Each month we will serve up cans of Alphabet Soup applicable to the
mortgage industry. Each flavor of Alphabet Soup will include the soup’s
acronym and its actual name, and a hyperlink to the regulation, law, or
rule from the agency that administers it. It’s all right here; relax and enjoy
reading your favorite bowl of Mortgage Compliance Alphabet Soup.
COMPLIANCE ALPHABET SOUPS
Compliance Alphabet Soups
GRAMM LEACH BLILEY ACT
The Financial Services Modernization Act of 1999 is commonly known as the ‘Gramm
Leach Bliley Act (GLBA)’ for the members of Congress instrumental in its creation. GLBA
included requirements for privacy of consumer financial information, including disclosures
about collecting, maintaining, sharing, and using the information, and security of the
information. ‘The Privacy Act,’ as it is commonly called, is codified in Regulation P – Privacy
of Consumer Financial Information.
Regulation P requires a financial institution to provide notice to customers about its
privacy policies and practices; describe the conditions under which a financial institution
may disclose nonpublic personal information about consumers to nonaffiliated third
parties; and, provide a method for consumers to prevent a financial institution from
disclosing the information to most non-affiliated third parties by exercising the right to “opt
out” of the disclosure. Until 2015, financial institutions were required to send an annual
privacy notice to their customers. The Fixing America’s Surface Transportation Act (FASTA) amended GLBA,
The exception to the annual delivery requirement is available to a financial institution that:
i. provides nonpublic personal information only in accordance with the provisions of subsection (b)(2) or (e) of
section 502 of GLBA or the regulations prescribed under section 504(b) of GLBA; and
ii. has not changed its policies and practices with regard to disclosing nonpublic personal information from the
most recent privacy notice it sent to consumers.
Otherwise, an annual notice is still required.
For the purposes of Regulation P, definition of key terms is very important. Financial institution means
any institution the business of which is engaging in financial activities, including, but not limited to: a retailer
that extends credit by issuing its own credit card; a personal property or real estate appraiser; an automobile
dealership; a check cashing, wire transfer, or money order sales business; an entity that provides real estate
settlement services or mortgage broker services; or an investment advisor.
Nonpublic personal information means personally identifiable financial information and any list, description,
or other grouping of consumers (and publicly available information pertaining to them) that is derived using any
personally identifiable financial information that is not publicly available.
Privacy of consumer financial information was a major component of the GLBA; however, a number of other
significant changes to the financial services industry were ushered in under GLBA, including, but not limited to:
• Repealing Glass-Steagall Act limitations on banks to affiliate with securities and insurance companies;
• Creating the ‘financial holding company,’ a type of company that allows nonbanking subsidiaries (and
banking subsidiaries) that can engage in insurance and securities underwriting;
• Allowing federally-chartered banks to have financial subsidiaries that engage in many of the activities allowed
financial holding companies;
• Guiding the frequency of Community Reinvestment Act (CRA) examinations and creating some new
disclosures for CRA;
• Facilitating the Federal Home Loan Bank System’s process to lend to small banks; and,
• Requiring certain automated teller machine (ATM) disclosures.