consumers), the following rules 
apply:
    (i) You may provide a single notice to all of the joint consumers.
    (ii) Any of the joint consumers has the opportunity to opt out.
    (iii) You may treat an opt out direction by a joint consumer either 
as:
    (A) Applying to all of the joint consumers; or
    (B) Applying to that particular joint consumer.
    (iv) You must explain in your opt out notice which of the two 
policies set forth in paragraph (f)(1)(iii) of this section you will 
follow.
    (v) If you follow the policy set forth in paragraph (f)(1)(iii)(B) 
of this section, by treating the opt out of a joint consumer as 
applying to that particular joint consumer, you must also permit:
    (A) A joint consumer to opt out on behalf of other joint consumers; 
and
    (B) One or more joint consumers to notify you of their opt out 
directions in a single response.
    (vi) You may not require all joint consumers to opt out before you 
implement any opt out direction.
    (vii) If you receive an opt out by a particular joint consumer that 
does not apply to the others, you may disclose information about the 
others as long as no information is disclosed about the consumer who 
opted out.
    (2) Example. If consumers A and B, who have different addresses, 
have a joint checking account with you and arrange for you to send 
statements to A's address, you may do any of the following, but you 
must explain in your opt out notice which opt out policy you will 
follow. You may send a single opt out notice to A's address and:
    (i) Treat an opt out direction by A as applying to the entire 
account. If you do so and A opts out, you may not require B to opt out 
as well before implementing A's opt out direction.
    (ii) Treat A's opt out direction as applying to A only. If you do 
so, you must also permit:
    (A) A and B to opt out for each other; and
    (B) A and B to notify you of their opt out directions in a single 
response (such as on a single form) if they choose to give separate opt 
out directions.
    (iii) If A opts out only for A, and B does not opt out, you may 
disclose opt out information only about B, and not about A and B 
jointly.


Sec. 334.9  Revised opt out notice.

    If you have provided a consumer with one or more opt out notices 
and plan to communicate opt out information to your affiliates about 
the consumer, other than as described in those notices, you must 
provide the consumer with a revised opt out notice that complies with 
Secs. 334.4 through 334.8.


Sec. 334.10  Time by which opt out must be honored.

    If you provide a consumer with an opt out notice and the consumer 
opts out, you must comply with the opt out as soon as reasonably 
practicable after you receive it.


Sec. 334.11  Duration of opt out.

    An opt out remains effective until revoked by the consumer in 
writing or electronically, as long as the consumer continues to have a 
relationship with the institution. If the consumer's relationship with 
the institution terminates, the opt out will continue to apply to this 
information. However, a new notice and opportunity to opt out must be 
provided if the consumer establishes a new relationship with the 
institution.


Sec. 334.12  Prohibition against discrimination.

    (a) In general. If a consumer is an applicant for credit, you must 
not discriminate against the consumer if the consumer opts out of the 
your communication of opt out information to your affiliates.
    (b) Examples of discrimination against an applicant. You 
discriminate against an applicant if you:
    (1) Deny the applicant credit because the applicant opts out;
    (2) Vary the terms of credit adversely to the applicant such as by 
providing less favorable pricing terms to an applicant who opts out; or
    (3) Apply more stringent credit underwriting standards to the 
applicant because the applicant opts out.
    (c) Regulation B. The terms ``applicant'' and ``discriminate 
against'' in Sec. 334.12 have the same meanings ascribed to them in 12 
CFR part 202.

Appendix A to Part 334--Sample Notice

    This appendix contains a sample notice to facilitate compliance 
with the notice requirements of this part. An institution may use 
applicable disclosures in this sample to provide notices required by 
this part.

Notice of Your Opportunity To Opt Out of Information Sharing With 
Companies in Our Corporate Family

Information We Can Share With Our Corporate Family About You--
Unless You Tell Us Not to

    What Information: Unless you tell us not to, [Financial 
Institution] may share with companies in our corporate family 
information about you including:
     Information we obtain from your application, such as 
[provide illustrative examples, such as ``your income'' or ``your 
marital status''];
     Information we obtain from a consumer report, such as 
[provide illustrative examples, such as ``your credit score or 
credit history''];
     Information we obtain to verify representations made by 
you, such as [provide illustrative examples, such as ``your open 
lines of credit'']; and
     Information we obtain from a person regarding its 
employment, credit, or other relationship with you, such as [provide

[[Page 63138]]

illustrative examples, such as ``your employment history''].
    Shared With Whom: Companies in our corporate family who may 
receive this information are:
     Financial service providers, such as [provide 
illustrative examples, such as ``mortgage bankers, broker-dealers, 
and insurance agents'']; and
     Non-financial companies, such as [provide illustrative 
examples, such as ``retailers, direct marketers, airlines, and 
publishers''].

How To Tell Us Not To Share This Information With Our Corporate 
Family

    If you prefer that we not share this information with companies 
in our corporate family, you may direct us not to share this 
information by doing the following [insert one or more of the 
reasonable means of opting out listed below\1\]: [call us toll free 
at {insert toll free number}]; or [visit our web site at {insert web 
site address} and {provide further instructions how to use the web 
site option}]; or [e-mail us at {insert the e-mail address}]; or 
[fill out and tear off the bottom of this sheet and mail to the 
following address: {insert address}]; or [check the appropriate box 
on the attached form {attach form} and mail to the following 
address: {insert address}].
---------------------------------------------------------------------------

    \1\ If the financial institution is using its web site or an e-
mail address as the only method by which a consumer may opt out, the 
consumer must agree to the electronic delivery of information.

    Note: Your direction in this paragraph covers certain 
information about you that we might otherwise share with our 
corporate family. We may share other information about you with our 
---------------------------------------------------------------------------
corporate family as permitted by law.


    By order of the Board of Directors, Federal Deposit Insurance 
Corporation.

    Dated at Washington, D.C., this 25th day of September, 2000.

Robert E. Feldman,
Executive Secretary.

Office of Thrift Supervision

    12 CFR Chapter V

Authority and Issuance

    For the reasons set out in the joint preamble, OTS proposes to 
amend chapter V of title 12 of the Code of Federal Regulations by 
adding a new part 571 to read as follows:

PART 571--FAIR CREDIT REPORTING

Sec.
571.1   Purpose and scope.
571.2   Examples.
571.3   Definitions.
571.4   Communication of opt out information to affiliates.
571.5   Content of opt out notice.
571.6   Reasonable opportunity to opt out.
571.7   Reasonable means of opting out.
571.8   Delivery of opt out notice.
571.9   Revised opt out notice.
571.10   Time by which opt out must be honored.
571.11   Duration of opt out.
571.12   Prohibition against discrimination.

Appendix A to Part 571--Sample Notice

    Authority: 12 U.S.C. 1462a, 1463, 1464, 1467a, 1828; 15 U.S.C. 
1681s.


Sec. 571.1  Purpose and scope.

    (a) Purpose. This part governs the collection, communication, and 
use, by the institutions listed in paragraph (b)(2) of this section, of 
certain information bearing on a consumer's credit worthiness, credit 
standing, credit capacity, character, general reputation, personal 
characteristics, or mode of living.
    (b) Scope. (1) Information covered. This part applies to 
information that is used or expected to be used or collected in whole 
or in part for the purpose of serving as a factor in establishing a 
consumer's eligibility for credit, insurance, employment, or any other 
purpose authorized under section 604 of the Fair Credit Reporting Act 
(15 U.S.C. 1681b).
    (2) Institutions covered. This part applies to savings associations 
whose deposits are insured by the Federal Deposit Insurance 
Corporation.
    (3) Relation to other laws. Nothing in this part modifies, limits, 
or supersedes the standards governing the privacy of individually 
identifiable health information promulgated by the Secretary of Health 
and Human Services under the authority of sections 262 and 264 of the 
Health Insurance Portability and Accountability Act of 1996 (42 U.S.C. 
1320d-1320d-8).


Sec. 571.2  Examples.

    The examples used in this part and the model form in appendix A to 
this part are not exclusive. Compliance with an example or use of the 
sample notice, to the extent applicable, constitutes compliance with 
this part.


Sec. 571.3  Definitions.

    As used in this part, unless the context requires otherwise:
    (a) Act means the Fair Credit Reporting Act (15 U.S.C. 1681 et 
seq.).
    (b) Affiliate. (1) In general. The term means any company that is 
related or affiliated by common ownership, or affiliated by corporate 
control or common corporate control, with another company.
    (2) Related or affiliated by common ownership or affiliated by 
corporate control or common corporate control. This means controlling, 
controlled by, or under common control with, another company.
    (c) Clear and conspicuous. (1) In general. The term means that a 
notice is reasonably understandable and is designed to call attention 
to the nature and significance of the information it contains.
    (2) Examples. (i) Reasonably understandable. You make your notice 
reasonably understandable if you:
    (A) Present the information in the notice in clear and concise 
sentences, paragraphs, and sections;
    (B) Use short explanatory sentences or bullet lists whenever 
possible;
    (C) Use definite, concrete, everyday words and active voice 
whenever possible;
    (D) Avoid multiple negatives;
    (E) Avoid legal and highly technical business terminology whenever 
possible; and
    (F) Avoid explanations that are imprecise and are readily subject 
to different interpretations.
    (ii) Designed to call attention. You design your notice to call 
attention to the nature and significance of the information it contains 
if you:
    (A) Use a plain-language heading to call attention to the notice;
    (B) Use a typeface and type size that are easy to read;
    (C) Provide wide margins and ample line spacing;
    (D) Use boldface or italics for key words; and
    (E) In a form that combines your notice with other information, use 
distinctive type sizes, styles, and graphic devices, such as shading or 
sidebars.
    (iii) Notice on a web page. If you provide a notice on a web page, 
you design your notice to call attention to the nature and significance 
of the information it contains if:
    (A) You place either the notice, or a link that connects directly 
to the notice and that is labeled appropriately to convey the 
importance, nature, and relevance of the notice, on a page that 
consumers access often, such as a page on which transactions are 
conducted;
    (B) You use text or visual cues to encourage scrolling down the 
page if necessary to view the entire notice; and
    (C) You ensure that other elements on the web page (such as text, 
graphics, links, or sound) do not detract attention from the notice.
    (d) Communication includes written, oral, and electronic 
communication; provided that the term includes electronic communication 
to a consumer only if the consumer agrees to receive the communication 
electronically.
    (e) Company means any corporation, limited liability company, 
business

[[Page 63139]]

trust, general or limited partnership, association, or similar 
organization.
    (f) Consumer means an individual.
    (g) Consumer report. (1) In general. The term means any written, 
oral, or other communication of any information by a consumer reporting 
agency bearing on a consumer's credit worthiness, credit standing, 
credit capacity, character, general reputation, personal 
characteristics, or mode of living which is used or expected to be used 
or collected in whole or in part for the purpose of serving as a factor 
in establishing the consumer's eligibility for:
    (i) Credit or insurance to be used primarily for personal, family, 
or household purposes;
    (ii) Employment purposes; or
    (iii) Any other purpose authorized under section 604 of the Act (15 
U.S.C. 1681b).
    (2) Exclusions. The term does not include:
    (i) Any report containing information solely as to transactions or 
experiences between the consumer and the person making the report;
    (ii) Any communication of that information among affiliates;
    (iii) Any communication among affiliates of opt out information if 
the conditions in Secs. 571.4 through 571.9 are satisfied;
    (iv) Any authorization or approval of a specific extension of 
credit directly or indirectly by the issuer of a credit card or similar 
device;
    (v) Any report in which a person who has been requested by a third 
party to make a specific extension of credit directly or indirectly to 
a consumer conveys his or her decision with respect to such request, if 
the third party advises the consumer of the name and address of the 
person to whom the request was made, and the person makes the 
disclosures to the consumer required under section 615 of the Act (15 
U.S.C. 1681m); or
    (vi) A communication described in section 603(o) of the Act (15 
U.S.C. 1681a(o)).
    (h) Consumer reporting agency means any person which, for monetary 
fees, dues or on a cooperative nonprofit basis, regularly engages in 
whole or in part in the practice of assembling or evaluating consumer 
credit information or other information on consumers for the purpose of 
furnishing consumer reports to third parties, and which uses any means 
or facility of interstate commerce for the purpose of preparing or 
furnishing consumer reports.
    (i) Control of a company means:
    (1) Ownership, control, or power to vote 25 percent or more of the 
outstanding shares of any class of voting security of the company, 
directly or indirectly, or acting through one or more other persons;
    (2) Control in any manner over the election of a majority of the 
directors, trustees, or general partners (or individuals exercising 
similar functions) of the company; or
    (3) The power to exercise, directly or indirectly, a controlling 
influence over the management or policies of the company, as OTS 
determines.
    (j) Opt out means a direction by a consumer that you not 
communicate opt out information about the consumer to one or more of 
your affiliates.
    (k) Opt out information means information that:
    (1) Bears on a consumer's credit worthiness, credit standing, 
credit capacity, character, general reputation, personal 
characteristics, or mode of living;
    (2) Is used or expected to be used or collected in whole or in part 
to serve as a factor in establishing the consumer's eligibility for 
credit or another purpose listed in section 604 of the Act (15 U.S.C. 
1681b); and
    (3) Is not a report containing information solely as to 
transactions or experiences between the consumer and the person 
reporting or communicating the information.
    (l) Person means any individual, partnership, corporation, trust, 
estate, cooperative, association, government or governmental 
subdivision or agency, or other entity.
    (m) You means savings associations whose deposits are insured by 
the Federal Deposit Insurance Corporation.


Sec. 571.4  Communication of opt out information to affiliates.

    Your communication to your affiliates of opt out information about 
a consumer is not a consumer report if:
    (a) You have provided the consumer with an opt out notice;
    (b) You have given the consumer a reasonable opportunity and means, 
before you communicate the information to your affiliates, to opt out; 
and
    (c) The consumer has not opted out.


Sec. 571.5  Content of opt out notice.

    (a) In general. An opt out notice must be clear and conspicuous, 
and must accurately explain:
    (1) The categories of opt out information about the consumer that 
you communicate to your affiliates;
    (2) The categories of affiliates to which you communicate the 
information;
    (3) The consumer's ability to opt out; and
    (4) A reasonable means for the consumer to opt out.
    (b) Future communications. Your notice may describe:
    (1) Categories of opt out information about the consumer that you 
reserve the right to communicate to your affiliates in the future but 
do not currently communicate; and
    (2) Categories of affiliates to which you reserve the right in the 
future to communicate, but to which you do not currently communicate, 
opt out information about the consumer.
    (c) Partial opt out. You may allow a consumer to select certain opt 
out information or certain affiliates, with respect to which the 
consumer wishes to opt out.
    (d) Examples of categories of information that you communicate. (1) 
You satisfy the requirement to categorize the opt out information that 
you communicate if you list the categories in paragraph (d)(2) of this 
section, as applicable, and a few examples to illustrate the types of 
information in each category. These examples may include those in 
paragraph (d)(3) of this section, if applicable.
    (2) Categories of opt out information may include information:
    (i) From a consumer's application;
    (ii) From a consumer credit report;
    (iii) Obtained by verifying representations made by a consumer; or
    (iv) Provided by another person regarding its employment, credit, 
or other relationship with a consumer.
    (3) Examples of information within a category listed in paragraph 
(d)(2) of this section include a consumer's:
    (i) Income;
    (ii) Credit score or credit history with others;
    (iii) Open lines of credit with others;
    (iv) Employment history with others;
    (v) Marital status; and
    (vi) Medical history.
    (4) You do not satisfy the requirement if you communicate or 
reserve the right to communicate individually identifiable health 
information (as described in section 1171(6)(B) of the Social Security 
Act (42 U.S.C. 1320d(6)(B)) but omit illustrative examples of this 
information.
    (e) Examples of categories of affiliates. (1) You satisfy the 
requirement to categorize the affiliates to which you communicate opt 
out information if you list the categories in paragraph (e)(2) of this 
section, as applicable, and a few examples to illustrate the types of 
affiliates in each category.
    (2) Categories of affiliates may include:
    (i) Financial service providers; and

[[Page 63140]]

    (ii) Non-financial companies.
    (f) Sample notice. A sample notice is included in appendix A to 
this part.


Sec. 571.6  Reasonable opportunity to opt out.

    (a) In general. You provide a reasonable opportunity to opt out if 
you provide a reasonable period of time following the delivery of the 
opt out notice for the consumer to opt out.
    (b) Examples of reasonable period of time: (1) In person. You hand-
deliver an opt out notice to the consumer and provide at least 30 days 
from the date you delivered the notice.
    (2) By mail. You mail an opt out notice to a consumer and provide 
at least 30 days from the date you mailed the notice.
    (3) By electronic means. You notify the consumer electronically, 
and you provide at least 30 days after the date that the consumer 
acknowledges receipt of the electronic notice.
    (c) Continuing opportunity to opt out. A consumer may opt out at 
any time.


Sec. 571.7  Reasonable means of opting out.

    (a) General rule. You provide a consumer with a reasonable means of 
opting out if you provide a reasonably convenient method to opt out.
    (b) Reasonably convenient methods. Examples of reasonably 
convenient methods include:
    (1) Designating check-off boxes in a prominent position on the 
relevant forms included with the opt out notice;
    (2) Including a reply form together with the opt out notice;
    (3) Providing an electronic means to opt out, such as a form that 
can be electronically mailed or a process at your web site, if the 
consumer agrees to the electronic delivery of information; or
    (4) Providing a toll-free telephone number that consumers may call 
to opt out.
    (c) Methods that are not reasonably convenient. Examples of methods 
that are not reasonably convenient include:
    (1) Requiring a consumer to write his or her own letter to you; or
    (2) Referring in a revised notice to a check-off box that you 
included with a previous notice but that you do not include with the 
revised notice.
    (d) Requiring specific means of opting out. You may require each 
consumer to opt out through a specific means, as long as that means is 
reasonable for that consumer.


Sec. 571.8  Delivery of opt out notice.

    (a) In general. You must deliver an opt out notice so that each 
consumer can reasonably be expected to receive actual notice in writing 
or, if the consumer agrees, electronically.
    (b) Examples of expectation of actual notice. (1) You may 
reasonably expect that a consumer will receive actual notice if you:
    (i) Hand-deliver a printed copy of the notice to the consumer;
    (ii) Mail a printed copy of the notice to the last known mailing 
address of the consumer; or
    (iii) For the consumer who conducts transactions electronically, 
post the notice on your electronic site and require the consumer to 
acknowledge receipt of the notice as a necessary step to obtaining a 
particular product or service;
    (iv) You may not reasonably expect that a consumer will receive 
actual notice if you:
    (A) Only post a sign in your branch or office or generally publish 
advertisements presenting your notice; or
    (B) Send the notice via electronic mail to a consumer who does not 
obtain a product or service from you electronically.
    (c) Oral description insufficient. You may not provide an opt out 
notice solely by orally explaining the notice, either in person or over 
the telephone.
    (d) Retention or accessibility. (1) In general. You must provide an 
opt out notice so that it can be retained or obtained at a later time 
by the consumer in writing or, if the consumer agrees, electronically.
    (2) Examples of retention or accessibility. You provide the notice 
so that it can be retained or obtained at a later time if you:
    (i) Hand-deliver a printed copy of the notice to the consumer;
    (ii) Mail a printed copy of the notice to the last known address of 
the consumer upon request of the consumer; or
    (iii) Make your current notice available on a web site (or a link 
to another web site) for the consumer who obtains a product or service 
electronically and who agrees to receive the notice at the web site.
    (e) Joint notice with affiliates. You may provide a joint notice 
with one or more affiliates as long as the notice identifies each 
person providing it and is accurate with respect to each.
    (f) Joint relationships. (1) In general. Notwithstanding any other 
provision in this part, if two or more consumers jointly obtain a 
product or service from you (joint consumers), the following rules 
apply:
    (i) You may provide a single notice to all of the joint consumers.
    (ii) Any of the joint consumers has the opportunity to opt out.
    (iii) You may treat an opt out direction by a joint consumer either 
as:
    (A) Applying to all of the joint consumers; or
    (B) Applying to that particular joint consumer.
    (iv) You must explain in your opt out notice which of the two 
policies set forth in paragraph (f)(1)(iii) of this section you will 
follow.
    (v) If you follow the policy set forth in paragraph (f)(1)(iii)(B) 
of this section, by treating the opt out of a joint consumer as 
applying to that particular joint consumer, you must also permit:
    (A) A joint consumer to opt out on behalf of other joint consumers; 
and
    (B) One or more joint consumers to notify you of their opt out 
directions in a single response.
    (vi) You may not require all joint consumers to opt out before you 
implement any opt out direction.
    (vii) If you receive an opt out by a particular joint consumer that 
does not apply to the others, you may disclose information about the 
others as long as no information is disclosed about the consumer who 
opted out.
    (2) Example. If consumers A and B, who have different addresses, 
have a joint checking account with you and arrange for you to send 
statements to A's address, you may do any of the following, but you 
must explain in your opt out notice which opt out policy you will 
follow. You may send a single opt out notice to A's address and:
    (i) Treat an opt out direction by A as applying to the entire 
account. If you do so and A opts out, you may not require B to opt out 
as well before implementing A's opt out direction.
    (ii) Treat A's opt out direction as applying to A only. If you do 
so, you must also permit:
    (A) A and B to opt out for each other; and
    (B) A and B to notify you of their opt out directions in a single 
response (such as on a single form) if they choose to give separate opt 
out directions.
    (iii) If A opts out only for A, and B does not opt out, you may 
disclose opt out information only about B, and not about A and B 
jointly.


Sec. 571.9  Revised opt out notice.

    If you have provided a consumer with one or more opt out notices 
and plan to communicate opt out information to your affiliates about 
the consumer, other than as described in those notices, you must 
provide the consumer with a revised opt out notice that complies with 
Secs. 571.4 through 571.8.


Sec. 571.10  Time by which opt out must be honored.

    If you provide a consumer with an opt out notice and the consumer 
opts out,

[[Page 63141]]

you must comply with the opt out as soon as reasonably practicable 
after you receive it.


Sec. 571.11  Duration of opt out.

    An opt out remains effective until revoked by the consumer in 
writing or electronically, as long as the consumer continues to have a 
relationship with the institution. If the consumer's relationship with 
the institution terminates, the opt out will continue to apply to this 
information. However, a new notice and opportunity to opt out must be 
provided if the consumer establishes a new relationship with the 
institution.


Sec. 571.12  Prohibition against discrimination.

    (a) In general. You must not discriminate against a consumer who is 
an applicant for credit because the consumer opts out of your 
communication of opt out information to your affiliates.
    (b) Examples of discrimination against an applicant. You 
discriminate against an applicant if you:
    (1) Deny the applicant credit because the applicant opts out;
    (2) Vary the terms of credit adversely to the applicant such as by 
providing less favorable pricing terms to an applicant who opts out; or
    (3) Apply more stringent credit underwriting standards to the 
applicant because the applicant opts out.
    (c) Regulation B. The terms ``applicant'' and ``discriminate 
against'' in this section have the same meanings ascribed to them in 12 
CFR part 202.

Appendix A to Part 571--Sample Notice

    This appendix contains a sample notice to facilitate compliance 
with the notice requirements of this part. An institution may use 
applicable disclosures in this sample to provide notices required by 
this part.

Notice of Your Opportunity to Opt Out of Information Sharing With 
Companies in Our Corporate Family

Information We Can Share With Our Corporate Family About You--
Unless You Tell Us Not to

    What Information: Unless you tell us not to, [Financial 
Institution] may share with companies in our corporate family 
information about you including:
     Information we obtain from your application, such as 
[provide illustrative examples, such as ``your income'' or ``your 
marital status''];
     Information we obtain from a consumer report, such as 
[provide illustrative examples, such as ``your credit score or 
credit history''];
     Information we obtain to verify representations made by 
you, such as [provide illustrative examples, such as ``your open 
lines of credit'']; and
     Information we obtain from a person regarding its 
employment, credit, or other relationship with you, such as [provide 
illustrative examples, such as ``your employment history''].
    Shared With Whom: Companies in our corporate family who may 
receive this information are:
     Financial service providers, such as [provide 
illustrative examples, such as ``mortgage bankers, broker-dealers, 
and insurance agents'']; and
     Non-financial companies, such as [provide illustrative 
examples, such as ``retailers, direct marketers, airlines, and 
publishers''].

How To Tell Us Not To Share This Information With Our Corporate 
Family

    If you prefer that we not share this information with companies 
in our corporate family, you may direct us not to share this 
information by doing the following [insert one or more of the 
reasonable means of opting out listed below\1\]: [call us toll free 
at {insert toll free number}]; or [visit our web site at {insert web 
site address} and {provide further instructions how to use the web 
site option}]; or [e-mail us at {insert the e-mail address}]; or 
[fill out and tear off the bottom of this sheet and mail to the 
following address: {insert address}]; or [check the appropriate box 
on the attached form {attach form} and mail to the following 
address: {insert address}].

    Note: Your direction in this paragraph covers certain 
information about you that we might otherwise share with our 
corporate family. We may share other information about you with our 
corporate family as permitted by law.

    \1\ If the financial institution is using its web site or an e-
mail address as the only method by which a consumer may opt out, the 
consumer must agree to the electronic delivery of information.

    Dated: September 29, 2000.
    By the Office of Thrift Supervision.
Ellen Seidman,
Director.
[FR Doc. 00-26601 Filed 10-19-00; 8:45 am]
BILLING CODE 4810-33-P; 6210-01P; 6714-01-P; 6720-01-P

Last Updated10/20/2000 regs@fdic.gov

Skip Footer back to content