NPI - Non-Public Information, any personally identifiable financial information that a
financial institution collects about the individual in connection with a financial product or
service
Privacy Policy (Statement) Requirements - - Categories from information collected (NPI
from application or third party)
- Information Disclosed (Info From application, phone, social security, account
information)
- Whom you disclose the information to
- Any disclosures requirement by the fair credit reporting act
- If you are disclosing NPI to a NA3P
How does the privacy rule require the privacy notice to be delivered? - Requires it to be
delivered in writing unless the customer/consumer wants it electronically in that case it
needs to be acknowledged that it will be done electronically.
Safeguard Rule - This rule sets 5 requirements of each financial institutions safeguard
rule
Requirement 1 of Safeguard Rule (D1+ECS) - Delegate one or more employees to
coordinate the safeguard.
Requirement 3 of Safeguard Rule (DISPMT) - Design and implement a safeguard
program that needs to be monitored and tested frequently
Requirement 4 of Safeguard Rule (SelectCSPIS) - Select and contact appropriate
service providers to implement safeguards
Requirement 5 of Safeguard Rule (EvalAdj) - Evaluate and adjust the program in light of
relevant circumstances
Security Plan - Should address employee management, training, information systems,
and managing system failures
In financial institutions why are background checks recommended - So if there are
employees accessing information through the computer are cleared first
Which employees should have access to customer information - Only employees that
go through security training
Information systems that should be protected and secured - Networks
Filing cabinets
Software servers
Information should be - Backed up regularly
,protected from security assaults
SSL
SSL - Secure Sockets Layer
Pre-Texting - Uses a variety of tactics to obtain personal information consumers
Ex: Saying that you are from a surveying company is not okay and is an example of
Pre-Texting
Companies that are exempt from Do Not Call Rules - - Banks
- Credit Unions
- Federal Saving and Loan Airlines
- Long Distance Telephone Companies
Who is not allowed to call a client on the DNC registry - Telemarketers
30 days defines what on the DNC registry - How many days they have to comply with
the request to be put on the DNC list
DNC Registry is compromised of what - Numbers submitted by consumers who wish to
be included on the registry
DNC Covers - Any "Plan, Program, Or campaign to sell goods or services involving
interstate phone calls"
How often must telemarketers consult do not call registry for updates? - 31 days
31 days is defined as the time period for what on the DNC registry - How often
telemarketers should consult the DNC registry
How much can a company be fined for violating the DNC rules? - $16,000
Can a phone call be considered a violation under DNC? - Yes
Safe Harbor for DNC 5 of them - - Written Procedures to comply with the rules
- Train personnel according to the rules
- Maintain an entity specific list
- Maintain records of compliance
- Calls mistakenly made that violate the DNC
Business Relationship Exemption (DNC) - A client can call a client on the DNC registry
if they have a business relationship and that client has not specifically asked them to be
taken off the list
,A business relationship is formed in which two ways - 1. a consumers purchase, rental.
or lease of goods from the seller or a financial transaction between the consumer and
the seller within 18 months of the telemarketing call
2. an inquiry within 3 months of the call
Getting consent over the phone - Must be Clear and Conspicuous and must connect
with the representative within 2 seconds of the intro
FCC - Federal Communications Commission
The DNF defines a business relationship as the following - A prior or existing
relationship formed by a voluntary two way communication between person and a
business because of inquiries, application
When an EBR is established a fax may be sent if - - you get a fax number directly from
the client
- get a number from a directory, advertisement or website
If an EBR was established before ______ you may ..? - July 9th, 2005
You may send a fax without saying where the number was obtained
Who is in charge with enforcing Junk Fax Prevention? - FCC
FACTA - Fair Credit Reporting Act
Red flags rule is required under what act made in 2003? - FACTA (Fair Credit Reporting
Act)
FACTA Requires - That numerous agencies to issue regulations and guidelines
regarding detection of identity theft
FTC - Federal Trade Commission
Was issued in response to a growing issue.. - Red Flags Rule
How many victims of identity theft are there in america - 9 million a year
Which businesses does the Red Flag Rule apply to? - Businesses defined as a financial
institution
All affected businesses must... - Have a written plan to prevent identity theft as well as
have it approved by the board of directors or a senior level employee
4 Requirements for the plan to prevent identity theft - - plan must include reasonable
policies/procedures to identify red flags
- Must be designed to detect certain red flags
, - Must detail what actions are to be taken if there is a red flag
- Update protection flags
FTC Recommends that 3 issues are to be considered - Risk Factors
Sources of Red Flags
Categories of Red Flags
Risk Factors - Knowing that different transactions will involve different risk factors
Sources of Risk Factors - Borrowers
Multiple Sources
Categories of Risk Factors - - Consumers Credit Report
- Loan Application
What Red Flags could there be in a consumers Credit Report? - Active Duty Alert
Unusual Recent Activity
Credit Freeze Alert
Comparing addresses on credit
An example of a Red Flag under the Red Flags Rule would include all of the following
except
- Moving to Another State
- Mail Sent to a borrower that had was sent back as "Undeliverable"
- Borrower Active Duty
- Different Address given day of submission - - Moving to another State
What Red Flags could there be in a consumers Loan Application? - Documentation that
looks forged or altered
Verifying picture ID's
Borrowers Age
Death Master Filed (a social security belonging to the deceased)
Same info on different applications
Invalid address or P.O Box
Mailing and it is returned
Applications with blank information
5 steps to take to prevent identity theft - Read credit card and bank statements often
and carefully
Know your payment due dates
Read statements from health insurances and make sure you got the treatment that it
says on the paper
Shred all documents containing any personal or financial information
Review your credit reports at least once a year
financial institution collects about the individual in connection with a financial product or
service
Privacy Policy (Statement) Requirements - - Categories from information collected (NPI
from application or third party)
- Information Disclosed (Info From application, phone, social security, account
information)
- Whom you disclose the information to
- Any disclosures requirement by the fair credit reporting act
- If you are disclosing NPI to a NA3P
How does the privacy rule require the privacy notice to be delivered? - Requires it to be
delivered in writing unless the customer/consumer wants it electronically in that case it
needs to be acknowledged that it will be done electronically.
Safeguard Rule - This rule sets 5 requirements of each financial institutions safeguard
rule
Requirement 1 of Safeguard Rule (D1+ECS) - Delegate one or more employees to
coordinate the safeguard.
Requirement 3 of Safeguard Rule (DISPMT) - Design and implement a safeguard
program that needs to be monitored and tested frequently
Requirement 4 of Safeguard Rule (SelectCSPIS) - Select and contact appropriate
service providers to implement safeguards
Requirement 5 of Safeguard Rule (EvalAdj) - Evaluate and adjust the program in light of
relevant circumstances
Security Plan - Should address employee management, training, information systems,
and managing system failures
In financial institutions why are background checks recommended - So if there are
employees accessing information through the computer are cleared first
Which employees should have access to customer information - Only employees that
go through security training
Information systems that should be protected and secured - Networks
Filing cabinets
Software servers
Information should be - Backed up regularly
,protected from security assaults
SSL
SSL - Secure Sockets Layer
Pre-Texting - Uses a variety of tactics to obtain personal information consumers
Ex: Saying that you are from a surveying company is not okay and is an example of
Pre-Texting
Companies that are exempt from Do Not Call Rules - - Banks
- Credit Unions
- Federal Saving and Loan Airlines
- Long Distance Telephone Companies
Who is not allowed to call a client on the DNC registry - Telemarketers
30 days defines what on the DNC registry - How many days they have to comply with
the request to be put on the DNC list
DNC Registry is compromised of what - Numbers submitted by consumers who wish to
be included on the registry
DNC Covers - Any "Plan, Program, Or campaign to sell goods or services involving
interstate phone calls"
How often must telemarketers consult do not call registry for updates? - 31 days
31 days is defined as the time period for what on the DNC registry - How often
telemarketers should consult the DNC registry
How much can a company be fined for violating the DNC rules? - $16,000
Can a phone call be considered a violation under DNC? - Yes
Safe Harbor for DNC 5 of them - - Written Procedures to comply with the rules
- Train personnel according to the rules
- Maintain an entity specific list
- Maintain records of compliance
- Calls mistakenly made that violate the DNC
Business Relationship Exemption (DNC) - A client can call a client on the DNC registry
if they have a business relationship and that client has not specifically asked them to be
taken off the list
,A business relationship is formed in which two ways - 1. a consumers purchase, rental.
or lease of goods from the seller or a financial transaction between the consumer and
the seller within 18 months of the telemarketing call
2. an inquiry within 3 months of the call
Getting consent over the phone - Must be Clear and Conspicuous and must connect
with the representative within 2 seconds of the intro
FCC - Federal Communications Commission
The DNF defines a business relationship as the following - A prior or existing
relationship formed by a voluntary two way communication between person and a
business because of inquiries, application
When an EBR is established a fax may be sent if - - you get a fax number directly from
the client
- get a number from a directory, advertisement or website
If an EBR was established before ______ you may ..? - July 9th, 2005
You may send a fax without saying where the number was obtained
Who is in charge with enforcing Junk Fax Prevention? - FCC
FACTA - Fair Credit Reporting Act
Red flags rule is required under what act made in 2003? - FACTA (Fair Credit Reporting
Act)
FACTA Requires - That numerous agencies to issue regulations and guidelines
regarding detection of identity theft
FTC - Federal Trade Commission
Was issued in response to a growing issue.. - Red Flags Rule
How many victims of identity theft are there in america - 9 million a year
Which businesses does the Red Flag Rule apply to? - Businesses defined as a financial
institution
All affected businesses must... - Have a written plan to prevent identity theft as well as
have it approved by the board of directors or a senior level employee
4 Requirements for the plan to prevent identity theft - - plan must include reasonable
policies/procedures to identify red flags
- Must be designed to detect certain red flags
, - Must detail what actions are to be taken if there is a red flag
- Update protection flags
FTC Recommends that 3 issues are to be considered - Risk Factors
Sources of Red Flags
Categories of Red Flags
Risk Factors - Knowing that different transactions will involve different risk factors
Sources of Risk Factors - Borrowers
Multiple Sources
Categories of Risk Factors - - Consumers Credit Report
- Loan Application
What Red Flags could there be in a consumers Credit Report? - Active Duty Alert
Unusual Recent Activity
Credit Freeze Alert
Comparing addresses on credit
An example of a Red Flag under the Red Flags Rule would include all of the following
except
- Moving to Another State
- Mail Sent to a borrower that had was sent back as "Undeliverable"
- Borrower Active Duty
- Different Address given day of submission - - Moving to another State
What Red Flags could there be in a consumers Loan Application? - Documentation that
looks forged or altered
Verifying picture ID's
Borrowers Age
Death Master Filed (a social security belonging to the deceased)
Same info on different applications
Invalid address or P.O Box
Mailing and it is returned
Applications with blank information
5 steps to take to prevent identity theft - Read credit card and bank statements often
and carefully
Know your payment due dates
Read statements from health insurances and make sure you got the treatment that it
says on the paper
Shred all documents containing any personal or financial information
Review your credit reports at least once a year
