department of the treasury - ffiec home page · department of the treasury office of the...

Friday,

October 20, 2000

Part II

Department of theTreasuryOffice of the Comptroller of theCurrency

Office of Thrift Supervision

Federal Reserve System

Federal DepositInsurance Corporation12 CFR Parts 41, 222, 334 and 571Fair Credit Reporting Regulations;Proposed Rule

VerDate 11<MAY>2000 13:23 Oct 19, 2000 Jkt 194001 PO 00000 Frm 00001 Fmt 4737 Sfmt 4737 E:\FR\FM\20OCP2.SGM pfrm04 PsN: 20OCP2

63120 Federal Register / Vol. 65, No. 204 / Friday, October 20, 2000 / Proposed Rules

DEPARTMENT OF THE TREASURY

Office of the Comptroller of theCurrency

12 CFR Part 41

[Docket No. 00–20]

RIN 1557–AB78

FEDERAL RESERVE SYSTEM

12 CFR Part 222

[Regulation V; Docket No. R–1082]

FEDERAL DEPOSIT INSURANCECORPORATION

12 CFR Part 334

RIN 3064–AC35

DEPARTMENT OF THE TREASURY


12 CFR Part 571

[Docket No. 2000–81]

RIN 1550–AB33

Fair Credit Reporting Regulations

AGENCIES: Office of the Comptroller ofthe Currency, Treasury (OCC); Board ofGovernors of the Federal ReserveSystem (Board); Federal DepositInsurance Corporation (FDIC); andOffice of Thrift Supervision, Treasury(OTS).ACTION: Joint notice of proposedrulemaking.

SUMMARY: The OCC, Board, FDIC, andOTS (Agencies) are publishing forcomment proposed regulationsimplementing the provisions of the FairCredit Reporting Act (FCRA) that permitinstitutions to communicate consumerinformation to their affiliates (affiliateinformation sharing) without incurringthe obligations of consumer reportingagencies. These provisions authorizeinstitutions to communicate amongtheir affiliates: Information as totransactions or experiences between theconsumer and the person making thecommunication (transaction orexperience information); and ‘‘other’’information (that is, informationcovered by the FCRA but not transactionor experience information), providedthat the institution has given notice tothe consumer that the other informationmay be communicated, the institutionhas provided the consumer anopportunity to ‘‘opt out’’ (i.e., to directthat the information not becommunicated), and the consumer hasnot opted out. The proposed regulations

explain how to comply with the affiliateinformation sharing provisions,addressing such matters as the contentand delivery of the notice to consumersthat ‘‘other’’ information may becommunicated (opt out notice). Theproposed regulations also implementcertain related provisions. The Agencieshave attempted to conform theseproposed regulations to the finalregulations implementing the privacyprovisions of the Gramm-Leach-BlileyAct whenever feasible.DATES: Comments must be received byDecember 4, 2000.ADDRESSES: Comments should bedirected to:

OCC: Communications Division,Office of the Comptroller of theCurrency, 250 E Street, SW.,Washington, D.C. 20219, Attention:Docket No. 00–20; FAX number (202)874–5274 or Internet address:[email protected] may be inspected andphotocopied at the OCC’s PublicReference Room, 250 E Street, SW.,Washington D.C. between 9:00 a.m. and5:00 p.m. on business days. You canmake an appointment to inspect thecomments by calling (202) 874–5043.

Board: Comments, which should referto Docket No. R–1082, may be mailed toMs. Jennifer J. Johnson, Secretary, Boardof Governors of the Federal ReserveSystem, 20th and C Streets, NW.,Washington, D.C. 20551 or mailedelectronically [email protected] addressed to Ms. Johnsonalso may be delivered to the Board’smail room between 8:45 a.m. and 5:15p.m. and to the security control roomoutside of those hours. Both the mailroom and the security control room areaccessible from the courtyard entranceon 20th Street between ConstitutionAvenue and C Street, NW. Commentsmay be inspected in Room MP–500between 9:00 a.m. and 5:00 p.m.,pursuant to § 261.12, except as providedin § 261.14, of the Board’s RulesRegarding the Availability ofInformation, 12 CFR 261.12 and 261.14.

FDIC: Send written comments toRobert E. Feldman, Executive Secretary,Attention: Comments/OES, FederalDeposit Insurance Corporation, 550 17thStreet, NW., Washington, DC 20429.Comments may be hand delivered to theguard station at the rear of the 17thStreet building (located on F Street) onbusiness days between 7 a.m. and 5 p.m.(FAX number (202) 898–3838).Comments may be inspected andphotocopied in the FDIC PublicInformation Center, Room 100, 801 17thStreet, NW., Washington, DC 20429,

between 9:00 a.m. and 4:30 p.m. onbusiness days.

Comments may be submitted to theFDIC electronically over the Internet atwww.fdic.gov. Further informationconcerning this option may be foundbelow at ‘‘FDIC’s Electronic PublicComment Site.’’ Comments also may bemailed electronically [email protected].

OTS: Mail: Send comments toManager, Dissemination Branch,Information Management and ServicesDivision, Office of Thrift Supervision,1700 G Street, NW., Washington, DC20552, Attention Docket No. 2000–81.

Delivery: Hand deliver comments tothe Guard’s Desk, East Lobby Entrance,1700 G Street, NW., from 9:00 a.m. to4:00 p.m. on business days, AttentionDocket No. 2000–81.

Facsimiles: Send facsimiletransmissions to FAX Number (202)906–7755, Attention Docket No. 2000–81; or (202) 906–6956 (if comments areover 25 pages).

E-Mail: Send e-mails to‘‘[email protected]’’, AttentionDocket No. 2000–81, and include yourname and telephone number.

Public Inspection: Interested personsmay inspect comments at the PublicReference Room, 1700 G St. N.W., from10:00 a.m. until 4:00 p.m. on Tuesdaysand Thursdays or obtain comments and/or an index of comments by facsimile bytelephoning the Public Reference Roomat (202) 906–5900 from 9:00 a.m. until5:00 on business days. Comments andthe related index will also be posted onthe OTS Internet Site at‘‘www.ots.treas.gov’’.

FOR FURTHER INFORMATION CONTACT:OCC: Amy Friend, Assistant Chief

Counsel, (202) 874–5200; MichaelBylsma, Director, Community andConsumer Law, (202) 874–5750;Stephen Van Meter, Senior Attorney,Community and Consumer Law, (202)874–5750; Carol Workman, ComplianceSpecialist, Community and ConsumerPolicy, (202) 874–4858; Deborah Katz,Senior Attorney, Legislative andRegulatory Activities Division, (202)874–5090; or Jeffery Abrahamson,Attorney, Enforcement and Compliance,(202) 874–4800, Office of theComptroller of the Currency, 250 EStreet, SW., Washington, DC 20219.

Board: James H. Mann, SeniorAttorney, (202) 452–2412; or David A.Stein, Attorney, (202) 452–3667,Division of Consumer and CommunityAffairs. For the hearing impaired only,contact Janice Simms,Telecommunications Device for the Deaf(TDD) (202) 872–4984, Board ofGovernors of the Federal Reserve


63121Federal Register / Vol. 65, No. 204 / Friday, October 20, 2000 / Proposed Rules

1 The FCRA creates substantial obligations for‘‘consumer reporting agencies.’’ FCRA, section603(f); see, e.g., sections 607, 611. These obligationsinclude furnishing consumer reports only forpermissible purposes, maintaining high standardsfor ensuring the accuracy of information inconsumer reports, resolving customer disputes, andother matters.

System, 20th and C Streets, NW.,Washington, DC 20551.

FDIC: James K. Baebel, AssistantDirector, Compliance Policy, Division ofCompliance and Consumer Affairs,(202) 942–3086; Deanna Caldwell,Community Affairs Officer, Division ofCompliance and Consumer Affairs,(202) 736–0141; Nancy SchuckerRecchia, Counsel, Regulations andLegislation Section, (202) 898–8885; A.Ann Johnson, Counsel, Regulations andLegislation Section, (202) 898–3573; andDavid Lafleur, Senior ComplianceExaminer, (415) 395–5261, FederalDeposit Insurance Corporation, 550 17thStreet, NW., Washington, DC 20429.

OTS: Christine Harrington, Counsel(Banking and Finance), (202) 906–7957;Paul Robin, Assistant Chief Counsel,(202) 906–6648; or Elizabeth Baltierra,Program Analyst, Compliance Policy(202) 906–6540, Office of ThriftSupervision, 1700 G Street, NW.,Washington DC 20552.SUPPLEMENTARY INFORMATION:

I. Background

The FCRAThe FCRA, enacted in 1970, sets

standards for the collection,communication, and use of informationbearing on a consumer’s creditworthiness, credit standing, creditcapacity, character, general reputation,personal characteristics, or mode ofliving. 15 U.S.C. 1681–1681u. In 1996,the Consumer Credit Reporting ReformAct amended the FCRA extensively(1996 Amendments). Pub. L. 104–208,110 Stat. 3009.

For many years, to avoid theobligations of consumer reportingagencies imposed by the FCRA, manyinstitutions avoided making anycommunications to affiliated companiesof consumer information that couldconstitute consumer reports.1 The 1996Amendments, however, excludedspecified types of information sharingwith affiliates from the definition of‘‘consumer report,’’ assuring institutionsthat making these communicationswould not expose them to theobligations of consumer reportingagencies. In particular, the 1996Amendments excluded from thedefinition of ‘‘consumer report’’ thesharing of ‘‘other’’ information amongaffiliates, so long as the consumer,having been given notice and an

opportunity to opt out, did not opt out.‘‘Other information’’ refers toinformation that is covered by the FCRAand that is not a report containinginformation solely as to transactions orexperiences between the consumer andthe person making the report.

The 1996 Amendments prohibited theAgencies from issuing implementingregulations. 15 U.S.C. 1681s(a)(4)(repealed). The Gramm-Leach-Bliley Act(GLBA) repealed this prohibition anddirected the Agencies to prescribejointly such regulations as necessary tocarry out the purposes of the FCRA.Pub. L. Sec. 506, 106–102, 15 U.S.C.1681s(e).

Coordination With Privacy RegulationsThe GLBA sets standards for financial

institutions’ disclosure of nonpublicpersonal information to nonaffiliatedthird parties (privacy provisions; Pub. L.106–102, 15 U.S.C. 6802; see also 15U.S.C. 6803). The Agencies publishedfinal regulations implementing theseprivacy provisions on June 1, 2000(privacy regulations; 65 FR 35162, June1, 2000).

The privacy regulations do not‘‘modify, limit, or supersede theoperation of the Fair Credit ReportingAct.’’ 15 U.S.C. 6806. Thus, both theprivacy regulations and the FCRA mayapply to an institution’s disclosure ofconsumer information. Moreover, if afinancial institution provides an opt outnotice under the FCRA, that notice mustbe included in certain notices mandatedby the privacy regulations, includingannual notices to customers. 15 U.S.C.6803. Therefore, the Agencies anticipatethat financial institutions will designtheir information-sharing policies andpractices taking into account both theprivacy regulations and the regulationsimplementing the FCRA.

To ease compliance and promoteconsistency, the Agencies areconforming the two regulations whereappropriate. For example, the Agenciesare proposing requirements regardingthe content and delivery of the FCRAopt out notice that are generallyconsistent with the correspondingprovisions of the privacy regulations.

This Proposal and Future AgencyIssuances

The FCRA raises many significantissues in addition to affiliateinformation sharing. The Agencies areanalyzing these issues and expect toaddress them in an Advance Notice ofProposed Rulemaking. Additionally, theAgencies will review a series ofquestions and answers regarding theFCRA (Qs & As) that the Agencies(including the Federal Home Loan Bank

Board, predecessor of the OTS) issuedin 1971. These were designed to helpfinancial institutions develop a workingknowledge of the statute. The Agencieswill modify or withdraw any Qs & Asthat are inconsistent with the FCRA orobsolete.

II. Section-by-Section Analysis

Section l.1 Purpose and Scope

Proposed paragraph ll.1(a) brieflydescribes the purpose of the regulations.Proposed paragraph ll.1(b) brieflydescribes the scope of the regulations,including the information andinstitutions subject to them. (Theseinstitutions are identified in more detailin proposed section ll.3(m) of theBoard, FDIC, and OTS regulations.)

Paragraph ll.1(b) also provides thatnothing in this part modifies, limits, orsupersedes the standards governing theprivacy of individually identifiablehealth information promulgated by theSecretary of Health and Human Servicespursuant to sections 262 and 264 of theHealth Insurance Portability andAccountability Act (HIPAA) of 1996 (42U.S.C. 1320d–1320d–8). Certaininstitutions that possess medicalinformation about consumers may becovered by these regulations, the GLBAprivacy regulations, and rulespromulgated by the Department ofHealth and Human Services (HHS)under the authority of sections 262 and264 of HIPAA once those regulations arefinalized. Based on the proposed HIPAArules, it appears likely that there will beareas of overlap between the HIPAA andthe FCRA affiliate information-sharingrules. For instance under the HIPAAproposal, consumers must provideaffirmative authorization before a‘‘covered institution’’ or its ‘‘businesspartner’’ may disclose medicalinformation in certain instances,whereas under these proposed FCRAaffiliate information sharing rules,institutions need only provideconsumers with the opportunity to optout of disclosures. In cases where theHIPAA requires consumers to opt inbefore certain information may beshared, but this rule allows consumersto opt out of the same sharing, opt inwould be necessary before theinformation may be shared. TheAgencies will consult with HHS toavoid the imposition of duplicative orinconsistent requirements.

Section l.2 Examples

Proposed section l.2 clarifies that theexamples used in the regulations and inthe sample notice are not exclusivemeans of compliance; rather, they are



2 Prior to the 1996 amendments to FCRA,affiliated entities could not pool their transaction orexperience information in a common databasewithout being considered a consumer reportingagency. Instead, each affiliate could disclose its

own transaction or experience information toanother affiliate directly only in the same manneras an entity can disclose information to anonaffiliated third party. While transaction orexperience information has been excluded from thedefinition of ‘‘consumer report’’ since the FCRA’sinitial passage, the 1996 amendments facilitated thedisclosure of such information among affiliates.

intended to provide guidance on how tocomply in specific situations.

The Agencies solicit comment onwhether to include additional ordifferent examples, and, morefundamentally, on whether includingexamples in the regulations isappropriate and useful. Instead ofaddressing specific fact situationsthrough such examples, the Agenciescould periodically issue interagencystaff commentaries or questions andanswers.

The Agencies note that an examplethat mentions a particular activity doesnot, by itself, authorize an institution toengage in that activity. Any suchauthority must have an independentsource.

Section l.3 DefinitionsDiscussed below are a few key

definitions, including: ‘‘affiliate’’ (aswell as the related terms ‘‘company’’and ‘‘control’’); ‘‘clear andconspicuous’’; ‘‘opt out’’; ‘‘opt outinformation’’; and ‘‘consumer report.’’The proposal tracks the statutorylanguage referring to ‘‘transaction orexperience information,’’ but does notdefine that term.

AffiliateSeveral FCRA provisions apply to

information sharing with persons‘‘related by common ownership oraffiliated by corporate control,’’ ‘‘relatedby common ownership or affiliated bycommon corporate control,’’ or‘‘affiliated by common ownership orcommon corporate control.’’ E.g., FCRA,sections 603(d)(2), 615(b)(2), and624(b)(2). Proposed paragraph (b)defines ‘‘affiliate’’ to refer to all theserelationships between and amongcompanies, and clarifies that ‘‘related oraffiliated by common ownership oraffiliated by corporate control orcommon corporate control’’ meanscontrolling, controlled by, or undercommon control with another company.

Consistent with the definitions in theprivacy regulations, the proposal uses adefinition of ‘‘control’’ that appliesexclusively to the control of a‘‘company,’’ and defines ‘‘company’’ toinclude any corporation, limitedliability company, business trust,general or limited partnership,association, or similar organization. Seeproposed paragraphs (e) (‘‘company’’)and (i) (‘‘control’’). The definition of‘‘company’’ omits some entities that are‘‘persons’’ under the FCRA—individuals, estates, cooperatives,governments, and governmentalsubdivisions or agencies. The Agencies,however, are not aware of anycircumstances where ‘‘control’’ could be

exercised over individuals, governmentagencies, and other persons that do notfit within the definition of ‘‘company.’’Comment is solicited on whether theproposed definition of ‘‘control’’ shouldbe expanded to apply to theseadditional types of persons.

Clear and ConspicuousProposed paragraph (c) defines ‘‘clear

and conspicuous’’ to mean that a noticemust be reasonably understandable anddesigned to call attention to the natureand significance of the information itcontains. The proposed regulations donot mandate the use of any particulartechnique for making a notice clear andconspicuous; instead, they giveinstitutions flexibility in determininghow to comply. An institution maymake its notice reasonablyunderstandable by, for example, usingshort explanatory sentences or bulletlists and avoiding legal or highlytechnical business terminologywhenever possible. An institution maydesign its notice to call attention to thenature and significance of theinformation in the notice by, forexample, using a plain-languageheading and a typeface and size that areeasy to read.

Paragraph (c) is consistent with the‘‘clear and conspicuous’’ standard in theprivacy regulations. As such, it offers amore detailed exposition of the standard(particularly with respect to what makesa notice ‘‘conspicuous’’) than someother regulations, such as the Board’sRegulation Z. However, laws other thanFCRA—for example, the Truth inLending Act—that require clear andconspicuous disclosures, are beyond thescope of this rulemaking. Accordingly,the standard proposed here does notaffect disclosures required by thoselaws.

The Agencies request comment onwhether institutions have any particularconcerns about compliance with FCRA’sclear and conspicuous standard whenFCRA opt out notices are included withthe GLBA privacy provision notices.

Consumer ReportProposed paragraph (g) parallels the

definition in section 603(d) of theFCRA. Paragraph (g)(2)(ii) excludes fromthe definition of ‘‘consumer report’’communication among affiliates of areport containing information solely asto transactions or experiences betweenthe consumer and the person makingthe report.2

Paragraph (g)(2)(iii) excludes anycommunication of ‘‘opt outinformation’’ if the conditions set out insections l.4–l.9 are satisfied. TheFCRA, as explained above, uses the term‘‘other information’’ to refer toinformation that it covers but that is nottransaction or experience information.This proposal refers to ‘‘otherinformation’’ using the more descriptiveterm ‘‘opt out information.’’ Seeproposed paragraph (k).

Opt Out

Proposed paragraph (j) defines thisterm to mean a direction by a consumerthat an institution not communicate optout information about the consumer toone or more of the institution’saffiliates.

Opt Out Information

As described above, the 1996Amendments to FCRA excluded fromthe definition of ‘‘consumer report’’ thesharing of ‘‘other information’’ amongaffiliates, so long as the consumer,having been given notice and anopportunity to opt out, did not opt out.‘‘Other information’’ refers toinformation that is covered by the FCRAand that is not a report containinginformation solely as to transactions orexperiences between the consumer andthe person making the report. Theproposed regulation uses the term ‘‘optout information’’ to describe thiscategory of information.

Proposed paragraph (k) defines optout information as information that (i)bears on a consumer’s credit worthiness,credit standing, credit capacity,character, general reputation, personalcharacteristics, or mode of living, (ii) isused or expected to be used or collectedfor one of the permissible purposeslisted in FCRA (e.g., credit transaction,insurance underwriting, employmentpurposes), and (iii) is not solelytransaction or experience information.Section ll.5(d) gives examples ofcategories of information that qualify asopt out information.

Section l.4 Communication of OptOut Information to Affiliates

Proposed section l.4 describes theconditions that an institution must meetto ensure that its communication of optout information to its affiliates do notconstitute consumer reports including



the requirement that the institutionprovide an opt out notice.

Section 603(d)(2)(A)(iii) of the FCRAexcludes from the definition of‘‘consumer report’’ the sharing of optout information among affiliates if:it is clearly and conspicuously disclosed tothe consumer that the information may becommunicated among such persons and theconsumer is given the opportunity, before thetime that the information is initiallycommunicated, to direct that suchinformation not be communicated amongsuch persons * * *.

Proposed section ll.4 accordinglyprovides that opt out information maybe communicated among affiliateswithout the communication being aconsumer report if: (i) The institutionhas provided an opt out notice; (ii) theinstitution has given the consumer areasonable opportunity and means,before the time that it communicates theinformation, to opt out; and (iii) theconsumer has not opted out.

Mergers & AcquisitionsIn a merger or acquisition situation,

the need to provide new opt out noticesto the customers of the entity that ceasesto exist will depend on whether thenotices previously given to thosecustomers accurately reflect the policiesand practices of the surviving entity. Ifthey do, the surviving entity will not berequired under the rule to provide newnotices.

Section l.5 Contents of Opt OutNotice

Proposed paragraph (a) provides thatan opt out notice must be clear andconspicuous, and must accuratelyexplain: (i) The categories of opt outinformation about the consumer that theinstitution communicates; (ii) thecategories of affiliates to which theinstitution communicates theinformation; (iii) the consumer’s abilityto opt out; and (iv) the means to do so.The Agencies invite comment onwhether financial institutions shouldalso have to disclose in their FCRAnotices how long a consumer has torespond to the opt out notice before theinstitution may begin disclosinginformation about that consumer to itsaffiliates, as well as the fact that aconsumer can opt out at any time. Thesedisclosures are not required in theprivacy regulations. The Agencies seekcomment on whether the benefits of theadditional disclosures would outweighthe burdens, and, if so, whether theregulation should require thedisclosures to state that a financialinstitution will wait 30 days in everyinstance before sharing consumerinformation with affiliates (see proposed

section l.6, below, for additionaldiscussion on reasonable opportunity toopt out).

Proposed paragraph (b) clarifies thatan institution’s notice may describe notonly the communications of opt outinformation that the institutioncurrently plans to make to its affiliates,but also the communications that itreserves the right to make in the future.Proposed paragraph (c) explains that aninstitution may, but need not, providethe consumer with the option of an optout that covers only part of theinformation or certain affiliates. Thiswould enable an institution to giveconsumers a menu of opt out choices ifit desires to do so.

Paragraph (d) explains how aninstitution can satisfy the requirementthat it categorize the opt out informationthat it communicates. Paragraph (d)(2)gives examples of categories of opt outinformation, such as information from aconsumer’s application, informationfrom a consumer report, informationobtained by verifying representationsmade by a consumer, and informationprovided by another person regardingthat person’s relationship with aconsumer. The first two categoriesreflect the legislative history of the 1996Amendments, which states in part thatthe opt out provision ‘‘will clarify thataffiliates within a Holding Companystructure can share any applicationinformation * * * and consumerreports, consistent with the FCRA.’’ S.Rep. No. 185, 104th Cong., 1st Sess. 18–19 (1995). The other two categoriesrepresent information that the Agenciesbelieve does not constitute transactionor experience information whencommunicated by the institution thathas received it. Paragraph (d)(3) gives anon-exclusive list of examples ofspecific items of opt out informationwithin each category, including aconsumer’s income, credit score orcredit history, open lines of credit,employment history, marital status andmedical history.

Medical data are especially sensitivefor many consumers; if such data areamong the opt out information that aninstitution communicates to itsaffiliates, the institution satisfies therequirement to categorize thatinformation only if it includes examplesof medical data that it intends to share.The Agencies note that the items listedin paragraph (d)(3) as examples ofinformation that would be includedwithin the categories of opt outinformation are illustrative only. Thoseitems would not be considered opt outinformation in cases where theinformation is obtained from a sourceother than those listed in paragraph

(d)(2). Comment is requested as to theappropriateness of these examples ofcategories and items of opt outinformation, and whether additional ordifferent examples should be used.

The descriptions of the categories ofinformation set out in proposedparagraph (d)(2) differ somewhat fromthose in section l.6(c)(2) of the privacyregulations. The agencies solicitcomment on the extent to which thecategories in (d)(2) can be treated asconsistent with similar categories in theprivacy regulations (such as disclosuresof information from consumer reportingagencies) in order to reduce complianceburden and consumer confusion.

Proposed paragraph (e) explains howan institution can satisfy therequirement that it categorize theaffiliates to which it communicates optout information.

Paragraph (f) cross-references thesample notice in appendix A, whichpresents a further illustration of thecontent of an opt out notice.

Section l .6 Reasonable Opportunityto Opt Out

Proposed paragraph (a) of sectionll .6 states that financial institutionswill provide a reasonable opportunity toopt out by providing a reasonable periodof time for the consumer to opt out fromthe time that notice is delivered.Proposed paragraph (b) sets outexamples of what is a reasonable periodof time when notices are provided inperson, by mail, or by electronic means.Comment is requested on whether thereare other situations that would suggesta different reasonable period of timethat the Agencies should note byexample. Proposed paragraph (c)explains that a consumer may opt out atany time.

Section l .7 Reasonable Means ofOpting Out

Proposed paragraph (a) sets forth thegeneral rule that an institution providesa reasonable means of opting out if itprovides a reasonably convenientmethod to the consumer to opt out.Examples of reasonable means of optingout and unreasonable means are set outin proposed paragraphs (b) and (c),respectively. Proposed paragraph (d)permits an institution to require eachconsumer to opt out through a specificmeans, as long as that means isreasonable for that consumer.

Section l .8 Delivery of Opt OutNotices

Proposed paragraph (a) provides thatan institution must deliver an opt outnotice so that each consumer canreasonably be expected to receive actual



3 Congress recently enacted the E-Sign Act, Pub.L. 106–229, which addresses the use of electronicrecords and signatures for interstate and foreigncommerce. This legislation contains general rulesgoverning the use of electronic records forproviding required information to consumers (suchas disclosures and acknowledgments required bythe GLBA). The legal requirement that consumerdisclosures be in writing may be satisfied by anelectronic record if the consumer affirmativelyconsents and certain other requirements of the E-Sign Act are met.

notice. As indicated by the examplesprovided in proposed paragraph (b), thisis a lesser standard than actual notice.For instance, if an institution mails aprinted copy of its notice to the lastknown mailing address of an existingcustomer, the institution has met itsobligation even if the customer haschanged addresses and never receivesthe notice.

An institution may give notice inwriting or, if the consumer agrees,electronically. For example, theinstitution may e-mail its notice to acustomer that conducts electronictransactions and has agreed to receiveelectronic notice. The Agencies invitecomment on whether and how theproposed rules governingcommunications between a financialinstitution and a consumer via anelectronic medium should be modifiedin light of the Electronic Signatures inGlobal and National Commerce Act (theE-Sign Act).3

Proposed paragraph (c) explains thatoral notice alone does not comply withthe notice requirement; however, oralnotice may be provided in conjunctionwith appropriate written or electronicnotice.

Proposed paragraph (d) explains thatan institution must provide the noticeso that the consumer can retain it orobtain it at a later time, and givesexamples of retention or accessibility.

Proposed paragraph (e) permits aninstitution to provide a joint opt outnotice with one or more of its affiliatesthat are identified in the notice, as longas the notice is accurate with respect toeach entity jointly issuing the notice.

Proposed paragraph (f)(1) sets outrules that apply, notwithstanding anyother provision of the regulations, whentwo or more consumers jointly obtain aproduct or service from an institution(referred to in the proposed regulationas joint consumers), such as a jointchecking account. For example, aninstitution may provide a single opt outnotice to joint accountholders. Thenotice must indicate whether theinstitution will consider an opt out bya joint accountholder as an opt out byall of the associated accountholders, orwhether each accountholder may optout separately. The institution may not

require all accountholders to opt outbefore honoring an opt out direction byone of the joint accountholders.Paragraph (f)(2) gives examples of theserules.

Section l .9 Revised Opt Out NoticeProposed section ll .9 addresses the

situation in which an institution hasprovided a consumer with one or moreopt out notices but later decides tocommunicate opt out information to itsaffiliates other than described in thosenotices. It explains that an institutionmust send a revised opt out notice thatcomplies with section ll .4, includingproviding a reasonable means andopportunity to opt out, andcommunicating the information only ifthe consumer has not opted out.

Section l .10 Time by Which Opt OutMust be Honored

Proposed section ll .10 explainsthat if an institution provides aconsumer with an opt out notice, andthe consumer opts out, the institutionmust comply as soon as reasonablypracticable after receiving theconsumer’s direction. Comment issolicited on whether the Agenciesshould establish a fixed number ofdays—for example, 30 days—that wouldbe deemed a ‘‘reasonably practicable’’period of time for complying with aconsumer’s opt out direction.

Section l.11 Duration of Opt OutProposed section ll.11 provides

that an opt out continues to apply to theinformation and affiliates described inthe applicable opt out notice untilrevoked by the consumer in writing, orif the consumer agrees, electronically, aslong as the consumer continues to havea relationship with the institution. If theconsumer’s relationship with theinstitution terminates, the opt out willcontinue to apply to this information.However, a new notice and opportunityto opt out must be provided if theconsumer establishes a new relationshipwith the institution.

Section l .12 Prohibition AgainstDiscrimination

Proposed paragraph (a) remindsinstitutions that they may not‘‘discriminate against’’ a consumer whois an ‘‘applicant’’ for credit because theapplicant opts out. The source of thisprohibition is the Equal CreditOpportunity Act (ECOA; 15 U.S.C. 1691et seq.), which bars discrimination on aprohibited basis in any aspect of a credittransaction; one prohibited basis isexercising a right under the ConsumerCredit Protection Act, which includesthe FCRA. Proposed paragraph (b)

provides examples of prohibiteddiscrimination against an applicant.Paragraph (c) notes that the terms‘‘applicant’’ and ‘‘discriminate against’’have the meaning ascribed to theseterms in 12 CFR part 202.

Appendix AAppendix A, which is part of these

regulations, contains a sample notice,part or all of which may be used tofacilitate compliance with the noticerequirements. Although use of thesample notice is not required,institutions using it properly to providenotices will be deemed to be incompliance.

The Agencies solicit comment on allaspects of the proposed regulations,including but not limited to thosehighlighted above.

III. FDIC’s Electronic Public CommentSite

The FDIC has included a page on itsweb site to facilitate the submission ofelectronic comments in response to thisgeneral solicitation (the EPC site). TheEPC site provides an alternative to thewritten letter and may be a moreconvenient way for you to submit yourcomments. Commenting through theEPC site will assist the FDIC to moreaccurately and efficiently analyzecomments submitted electronically. Ifyou submit your comments through theEPC site your comments will receive thesame consideration that they wouldreceive if submitted in hard copy to theFDIC’s street address. Informationprovided through the EPC site will beused by the FDIC only to assist in itsanalysis of the proposed regulation. TheFDIC will not use an individual’s nameor any other personal identifier of anindividual to retrieve records orinformation submitted through the EPCsite. Like comments submitted in hardcopy to the FDIC’s street address, EPCsite comments will be made available intheir entirety (including thecommenter’s name and address if thecommenter chooses to provide them) forpublic inspection.

The EPC site will be available on theFDIC’s home page at http://www.fdic.gov. You will be able toprovide comments directly on any of thesections of the proposed regulation aswell as the specific questions that havebeen asked in the precedingSupplementary Information section.You will also be able to view theregulation and SupplementaryInformation sections that related to yourcomments directly on the site. Becausethe GLBA authorizes promulgation ofthis regulation, the FDIC encourages youto provide written comments in the



spaces provided. Written commentsenable the FDIC to thoughtfullyconsider possible changes to theproposed regulation.

The FDIC is also interested in yourfeedback on the EPC site. We haveprovided a space for you to comment onthe site itself. Answers to this questionwill help the FDIC to evaluate the EPCsite for use in future rulemaking.

At the conclusion of the EPC site youwill have an opportunity to provide uswith your name, indicate whether youare an individual, insured depositoryinstitution, financial holding company,community-based organization, tradeassociation, government agency, orother, and provide the name of theorganization you represent, ifapplicable. Whether you choose torespond to these questions is entirely upto you. Any responses received mayhelp the FDIC to better understand thepublic comments it receives.

IV. Regulatory Analysis

Paperwork Reduction Act

The Agencies invite comment on: (1)Whether the collections of informationcontained in this notice of proposedrulemaking are necessary for the properperformance of each Agency’s functions,including whether the information haspractical utility; (2) the accuracy of eachAgency’s estimate of the burden of theproposed information collections; (3)ways to enhance the quality, utility, andclarity of the information to becollected; (4) ways to minimize theburden of the information collections onrespondents, including the use ofautomated collection techniques orother forms of information technology;and (5) estimates of capital or start-upcosts and costs of operation,maintenance, and purchases of servicesto provide information. No person isrequired to respond to these collectionsof information unless the collectionsdisplay a currently valid Office ofManagement and Budget (OMB) controlnumber. The Agencies are currentlyrequesting their respective controlnumbers for these informationcollections from OMB.

This proposed regulation containsdisclosure requirements for certainfinancial institutions and their affiliates.A financial institution that (a) hasaffiliates, (b) does not wish to beconsidered a consumer reportingagency, and (c) wishes to shareconsumer information (other thantransaction and experience information)with its affiliates, must prepare andprovide a notice to all its consumersadvising them of their opportunity toopt out of information sharing with

companies in the institution’s corporatefamily. 12 CFR ll .4. If a financialinstitution wishes to share informationin a way that is inconsistent withnotices previously given to consumers,the institution must provide consumerswith revised notices. 12 CFR ll .11.The proposed regulation also containsconsumer reporting provisions. In orderfor consumers to opt out, they mustrespond to the institution’s opt outnotices. 12 CFR ll .7. At any timeduring their continued relationship withthe institution, consumers have the rightto change or update their opt out statuswith the institution. 12 CFR ll .10.

FCRA was amended to includedisclosure and opt out provisions in1996, but the Agencies were prohibitedfrom issuing implementing regulationsuntil 1999. Thus, the collections ofinformation contained in this proposedrule are not new requirements. Duringthe past three years, financialinstitutions have developed systems,policies, and procedures to bringthemselves into compliance with the1996 FCRA amendments. In estimatingthe burden associated with thecollections of information in thisproposed regulation, the Agencies tookinto account the fact that FCRA-relateddisclosure and opt out requirementshave already become a usual andcustomary practice for coveredinstitutions. However, because theproposed rule is more explicit anddetailed than the statute, someinstitutions may need to revise theirdisclosure policies or their notices, andconsumers may need to respond to therevised notices. The burden associatedwith these changes to current practice isrepresented in the estimates below. Inestimating burden, the Agencies alsoassumed that if a financial institutionprovides an opt out notice under theFCRA, that notice must be included incertain notices mandated by the GLBAprivacy provisions, and will not be sentout separately. The collection ofinformation requirements contained inthis notice of proposed rulemaking willbe submitted to the Office ofManagement and Budget for review inaccordance with the PaperworkReduction Act of 1995 (44 U.S.C. 3507).

The estimated number of bankrespondents includes the totalinstitutions supervised by each of theAgencies that have certain affiliaterelationships. The requirements of theregulation only apply to institutions thatshare opt out information with affiliatesthat do not wish to be consumerreporting agencies; therefore, theAgencies cannot currently predict withcertainty how many of these institutionswill be subject to the rule. The analysis

assumes that all institutions withcertain affiliates will in fact, choose toshare opt out information and thus besubject to the rule.

The estimated number of consumerswho will receive opt out notices is thesum of deposit and loan consumers, andis derived from data in Board consumerstudies. Each Agency’s share of the totalnumber of consumers is based on theshare of total deposits, and consumerand mortgage loans, held by institutionssupervised by the Agencies. BecauseOTS collects different information aboutconsumer loans than the other Agencies,OTS estimated the number of thriftborrowers by dividing total consumerloans outstanding by the averagebalance, for different types of consumerloans. The analysis assumes thatinstitutions will provide separate optout notices based on product lines suchas loans and deposit accounts, ratherthan single, combined notices coveringall of the various relationships aconsumer may have with the institution.The Agencies seek comment as towhether institutions would likely sendseparate or combined notices.

OCC: Comments on the collections ofinformation should be sent to the Officeof Management and Budget, PaperworkReduction Project (1557—to beassigned), Washington, DC 20503, withcopies to Jessie Dunaway, Legislativeand Regulatory Activities Division(1557—to be assigned), Office of theComptroller of the Currency, 250 EStreet, SW, Washington, DC 20219. Thelikely respondents are national banksthat do not wish to be consideredconsumer reporting agencies, but wantto share information (other thantransaction or experience information)with their affiliates.

Estimated number of bankrespondents: 737.

Estimated average annual burdenhours per bank respondent: 8 hours.

Estimated number of consumerrespondents: 94,238,000.

Estimated average annual burdenhours per consumer respondent: 5minutes.

Estimated total annual reportingburden: 7,855,921 hours.

The number of consumer respondentsprovided by the OCC represents aconservative estimate based upon thetotal number of consumers who willreceive an opt out notice. The OCC isusing these conservative estimatesbecause it lacks more precise data onthe number of consumers who willexercise their opt out rights. The OCCexpects that the actual number ofconsumer respondents will be lowerthan the estimate provided above, andinvites comment on the number of



consumers who will respond to theFCRA opt out notices.

Board: In accordance with thePaperwork Reduction Act of 1995 (44U.S.C. 3506; 5 CFR 1320, appendix A.1),the Board reviewed the notice ofproposed rulemaking under theauthority delegated to the Board by theOMB. Comments on the collections ofinformation should be sent to Mary M.West, Federal Reserve Board ClearanceOfficer, Mail Stop 97, Board ofGovernors of the Federal ReserveSystem, Washington, DC 20551, with acopy to the Office of Management andBudget, Paperwork Reduction Project(7100—to be assigned), Washington, DC20503. The likely respondents aremember banks of the Federal ReserveSystem (other than national banks),branches and agencies of foreign banks(other than Federal branches, Federalagencies, and insured State branches offoreign banks), commercial lendingcompanies owned or controlled byforeign banks, and organizationsoperating under section 25 or 25A of theFederal Reserve Act, that do want toshare information (other thantransaction or experience information)with their affiliates.

Estimated number of bankrespondents: 996.



Estimated average annual burdenhours per consumer respondent: fiveminutes.


FDIC: Comments on the collections ofinformation should be sent to Steven F.Hanft, Office of the Executive Secretary,Federal Deposit Insurance Corporation,550 17th Street, NW., Washington, DC20429, with a copy to the Office ofManagement and Budget, PaperworkReduction Project (3064—to beassigned), Washington, DC 20503. Thelikely respondents are insurednonmember banks with affiliates, thatdo not wish to be considered consumerreporting agencies, and do want to shareinformation (other than transaction orexperience information) with theiraffiliates.

Estimated number of bankrespondents: 1,640.



Estimated average annual burdenhours per consumer respondent: fiveminutes.


OTS: Comments on the collection ofinformation should be sent to theDissemination Branch (1550—to beassigned), Office of Thrift Supervision,1700 G Street, NW, Washington, DC20552, with a copy to the Office ofManagement and Budget, PaperworkReduction Project (1550—to beassigned), Washington, DC 20503. Thelikely respondents are savingsassociations with affiliates that do notwish to be considered consumerreporting agencies, and do want to shareinformation (other than transaction orexperience information) with theiraffiliates, and consumers.

Estimated number of thriftrespondents: 762.

Estimated average annual burdenhours per thrift respondent: 8 hours.


Estimated average annual burdenhours per consumer respondent: .0833hours (5 minutes).


Regulatory Flexibility ActOCC: Pursuant to section 605(b) of the

Regulatory Flexibility Act (5 U.S.C. 601et seq.), the OCC certifies that thisproposal will not have a significanteconomic impact on a substantialnumber of small entities. Financialinstitutions have had to notify theirconsumers of the right to opt out ofaffiliate sharing of certain informationsince 1997. This rulemaking providesguidance to national banks concerninghow they may comply with the statutoryrequirements, but requires no new typeof disclosure or opt out system. Whileexisting forms may need to be modified,these modifications are unlikely toresult in a significant economic impacton a substantial number of smallentities.

In addition, some of the requirementsin the proposed rule have been designedto correspond to the requirements of theprivacy regulations. For example, underboth regulations, financial institutions,in certain circumstances, must delivernotices to consumers and to provideconsumers an opportunity to opt out ofcertain information disclosures. Thisproposed rule would allow financialinstitutions to combine into one noticethe notice they must deliver underFCRA and the notice that they mustdeliver under the privacy regulations.Also, institutions may combine theirconsumers’ opt out responses into oneopt out response. By combining thenotices they deliver and the opt outresponses they process, financialinstitutions will not need to produceadditional notices or to process

additional opt out responses under thisrule. Because the proposed rule isdesigned to minimize FCRA’s burden onfinancial institutions, and because theFCRA requirements have been effectivesince 1997, the OCC believes that thisproposed rule will not have a significanteconomic impact on a substantialnumber of small entities. For thesereasons, a regulatory flexibility analysisis not required.

Board: Pursuant to section 605(b) ofthe Regulatory Flexibility Act (5 U.S.C.601 et seq.), the Board certifies that theproposed rule will not have a significanteconomic impact on a substantialnumber of small entities. As furtherdiscussed below, the proposed ruleimplements law that has been in effectfor some time, corresponds as much asfeasible to the requirements of theBoard’s Regulation P, would allowinstitutions to combine privacy andFCRA notices to consumers, and wouldallow institutions to combineconsumers’ responses to those notices.Accordingly, a regulatory flexibilityanalysis is not required.

Since 1997, the FCRA has providedthat the term ‘‘consumer report’’ doesnot include any communication of otherinformation (meaning information thatis not transaction or experienceinformation) among persons related bycommon ownership or affiliated bycorporate control, if it is clearly andconspicuously disclosed to theconsumer that the information may becommunicated among such persons andthe consumer is given the opportunity,before the time that the information isinitially communicated, to direct thatsuch information not be communicatedamong such persons. The proposedregulations would implement thisprovision and would provide guidanceto certain Board-regulated institutionson how to comply, but would notsubstantively change existing law. Nonew type of disclosure or opt-out systemwould be required. While existing formsmay need to be modified, thesemodifications are unlikely to result in asignificant economic impact on asubstantial number of small entities.

Additionally, the proposed rule isdesigned to correspond as much asfeasible to the requirements ofRegulation P, which governs the privacyof consumer financial information. Bothregulations implement statutoryprovisions for the delivery ofinformation-sharing opt out notices toconsumers. The proposed rule wouldfacilitate compliance by financialinstitutions with the requirement toprovide privacy notices and the use ofopt out notices under the FCRA byallowing the two notices to be combined



in a single notice. Similarly, institutionswould be allowed to combine theirconsumers’ opt out responses in a singleopt out response. By choosing tocombine the notices they deliver andthe opt out responses they process,financial institutions will not need toproduce additional notices or to processadditional opt out responses under thisrule. For these reasons, a regulatoryflexibility analysis is not required.

FDIC: Pursuant to section 605(b) ofthe Regulatory Flexibility Act (5 U.S.C.601 et seq.), the FDIC certifies that theproposed rule will not have a significanteconomic impact on a substantialnumber of small entities. Thisconclusion is based on the followingfacts. The FCRA has required financialinstitutions to notify their consumers ofthe right to opt out of affiliate sharingof certain information since 1997.However, prior to the GLBA, theAgencies had no authority to issue rulesto provide financial institutions withguidance to comply with the FCRArequirements. This proposedrulemaking does not substantivelychange the existing statutoryrequirements, but rather providesguidance to financial institutions thatshould minimize any burden associatedwith complying with the subject FCRAinformation sharing provisions. Thisproposal requires no new type ofdisclosure or opt out system. Whileexisting forms may need to be modified,these modifications are unlikely toresult in a significant economic impacton a substantial number of smallentities. The Agencies have attempted tominimize any such economic impact byincluding a sample notice, part or all ofwhich may be used to facilitatecompliance with the noticerequirements.

Further, this proposed rule isdesigned to be consistent with therequirements of the regulationgoverning the privacy of consumerfinancial information. Both rulesimplement statutory requirements forfinancial institutions, in certaincircumstances, to deliver notices toconsumers and to provide consumers anopportunity to opt out of certaininformation disclosures. The Agencieshave made the FCRA notice guidanceparallel to the privacy rulerequirements, thus facilitating thedelivery of a single notice to consumers.Similarly, institutions may combinetheir consumers’ opt out responses intoone opt out response. By combining thenotices they deliver and the opt outresponses they process, financialinstitutions will not need to produceadditional notices or to process

additional opt out responses under thisrule.

For the above reasons, the FDICbelieves that this proposed rule will nothave a significant economic impact ona substantial number of small entities,and a regulatory flexibility analysis isnot required.

OTS: Pursuant to section 605(b) of theRegulatory Flexibility Act (5 U.S.C. 601et seq.), the Director of OTS certifiesthat this proposed rulemaking wouldnot have a significant economic impacton a substantial number of smallentities. The FCRA has required thriftsto notify their consumers of the right toopt out of affiliate sharing of certaininformation since 1997. However, priorto GLBA, OTS did not have authority toissue rules to provide thrifts withguidance to comply with the FCRA.This proposed rulemaking does notsubstantively change or add to theexisting statutory requirements. Itmerely provides thrifts with guidance tohelp minimize any burden associatedwith complying with the FCRAinformation sharing provisions. Thisproposal requires no new type ofdisclosure or opt out system. Whileexisting forms may need to be modified,these modifications are unlikely toresult in a significant economic impacton a substantial number of smallentities. The Agencies have attempted tominimize any such economic impact byincluding a sample notice, part or all ofwhich thrifts may use to facilitate thenotice requirements.

Further, this proposed rule isdesigned to be consistent with therequirements of the regulationgoverning the privacy of consumerfinancial information, 12 CFR part 573.Both rules implement statutoryrequirements for financial institutions,in certain circumstances, to delivernotices to consumers and to provideconsumers an opportunity to opt out ofcertain information disclosures. TheAgencies have made the FCRA noticeguidance parallel to the privacy rulerequirements, thus facilitating thedelivery of a single notice to consumers.Similarly, institutions may combine aconsumer’s opt out responses into oneopt out response. By combining thenotices they deliver and the opt outresponses they process, financialinstitutions will not need to produceadditional notices or to processadditional opt out responses under thisrule. For these reasons, a regulatoryflexibility analysis is not required.

OCC and OTS Executive Order 12866Determination

The OCC and OTS each hasdetermined that its portion of the

proposed rulemaking is not a significantregulatory action under Executive Order12866.

OCC and OTS Unfunded MandatesReform Act of 1995 Determination

Section 202 of the UnfundedMandates Reform Act of 1995, 2 U.S.C.1532 (Unfunded Mandates Act) requiresthat an agency prepare a budgetaryimpact statement before promulgating arule that includes a Federal mandatethat may result in expenditure by State,local, and tribal governments, in theaggregate, or by the private sector, of$100 million or more in any one year.If a budgetary impact statement isrequired, section 205 of the UnfundedMandates Act also requires an agency toidentify and consider a reasonablenumber of regulatory alternatives beforepromulgating a rule. The OCC and OTSeach has determined that this proposedrule will not result in expenditures byState, local, and tribal governments, orby the private sector, of $100 million ormore. Accordingly, neither the OCC northe OTS has prepared a budgetaryimpact statement or specificallyaddressed the regulatory alternativesconsidered.

V. Solicitation of Comments on Use ofPlain Language

Section 722 of the GLBA requires theFederal banking agencies to use plainlanguage in all proposed and final rulespublished after January 1, 2000. Weinvite your comments on how to makethis proposed rule easier to understand.For example:

• Have we organized the material tosuit your needs? If not, how could thismaterial be better organized?

• Are the requirements in the ruleclearly stated? If not, how could the rulebe more clearly stated?

• Do the regulations contain technicallanguage or jargon that is not clear? Ifso, which language requiresclarification?

• Would a different format (groupingand order of sections, use of headings,paragraphing) make the regulationeasier to understand? If so, whatchanges to the format would make theregulation easier to understand?

• Would more, but shorter, sectionsbe better? If so, which sections shouldbe changed?

• What else could we do to make theregulation easier to understand?

The Agencies solicit comment onwhether the inclusion of examples inthe regulation is appropriate. Elevatingthe fact patterns to safe harbors in therule may generate certain problems overtime. For example, changes intechnology or practices may ultimately



impact the fact patterns contained in theexamples and require changes to theregulation. Are there alternativemethods to offer illustrative guidance ofthe concepts portrayed by the examples?

List of Subjects

12 CFR Part 41Banks, banking, Credit, National

banks, Reporting and recordkeepingrequirements.

12 CFR Part 222Banks, banking, Credit, Federal

Reserve System, Reporting andrecordkeeping requirements, Statemember banks.

12 CFR Part 334Banks, banking, Credit, Reporting and

recordkeeping requirements.

12 CFR Part 571Credit, Privacy, Reporting and

recordkeeping requirements, Savingsassociations.

Office of the Comptroller of theCurrency

12 CFR Chapter I

Authority and IssuanceFor the reasons set forth in the joint

preamble, the OCC proposes to amendchapter I of title 12 of the Code ofFederal Regulations by adding a newpart 41 to read as follows:

PART 41—FAIR CREDIT REPORTING

Sec.41.1 Purpose and scope.41.2 Examples.41.3 Definitions.41.4 Communication of opt out information

to affiliates.41.5 Contents of opt out notice.41.6 Reasonable opportunity to opt out.41.7 Reasonable means of opting out.41.8 Delivery of opt out notices.41.9 Revised opt out notice.41.10 Time by which opt out must be

honored.41.11 Duration of opt out.41.12 Prohibition against discrimination.

Appendix A to Part 41—Sample Notice

Authority: 12 U.S.C. 93a; 15 U.S.C. 1681s.

§ 41.1 Purpose and scope.(a) Purpose. This part governs the

collection, communication, and use, bythe institutions listed in paragraph (b)(2)of this section, of certain informationbearing on a consumer’s creditworthiness, credit standing, creditcapacity, character, general reputation,personal characteristics, or mode ofliving.

(b) Scope. (1) Information covered.This part applies to information that is

used or expected to be used or collectedin whole or in part for the purpose ofserving as a factor in establishing aconsumer’s eligibility for credit,insurance, employment, or any otherpurpose authorized under section 604 ofthe Fair Credit Reporting Act (15 U.S.C.1681b).

(2) Institutions covered. This partapplies to national banks, and Federalbranches and Federal agencies of foreignbanks (collectively referred to as‘‘bank’’).

(3) Relation to other laws. Nothing inthis part modifies, limits, or supersedesthe standards governing the privacy ofindividually identifiable healthinformation promulgated by theSecretary of Health and Human Servicesunder the authority of sections 262 and264 of the Health Insurance Portabilityand Accountability Act of 1996 (42U.S.C. 1320d–1320d–8).

§ 41.2 Examples.The examples used in this part and

the sample notice in appendix A to thispart are not exclusive. Compliance withan example or use of the sample notice,to the extent applicable, constitutescompliance with this part.

§ 41.3 Definitions.As used in this part, unless the

context requires otherwise:(a) Act means the Fair Credit

Reporting Act (15 U.S.C. 1681 et seq.).(b) Affiliate. (1) In general. The term

means any company that is related oraffiliated by common ownership, oraffiliated by corporate control orcommon corporate control, with anothercompany.

(2) Related or affiliated by commonownership or affiliated by corporatecontrol or common corporate control.This means controlling, controlled by,or under common control with, anothercompany.

(c) Clear and conspicuous. (1) Ingeneral. The term means that a notice isreasonably understandable and isdesigned to call attention to the natureand significance of the information itcontains.

(2) Examples. (i) Reasonablyunderstandable. A bank makes itsnotice reasonably understandable if it:

(A) Presents the information in thenotice in clear and concise sentences,paragraphs, and sections;

(B) Uses short explanatory sentencesor bullet lists whenever possible;

(C) Uses definite, concrete, everydaywords and active voice wheneverpossible;

(D) Avoids multiple negatives;(E) Avoids legal and highly technical

business terminology wheneverpossible; and

(F) Avoids explanations that areimprecise and are readily subject todifferent interpretations.

(ii) Designed to call attention. A bankdesigns its notice to call attention to thenature and significance of theinformation it contains if it:

(A) Uses a plain-language heading tocall attention to the notice;

(B) Uses a typeface and type size thatare easy to read;

(C) Provides wide margins and ampleline spacing;

(D) Uses boldface or italics for keywords; and

(E) In a form that combines the bank’snotice with other information, usesdistinctive type sizes, styles, andgraphic devices, such as shading orsidebars.

(iii) Notice on a web page. If a bankprovides a notice on a web page, thebank designs its notice to call attentionto the nature and significance of theinformation it contains if the bank:

(A) Places either the notice, or a linkthat connects directly to the notice andthat is labeled appropriately to conveythe importance, nature, and relevance ofthe notice, on a page that consumersaccess often, such as a page on whichtransactions are conducted;

(B) Uses text or visual cues toencourage scrolling down the page ifnecessary to view the entire notice; and

(C) Ensures that other elements on theweb page (such as text, graphics, links,or sound) do not detract attention fromthe notice.

(d) Communication includes written,oral, and electronic communication;provided that the term includeselectronic communication to aconsumer only if the consumer agrees toreceive the communicationelectronically.

(e) Company means any corporation,limited liability company, businesstrust, general or limited partnership,association, or similar organization.

(f) Consumer means an individual.(g) Consumer report. (1) In general.

The term means any written, oral, orother communication of anyinformation by a consumer reportingagency bearing on a consumer’s creditworthiness, credit standing, creditcapacity, character, general reputation,personal characteristics, or mode ofliving which is used or expected to beused or collected in whole or in part forthe purpose of serving as a factor inestablishing the consumer’s eligibilityfor:

(i) Credit or insurance to be usedprimarily for personal, family, orhousehold purposes;

(ii) Employment purposes; or



(iii) Any other purpose authorizedunder section 604 of the Act (15 U.S.C.1681b).

(2) Exclusions. The term does notinclude:

(i) Any report containing informationsolely as to transactions or experiencesbetween the consumer and the personmaking the report;

(ii) Any communication of thatinformation among affiliates;

(iii) Any communication amongaffiliates of opt out information if theconditions in §§ 41.4 through 41.9 aresatisfied;

(iv) Any authorization or approval ofa specific extension of credit directly orindirectly by the issuer of a credit cardor similar device;

(v) Any report in which a person whohas been requested by a third party tomake a specific extension of creditdirectly or indirectly to a consumerconveys his or her decision with respectto such request, if the third partyadvises the consumer of the name andaddress of the person to whom therequest was made, and the personmakes the disclosures to the consumerrequired under section 615 of the Act(15 U.S.C. 1681m); or

(vi) A communication described insection 603(o) of the Act (15 U.S.C.1681a(o)).

(h) Consumer reporting agency meansany person which, for monetary fees,dues or on a cooperative nonprofit basis,regularly engages in whole or in part inthe practice of assembling or evaluatingconsumer credit information or otherinformation on consumers for thepurpose of furnishing consumer reportsto third parties, and which uses anymeans or facility of interstate commercefor the purpose of preparing orfurnishing consumer reports.

(i) Control of a company means:(1) Ownership, control, or power to

vote 25 percent or more of theoutstanding shares of any class of votingsecurity of the company, directly orindirectly, or acting through one ormore other persons;

(2) Control in any manner over theelection of a majority of the directors,trustees, or general partners (orindividuals exercising similar functions)of the company; or

(3) The power to exercise, directly orindirectly, a controlling influence overthe management or policies of thecompany, as the Office of theComptroller of the Currency determines.

(j) Opt out means a direction by aconsumer that a bank not communicateopt out information about the consumerto one or more of its affiliates.

(k) Opt out information meansinformation that:

(1) Bears on a consumer’s creditworthiness, credit standing, creditcapacity, character, general reputation,personal characteristics, or mode ofliving;

(2) Is used or expected to be used orcollected in whole or in part to serve asa factor in establishing the consumer’seligibility for credit or another purposelisted in section 604 of the Act (15U.S.C. 1681b); and

(3) Is not a report containinginformation solely as to transactions orexperiences between the consumer andthe person reporting or communicatingthe information.

(l) Person means any individual,partnership, corporation, trust, estate,cooperative, association, government orgovernmental subdivision or agency, orother entity.

§ 41.4 Communication of opt outinformation to affiliates.

A bank’s communication to itsaffiliates of opt out information about aconsumer is not a consumer report if:

(a) The bank has provided theconsumer with an opt out notice;

(b) The bank has given the consumera reasonable opportunity and means,before the bank communicates theinformation to its affiliates, to opt out;and

(c) The consumer has not opted out.

§ 41.5 Contents of opt out notice.(a) In general. An opt out notice must

be clear and conspicuous, and mustaccurately explain:

(1) The categories of opt outinformation about the consumer that abank communicates to its affiliates;

(2) The categories of affiliates towhich the bank communicates theinformation;

(3) The consumer’s ability to opt out;and

(4) A reasonable means for theconsumer to opt out.

(b) Future communications. A bank’snotice may describe:

(1) Categories of opt out informationabout the consumer that the bankreserves the right to communicate to itsaffiliates in the future but does notcurrently communicate; and

(2) Categories of affiliates to which thebank reserves the right in the future tocommunicate, but to which the bankdoes not currently communicate, optout information about the consumer.

(c) Partial opt out. A bank may allowa consumer to select certain opt outinformation or certain affiliates, withrespect to which the consumer wishesto opt out.

(d) Examples of categories ofinformation that a bank communicates.

(1) A bank satisfies the requirement tocategorize the opt out information thatit communicates if the bank lists thecategories in paragraph (d)(2) of thissection, as applicable, and a fewexamples to illustrate the types ofinformation in each category. Theseexamples may include those inparagraph (d)(3) of this section, ifapplicable.

(2) Categories of opt out informationmay include information:

(i) From a consumer’s application;(ii) From a consumer credit report;(iii) Obtained by verifying

representations made by a consumer; or(iv) Provided by another person

regarding its employment, credit, orother relationship with a consumer.

(3) Examples of information within acategory listed in paragraph (d)(2) ofthis section include a consumer’s:

(i) Income;(ii) Credit score or credit history with

others;(iii) Open lines of credit with others;(iv) Employment history with others;(v) Marital status; and(vi) Medical history.(4) A bank does not satisfy the

requirement if it communicates orreserves the right to communicateindividually identifiable healthinformation (as described in section1171(6)(B) of the Social Security Act (42U.S.C. 1320d(6)(B)) but omitsillustrative examples of thisinformation.

(e) Examples of categories of affiliates.(1) A bank satisfies the requirement tocategorize the affiliates to which itcommunicates opt out information if itlists the categories in paragraph (e)(2) ofthis section, as applicable, and a fewexamples to illustrate the types ofaffiliates in each category.

(2) Categories of affiliates mayinclude:

(i) Financial service providers; and(ii) Non-financial companies.(f) Sample notice. A sample notice is

included in appendix A to this part.

§ 41.6 Reasonable opportunity to opt out.(a) In general. A bank provides a

reasonable opportunity to opt out if itprovides a reasonable period of timefollowing the delivery of the opt outnotice for the consumer to opt out.

(b) Examples of reasonable period oftime: (1) In person. A bank hand-delivers an opt out notice to theconsumer and provides at least 30 daysfrom the date it delivered the notice.

(2) By mail. A bank mails an opt outnotice to a consumer and provides atleast 30 days from the date it mailed thenotice.

(3) By electronic means. A banknotifies the consumer electronically,



and it provides at least 30 days after thedate that the consumer acknowledgesreceipt of the electronic notice.

(c) Continuing opportunity to opt out.A consumer may opt out at any time.

§ 41.7 Reasonable means of opting out.(a) General rule. A bank provides a

consumer with a reasonable means ofopting out if it provides a reasonablyconvenient method to opt out.

(b) Reasonably convenient methods.Examples of reasonably convenientmethods include:

(1) Designating check-off boxes in aprominent position on the relevantforms included with the opt out notice;

(2) Including a reply form togetherwith the opt out notice;

(3) Providing an electronic means toopt out, such as a form that can beelectronically mailed or a process at thebank’s web site, if the consumer agreesto the electronic delivery of information;or

(4) Providing a toll-free telephonenumber that consumers may call to optout.

(c) Methods not reasonablyconvenient. Examples of methods thatare not reasonably convenient include:

(1) Requiring a consumer to write hisor her own letter to a bank; or

(2) Referring in a revised notice to acheck-off box that a bank included witha previous notice but that the bank doesnot include with the revised notice.

(d) Requiring specific means of optingout. A bank may require each consumerto opt out through a specific means, aslong as that means is reasonable for thatconsumer.

§ 41.8 Delivery of opt out notices.(a) In general. A bank must deliver an

opt out notice so that each consumercan reasonably be expected to receiveactual notice in writing or, if theconsumer agrees, electronically.

(b) Examples of expectation of actualnotice. (1) A bank may reasonablyexpect that a consumer will receiveactual notice if it:

(i) Hand-delivers a printed copy of thenotice to the consumer;

(ii) Mails a printed copy of the noticeto the last known mailing address of theconsumer; or

(iii) For the consumer who conductstransactions electronically, posts thenotice on its electronic site and requiresthe consumer to acknowledge receipt ofthe notice as a necessary step toobtaining a particular product orservice;

(2) A bank may not reasonably expectthat a consumer will receive actualnotice if it:

(i) Only posts a sign in its branch oroffice or generally publishes

advertisements presenting its notice; or(ii) Sends the notice via electronic mailto a consumer who does not obtain aproduct or service from the bankelectronically.

(c) Oral description insufficient. Abank may not provide an opt out noticesolely by orally explaining the notice,either in person or over the telephone.

(d) Retention or accessibility. (1) Ingeneral. A bank must provide an opt outnotice so that it can be retained orobtained at a later time by the consumerin writing or, if the consumer agrees,electronically.

(2) Examples of retention oraccessibility. A bank provides the noticeso that it can be retained or obtained ata later time if the bank:

(i) Hand-delivers a printed copy of thenotice to the consumer;

(ii) Mails a printed copy of the noticeto the last known address of theconsumer upon request of theconsumer; or

(iii) Makes the bank’s current noticeavailable on a web site (or a link toanother web site) for the consumer whoobtains a product or serviceelectronically and who agrees to receivethe notice at the web site.

(e) Joint notice with affiliates. A bankmay provide a joint notice with one ormore affiliates as long as the noticeidentifies each person providing it andis accurate with respect to each.

(f) Joint relationships. (1) In general.Notwithstanding any other provision inthis part, if two or more consumersjointly obtain a product or service froma bank (joint consumers), the followingrules apply:

(i) The bank may provide a singlenotice to all of the joint consumers.

(ii) Any of the joint consumers has theopportunity to opt out.

(iii) The bank may treat an opt outdirection by a joint consumer either as:

(A) Applying to all of the jointconsumers; or

(B) Applying to that particular jointconsumer.

(iv) The bank must explain in its optout notice which of the two policies setforth in paragraph (f)(1)(iii) of thissection it will follow.

(v) If the bank follows the policy setforth in paragraph (f)(1)(iii)(B) of thissection, by treating the opt out of a jointconsumer as applying to that particularjoint consumer, the bank must alsopermit:

(A) A joint consumer to opt out onbehalf of other joint consumers; and

(B) One or more joint consumers tonotify the bank of their opt outdirections in a single response.

(vi) A bank may not require all jointconsumers to opt out before itimplements any opt out direction.

(vii) If a bank receives an opt out bya particular joint consumer that does notapply to the others, the bank maydisclose information about the others aslong as no information is disclosedabout the consumer who opted out.

(2) Example. If consumers A and B,who have different addresses, have ajoint checking account with a bank andarrange for the bank to send statementsto A’s address, the bank may do any ofthe following, but it must explain in itsopt out notice which opt out policy thebank will follow. The bank may send asingle opt out notice to A’s address and:

(i) Treat an opt out direction by A asapplying to the entire account. If thebank does so and A opts out, the bankmay not require B to opt out as wellbefore implementing A’s opt outdirection.

(ii) Treat A’s opt out direction asapplying to A only. If the bank does so,it must also permit:

(A) A and B to opt out for each other;and

(B) A and B to notify the bank of theiropt out directions in a single response(such as on a single form) if they chooseto give separate opt out directions.

(iii) If A opts out only for A, and Bdoes not opt out, the bank may discloseopt out information only about B, andnot about A and B jointly.

§ 41.9 Revised opt out notice.If a bank has provided a consumer

with one or more opt out notices andplans to communicate opt outinformation to its affiliates about theconsumer other than as described inthose notices, the bank must provide theconsumer with a revised opt out noticethat complies with §§ 41.4 through 41.8.

§ 41.10 Time by which opt out must behonored.

If a bank provides a consumer with anopt out notice and the consumer optsout, the bank must comply with the optout as soon as reasonably practicableafter the bank receives it.

§ 41.11 Duration of opt out.An opt out remains effective until

revoked by the consumer in writing orelectronically, as long as the consumercontinues to have a relationship withthe bank. If the consumer’s relationshipwith the bank terminates, the opt outwill continue to apply to thisinformation. However, a new notice andopportunity to opt out must be providedif the consumer establishes a newrelationship with the bank.

§ 41.12 Prohibition against discrimination.(a) In general. If a consumer is an

applicant for credit, a bank must notdiscriminate against the consumer if the



1 If the financial institution is using its web siteor an e-mail address as the only method by whicha consumer may opt out, the consumer must agreeto the electronic delivery of information.

consumer opts out of the bank’scommunication of opt out informationto it affiliates.

(b) Examples of discriminationagainst an applicant. A bankdiscriminates against an applicant if it:

(1) Denies the applicant creditbecause the applicant opts out;

(2) Varies the terms of creditadversely to the applicant such as byproviding less favorable pricing terms toan applicant who opts out; or

(3) Applies more stringent creditunderwriting standards to the applicantbecause the applicant opts out.

(c) Regulation B. The terms‘‘applicant’’ and ‘‘discriminate against’’in § 41.12 have the same meaningsascribed to them in 12 CFR part 202.


This appendix contains a sample notice tofacilitate compliance with the noticerequirements of this part. An institution mayuse applicable disclosures in this sample toprovide notices required by this part.

Notice of Your Opportunity To Opt Out ofInformation Sharing With Companies in OurCorporate Family

Information We Can Share With OurCorporate Family About You—Unless YouTell Us Not to

What Information: Unless you tell us notto, [Financial Institution] may share withcompanies in our corporate familyinformation about you including:

• Information we obtain from yourapplication, such as [provide illustrativeexamples, such as ‘‘your income’’ or ‘‘yourmarital status’’];

• Information we obtain from a consumerreport, such as [provide illustrativeexamples, such as ‘‘your credit score or credithistory’’];

• Information we obtain to verifyrepresentations made by you, such as[provide illustrative examples, such as ‘‘youropen lines of credit’’]; and

• Information we obtain from a personregarding its employment, credit, or otherrelationship with you, such as [provideillustrative examples, such as ‘‘youremployment history’’].

Shared With Whom: Companies in ourcorporate family who may receive thisinformation are:

• Financial service providers, such as[provide illustrative examples, such as‘‘mortgage bankers, broker-dealers, andinsurance agents’’]; and

• Non-financial companies, such as[provide illustrative examples, such as‘‘retailers, direct marketers, airlines, andpublishers’’].

How To Tell Us Not To Share ThisInformation With Our Corporate Family

If you prefer that we not share thisinformation with companies in our corporatefamily, you may direct us not to share thisinformation by doing the following [insertone or more of the reasonable means of

opting out listed below 1]: [call us toll free at{insert toll free number}]; or [visit our website at {insert web site address} and {providefurther instructions how to use the web siteoption}]; or [e-mail us at {insert the e-mailaddress}]; or [fill out and tear off the bottomof this sheet and mail to the followingaddress: {insert address}]; or [check theappropriate box on the attached form {attachform} and mail to the following address:{insert address}].

Note: Your direction in this paragraphcovers certain information about you that wemight otherwise share with our corporatefamily. We may share other informationabout you with our corporate family aspermitted by law.

Dated: September 22, 2000.John D. Hawke, Jr.,Comptroller of the Currency.

Federal Reserve System12 CFR Chapter II

Authority and IssuanceFor the reasons set forth in the joint

preamble, chapter II of title 12 of theCode of Federal Regulations is proposedto be amended by adding a new part 222to read as follows:

PART 222 FAIR CREDIT REPORTING(REGULATION V)

Sec.222.1 Purpose and scope.222.2 Examples.222.3 Definitions.222.4 Communication of opt out

information to affiliates.222.5 Contents of opt out notice.222.6 Reasonable opportunity to opt out.222.7 Reasonable means of opting out.222.8 Delivery of opt out notices.222.9 Revised opt out notice.222.10 Time by which opt out must be



Authority: 15 U.S.C. 1681s.

§ 222.1 Purpose and scope.(a) Purpose. This part governs the

collection, communication, and use, bythe institutions listed in paragraph (b)(2)of this section, of certain informationbearing on a consumer’s creditworthiness, credit standing, creditcapacity, character, general reputation,personal characteristics, or mode ofliving.

(b) Scope. (1) Information covered.This part applies to information that isused or expected to be used or collectedin whole or in part for the purpose ofserving as a factor in establishing a

consumer’s eligibility for credit,insurance, employment, or any otherpurpose authorized under section 604 ofthe Fair Credit Reporting Act (15 U.S.C.1681b).

(2) Institutions covered. This partapplies to member banks of the FederalReserve System (other than nationalbanks), branches and agencies of foreignbanks (other than Federal branches,Federal agencies, and insured Statebranches of foreign banks), commerciallending companies owned or controlledby foreign banks, and organizationsoperating under section 25 or 25A of theFederal Reserve Act (12 U.S.C. 601–604a, 611–631).


§ 222.2 Examples.

The examples used in this part andthe sample notice in appendix A to thispart are not exclusive. Compliance withan example or use of the sample notice,to the extent applicable, constitutescompliance with this part.

§ 222.3 Definitions.

As used in this part, unless thecontext requires otherwise:

(a) Act means the Fair CreditReporting Act (15 U.S.C. 1681 et seq.).

(b) Affiliate. (1) In general. The termmeans any company that is related oraffiliated by common ownership, oraffiliated by corporate control orcommon corporate control, with anothercompany.



(2) Examples. (i) Reasonablyunderstandable. You make your noticereasonably understandable if you:

(A) Present the information in thenotice in clear and concise sentences,paragraphs, and sections;

(B) Use short explanatory sentences orbullet lists whenever possible;



(C) Use definite, concrete, everydaywords and active voice wheneverpossible;

(D) Avoid multiple negatives;(E) Avoid legal and highly technical


(F) Avoid explanations that areimprecise and are readily subject todifferent interpretations.

(ii) Designed to call attention. Youdesign your notice to call attention tothe nature and significance of theinformation it contains if you:

(A) Use a plain-language heading tocall attention to the notice;

(B) Use a typeface and type size thatare easy to read;

(C) Provide wide margins and ampleline spacing;

(D) Use boldface or italics for keywords; and

(E) In a form that combines yournotice with other information, usedistinctive type sizes, styles, andgraphic devices, such as shading orsidebars.

(iii) Notice on a web page. If youprovide a notice on a web page, youdesign your notice to call attention tothe nature and significance of theinformation it contains if you:

(A) Place either the notice, or a linkthat connects directly to the notice andthat is labeled appropriately to conveythe importance, nature, and relevance ofthe notice, on a page that consumersaccess often, such as a page on whichtransactions are conducted;

(B) Use text or visual cues toencourage scrolling down the page ifnecessary to view the entire notice; and

(C) Ensure that other elements on theweb page (such as text, graphics, links,or sound) do not detract attention fromthe notice.




The term means any written, oral, orother communication of anyinformation by a consumer reportingagency bearing on a consumer’s creditworthiness, credit standing, creditcapacity, character, general reputation,personal characteristics, or mode ofliving which is used or expected to beused or collected in whole or in part forthe purpose of serving as a factor in

establishing the consumer’s eligibilityfor:


(ii) Employment purposes; or(iii) Any other purpose authorized

under section 604 of the Act (15 U.S.C.1681b).











(2) Control in any manner over theelection of a majority of the directors,trustees, or general partners (orindividuals exercising similar functions)of the company;

(3) The power to exercise, directly orindirectly, a controlling influence overthe management or policies of thecompany, as the Board determines.

(j) Opt out means a direction by aconsumer that you not communicate opt

out information about the consumer toone or more of your affiliates.





(1) Person means any individual,partnership, corporation, trust, estate,cooperative, association, government orgovernmental subdivision or agency, orother entity.

(m) You means a member bank of theFederal Reserve System (other than anational bank), a branch or agency of aforeign bank (other than a Federalbranch, Federal agency, or insured Statebranch of a foreign bank), a commerciallending company owned or controlledby a foreign bank, or an organizationoperating under section 25 or 25A of theFederal Reserve Act (12 U.S.C. 601–604a, 611–631).


Your communication to your affiliatesof opt out information about a consumeris not a consumer report if:

(a) You have provided the consumerwith an opt out notice;

(b) You have given the consumer areasonable opportunity and means,before you communicate theinformation to your affiliates, to opt out;and


§ 222.5 Contents of opt out notice.(a) In general. An opt out notice must


(1) The categories of opt outinformation about the consumer thatyou communicate to your affiliates;

(2) The categories of affiliates towhich you communicate theinformation;



(b) Future communications. Yournotice may describe:

(1) Categories of opt out informationabout the consumer that you reserve the



right to communicate to your affiliatesin the future but do not currentlycommunicate; and

(2) Categories of affiliates to whichyou reserve the right in the future tocommunicate, but to which you do notcurrently communicate, opt outinformation about the consumer.

(c) Partial opt out. You may allow aconsumer to select certain opt outinformation or certain affiliates, withrespect to which the consumer wishesto opt out.

(d) Examples of categories ofinformation that you communicate. (1)You satisfy the requirement tocategorize the opt out information thatyou communicate if you list thecategories in paragraph (d)(2) of thissection, as applicable, and a fewexamples to illustrate the types ofinformation in each category. Theseexamples may include those inparagraph (d)(3) of this section, ifapplicable.







others;(iii) Open lines of credit with others;(iv) Employment history with others;(v) Marital status; and(vi) Medical history.(4) You do not satisfy the requirement

if you communicate or reserve the rightto communicate individuallyidentifiable health information (asdescribed in section 1171(6)(B) of theSocial Security Act (42 U.S.C.1320d(6)(B)) but omit illustrativeexamples of this information.

(e) Examples of categories of affiliates.(1) You satisfy the requirement tocategorize the affiliates to which youcommunicate opt out information if youlist the categories in paragraph (e)(2) ofthis section, as applicable, and a fewexamples to illustrate the types ofaffiliates in each category.




§ 222.6 Reasonable opportunity to opt out.(a) In general. You provide a

reasonable opportunity to opt out if you

provide a reasonable period of timefollowing the delivery of the opt outnotice for the consumer to opt out.

(b) Examples of reasonable period oftime: (1) In person. You hand-deliver anopt out notice to the consumer andprovide at least 30 days from the dateyou delivered the notice.

(2) By mail. You mail an opt outnotice to a consumer and provide atleast 30 days from the date you mailedthe notice.

(3) By electronic means. You notifythe consumer electronically, and youprovide at least 30 days after the datethat the consumer acknowledges receiptof the electronic notice.


§ 222.7 Reasonable means of opting out.(a) General rule. You provide a

consumer with a reasonable means ofopting out if you provide a reasonablyconvenient method to opt out.




(3) Providing an electronic means toopt out, such as a form that can beelectronically mailed or a process atyour web site, if the consumer agrees tothe electronic delivery of information;or



(1) Requiring a consumer to write hisor her own letter to you; or

(2) Referring in a revised notice to acheck-off box that you included with aprevious notice but that you do notinclude with the revised notice.

(d) Requiring specific means of optingout. You may require each consumer toopt out through a specific means, aslong as that means is reasonable for thatconsumer.

§ 222.8 Delivery of opt out notices.(a) In general. You must deliver an opt

out notice so that each consumer canreasonably be expected to receive actualnotice in writing or, if the consumeragrees, electronically.

(b) Examples of expectation of actualnotice. (1) You may reasonably expectthat a consumer will receive actualnotice if you:

(i) Hand-deliver a printed copy of thenotice to the consumer;

(ii) Mail a printed copy of the noticeto the last known mailing address of theconsumer; or

(iii) For the consumer who conductstransactions electronically, post thenotice on your electronic site andrequire the consumer to acknowledgereceipt of the notice as a necessary stepto obtaining a particular product orservice;

(2) You may not reasonably expectthat a consumer will receive actualnotice if you:

(i) Only post a sign in your branch oroffice or generally publishadvertisements presenting your notice;or

(ii) Send the notice via electronic mailto a consumer who does not obtain aproduct or service from youelectronically.

(c) Oral description insufficient. Youmay not provide an opt out notice solelyby orally explaining the notice, either inperson or over the telephone.

(d) Retention or accessibility. (1) Ingeneral. You must provide an opt outnotice so that it can be retained orobtained at a later time by the consumerin writing or, if the consumer agrees,electronically.

(2) Examples of retention oraccessibility. You provide the notice sothat it can be retained or obtained at alater time if you:


(ii) Mail a printed copy of the noticeto the last known address of theconsumer upon request of theconsumer; or

(iii) Make your current noticeavailable on a web site (or a link toanother web site) for the consumer whoobtains a product or serviceelectronically and who agrees to receivethe notice at the web site.

(e) Joint notice with affiliates. Youmay provide a joint notice with one ormore affiliates as long as the noticeidentifies each person providing it andis accurate with respect to each.

(f) Joint relationships. (1) In general.Notwithstanding any other provision inthis part, if two or more consumersjointly obtain a product or service fromyou (joint consumers), the followingrules apply:

(i) You may provide a single notice toall of the joint consumers.


(iii) You may treat an opt outdirection by a joint consumer either as:



(iv) You must explain in your opt outnotice which of the two policies set




forth in paragraph (f)(1)(iii) of thissection you will follow.

(v) If you follow the policy set forthin paragraph (f)(1)(iii)(B) of this section,by treating the opt out of a jointconsumer as applying to that particularjoint consumer, you must also permit:


(B) One or more joint consumers tonotify you of their opt out directions ina single response.

(vi) You may not require all jointconsumers to opt out before youimplement any opt out direction.

(vii) If you receive an opt out by aparticular joint consumer that does notapply to the others, you may discloseinformation about the others as long asno information is disclosed about theconsumer who opted out.

(2) Example. If consumers A and B,who have different addresses, have ajoint checking account with you andarrange for you to send statements to A’saddress, you may do any of thefollowing, but you must explain in youropt out notice which opt out policy youwill follow. You may send a single optout notice to A’s address and:

(i) Treat an opt out direction by A asapplying to the entire account. If you doso and A opts out, you may not requireB to opt out as well beforeimplementing A’s opt out direction.

(ii) Treat A’s opt out direction asapplying to A only. If you do so, youmust also permit:


(B) A and B to notify you of their optout directions in a single response (suchas on a single form) if they choose togive separate opt out directions.

(iii) If A opts out only for A, and Bdoes not opt out, you may disclose optout information only about B, and notabout A and B jointly.

§ 222.9 Revised opt out notice.If you have provided a consumer with

one or more opt out notices and plan tocommunicate opt out information toyour affiliates about the consumer otherthan as described in those notices, youmust provide the consumer with arevised opt out notice that complieswith §§ 222.4 through 222.8.


If you provide a consumer with an optout notice and the consumer opts out,you must comply with the opt out assoon as reasonably practicable after youreceive it.

§ 222.11 Duration of opt out.An opt out remains effective until

revoked by the consumer in writing or

electronically, as long as the consumercontinues to have a relationship withyou. If the consumer’s relationship withyou terminates, the opt out willcontinue to apply to this information.However, a new notice and opportunityto opt out must be provided if theconsumer establishes a new relationshipwith you.

§ 222.12 Prohibition againstdiscrimination.

(a) In general. If a consumer is anapplicant for credit, you must notdiscriminate against the consumer if theconsumer opts out of yourcommunication of opt out informationto your affiliates.

(b) Examples of discriminationagainst an applicant. You discriminateagainst an applicant if you:

(1) Deny the applicant credit becausethe applicant opts out;

(2) Vary the terms of credit adverselyto the applicant such as by providingless favorable pricing terms to anapplicant who opts out; or

(3) Apply more stringent creditunderwriting standards to the applicantbecause the applicant opts out.


Appendix A to Part 222—SampleNotice


Notice of Your Opportunity to Opt Out ofInformation Sharing With Companies in OurCorporate Family

Information We Can Share With OurCorporate Family About You—Unless YouTell Us Not To

What Information: Unless you tell us notto, [Financial Institution] may share withcompanies in our Corporate familyinformation about you including:


• Information we obtain from a consumerreport, such as [provide illustrative examples,such as ‘‘your credit score or credit history’’];







If you prefer that we not share thisinformation with companies in our corporatefamily, you may direct us not to share thisinformation by doing the following [insertone or more of the reasonable means ofopting out listed below 1]: [call us toll free at{insert toll free number}]; or [visit our website at {insert web site address} and {providefurther instructions how to use the web siteoption}]; or [e-mail us at {insert the e-mailaddress}]; or [fill out and tear off the bottomof this sheet and mail to the followingaddress: {insert address}]; or [check theappropriate box on the attached form {attachform} and mail to the following address:{insert address}].


By order of the Board of Governors of theFederal Reserve System, October 11, 2000.Jennifer J. Johnson,Secretary of the Board.

Federal Deposit Insurance Corporation12 CFR Chapter III

Authority and IssuanceFor the reasons set out in the joint

preamble, chapter III of title 12 of theCode of Federal Regulations is proposedto be amended by adding a new part 334to read as follows:



information to affiliates.334.5 Contents of opt out notice.334.6 Reasonable opportunity to opt out.334.7 Reasonable means of opting out.334.8 Delivery of opt out notices.334.9 Revised opt out notice.334.10 Time by which opt out must be



Authority: 15 U.S.C. 1681s; 12 U.S.C.1819(a)(Tenth).



§ 334.1 Purpose and scope.

(a) Purpose. This part governs thecollection, communication, and use, bythe institutions listed in paragraph (b)(2)of this section, of certain informationbearing on a consumer’s creditworthiness, credit standing, creditcapacity, character, general reputation,personal characteristics, or mode ofliving.

(b) Scope. (1) Information covered.This part applies to information that isused or expected to be used or collectedin whole or in part for the purpose ofserving as a factor in establishing aconsumer’s eligibility for credit,insurance, employment, or any otherpurpose authorized under section 604 ofthe Fair Credit Reporting Act (15 U.S.C.1681b).

(2) Institutions covered. This partapplies to banks insured by the FDIC(other than members of the FederalReserve System) and insured statebranches of foreign banks.


§ 334.2 Examples.

The examples used in this part andthe sample notice in appendix A to thispart are not exclusive. Compliance withan example or use of the sample notice,to the extent applicable, constitutescompliance with this part.




















(iii) Notice on a web page. If youprovide a notice on a web page, youdesign your notice to call attention tothe nature and significance of theinformation it contains if:

(A) You place either the notice, or alink that connects directly to the noticeand that is labeled appropriately toconvey the importance, nature, andrelevance of the notice, on a page thatconsumers access often, such as a pageon which transactions are conducted;

(B) You use text or visual cues toencourage scrolling down the page ifnecessary to view the entire notice; and

(C) You ensure that other elements onthe web page (such as text, graphics,links, or sound) do not detract attentionfrom the notice.




The term means any written, oral, orother communication of any

information by a consumer reportingagency bearing on a consumer’s creditworthiness, credit standing, creditcapacity, character, general reputation,personal characteristics, or mode ofliving which is used or expected to beused or collected in whole or in part forthe purpose of serving as a factor inestablishing the consumer’s eligibilityfor:














(2) Control in any manner over theelection of a majority of the directors,



trustees, or general partners (orindividuals exercising similar functions)of the company; or

(3) The power to exercise, directly orindirectly, a controlling influence overthe management or policies of thecompany, as the FDIC determines.

(j) Opt out means a direction by aconsumer that you not communicate optout information about the consumer toone or more of your affiliates.






(m) You means banks insured by theFDIC (other than members of theFederal Reserve System) and insuredstate branches of foreign banks.






§ 334.5 Contents of opt out notice.

(a) In general. An opt out notice mustbe clear and conspicuous, and mustaccurately explain:






(1) Categories of opt out informationabout the consumer that you reserve theright to communicate to your affiliatesin the future but do not currentlycommunicate; and






representations made by a consumer;and

(iv) Provided by another personregarding its employment, credit, orother relationship with a consumer.










reasonable opportunity to opt out if youprovide a reasonable period of timefollowing the delivery of the opt outnotice for the consumer to opt out.
















§ 334.8 Delivery of opt out notices.(a) In general. You must deliver an opt








(2) You may not reasonably expectthat a consumer will receive actualnotice if you:

(i) Only post a sign in your branch oroffice or generally publishadvertisements presenting your notice;or

(ii) Send the notice via electronic mailto a consumer who does not obtain aproduct or service from youelectronically.














(iv) You must explain in your opt outnotice which of the two policies setforth in paragraph (f)(1)(iii) of thissection you will follow.












§ 334.9 Revised opt out notice.

If you have provided a consumer withone or more opt out notices and plan tocommunicate opt out information toyour affiliates about the consumer, otherthan as described in those notices, youmust provide the consumer with arevised opt out notice that complieswith §§ 334.4 through 334.8.


If you provide a consumer with an optout notice and the consumer opts out,you must comply with the opt out assoon as reasonably practicable after youreceive it.

§ 334.11 Duration of opt out.

An opt out remains effective untilrevoked by the consumer in writing orelectronically, as long as the consumercontinues to have a relationship withthe institution. If the consumer’srelationship with the institutionterminates, the opt out will continue toapply to this information. However, anew notice and opportunity to opt outmust be provided if the consumerestablishes a new relationship with theinstitution.


(a) In general. If a consumer is anapplicant for credit, you must notdiscriminate against the consumer if theconsumer opts out of the yourcommunication of opt out informationto your affiliates.








Notice of Your Opportunity To Opt Out ofInformation Sharing With Companies in OurCorporate Family






• Information we obtain from a personregarding its employment, credit, or otherrelationship with you, such as [provide




illustrative examples, such as ‘‘youremployment history’’].





If you prefer that we not share thisinformation with companies in our corporatefamily, you may direct us not to share thisinformation by doing the following [insertone or more of the reasonable means ofopting out listed below1]: [call us toll free at{insert toll free number}]; or [visit our website at {insert web site address} and {providefurther instructions how to use the web siteoption}]; or [e-mail us at {insert the e-mailaddress}]; or [fill out and tear off the bottomof this sheet and mail to the followingaddress: {insert address}]; or [check theappropriate box on the attached form {attachform} and mail to the following address:{insert address}].


By order of the Board of Directors, FederalDeposit Insurance Corporation.

Dated at Washington, D.C., this 25th day ofSeptember, 2000.

Robert E. Feldman,Executive Secretary.


12 CFR Chapter V

Authority and Issuance

For the reasons set out in the jointpreamble, OTS proposes to amendchapter V of title 12 of the Code ofFederal Regulations by adding a newpart 571 to read as follows:



information to affiliates.571.5 Content of opt out notice.571.6 Reasonable opportunity to opt out.571.7 Reasonable means of opting out.571.8 Delivery of opt out notice.571.9 Revised opt out notice.

571.10 Time by which opt out must behonored.

571.11 Duration of opt out.571.12 Prohibition against discrimination.


Authority: 12 U.S.C. 1462a, 1463, 1464,1467a, 1828; 15 U.S.C. 1681s.

§ 571.1 Purpose and scope.

(a) Purpose. This part governs thecollection, communication, and use, bythe institutions listed in paragraph (b)(2)of this section, of certain informationbearing on a consumer’s creditworthiness, credit standing, creditcapacity, character, general reputation,personal characteristics, or mode ofliving.

(b) Scope. (1) Information covered.This part applies to information that isused or expected to be used or collectedin whole or in part for the purpose ofserving as a factor in establishing aconsumer’s eligibility for credit,insurance, employment, or any otherpurpose authorized under section 604 ofthe Fair Credit Reporting Act (15 U.S.C.1681b).

(2) Institutions covered. This partapplies to savings associations whosedeposits are insured by the FederalDeposit Insurance Corporation.


§ 571.2 Examples.

The examples used in this part andthe model form in appendix A to thispart are not exclusive. Compliance withan example or use of the sample notice,to the extent applicable, constitutescompliance with this part.




















(iii) Notice on a web page. If youprovide a notice on a web page, youdesign your notice to call attention tothe nature and significance of theinformation it contains if:

(A) You place either the notice, or alink that connects directly to the noticeand that is labeled appropriately toconvey the importance, nature, andrelevance of the notice, on a page thatconsumers access often, such as a pageon which transactions are conducted;

(B) You use text or visual cues toencourage scrolling down the page ifnecessary to view the entire notice; and

(C) You ensure that other elements onthe web page (such as text, graphics,links, or sound) do not detract attentionfrom the notice.


(e) Company means any corporation,limited liability company, business



trust, general or limited partnership,association, or similar organization.


The term means any written, oral, orother communication of anyinformation by a consumer reportingagency bearing on a consumer’s creditworthiness, credit standing, creditcapacity, character, general reputation,personal characteristics, or mode ofliving which is used or expected to beused or collected in whole or in part forthe purpose of serving as a factor inestablishing the consumer’s eligibilityfor:













vote 25 percent or more of the

outstanding shares of any class of votingsecurity of the company, directly orindirectly, or acting through one ormore other persons;

(2) Control in any manner over theelection of a majority of the directors,trustees, or general partners (orindividuals exercising similar functions)of the company; or

(3) The power to exercise, directly orindirectly, a controlling influence overthe management or policies of thecompany, as OTS determines.

(j) Opt out means a direction by aconsumer that you not communicate optout information about the consumer toone or more of your affiliates.






(m) You means savings associationswhose deposits are insured by theFederal Deposit Insurance Corporation.






§ 571.5 Content of opt out notice.(a) In general. An opt out notice must







(1) Categories of opt out informationabout the consumer that you reserve theright to communicate to your affiliatesin the future but do not currentlycommunicate; and














(i) Financial service providers; and



(ii) Non-financial companies.(f) Sample notice. A sample notice is



reasonable opportunity to opt out if youprovide a reasonable period of timefollowing the delivery of the opt outnotice for the consumer to opt out.












(c) Methods that are not reasonablyconvenient. Examples of methods thatare not reasonably convenient include:




§ 571.8 Delivery of opt out notice.(a) In general. You must deliver an opt






(iv) You may not reasonably expectthat a consumer will receive actualnotice if you:

(A) Only post a sign in your branchor office or generally publishadvertisements presenting your notice;or

(B) Send the notice via electronic mailto a consumer who does not obtain aproduct or service from youelectronically.














(iv) You must explain in your opt outnotice which of the two policies setforth in paragraph (f)(1)(iii) of thissection you will follow.












§ 571.9 Revised opt out notice.If you have provided a consumer with

one or more opt out notices and plan tocommunicate opt out information toyour affiliates about the consumer, otherthan as described in those notices, youmust provide the consumer with arevised opt out notice that complieswith §§ 571.4 through 571.8.


If you provide a consumer with an optout notice and the consumer opts out,




you must comply with the opt out assoon as reasonably practicable after youreceive it.

§ 571.11 Duration of opt out.

An opt out remains effective untilrevoked by the consumer in writing orelectronically, as long as the consumercontinues to have a relationship withthe institution. If the consumer’srelationship with the institutionterminates, the opt out will continue toapply to this information. However, anew notice and opportunity to opt outmust be provided if the consumerestablishes a new relationship with theinstitution.


(a) In general. You must notdiscriminate against a consumer who isan applicant for credit because theconsumer opts out of yourcommunication of opt out informationto your affiliates.





(c) Regulation B. The terms‘‘applicant’’ and ‘‘discriminate against’’

in this section have the same meaningsascribed to them in 12 CFR part 202.



Notice of Your Opportunity to Opt Out ofInformation Sharing With Companies in OurCorporate Family








• Financial service providers, such as[provide illustrative examples, such as

‘‘mortgage bankers, broker-dealers, andinsurance agents’’]; and



If you prefer that we not share thisinformation with companies in our corporatefamily, you may direct us not to share thisinformation by doing the following [insertone or more of the reasonable means ofopting out listed below1]: [call us toll free at{insert toll free number}]; or [visit our website at {insert web site address} and {providefurther instructions how to use the web siteoption}]; or [e-mail us at {insert the e-mailaddress}]; or [fill out and tear off the bottomof this sheet and mail to the followingaddress: {insert address}]; or [check theappropriate box on the attached form {attachform} and mail to the following address:{insert address}].


Dated: September 29, 2000.By the Office of Thrift Supervision.

Ellen Seidman,Director.[FR Doc. 00–26601 Filed 10–19–00; 8:45 am]BILLING CODE 4810–33–P; 6210–01P; 6714–01–P; 6720–01–P


department of the treasury - ffiec home page · department of the treasury office of the...

Documents