Compliance Blog

Posted by Anthony Demangone

I know that some of you are putting the final touches on your credit union's privacy policy to align it with the new model privacy form.  I'm not going to go into the nuts and bolts of the new model privacy form.  I did this post earlier that covered the "nuts and bolts" issues.  Today, I want to touch on two common questions that we've seen.

1. I don't see a requirement to post our privacy policy on our web site site.  Really? Yes, really.  There's no requirement to post your privacy policy there.  Keep in mind, not every credit union has a web site.  The requirement is to deliver it at account opening, and thereafter on an annual basis per the privacy regulation's requirements.  Again - there's no requirement to post it on your website.  But here's a thought: why wouldn't you post your privacy policy online? 
2. The next question comes in two flavors.  Flavor one: Do we have to use the new form? Flavor two: There is no way we're going to have our form ready by January 1, 2011.  I know the Mayans think the world is ending in 2012, but I fear our demise might come one year earlier based on our progress with this project.  No - there's no requirement to use the new form.  It is a model form, and if you use it according to its requirements beginning on January 1, 2011 - you'll exist in the regulatory Nirvana known as "Safe Harborville." Put another way, regulators and others will not be able to criticize your form if you use it properly.  If you don't have your new form ready on January 1, 2011, will the world end?  I really hope not based on my conversations with a few credit unions.  I'll just say this much...the regulators have given us a model form that provides a safe harbor.  If you don't take advantage of it on January 1, 2011, you will increase your compliance risk.  How much?  I can't speak for the regulators.  But I'll say this: which form would you rather have as your form if an examiner walked into your office on January 1, 2011?  (OK, I understand your credit union is likely closed that day to allow all employees to watch the "can't miss" Outback Bowl, featuring the football powerhouses Penn State and Florida.  But you get my point.)

Here are some other issues that caught my eye.

• Here's yet another wonderful post on overdraft protection from the Bank Lawyer's Blog that provides another view of the recently issued FDIC overdraft protection guidance.  You should read this guy's blog. Every day. And twice on Tuesdays.
• The Fed has issued this notice, WHICH CONTAINS THE INTER-AGENCY EXAM PROCEDURES FOR RISK-BASED PRICING NOTICES. I would have made that text blink if I had a clue about computers and such.  This is a nice little Holiday Gift from the Fed which should give us a better idea of regulator expectations on this issue.  And based on the emails and calls we've been receiving, quite a few of you are still working on this issue.

PS: Apologies for letting Pearl Harbor Day pass without mention yesterday. Shame on me. To any and all veterans out there, many thanks.