Skip to main content
U.S. flag
An official website of the United States government
Dot gov
The .gov means it’s official. 
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.
Https
The site is secure. 
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.
INACTIVE
This page is no longer active. Its content has expired or been rescinded by the FDIC.


TO: CHIEF EXECUTIVE OFFICER AND COMPLIANCE OFFICER
SUBJECT: Guidance on the Timing and Preparation of Privacy Notices to Conform to Fair Credit Reporting Act Requirements

The attached Federal Register notice provides an update on the status of an interagency rulemaking regarding the sharing of information with affiliates under provisions of the Fair Credit Reporting Act (FCRA). In particular, the notice advises that the final FCRA rule will not apply to Gramm-Leach-Bliley Act (GLBA) privacy notices that a financial institution sends prior to January 1, 2002, or the effective date of a final FCRA rule, whichever is later. Accordingly, financial institutions are instructed to prepare privacy notices in accordance with the GLBA privacy regulation and the FCRA by the previously announced deadline of July 1, 2001, without delaying compliance until publication of the final FCRA rule.

On October 1, 2000, the FDIC and the other federal regulatory agencies published for comment proposed regulations implementing provisions of the FCRA. The FCRA permits financial institutions to share information about consumers with their affiliates without incurring the obligations of consumer reporting agencies if consumers are given an opportunity to "opt out." The proposed regulations addressed the form, content and means of delivery of FCRA opt-out notices.

The banking agencies received approximately 500 comments on the proposed regulations. Many of the comments asked how the FCRA rulemaking might affect compliance with the final regulation that implements the privacy provisions of the GLBA, particularly the July 1, 2001, compliance deadline for delivering required privacy notices. In addition, many financial institutions expressed concerns that they might be required to revise and reissue their privacy notices if the FCRA opt-out notices they included in their privacy notices are inconsistent with final FCRA regulations.

As part of the final FCRA rulemaking process, the banking agencies will carefully consider and address requests that the final FCRA rule contain an effective date that gives financial institutions adequate time to comply with the final FCRA rule and the privacy regulations. Specifically, the final FCRA rule will not require financial institutions to revise privacy notices, prepared in reliance on existing FCRA law and interpretation, sent to consumers prior to January 1, 2002, or the effective date of the final FCRA regulation, whichever is later.

For more information, please contact Ken Baebel (202-942-3086), Assistant Director - Compliance Policy, FDIC Division of Compliance and Consumer Affairs, or Ann Johnson (202-898-3573) or Nancy Schucker Recchia (202-898-8885), Counsels in the FDIC Legal Division.

Stephen M. Cross
Director

Attachment: March 27, 2001, Federal Register , pages 16624-16625
HTML or PDF (35 KB File - PDF Help or Hard Copy )

Distribution: FDIC-Supervised Banks (Commercial and Savings)

NOTE: Paper copies of FDIC financial institution letters may be obtained through the FDIC's Public Information Center, 801 17th Street, NW, Room 100, Washington, DC 20434 (800-276-6003 or (703) 562-2200).


Last Updated: March 27, 2001