Fair Credit Reporting Affiliate Marketing Regulations, 62910-62990 [07-5349]
Download as PDF
62910
Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations
DEPARTMENT OF THE TREASURY
Office of the Comptroller of the
Currency
12 CFR Part 41
[Docket ID. OCC–2007–0010]
RIN 1557–AC88
FEDERAL RESERVE SYSTEM
12 CFR Part 222
[Regulation V; Docket No. R–1203]
FEDERAL DEPOSIT INSURANCE
CORPORATION
12 CFR Part 334
RIN 3064–AC83
DEPARTMENT OF THE TREASURY
Office of Thrift Supervision
12 CFR Part 571
[Docket ID. OTS–2007–0020]
RIN 1550–AB90
NATIONAL CREDIT UNION
ADMINISTRATION
12 CFR Part 717
Fair Credit Reporting Affiliate
Marketing Regulations
Office of the Comptroller of
the Currency, Treasury (OCC); Board of
Governors of the Federal Reserve
System (Board); Federal Deposit
Insurance Corporation (FDIC); Office of
Thrift Supervision, Treasury (OTS); and
National Credit Union Administration
(NCUA).
ACTION: Final rules.
AGENCIES:
The OCC, Board, FDIC, OTS,
and NCUA (Agencies) are publishing
final rules to implement the affiliate
marketing provisions in section 214 of
the Fair and Accurate Credit
Transactions Act of 2003, which
amends the Fair Credit Reporting Act.
The final rules generally prohibit a
person from using information received
from an affiliate to make a solicitation
for marketing purposes to a consumer,
unless the consumer is given notice and
a reasonable opportunity and a
reasonable and simple method to opt
out of the making of such solicitations.
DATES: Effective Date: These rules are
effective January 1, 2008.
Mandatory Compliance Date: October
1, 2008.
FOR FURTHER INFORMATION CONTACT:
OCC: Amy Friend, Assistant Chief
rwilkins on PROD1PC63 with RULES_2
SUMMARY:
VerDate Aug<31>2005
16:20 Nov 06, 2007
Jkt 214001
Counsel, (202) 874–5200; Michael
Bylsma, Director, or Stephen Van Meter,
Assistant Director, Community and
Consumer Law, (202) 874–5750; or
Patrick T. Tierney, Senior Attorney,
Legislative and Regulatory Activities
Division, (202) 874–5090, Office of the
Comptroller of the Currency, 250 E
Street, SW., Washington, DC 20219.
Board: David A. Stein, Counsel; Ky
Tran-Trong, Counsel; or Amy E. Burke,
Attorney, Division of Consumer and
Community Affairs, (202) 452–3667 or
(202) 452–2412; or Kara Handzlik,
Attorney, Legal Division, (202) 452–
3852, Board of Governors of the Federal
Reserve System, 20th and C Streets,
NW., Washington, DC 20551. For users
of a Telecommunications Device for the
Deaf (TDD) only, contact (202) 263–
4869.
FDIC: Ruth R. Amberg, Senior
Counsel, (202) 898–3736, or Richard M.
Schwartz, Counsel, Legal Division, (202)
898–7424; April Breslaw, Chief,
Compliance Section, (202) 898–6609;
David P. Lafleur, Policy Analyst,
Division of Supervision and Consumer
Protection, (202) 898–6569, Federal
Deposit Insurance Corporation, 550 17th
Street, NW., Washington, DC 20429.
OTS: Suzanne McQueen, Consumer
Regulations Analyst, Compliance and
Consumer Protection Division, (202)
906–6459; or Richard Bennett, Senior
Compliance Counsel, (202) 906–7409,
Office of Thrift Supervision, 1700 G
Street, NW., Washington, DC 20552.
NCUA: Linda Dent, Staff Attorney,
Office of General Counsel, (703) 518–
6540, National Credit Union
Administration, 1775 Duke Street,
Alexandria, VA 22314–3428.
SUPPLEMENTARY INFORMATION:
I. Background
The Fair Credit Reporting Act
The Fair Credit Reporting Act (FCRA
or Act), which was enacted in 1970, sets
standards for the collection,
communication, and use of information
bearing on a consumer’s credit
worthiness, credit standing, credit
capacity, character, general reputation,
personal characteristics, or mode of
living. (15 U.S.C. 1681–1681x.) In 1996,
the Consumer Credit Reporting Reform
Act extensively amended the FCRA.
(Pub. L. 104–208, 110 Stat. 3009.)
The FCRA, as amended, provides that
a person may communicate to an
affiliate or a non-affiliated third party
information solely as to transactions or
experiences between the consumer and
the person without becoming a
PO 00000
Frm 00002
Fmt 4701
Sfmt 4700
consumer reporting agency.1 In
addition, the communication of such
transaction or experience information
among affiliates will not result in any
affiliate becoming a consumer reporting
agency. See FCRA §§ 603(d)(2)(A)(i) and
(ii).
Section 603(d)(2)(A)(iii) of the FCRA
provides that a person may
communicate ‘‘other’’ information—that
is, information that is not transaction or
experience information—among its
affiliates without becoming a consumer
reporting agency if it is clearly and
conspicuously disclosed to the
consumer that such information may be
communicated among affiliates and the
consumer is given an opportunity,
before the information is
communicated, to ‘‘opt out’’ or direct
that the information not be
communicated among such affiliates,
and the consumer has not opted out.
The Fair and Accurate Credit
Transactions Act of 2003
The President signed into law the Fair
and Accurate Credit Transactions Act of
2003 (FACT Act) on December 4, 2003.
(Pub. L. 108–159, 117 Stat. 1952.) In
general, the FACT Act amends the
FCRA to enhance the ability of
consumers to combat identity theft,
increase the accuracy of consumer
reports, restrict the use of medical
information in credit eligibility
determinations, and allow consumers to
exercise greater control regarding the
type and number of solicitations they
receive.
Section 214 of the FACT Act added a
new section 624 to the FCRA. This
provision gives consumers the right to
restrict a person from using certain
information obtained from an affiliate to
make solicitations to that consumer.
Section 624 generally provides that if a
person receives certain consumer
eligibility information from an affiliate,
the person may not use that information
to make solicitations to the consumer
about its products or services, unless the
consumer is given notice and an
opportunity and a simple method to opt
out of such use of the information, and
the consumer does not opt out. The
statute also provides that section 624
does not apply, for example, to a person
using eligibility information: (1) To
make solicitations to a consumer with
whom the person has a pre-existing
business relationship; (2) to perform
services for another affiliate subject to
certain conditions; (3) in response to a
communication initiated by the
1 The FCRA creates substantial obligations for a
person that meets the definition of a ‘‘consumer
reporting agency’’ in section 603(f) of the statute.
E:\FR\FM\07NOR2.SGM
07NOR2
Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations
rwilkins on PROD1PC63 with RULES_2
consumer; or (4) to make a solicitation
that has been authorized or requested by
the consumer. Unlike the FCRA affiliate
sharing opt-out and the Gramm-LeachBliley Act (GLBA) non-affiliate sharing
opt-out, which apply indefinitely,
section 624 provides that a consumer’s
affiliate marketing opt-out election must
be effective for a period of at least five
years. Upon expiration of the opt-out
period, the consumer must be given a
renewal notice and an opportunity to
renew the opt-out before information
received from an affiliate may be used
to make solicitations to the consumer.
Section 624 governs the use of
information by an affiliate, not the
sharing of information among affiliates,
and thus is distinct from the affiliate
sharing opt-out under section
603(d)(2)(A)(iii) of the FCRA.
Nevertheless, the affiliate marketing and
affiliate sharing opt-outs and the
information subject to the two opt-outs
overlap to some extent. As noted above,
the FCRA allows transaction or
experience information to be shared
among affiliates without giving the
consumer notice and an opportunity to
opt out, but provides that ‘‘other’’
information, such as information from
credit reports and credit applications,
may not be shared among affiliates
without giving the consumer notice and
an opportunity to opt out. The new
affiliate marketing opt-out applies to
both transaction or experience
information and ‘‘other’’ information.
Thus, certain information will be
subject to two opt-outs, a sharing optout and a marketing use opt-out.
Section 214(b) of the FACT Act
requires the Agencies, the Federal Trade
Commission (FTC), and the Securities
and Exchange Commission (SEC) to
prescribe regulations, in consultation
and coordination with each other, to
implement the FCRA’s affiliate
marketing opt-out provisions. In
adopting regulations, each Agency must
ensure that the affiliate marketing
notification methods provide a simple
means for consumers to make choices
under section 624, consider the affiliate
sharing notification practices employed
on the date of enactment by persons
subject to section 624, and ensure that
notices may be coordinated and
consolidated with other notices required
by law.
II. The Interagency Proposal
On July 15, 2004, the Agencies
published a notice of proposed
rulemaking in the Federal Register (69
FR 42502) to implement section 214 of
VerDate Aug<31>2005
16:20 Nov 06, 2007
Jkt 214001
the FACT Act.2 The proposal defined
the key terms ‘‘pre-existing business
relationship’’ and ‘‘solicitation’’
essentially as defined in the statute. The
Agencies did not propose to include
additional circumstances within the
meaning of ‘‘pre-existing business
relationship’’ or other types of
communications within the meaning of
‘‘solicitation.’’
To address the scope of the affiliate
marketing opt-out, the proposal defined
‘‘eligibility information’’ to mean any
information the communication of
which would be a ‘‘consumer report’’ if
the statutory exclusions from the
definition of ‘‘consumer report’’ in
section 603(d)(2)(A) of the FCRA for
transaction or experience information
and for ‘‘other’’ information that is
subject to the affiliate-sharing opt-out
did not apply. The Agencies substituted
the term ‘‘eligibility information’’ for the
more complicated statutory language
regarding the communication of
information that would be a consumer
report, but for clauses (i), (ii), and (iii)
of section 603(d)(2)(A) of the FCRA.3 In
addition, the proposal incorporated
each of the scope limitations contained
in the statute, such as the pre-existing
business relationship exception.
Section 624 does not state which
affiliate must give the consumer the
affiliate marketing opt-out notice. The
proposal provided that the person
communicating information about a
consumer to its affiliate would be
responsible for satisfying the notice
requirement, if applicable. A rule of
construction provided flexibility to
allow the notice to be given by the
person that communicates information
to its affiliate, by the person’s agent, or
through a joint notice with one or more
other affiliates. The Agencies designed
this approach to provide flexibility and
to facilitate the use of a single
coordinated notice, while taking into
account existing affiliate sharing
notification practices. At the same time,
the approach sought to ensure that the
2 The FTC published its proposed affiliate
marketing rule in the Federal Register on June 15,
2004 (69 FR 33324). The SEC published its
proposed affiliate marketing rule in the Federal
Register on July 14, 2004 (69 FR 42301).
3 Under section 603(d)(1) of the FCRA, a
‘‘consumer report’’ means any written, oral, or other
communication of any information by a consumer
reporting agency bearing on a consumer’s credit
worthiness, credit standing, credit capacity,
character, general reputation, personal
characteristics, or mode of living which is used or
expected to be used or collected in whole or in part
for the purpose of serving as a factor in establishing
the consumer’s eligibility for credit or insurance to
be used primarily for personal, family, or household
purposes, employment purposes, or any other
purpose authorized in section 604 of the FCRA. 15
U.S.C. 1681a(d).
PO 00000
Frm 00003
Fmt 4701
Sfmt 4700
62911
notice would be effective because it
generally would be provided by or on
behalf of an entity from which the
consumer would expect to receive
important notices, and would not be
provided along with solicitations.
The proposal also provided guidance
on the contents of the opt-out notice,
what constitutes a reasonable
opportunity to opt out, reasonable and
simple methods of opting out, and the
delivery of opt-out notices. Finally, the
proposal provided guidance on the
effect of the limited duration of the optout and the requirement to provide an
extension notice upon expiration of the
opt-out period.
III. Overview of Comments Received
Each agency received the following
number of comment letters: OCC—30,
Board—42, FDIC—29, OTS—20,
NCUA—18. Many commenters sent
copies of the same letter to more than
one Agency. The Agencies received
comments from a variety of banks,
thrifts, credit unions, credit card
companies, mortgage lenders, other nonbank creditors, and industry trade
associations. The Agencies also received
comments from consumer groups, the
National Association of Attorneys
General (‘‘NAAG’’), and individual
consumers. In addition, the Agencies
considered comments submitted to the
FTC and the SEC.
Most industry commenters objected to
several key aspects of the proposal. The
most significant areas of concern raised
by industry commenters related to
which affiliate would be responsible for
providing the notice, the scope of
certain exceptions to the notice and optout requirement, and the content or the
inclusion of definitions for terms such
as ‘‘clear and conspicuous’’ and ‘‘preexisting business relationship.’’
Consumer groups and NAAG generally
supported the proposal, although these
commenters believed that the proposal
could be strengthened in certain
respects. A more detailed discussion of
the comments is contained in the
Section-by-Section Analysis below.
IV. Section-by-Section Analysis
Section l.1 Purpose, Scope, and
Effective Dates
Section l.1 of the proposal set forth
the purpose and scope of each Agency’s
regulations. The Agencies received few
comments on this section. Some of the
Agencies have revised this section in
the final rules for clarity and to reflect
the fact that the institutions subject to
the FCRA regulation will vary in
different subparts of the Agencies’
FCRA rules. The coverage provision for
E:\FR\FM\07NOR2.SGM
07NOR2
62912
Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations
each Agency’s affiliate marketing rule is
set forth in Subpart C, § l.20(a).
Section l.2
Examples
Proposed § ll.2 described the scope
and effect of the examples included in
the proposed rule. Most commenters
supported the proposed use of nonexclusive examples to illustrate the
operation of the rules. One commenter,
concerned that the use of examples
would increase the risk of litigation,
urged the Agencies to delete all
examples.
The Agencies adopted § l.2 as part of
the final medical information rules. See
70 FR 70664 (Nov. 22, 2005). The
comments received in this rulemaking
do not warrant any revisions to § l.2.
The Agencies do not believe the use of
illustrative examples will materially
increase the risk of litigation, but rather
will provide useful guidance for
compliance purposes, which may
alleviate litigation risks for institutions.
Therefore, it is unnecessary to republish § l.2 in these final rules.
As § l.2 states, examples in a
paragraph illustrate only the issue
described in the paragraph and do not
illustrate any other issue that may arise
in the part. Similarly, the examples do
not illustrate any issues that may arise
under other laws or regulations.4
rwilkins on PROD1PC63 with RULES_2
Section l.3
Definitions
Section l.3 of the proposal contained
definitions for the following terms:
‘‘Act,’’ ‘‘affiliate’’ (as well as the related
terms ‘‘company’’ and ‘‘control’’); ‘‘clear
and conspicuous’’; ‘‘consumer’’;
‘‘eligibility information’’; ‘‘person’’;
‘‘pre-existing business relationship’’;
‘‘solicitation’’; and, except for the OCC’s
proposal, ‘‘you.’’
The Agencies have previously defined
the terms ‘‘Act,’’ ‘‘affiliate,’’ ‘‘company,’’
‘‘consumer,’’ and ‘‘person,’’ along with
a definition of ‘‘common ownership or
common corporate control’’ as a
substitute for the definition of
‘‘control,’’ as part of the final medical
information rules. See 70 FR 70664
(Nov. 22, 2005). Those definitions that
elicited comment are discussed below.
However, it is unnecessary to re-publish
§ l.3 in these final rules because the
Agencies have not revised these
definitions.
The Agencies have moved the
definitions of ‘‘clear and conspicuous,’’
‘‘eligibility information,’’ ‘‘pre-existing
business relationship,’’ ‘‘solicitation,’’
and ‘‘you’’ or ‘‘bank’’ to Subpart C,
§ l.20(b). Three of these terms relate
4 NCUA has modified examples in its final rule
text where the original example referenced products
or services impermissible for federal credit unions.
VerDate Aug<31>2005
16:20 Nov 06, 2007
Jkt 214001
solely to the affiliate marketing
provisions and, thus, are more
appropriately defined in Subpart C. For
the reasons discussed below, the
Agencies also believe that it is more
appropriate to define ‘‘clear and
conspicuous’’ for the limited purpose of
the affiliate marketing rules. Each of
these definitions is discussed in detail
below.
Affiliate, Common Ownership or
Common Corporate Control, and
Company
Several FCRA provisions apply to
information sharing with persons
‘‘related by common ownership or
affiliated by corporate control,’’ ‘‘related
by common ownership or affiliated by
common corporate control,’’ or
‘‘affiliated by common ownership or
common corporate control.’’ E.g., FCRA,
sections 603(d)(2), 615(b)(2), and
625(b)(2). Each of these provisions was
enacted as part of the 1996 amendments
to the FCRA. Similarly, section 2 of the
FACT Act defines the term ‘‘affiliate’’ to
mean ‘‘persons that are related by
common ownership or affiliated by
corporate control.’’ In contrast, the
GLBA defines ‘‘affiliate’’ to mean ‘‘any
company that controls, is controlled by,
or is under common control with
another company.’’ See 15 U.S.C.
6809(6).
In the proposal, the Agencies sought
to harmonize the various FCRA and
FACT Act formulations by defining
‘‘affiliate’’ to mean ‘‘any person that is
related by common ownership or
common corporate control with another
person.’’ Industry commenters generally
supported the Agencies’ goal of
harmonizing the various FCRA
definitions of ‘‘affiliate’’ for consistency.
Many of these commenters, however,
believed that the most effective way to
do this was for the Agencies to
incorporate into the FCRA the definition
of ‘‘affiliate’’ used in the GLBA privacy
regulations. In addition, a few industry
commenters urged the Agencies to
incorporate into the definition of
‘‘affiliate’’ certain concepts from
California’s Financial Information
Privacy Act so as to exempt certain
classes of corporate affiliates from the
restrictions on affiliate sharing or
marketing.5
In the final medical information rules,
the Agencies defined the term ‘‘affiliate’’
to mean a company that is related by
5 These
commenters noted that the California law
places no restriction on information sharing among
affiliates if they: (1) Are regulated by the same or
similar functional regulators; (2) are involved in the
same broad line of business, such as banking,
insurance, or securities; and (3) share a common
brand identity.
PO 00000
Frm 00004
Fmt 4701
Sfmt 4700
common ownership or common
corporate control with another
company. See 70 FR 70,664 (Nov. 22,
2005).6 The Agencies substituted the
term ‘‘company’’ for ‘‘person’’ in the
definition because they did not believe
that certain types of persons, such as
individuals, could be related by
common ownership or common
corporate control.
The Agencies do not believe there is
a substantive difference between the
FACT Act definition of ‘‘affiliate’’ and
the definition of ‘‘affiliate’’ in section
509 of the GLBA. The Agencies are not
aware of any circumstances in which
two entities would be affiliates for
purposes of the FCRA but not for
purposes of the GLBA privacy rules, or
vice versa. Also, even though affiliated
entities have had to comply with
different FCRA and GLBA formulations
of the ‘‘affiliate’’ definition since 1999,
commenters did not identify any
specific compliance difficulties or
uncertainty resulting from the fact that
the two statutes use somewhat different
wording to describe what constitutes an
affiliate.
As explained in the supplementary
information to the final medical
information rules, the Agencies
declined to incorporate into the
definition of ‘‘affiliate’’ exceptions for
entities regulated by the same or similar
functional regulators, entities in the
same line of business, or entities that
share a common brand or identity. See
70 FR 70,665 (Nov. 22, 2005). These
exceptions were incorporated into the
California Financial Information Privacy
Act in August 2003.7 Congress,
however, did not incorporate these
exceptions from California law into the
definition of ‘‘affiliate’’ when it enacted
the FACT Act at the end of 2003.
Accordingly, the Agencies believe that
the approach followed in the final
medical information rules best
effectuates the intent of Congress.
Under the GLBA privacy rules, the
definition of ‘‘control’’ determines
whether two or more entities meet the
definition of ‘‘affiliate.’’ 8 The Agencies
included the same definition of
‘‘control’’ in the proposal and received
no comments on the proposed
definition. The Agencies interpret the
phrase ‘‘related by common ownership
or common corporate control’’ used in
the FACT Act to have the same meaning
6 For purposes of the regulation, an ‘‘affiliate’’
includes an operating subsidiary of a bank or
savings association, and a credit union service
organization that is controlled by a federal credit
union.
7 See Cal. Financial Code § 4053(c).
8 See 12 CFR 40.3(g), 216.3(g), 332.3(g), 573.3(g),
and 716(g).
E:\FR\FM\07NOR2.SGM
07NOR2
Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations
rwilkins on PROD1PC63 with RULES_2
as ‘‘control’’ in the GLBA privacy rules.
For example, if an individual owns 25
percent of two companies, the
companies would be affiliates under
both the GLBA and FCRA definitions.
However, the individual would not be
considered an affiliate of the companies
because the definition of ‘‘affiliate’’ is
limited to companies. For purposes of
clarity, the final medical information
rules defined the term ‘‘control’’ to
mean ‘‘common ownership or common
corporate control’’ in order to track
more closely the terminology used in
the FACT Act. See 70 FR 70,664 (Nov.
22, 2005).9
The proposal also defined the term
‘‘company’’ to mean any corporation,
limited liability company, business
trust, general or limited partnership,
association, or similar organization. The
proposed definition of ‘‘company’’
excluded some entities that are
‘‘persons’’ under the FCRA, including
estates, cooperatives, and governments
or governmental subdivisions or
agencies, as well as individuals. The
Agencies received no comments on the
proposed definition of ‘‘company,’’
which was adopted in the final medical
information rules.
The Agencies adopted definitions of
‘‘affiliate,’’ ‘‘common ownership and
common corporate control,’’ and
‘‘company’’ in the final FCRA medical
information rules. See 70 FR 70,664
(Nov. 22, 2005). It is unnecessary to republish those definitions in these rules.
Consumer
Proposed paragraph (e) defined the
term ‘‘consumer’’ to mean an
individual. This definition is identical
to the definition of ‘‘consumer’’ in
section 603(c) of the FCRA.
Several commenters asked the
Agencies to narrow the proposed
definition to apply only to individuals
who obtain financial products or
services primarily for personal, family,
or household purposes, in part to
achieve consistency with the definition
of ‘‘consumer’’ in the GLBA. The
FCRA’s definition of ‘‘consumer,’’
however, differs from, and is broader
than, the definition of that term in the
GLBA. The Agencies believe that the
use of distinct definitions of
‘‘consumer’’ in the two statutes reflects
differences in the scope and objectives
of each statute. Therefore, the Agencies
adopted the FCRA’s statutory definition
of ‘‘consumer’’ in the final medical
information rules. See 70 FR 70,664
9 For purposes of the regulation, NCUA presumes
that a federal credit union has a controlling
influence over the management or policies of a
credit union service organization if it is 67 percent
owned by credit unions.
VerDate Aug<31>2005
16:20 Nov 06, 2007
Jkt 214001
(Nov. 22, 2005). It is unnecessary to republish the definition in these rules. For
purposes of this definition, an
individual acting through a legal
representative would qualify as a
consumer.
Person
Proposed paragraph (l) defined the
term ‘‘person’’ to mean any individual,
partnership, corporation, trust, estate,
cooperative, association, government or
governmental subdivision or agency, or
other entity. This definition is identical
to the definition of ‘‘person’’ in section
603(b) of the FCRA.
One commenter requested
clarification of how the proposed
definition of ‘‘person’’ would affect
other provisions of the affiliate
marketing rules. Specifically, this
commenter asked how the
supplementary information’s discussion
of agents might affect the scope
provisions of the rule.
The supplementary information to the
proposal stated that a person may act
through an agent, including but not
limited to a licensed agent (in the case
of an insurance company) or a trustee.
The supplementary information also
provided that actions taken by an agent
on behalf of a person that are within the
scope of the agency relationship would
be treated as actions of that person. The
Agencies included these statements to
address comprehensively the status of
agents and to eliminate the need to refer
specifically to licensed agents in the
proposed definition of ‘‘pre-existing
business relationship.’’ As discussed
below, many commenters believed that
licensed agents should be expressly
included in the definition of ‘‘preexisting business relationship.’’ The
Agencies have revised the final rules in
response to those comments. By
specifically addressing licensed agents,
the final rules do not alter the general
principles of principal-agent
relationships that apply to all agents,
not just licensed agents. The Agencies
will treat actions taken by an agent on
behalf of a person that are within the
scope of the agency relationship as
actions of that person, regardless of
whether the agent is a licensed agent or
not.
The Agencies adopted the FCRA’s
statutory definition of ‘‘person’’ in the
final medical information rules. See 70
FR 70664 (Nov. 22, 2005). Therefore, it
is unnecessary to re-publish the
definition in these rules.
PO 00000
Frm 00005
Fmt 4701
Sfmt 4700
Section l.20
62913
Coverage and definitions
Coverage
Section l.20(a) of the final rules
identifies the persons covered by
Subpart C of each Agency’s rule. Section
l.20(a) thus describes the scope of each
Agency’s rule.
Definitions
Section l.20(b) of the final rules
contains the definitions of six terms for
purposes of Subpart C.
Clear and Conspicuous
Proposed § l.3(c) defined the term
‘‘clear and conspicuous’’ to mean
reasonably understandable and
designed to call attention to the nature
and significance of the information
presented. Under this definition,
institutions would retain flexibility in
determining how best to meet the clear
and conspicuous standard. The
supplementary information to the
proposal provided guidance regarding a
number of practices that institutions
might wish to consider in making their
notices clear and conspicuous. These
practices were derived largely from
guidance included in the GLBA privacy
rules.
Industry commenters urged the
Agencies not to define ‘‘clear and
conspicuous’’ in the final rules. The
principal objection these commenters
raised was that this definition would
significantly increase the risk of
litigation and civil liability. Although
these commenters recognized that the
proposed definition was derived from
the GLBA privacy regulations, they
noted that compliance with the GLBA
privacy regulations is enforced
exclusively through administrative
action, not through private litigation.
These commenters also stated that the
Board had withdrawn a similar proposal
to define ‘‘clear and conspicuous’’ for
purposes of Regulations B, E, M, Z, and
DD, in part because of concerns about
civil liability. Some industry
commenters believed that it was not
necessary to define the term in order for
consumers to receive clear and
conspicuous disclosures based on
industry’s experience in providing clear
and conspicuous affiliate sharing optout notices. Consumer groups believed
that incorporation of the standard and
examples from the GLBA privacy
regulations was not adequate because
they did not believe that the existing
standard has proven sufficient to ensure
effective privacy notices.
In the final rules, the Agencies have
relocated the definition of ‘‘clear and
conspicuous’’ to § l.20(b)(1) in order to
limit its applicability to the affiliate
E:\FR\FM\07NOR2.SGM
07NOR2
rwilkins on PROD1PC63 with RULES_2
62914
Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations
marketing opt-out notice and renewal
notice. Except for certain nonsubstantive changes made for purposes
of clarity, the definition of ‘‘clear and
conspicuous’’ is the same as in the
proposal and is substantively the same
as the definition used in the GLBA
privacy rules. The Agencies believe that
the clear and conspicuous standard for
the affiliate marketing opt-out notices
should be substantially similar to the
standard that applies to GLBA privacy
notices because the affiliate marketing
opt-out notice may be provided on or
with the GLBA privacy notice.
In defining ‘‘clear and conspicuous,’’
the Agencies believe it is more
appropriate to focus on the affiliate
marketing opt-out notices that are the
subject of this rulemaking, rather than
adopting a generally applicable
definition governing all consumer
disclosures under the FCRA. This
approach gives the Agencies the
flexibility to refine or clarify the clear
and conspicuous requirement for
different disclosures, if necessary. In
addition, this approach is consistent
with the approach the Board indicated
it would take when it withdrew its
proposed clear and conspicuous rules.
The Board noted that it intended ‘‘to
focus on individual disclosures and to
consider ways to make specific
improvements to the effectiveness of
each disclosure.’’ See 69 FR 35541,
35543 (June 25, 2004).
The statute directs the Agencies to
provide specific guidance regarding
how to comply with the clear and
conspicuous standard. See 15 U.S.C.
1681s–3(a)(2)(B). For that reason, the
Agencies do not agree with commenters
that requested the elimination of the
definition of ‘‘clear and conspicuous’’
and related guidance. Rather, the
Agencies believe it is necessary to
define ‘‘clear and conspicuous’’ in the
final rules and provide specific
guidance for how to satisfy that
standard in connection with this notice.
Accordingly, the final rules contain
two types of specific guidance on
satisfying the requirement to provide a
clear and conspicuous opt-out notice.
First, as in the proposal, the
supplementary information to the final
rules describes certain techniques that
may be used to make notices clear and
conspicuous. These techniques are
described below. Second, the Agencies
have adopted model forms that may, but
are not required to, be used to facilitate
compliance with the affiliate marketing
notice requirements. The requirement
for clear and conspicuous notices would
be satisfied by the appropriate use of
one of the model forms.
VerDate Aug<31>2005
16:20 Nov 06, 2007
Jkt 214001
As noted in the supplementary
information to the proposal, institutions
may wish to consider a number of
methods to make their notices clear and
conspicuous. The various methods
described below for making a notice
clear and conspicuous are suggestions
that institutions may wish to consider in
designing their notices. Use of any of
these methods alone or in combination
is voluntary. Institutions are not
required to use any particular method or
combination of methods to make their
disclosures clear and conspicuous.
Rather, the particular facts and
circumstances will determine whether a
disclosure is clear and conspicuous.
A notice or disclosure may be made
reasonably understandable through
various methods that include: Using
clear and concise sentences, paragraphs,
and sections; using short explanatory
sentences; using bullet lists; using
definite, concrete, everyday words;
using active voice; avoiding multiple
negatives; avoiding legal and highly
technical business terminology; and
avoiding explanations that are imprecise
and are readily subject to different
interpretations. In addition, a notice or
disclosure may be designed to call
attention to the nature and significance
of the information in it through various
methods that include: Using a plainlanguage heading; using a typeface and
type size that are easy to read; using
wide margins and ample line spacing;
and using boldface or italics for key
words. Further, institutions that provide
the notice on a Web page may use text
or visual cues to encourage scrolling
down the page, if necessary, to view the
entire notice and may take steps to
ensure that other elements on the Web
site (such as text, graphics, hyperlinks,
or sound) do not distract attention from
the notice. When a notice or disclosure
is combined with other information,
methods for designing the notice or
disclosure to call attention to the nature
and significance of the information in it
may include using distinctive type
sizes, styles, fonts, paragraphs,
headings, graphic devices, and
appropriate groupings of information.
However, there is no need to use
distinctive features, such as distinctive
type sizes, styles, or fonts, to
differentiate an affiliate marketing optout notice from other components of a
required disclosure, for example, where
a GLBA privacy notice combines several
opt-out disclosures in a single notice.
Moreover, nothing in the clear and
conspicuous standard requires
segregation of the affiliate marketing
opt-out notice when it is combined with
PO 00000
Frm 00006
Fmt 4701
Sfmt 4700
a GLBA privacy notice or other required
disclosures.
The Agencies recognize that it will
not be feasible or appropriate to
incorporate all of the methods described
above all the time. The Agencies
recommend, but do not require, that
institutions consider the methods
described above in designing their optout notices. The Agencies also
encourage the use of consumer or other
readability testing to devise notices that
are understandable to consumers.
Finally, although the Agencies
understand the concerns of some
industry commenters about the
potential for civil liability, the Agencies
believe that these concerns are mitigated
by the safe harbors afforded by the
model forms in Appendix C. The
Agencies note that the affiliate sharing
opt-out notice under section
603(d)(2)(A)(iii) of the FCRA, which
may be enforced through private rights
of action, must be included in the GLBA
privacy notice. Therefore, the affiliate
sharing opt-out notice generally is
disclosed in a manner consistent with
the clear and conspicuous standard set
forth in the GLBA privacy regulations.
Commenters did not identify any
litigation that has resulted from the
requirement to provide a clear and
conspicuous affiliate sharing opt-out
notice. The Agencies believe that
compliance with the examples and use
of the model forms, although optional,
should minimize the risk of litigation.
Concise
Proposed § l.21(b) defined the term
‘‘concise’’ to mean a reasonably brief
expression or statement. The proposal
also provided that a notice required by
Subpart C may be concise even if it is
combined with other disclosures
required or authorized by federal or
state law. Such disclosures include, but
are not limited to, a GLBA privacy
notice, an affiliate-sharing notice under
section 603(d)(2)(A)(iii) of the FCRA,
and other consumer disclosures.
Finally, the proposal clarified that the
requirement for a concise notice would
be satisfied by the appropriate use of
one of the model forms contained in
proposed Appendix C to each Agency’s
FCRA rule, although use of the model
forms is not required. The Agencies
received no comments on the proposed
definition of ‘‘concise.’’ The final rules
renumber the definition of ‘‘concise’’ as
§ l.20(b)(2). The reference to the model
forms has been moved to Appendix C,
but otherwise the definition is adopted
as proposed.
E:\FR\FM\07NOR2.SGM
07NOR2
rwilkins on PROD1PC63 with RULES_2
Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations
Eligibility Information
Proposed § l.3(j) defined the term
‘‘eligibility information’’ to mean any
information the communication of
which would be a consumer report if
the exclusions from the definition of
‘‘consumer report’’ in section
603(d)(2)(A) of the FCRA did not apply.
As proposed, eligibility information
would include a person’s own
transaction or experience information,
such as information about a consumer’s
account history with that person, and
‘‘other’’ information under section
603(d)(2)(A)(iii), such as information
from consumer reports or applications.
Most commenters generally supported
the proposed definition of ‘‘eligibility
information’’ as an appropriate means of
simplifying the statutory terminology
without changing the scope of the
information covered by the rule. A
number of commenters requested that
the Agencies clarify that certain types of
information do not constitute eligibility
information, such as name, address,
telephone number, Social Security
number, and other identifying
information. One commenter requested
the exclusion of publicly available
information from the definition.
Another commenter requested
additional clarification regarding the
term ‘‘transaction or experience
information.’’ A few commenters
suggested that the Agencies include
examples of what is and is not included
within ‘‘eligibility information.’’
Finally, one commenter urged the
Agencies to revise the definition to
restate much of the statutory definition
of ‘‘consumer report’’ to eliminate the
need for cross-references.
The final rules renumber the
definition of ‘‘eligibility information’’ as
l.20(b)(3). The Agencies have revised
the definition to clarify that the term
‘‘eligibility information’’ does not
include aggregate or blind data that does
not contain personal identifiers.
Examples of personal identifiers include
account numbers, names, or addresses,
as indicated in the definition, as well as
Social Security numbers, driver’s
license numbers, telephone numbers, or
other types of information that,
depending on the circumstances or
when used in combination, could
identify the individual.
The Agencies also believe that further
clarification of, or exclusions from, the
term ‘‘eligibility information,’’ such as
the categorical exclusion of names,
addresses, telephone numbers, other
identifying information, or publicly
available information, would directly
implicate the definitions of ‘‘consumer
report’’ and ‘‘consumer reporting
VerDate Aug<31>2005
16:20 Nov 06, 2007
Jkt 214001
agency’’ in sections 603(d) and (f),
respectively, of the FCRA. The Agencies
decided not to define the terms
‘‘consumer report’’ and ‘‘consumer
reporting agency’’ in this rulemaking
and not to interpret the meaning of
terms used in those definitions, such as
‘‘transaction or experience’’
information. The Agencies anticipate
addressing the definitions of ‘‘consumer
report’’ and ‘‘consumer reporting
agency’’ in a separate rulemaking after
the required FACT Act rules have been
completed. The Agencies also note that
financial institutions have relied on
these statutory definitions for many
years.
Pre-Existing Business Relationship
Proposed § l.3(m) defined the term
‘‘pre-existing business relationship’’ to
mean a relationship between a person
and a consumer based on the following:
(1) A financial contract between the
person and the consumer that is in
force;
(2) The purchase, rental, or lease by
the consumer of that person’s goods or
services, or a financial transaction
(including holding an active account or
a policy in force or having another
continuing relationship) between the
consumer and that person, during the
18-month period immediately preceding
the date on which a solicitation covered
by Subpart C is sent to the consumer; or
(3) An inquiry or application by the
consumer regarding a product or service
offered by that person during the threemonth period immediately preceding
the date on which a solicitation covered
by Subpart C is sent to the consumer.
The proposed definition generally
tracked the statutory definition
contained in section 624 of the FCRA,
with certain revisions for clarity.
Although the statute gave the Agencies
the authority to identify by regulation
other circumstances that qualify as a
pre-existing business relationship, the
Agencies did not propose to exercise
this authority. In the final rules, the
definition of ‘‘pre-existing business
relationship’’ has been renumbered as
§ l.20(b)(4).
Industry commenters suggested
certain revisions to the proposed
definition of ‘‘pre-existing business
relationship.’’ Many industry
commenters asked the Agencies to
include in the definition statutory
language relating to ‘‘a person’s licensed
agent.’’ A number of these commenters
noted that this concept was particularly
important to the insurance industry
where independent, licensed agents
frequently act as the main point of
contact between the consumer and the
insurance company.
PO 00000
Frm 00007
Fmt 4701
Sfmt 4700
62915
In the final rules, the phrase ‘‘or a
person’s licensed agent’’ has been added
to the definition of ‘‘pre-existing
business relationship’’ to track the
statutory language. For example, assume
that a person is a licensed agent for the
affiliated ABC life, auto, and
homeowners’ insurance companies. A
consumer purchases an ABC auto
insurance policy through the licensed
agent. The licensed agent may use
eligibility information about the
consumer obtained in connection with
the ABC auto policy it sold to the
consumer to market ABC life and
homeowner’s insurance policies to the
consumer for the duration of the preexisting business relationship without
offering the consumer the opportunity
to opt out of that use.
Regarding the first basis for a preexisting business relationship (a
financial contract in force), several
industry commenters asked the
Agencies to clarify that a financial
contract includes any in-force contract
that relates to a financial product or
service covered by title V of the GLBA.
One commenter objected to the
requirement that the contract be in force
on the date of the solicitation. This
commenter believed that the Agencies
should interpret the statute to permit
the exception to apply if a contract is in
force at the time the affiliate uses the
information, rather than when the
solicitation is sent, noting that there
may be a delay between the use and the
solicitation.
The Agencies have revised the first
prong of the definition of ‘‘pre-existing
business relationship’’ to reflect the
definition’s relocation to Subpart C, but
have otherwise adopted it as proposed.
Although a comprehensive definition of
the term ‘‘financial contract’’ has not
been included in the final rules, the
Agencies construe the statutory term
‘‘financial contract’’ at least to include
a contract that relates to a consumer’s
purchase or lease of a financial product
or service that a financial holding
company could offer under section 4(k)
of the Bank Holding Company Act of
1956 (12 U.S.C. 1843(k)). In addition, a
financial contract which is in force will,
in virtually all instances, qualify as a
‘‘financial transaction,’’ as that term is
used in the second prong of the
definition of ‘‘pre-existing business
relationship.’’ The Agencies do not
agree with the suggestion that the
financial contract should be in force on
the date of use rather than on the date
the solicitation is sent. The approach
taken in the proposed and final rules is
consistent with the approach used in
the other two prongs of the statutory
definition.
E:\FR\FM\07NOR2.SGM
07NOR2
rwilkins on PROD1PC63 with RULES_2
62916
Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations
Industry commenters also suggested
certain clarifications to the second basis
for a pre-existing business
relationship—a purchase, rental, or
lease by the consumer of the person’s
goods or services, or a financial
transaction between the consumer and
the person during the preceding 18
months. Several industry commenters
noted that, notwithstanding the example
in the proposal regarding a lapsed
insurance policy, it was not clear from
what point in time the 18-month period
begins to run in the case of many
purchase, rental, lease, or financial
transactions. These commenters asked
the Agencies to clarify that the 18month period begins to run at the time
all contractual responsibilities of either
party under the purchase, rental, lease,
or financial transaction expire. In
addition, some commenters indicated
that the term ‘‘active account’’ should be
clarified to mean any account with
outstanding contractual responsibilities
on either side of an account
relationship, regardless of whether
specific transactions do or do not occur
on that account.
The Agencies have revised the second
prong of the definition of ‘‘pre-existing
business relationship’’ to reflect the
definition’s relocation to Subpart C, but
have otherwise adopted it as proposed.
The Agencies decline to interpret the
term ‘‘active account’’ as requested by
some commenters. The Agencies note
that section 603(r) of the FCRA defines
the term ‘‘account’’ to have the same
meaning as in section 903 of the
Electronic Fund Transfer Act (EFTA).
Under the EFTA, the term ‘‘account’’
means a demand deposit, savings
deposit, or other asset account
established primarily for personal,
family, or household purposes. Some
commenters, however, apparently
believed that the term ‘‘active account’’
included extensions of credit. Credit
extensions presumably would qualify as
‘‘another continuing relationship,’’ as
used in the definition of ‘‘pre-existing
business relationship.’’
More generally, however, even though
a ‘‘financial transaction’’ would include
in virtually all cases a financial contract
which is in force, as noted above, the
Agencies do not believe it is appropriate
to state that the 18-month period begins
to run when all outstanding contractual
responsibilities of both parties expire,
regardless of whether specific
transactions occur. Such a clarification
would not appropriately address
circumstances such as charge-offs,
bankruptcies, early terminations, or
extended periods of credit inactivity
that could trigger commencement of the
18 month period. In addition, some
VerDate Aug<31>2005
16:20 Nov 06, 2007
Jkt 214001
contract provisions, such as arbitration
clauses and choice of law provisions,
may continue to have legal effect after
all contractual performance has ended.
The Agencies do not believe that the
continued effectiveness of such
provisions should delay commencement
of the 18-month period.
Nevertheless, the Agencies believe
that a few examples may provide useful
guidance to facilitate compliance. For
example, in the case of a closed-end
mortgage or auto loan, the 18-month
period generally would begin to run
when the consumer pays off the
outstanding balance on the loan. In a
lease or rental transaction, the 18-month
period generally would begin to run
when the lease or rental agreement
expires or is terminated by mutual
agreement. In the case of general
purpose credit cards that are issued
with an expiration date, the 18-month
period generally would begin to run
when the consumer pays off the
outstanding balance on the card and the
card is either cancelled or expires
without being renewed.
Commenters also made certain
suggestions regarding the third basis for
a pre-existing business relationship—an
inquiry or application by the consumer
regarding a product or service offered by
the person during the preceding three
months. Consumer groups urged the
Agencies to clarify that an inquiry must
be made of the specific affiliate, rather
than a general inquiry about a product
or service. Industry commenters
expressed concern about certain
statements in the supplementary
information that explained the meaning
of an inquiry.
The Agencies do not agree that an
inquiry must be made of a specific
affiliate. Many affiliated institutions use
a central call center to handle consumer
inquiries. The clarification urged by
consumer groups could preclude the
establishment of a pre-existing business
relationship based on a consumer’s call
to a central call center about a specific
product or service offered by an affiliate.
In the supplementary information to
the proposal, the Agencies noted that
certain elements of the definition of
‘‘pre-existing business relationship’’
were substantially similar to the
definition of ‘‘established business
relationship’’ under the amended
Telemarketing Sales Rule (TSR) (16 CFR
310.2(n)). The TSR definition was
informed by Congress’s intent that the
‘‘established business relationship’’
exemption to the ‘‘do not call’’
provisions of the Telephone Consumer
Protection Act (47 U.S.C. 227 et seq.)
should be grounded on the reasonable
PO 00000
Frm 00008
Fmt 4701
Sfmt 4700
expectations of the consumer.10 The
Agencies observed that Congress’s
incorporation of similar language in the
definition of ‘‘pre-existing business
relationship’’ 11 suggested that it would
be appropriate to consider the
reasonable expectations of the consumer
in determining the scope of this
exception. Thus, the Agencies explained
that, for purposes of this regulation, an
inquiry would include any affirmative
request by a consumer for information
after which the consumer would
reasonably expect to receive information
from the affiliate about its products or
services.12 Moreover, a consumer would
not reasonably expect to receive
information from the affiliate if the
consumer did not request information or
did not provide contact information to
the affiliate.
Industry commenters objected to the
discussion in the supplementary
information. Some of these commenters
believed that looking to the reasonable
expectations of the consumer would
narrow the scope of the exception and
impose on institutions a subjective
standard that depended upon the
consumer’s state of mind. These
commenters also maintained that the
availability of the exception should not
depend upon the consumer both
requesting information and providing
contact information to the affiliate.
Some commenters noted that either
requesting information or providing
contact information should suffice to
establish an expectation of receiving
solicitations. Other commenters noted
that consumers would not provide
contact information if they believed that
the affiliate would already have the
consumer’s contact information or
would obtain it from the consumer’s
financial institution. Some commenters
believed that the consumer should not
have to make an affirmative request for
information in order to have an inquiry.
Commenters also expressed concern
that the discussion in the
supplementary information would
require consumers to use specific words
to trigger the exception.
The Agencies have revised the third
prong of the definition of ‘‘pre-existing
business relationship’’ to reflect the
definition’s relocation to Subpart C, but
have otherwise adopted it as proposed.
The Agencies continue to believe that it
10 H.R. Rep. No. 102–317, at 14–15 (1991). See
also 68 FR 4,580, 4,591–94 (Jan. 29, 2003).
11 149 Cong. Rec. S13,980 (daily ed. Nov. 5, 2003)
(statement of Senator Feinstein) (noting that the
‘‘pre-existing business relationship’’ definition ‘‘is
the same definition developed by the Federal Trade
Commission in creating a national ‘Do Not Call’
registry for telemarketers’’).
12 See 68 FR at 4,594.
E:\FR\FM\07NOR2.SGM
07NOR2
rwilkins on PROD1PC63 with RULES_2
Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations
is appropriate to consider what the
consumer says in determining whether
the consumer has made an inquiry
about a product or service. It may not
be necessary, however, for the consumer
to provide contact information in all
cases. As discussed below, the Agencies
have revised the examples of inquiries
to illustrate different circumstances.
Consumer groups and NAAG urged
the Agencies not to expand the
definition of ‘‘pre-existing business
relationship’’ to include any additional
types of relationships. Industry
commenters suggested a number of
additional bases for establishing a preexisting business relationship. Several
industry commenters believed that the
term ‘‘pre-existing business
relationship’’ should be defined to
include relationships arising out of the
ownership of servicing rights, a
participation interest in lending
transactions, and similar relationships.
These commenters provided no further
explanation for why such an expansion
was necessary. One commenter urged
the Agencies to expand the definition of
‘‘pre-existing business relationship’’ to
apply to affiliates that share a common
trade name, share the same employees
or representatives, operate out of the
same physical location or locations, and
offer similar products.
In addition, a number of industry
commenters requested clarification of
the term ‘‘pre-existing business
relationship’’ as applied to
manufacturers that make sales through
dealers. These commenters explained
that automobile manufacturers do not
sell vehicles directly to consumers, but
through franchised dealers. Vehicle
financing may be arranged through a
manufacturer’s captive finance company
or independent sources of financing.
These commenters noted that
manufacturers often provide consumers
with information about warranty
coverage, recall notices, and other
product information. According to these
commenters, manufacturers also send
solicitations to consumers about their
products and services, drawing in part
on transaction or experience
information from the captive finance
company. These commenters asked the
Agencies to clarify that the relationship
between a manufacturer and a consumer
qualifies as a pre-existing business
relationship based on the purchase,
rental, or lease of the manufacturer’s
goods, or, alternatively, to exercise their
authority to add this relationship as an
additional basis for a pre-existing
business relationship. One commenter
asked the Agencies to clarify that a preexisting business relationship could be
established even if the person provides
VerDate Aug<31>2005
16:20 Nov 06, 2007
Jkt 214001
a product or service to the consumer
without charging a fee.
The Agencies do not believe it is
necessary to add any additional bases
for a pre-existing business relationship.
The Agencies acknowledge that a preexisting business relationship exists
where a person owns the servicing
rights to a consumer’s loan and such
person collects payments from, or
otherwise deals directly with, the
consumer. In the Agencies’ view,
however, that situation qualifies as a
financial transaction and thus falls
within the second prong of the
definition of ‘‘pre-existing business
relationship.’’ The Agencies have
included an example, discussed below,
to illustrate how the ownership of
servicing rights can create a pre-existing
business relationship.
A pre-existing business relationship
does not arise, however, solely from a
participation interest in a lending
transaction because such an interest
does not result in a financial contract or
a financial transaction between the
consumer and the participating party.
The Agencies decline to add a specific
provision for franchised dealers. The
statute contains no special provision
addressing franchised dealers, as it does
for licensed agents. Moreover, a
franchised dealer and a manufacturer
generally are not affiliates and thus are
subject to the GLBA privacy rules
relating to information sharing with
non-affiliated third parties. The
Agencies also find no basis for
including within the meaning of ‘‘preexisting business relationship’’ any
affiliate that shares a common trade
name or representatives, or that operates
from the same location or offers similar
products. Finally, the Agencies decline
to add a provision that would create a
pre-existing business relationship when
a consumer obtains a product or service
without charge from a person. Such a
provision would be overly broad, is not
necessary given the breadth of the
statutory definition of ‘‘pre-existing
business relationship,’’ and could result
in circumvention of the notice
requirement.
Proposed § l.20(d)(1) provided four
examples of the pre-existing business
relationship exception. In the final
rules, these examples have been
renumbered as § l.20(b)(4)(ii) and (iii),
and revised to illustrate the definition of
‘‘pre-existing business relationship,’’
rather than the corresponding
exception.
The two examples relating to the first
and second prongs of the definition of
‘‘pre-existing business relationship’’
have been revised in § l.20(b)(4)(ii)(A)
and (B) to focus on a depository
PO 00000
Frm 00009
Fmt 4701
Sfmt 4700
62917
institution as the person with the preexisting business relationship, but are
otherwise substantively similar to the
proposal. One commenter
recommended expanding the example
now contained in § l.20(b)(4)(ii)(A) to
refer to the licensed agent that wrote the
policy or services the relationship. The
Agencies believe that adding the term
‘‘licensed agent’’ to the definition is
sufficient and see no reason to further
complicate this example to illustrate
how the definition applies to licensed
agents.
Section l.20(b)(4)(ii)(C) is new and
illustrates when a pre-existing business
relationship is created in the context of
a mortgage loan. This example
specifically addresses circumstances
where either the loan or ownership of
the servicing rights to the loan is sold
to a third party. As this example
illustrates, sale of the entire loan by the
original lender terminates the financial
transaction between the consumer and
that lender and creates a new financial
transaction between the consumer and
the purchaser of the loan. However, the
original lender’s sale of a fractional
interest in the loan to an investor does
not create a new financial transaction
between the consumer and the investor.
When the original lender sells a
fractional interest in the consumer’s
loan to an investor but also retains an
ownership interest in the loan, however,
the original lender continues to have a
pre-existing business relationship with
the consumer because the consumer
obtained a loan from the lender and the
lender continues to own an interest in
the loan. In addition, the ownership of
servicing rights coupled with direct
dealings with the consumer results in a
financial transaction between the
consumer and the owner of the
servicing rights, thereby creating a preexisting business relationship between
the consumer and the owner of the
servicing rights. The Agencies note that
a financial institution that owns
servicing rights generally has a customer
relationship with the consumer and an
obligation to provide a GLBA privacy
notice to the consumer.
The example in proposed
§ l.20(d)(1)(iii) regarding applications
and inquiries elicited comment. Some
industry commenters urged the
Agencies to revise this example so that
it does not depend upon the consumer’s
expectations or the consumer providing
contact information. These commenters
noted, for example, that the contact
information would be self-evident if the
consumer makes an e-mail request or
provides a return address on an
envelope. These commenters also
believed that in the case of a telephone
E:\FR\FM\07NOR2.SGM
07NOR2
rwilkins on PROD1PC63 with RULES_2
62918
Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations
call initiated by a consumer, a captured
telephone number should be sufficient
to create an inquiry if the consumer
requests information about products or
services.
In the final rules, the Agencies have
crafted three separate examples from
proposed § l.20(d)(1)(iii). Section
l.20(b)(4)(ii)(D) provides an example
where a consumer applies for a product
or service, but does not obtain the
product or service for which she
applied. Contact information is not
mentioned in this example because the
consumer presumably would have
supplied it on the application.
Section l.20(b)(4)(ii)(E) provides an
example where a consumer makes a
telephone inquiry about a product or
service offered by a depository
institution and provides contact
information to the institution, but does
not obtain a product or service from or
enter into a financial transaction with
the institution. The Agencies do not
believe that an institution’s capture of a
consumer’s telephone number during a
telephone conversation with the
consumer about the institution’s
products or services is sufficient to
create an inquiry. In that circumstance,
to ensure that an inquiry has been made,
the institution should ask the consumer
to provide his or her contact
information, or confirm with the
consumer that the consumer has a preexisting business relationship with an
affiliate.
Section l.20(b)(4)(ii)(F) provides an
example where the consumer makes an
e-mail inquiry about a product or
service offered by a depository
institution, but does not separately
provide contact information. In that
case, the consumer provides the
financial institution with contact
information in the form of the
consumer’s e-mail address. In addition,
e-mail communications, unlike
telephone communications, do not
provide institutions with the same
opportunity to ask for the consumer’s
contact information.
Industry commenters recommended
deleting the example in proposed
§ l.20(d)(1)(iv) illustrating a call center
scenario where a consumer would not
reasonably expect to receive information
from an affiliate. In the final rules, the
Agencies have included a positive
example of an inquiry made by a
consumer through a call center in
§ l.20(b)(4)(ii)(G), while retaining the
negative example from the proposal in
§ l.20(b)(4)(iii)(A). In addition, the
Agencies have included in
§ l.20(b)(4)(iii)(B) an example of a
consumer call to ask about retail
locations and hours, which does not
VerDate Aug<31>2005
16:20 Nov 06, 2007
Jkt 214001
create a pre-existing business
relationship. This example is
substantively similar to the example
from proposed § l.20(d)(2)(iii).
A new example in § l.20(b)(4)(iii)(C)
illustrates a case where a consumer
responds to an advertisement that offers
a free promotional item, but the
advertisement does not indicate that an
affiliate’s products or services will be
marketed to consumers who respond to
the advertisement. The example
illustrates that the consumer’s response
does not create a pre-existing business
relationship because the consumer has
not made an inquiry about a product or
service, but has merely responded to an
offer for a free promotional item.
Similarly, if a consumer is directed by
a company with which the consumer
has a pre-existing business relationship
to contact the company’s affiliate to
receive a promotional item but the
company does not mention the
affiliate’s products or services, the
consumer’s contact with the affiliate
about the promotional item does not
create a pre-existing business
relationship between the consumer and
the affiliate.
Solicitation
Proposed § l.3(n) defined the term
‘‘solicitation’’ to mean marketing
initiated by a person to a particular
consumer that is based on eligibility
information communicated to that
person by its affiliate and is intended to
encourage the consumer to purchase a
product or service. The proposed
definition further clarified that a
communication, such as a telemarketing
solicitation, direct mail, or e-mail,
would be a solicitation if it is directed
to a specific consumer based on
eligibility information. The proposed
definition did not, however, include
communications that were directed at
the general public without regard to
eligibility information, even if those
communications were intended to
encourage consumers to purchase
products and services from the person
initiating the communications.
Congress gave the Agencies the
authority to determine by regulation
that other communications do not
constitute a solicitation. The Agencies
did not propose to exercise this
authority. The Agencies solicited
comment on whether, and to what
extent, various tools used in Internet
marketing, such as pop-up ads, may
constitute solicitations as opposed to
communications directed at the general
public, and whether further guidance
was needed to address Internet
marketing.
PO 00000
Frm 00010
Fmt 4701
Sfmt 4700
Most commenters believed that the
proposed definition tracked the
statutory definition contained in section
624 of the FCRA. A number of industry
commenters, however, believed that the
proposed definition misstated the types
of marketing that would not qualify as
a solicitation. Specifically, the first
sentence of proposed § l.3(n)(2)
provided that ‘‘[a] solicitation does not
include communications that are
directed at the general public and
distributed without the use of eligibility
information communicated by an
affiliate.’’ These commenters believed
that a solicitation should not include
either marketing directed at the general
public or marketing distributed without
the use of eligibility information
communicated by an affiliate. Several
industry commenters also requested that
the Agencies include the phrase ‘‘of a
product or service’’ in the introductory
language for consistency with the
statutory definition. Some industry
commenters sought clarification that
certain types of communications would
not constitute solicitations, for example,
marketing announcements delivered via
pre-recorded call center messages,
automated teller machine screens, or
Internet sites, or product information
provided at or through educational
seminars, customer appreciation events,
or newsletters.
NAAG urged the Agencies to clarify
the portion of the definition that refers
to ‘‘a particular consumer.’’ NAAG
believed that mass mailings of the same
or similar marketing materials to a large
group of consumers could fall within
the definition of ‘‘solicitation,’’ so long
as the marketing is based on eligibility
information received from an affiliate.
NAAG expressed concern that some
might construe the term ‘‘particular’’ to
narrow the meaning of a ‘‘solicitation.’’
With regard to Internet marketing,
industry commenters urged the
Agencies not to address such practices
in this rulemaking. These commenters
believed that the definition of
‘‘solicitation’’ should provide specific
guidance that ‘‘pop-up’’ ads and other
forms of Internet marketing generally
were directed to the general public and
not based on eligibility information
received from an affiliate, or that such
marketing would fall within an
exception. NAAG believed that such
advertisements should be treated as
solicitations if they were based on any
eligibility information received from an
affiliate. Consumer groups believed that
if an affiliate’s pop-up ads and other
Internet marketing were the result of
specific actions by the consumer or
information collected based upon a
consumer’s experience on the Internet,
E:\FR\FM\07NOR2.SGM
07NOR2
rwilkins on PROD1PC63 with RULES_2
Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations
then such marketing should be
considered solicitations. These
commenters also believed that pop-up
ads and other Internet marketing
targeted to all customers of a company
should be treated as solicitations if
based on the consumer’s experience on
the Internet.
Section l.20(b)(5) of the final rules
contains the definition of ‘‘solicitation.’’
The definition has been revised to track
the statutory language more closely. The
phrase ‘‘of a product or service’’ has
been added to the definition, as
requested by some commenters. To
ensure consistency with the definition
of ‘‘pre-existing business relationship,’’
the phrase ‘‘or obtain’’ has been retained
so that the definition of ‘‘solicitation’’
will include marketing for the rental or
lease of goods or services, financial
transactions, and financial contracts.
The Agencies have also deleted as
unnecessary the reference to
communications ‘‘distributed without
the use of eligibility information
communicated by an affiliate.’’
Marketing that is undertaken without
the use of eligibility information
received from an affiliate is not covered
by the affiliate marketing rules.
Moreover, there is no restriction on
using eligibility information received
from an affiliate in marketing directed at
the general public, such as radio,
television, or billboard advertisements.
The phrase ‘‘to a particular consumer’’
has been retained because it is part of
the statutory definition. The Agencies
do not believe that the phrase ‘‘to a
particular consumer’’ excludes largescale marketing campaigns from the
definition of ‘‘solicitation’’ because,
within such campaigns, eligibility
information received from an affiliate
may be used to target individual
consumers.
The definition of ‘‘solicitation’’ does
not distinguish between different
mediums. A determination of whether a
marketing communication constitutes a
solicitation depends upon the facts and
circumstances. The Agencies have
decided not to make those
determinations in this rulemaking.
Thus, the Agencies are not adopting
special rules or guidance regarding
Internet-based marketing; whether
Internet-based marketing is a
solicitation in a particular case will be
determined according to the same
criteria that apply to other means of
marketing. The Agencies also decline to
exclude categorically from the
definition of ‘‘solicitation’’ marketing
messages on voice response units, ATM
screens, or other forms of media.
Marketing delivered via such media
may be solicitations if such marketing is
VerDate Aug<31>2005
16:20 Nov 06, 2007
Jkt 214001
targeted to a particular consumer based
on eligibility information received from
an affiliate. For example, a marketing
message on an ATM screen would be a
solicitation if it is targeted to a
particular consumer based on eligibility
information received from an affiliate,
but would not be a solicitation if it is
delivered to all consumers that use the
ATM.
Similarly, the Agencies decline to
exclude educational seminars, customer
appreciation events, focus group
invitations, and similar forms of
communication from the definition of
‘‘solicitation.’’ The Agencies believe that
such activities must be evaluated
according to the facts and circumstances
and some of those activities may be
coupled with, or a prelude to, a
solicitation. For example, an invitation
to a financial educational seminar
where the invitees are selected based on
eligibility information received from an
affiliate may be a solicitation if the
seminar is used to solicit the consumer
to purchase investment products or
services.
You or Bank
Section l.20(b)(6) of each Agency’s
rule defines either ‘‘you’’ or ‘‘bank’’ to
include persons covered by Subpart C of
the Agency’s rule, as described in
§ l.20(a).
Section l.21 Affiliate Marketing Optout and Exceptions
Initial Notice and Opt-out Requirement
The Agencies proposed to establish
certain rules relating to the requirement
to provide the consumer with notice
and a reasonable opportunity and a
simple method to opt out of a person’s
use of eligibility information that it
obtained from an affiliate for the
purpose of making or sending
solicitations to the consumer. The
Agencies noted that the statute is
ambiguous because it does not specify
which affiliate must provide the opt-out
notice to the consumer. The Agencies
addressed this ambiguity by proposing
to place certain responsibilities on the
communicating affiliate and other
responsibilities on the receiving
affiliate.
Proposed § l.20(a) set forth the
duties of a communicating affiliate. That
section required the communicating
affiliate to provide a notice to the
consumer before a receiving affiliate
could use eligibility information to
make or send solicitations to the
consumer. Under the proposal, the optout notice would state that eligibility
information may be communicated to
and used by the receiving affiliate to
PO 00000
Frm 00011
Fmt 4701
Sfmt 4700
62919
make or send solicitations to the
consumer regarding the affiliate’s
products and services, and would give
the consumer a reasonable opportunity
and a simple method to opt out.
Proposed § l.20(a) also contained
two rules of construction relating to the
communicating affiliate’s duty to
provide the notice. The first rule of
construction would have allowed the
notice to be provided either in the name
of a person with which the consumer
currently does or previously has done
business or in one or more common
corporate names shared by members of
an affiliated group of companies that
includes the common corporate name
used by that person. The rule of
construction also would have provided
alternatives regarding the manner in
which the notice could be given, such
as by allowing the communicating
affiliate to provide the notice either
directly to the consumer, through an
agent, or through a joint notice with one
or more of its affiliates. The second rule
of construction would have clarified
that, to avoid duplicate notices, it would
not be necessary for each affiliate that
communicates the same eligibility
information to provide an opt-out notice
to the consumer, so long as the notice
provided by the affiliate that initially
communicated the information was
broad enough to cover use of that
information by each affiliate that
received and used it to make
solicitations. The proposal included
examples to illustrate how each of these
rules of construction would work.
Proposed § l.20(b) set forth the
general duties of a receiving affiliate.
That section would have prohibited the
receiving affiliate from using eligibility
information it received from an affiliate
to make solicitations to the consumer
unless, prior to such use, the consumer
was provided an opt-out notice that
applied to that affiliate’s use of
eligibility information to make
solicitations and a reasonable
opportunity and simple method to opt
out, and the consumer did not opt out
of that use.
Most industry commenters
maintained that the final rules should
not require any specific entity to
provide the opt-out notice, but should
only require that the consumer be
provided an opt-out notice covering an
affiliate’s use of eligibility information
before a solicitation is made to the
consumer. These commenters believed
the final rules should provide flexibility
and allow either the receiving affiliate,
the communicating affiliate, or any
other affiliate to provide the opt-out
notice. These commenters maintained
that the statute is not ambiguous and
E:\FR\FM\07NOR2.SGM
07NOR2
rwilkins on PROD1PC63 with RULES_2
62920
Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations
does not impose any obligations on a
specific entity, such as the
communicating affiliate, to provide the
opt-out notice. Some of these
commenters acknowledged, however,
that the communicating affiliate would,
as a practical matter, most likely give
the opt-out notice.
A number of industry commenters
expressed concern that the proposed
rules would create a basis for civil
liability against the communicating
affiliate under section 624 because that
section is covered by the FCRA’s private
right of action provisions in sections
616 and 617. Some commenters noted
that, to avoid exposure to civil liability,
a communicating affiliate would have to
require receiving affiliates to commit to
not using the information to make
solicitations, give an opt-out notice
whenever they share eligibility
information with affiliates, or never
share eligibility information with
affiliates. These commenters maintained
that, in many cases, none of these
solutions would be practical, for
example, where a receiving affiliate
negligently failed to comply with a
commitment not to make solicitations
unless notice has been given to the
consumer.
Several industry commenters noted
that the language in section 624(a)(1)(A)
that ‘‘information may be
communicated’’ could be included in an
opt-out notice provided by the receiving
affiliate. These commenters also
believed that the statutory requirement
that the Agencies consider existing
affiliate sharing notification practices
and permit coordinated and
consolidated notices did not imply that
the communicating affiliate should be
responsible for providing the opt-out
notice.
Industry commenters made several
suggestions for revising the language of
the proposal. Some suggested revising
proposed § l.20(a) to omit any
reference to the communicating affiliate
and to incorporate the passive voice
used in the statute. Others suggested
various ways of merging proposed
§ l.20(b) into proposed § l.20(a) to
focus exclusively on the responsibilities
of the receiving affiliate. One
commenter identified certain drafting
problems it believed arose from the fact
that the proposal focused alternately on
the communicating affiliate and the
receiving affiliate and that those two
entities may be regulated by different
regulatory agencies.
A few industry commenters
acknowledged that the Agencies had
raised legitimate concerns in the
supplementary information to the
proposal about how meaningful a notice
VerDate Aug<31>2005
16:20 Nov 06, 2007
Jkt 214001
could be when provided by a receiving
affiliate that the consumer may not
recognize. These commenters believed
that this concern could be addressed
through other means. One commenter,
for example, suggested the following
introductory language in paragraph
(a)(2): ‘‘The notice required by this
paragraph (a) may be provided either in
the name of the bank receiving the
information (provided that such bank
also identifies the affiliate which
provided such information), in the name
of the affiliate which provided such
information, or in one or more common
corporate names shared by such bank
and the affiliate which provided the
information, and may be provided in the
following manner * * * ’’ Another
industry commenter expressed support
for the rules of construction with
revisions to allow the use of brand
names and trade names, as well as the
actual ‘‘corporate’’ name, and to allow
an agent or affiliate to send a common
notice that uses more than one common
name in a non-deceptive manner.
Consumer group commenters
supported making the communicating
affiliate responsible for providing the
notice and opportunity to opt out. These
commenters believed that allowing the
receiving affiliate to send the opt-out
notice would invite consumer confusion
as to whether or not the opt-out notice
itself is a solicitation. These
commenters also believed that the
Agencies should require the names of
the receiving affiliates to be clearly
disclosed to the consumer. Consumer
groups also believed that the proposed
rules of construction struck a reasonable
balance by allowing commonly named
affiliates to share a notice while making
clear that a notice from an affiliate with
whom the consumer is not familiar will
not be effective. They also suggested
that the company with the pre-existing
business relationship should be clearly
marked on the opt-out notice.
NAAG believed that a receiving
affiliate should not be permitted to give
the opt-out notice solely on its own
behalf because a receiving affiliate is
unlikely to be an entity from which the
consumer would expect to receive
important communications. NAAG also
requested that the Agencies revise
certain portions of the proposed rules of
construction, for example, by deleting
from proposed § l.20(a)(2)(i) the phrase
‘‘or previously has done business’’
based on concerns that it would render
the notice partially ineffective because,
even without this phrase, the notice
would not be required for 18 months
after a customer relationship ends.
NAAG also requested that the Agencies
revise proposed §§ l.20(a)(2)(B)(2) and
PO 00000
Frm 00012
Fmt 4701
Sfmt 4700
(a)(2)(C) to clarify that the common
name used must be one that includes
the name used by the person providing
the opt-out notice.
In the proposal, the Agencies did not
require the opt-out notice to be provided
in writing. The Agencies noted,
however, that they contemplated that
the opt-out notice would be provided to
the consumer in writing or, if the
consumer agrees, electronically. The
proposal solicited comment on whether
there were circumstances in which it
would be necessary and appropriate to
allow oral notice and opt out and how
an oral notice could satisfy the clear and
conspicuous standard in the statute.
Industry commenters believed that
the final rules should permit oral
notices. These commenters identified
circumstances in which a relationship is
established by telephone as an example
of when oral notice would be
appropriate. Some industry commenters
also noted that an oral notice should be
permitted because the affiliate sharing
opt-out notice under section
603(d)(2)(A)(iii) may be given orally, as
well as in writing or electronically.
Several industry commenters noted that
the FTC in the Telemarketing Sales Rule
and the OCC in regulations relating to
debt cancellation contracts and debt
suspension agreements have permitted
clear and conspicuous oral notices.
These commenters did not believe that
allowing oral notice in these
circumstances had created any
enforcement difficulties for the FTC or
OCC. Other industry commenters noted
that institutions could demonstrate
compliance through the use of scripts or
by monitoring or recording calls.
Consumer groups believed that a
written opt-out notice should be
required in all cases. These commenters
believed that, with an oral notice, it is
impossible to ensure that a consumer
receives the appropriate notice or
information on the right to opt out. They
believed that allowing oral notices
would create enforcement barriers for
regulators. Consumer groups also
believed that institutions have strong
economic incentives to prevent
consumers from opting out and would
engage in misrepresentations or
otherwise use language in their scripts
that is designed to discourage
consumers from opting out. NAAG
believed that oral notices would not
meet the statutory requirement for a
clear, conspicuous, and concise notice,
that consumers would be less likely to
comprehend oral notices, and
enforcement would be more difficult if
oral opt-out notices were allowed.
Section l.21(a) of the final rules
contains the revised provisions
E:\FR\FM\07NOR2.SGM
07NOR2
rwilkins on PROD1PC63 with RULES_2
Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations
regarding the initial notice and opt out
requirement. Although the language of
this section has been revised and
simplified, the substance of this
provision is substantially similar to the
proposal.
Section l.21(a)(1) sets forth the
general rule. This section contains the
three conditions that must be met before
a person may use eligibility information
about a consumer that it receives from
an affiliate to make a solicitation for
marketing purposes to the consumer.
First, it must be clearly and
conspicuously disclosed to the
consumer in writing or, if the consumer
agrees, electronically, in a concise
notice that the person may use shared
eligibility information to make
solicitations to the consumer. Second,
the consumer must be provided a
reasonable opportunity and a reasonable
and simple method to opt out of the use
of that eligibility information to make
solicitations to the consumer. Third, the
consumer must not have opted out.
Section l.21(a)(2) of the final rules
provides an example of the general rule.
The Agencies have concluded that the
opt-out notice may not be provided
orally, but must be provided in writing
or, if the consumer agrees,
electronically. The statute requires the
Agencies to consider the affiliate
sharing notification practices employed
on the date of enactment and to ensure
that notices and disclosures may be
coordinated and consolidated in
promulgating regulations. The affiliate
sharing notice under section
603(d)(2)(A)(iii) of the FCRA generally
must be included in the GLBA privacy
notice, which must be provided in
writing, or if the consumer agrees,
electronically. Requiring the affiliate
marketing opt-out notice to be provided
in writing, or if the consumer agrees,
electronically, is thus consistent with
existing affiliate sharing notification
practices and promotes coordination
and consolidation of the three privacyrelated opt-out notices. The Agencies
are not persuaded that there are any
circumstances where it would be
necessary to provide an oral opt-out
notice. A number of key exceptions to
the initial notice and opt-out
requirement, such as the pre-existing
business relationship exception,
consumer-initiated communication
exception, and consumer authorization
or request exception, may be triggered
by an oral communication with the
consumer. It also could be more difficult
for the Agencies to monitor and enforce
compliance with the final rules if oral
opt-out notices were allowed.
Accordingly, the final rules require the
opt-out notice to be provided in writing
VerDate Aug<31>2005
16:20 Nov 06, 2007
Jkt 214001
or, if the consumer agrees,
electronically.
Section l.21(a)(3) identifies those
affiliates who may provide the initial
opt-out notice. This section provides
that the initial opt-out notice must be
provided either by an affiliate that has
or has previously had a pre-existing
business relationship with the
consumer, or as part of a joint notice
from two or more members of an
affiliated group of companies, provided
that at least one of the affiliates on the
joint notice has or has previously had a
pre-existing business relationship with
the consumer. The final rules follow the
general approach taken in the proposal
to ensure that the notice is provided by
an entity known to the consumer, while
eliminating potentially ambiguous and
confusing terms like ‘‘communicating
affiliate’’ and ‘‘receiving affiliate.’’
The Agencies also have eliminated as
unnecessary the rules of construction.
Joint notices are now addressed directly
in § l.21(a)(3). The Agencies also have
concluded that the provisions from the
proposal relating to notice provided by
an agent are unnecessary. General
agency principles, however, continue to
apply. An affiliate that has or has
previously had a pre-existing business
relationship with the consumer may
direct its agent to provide the opt-out
notice on its behalf.
The Agencies have concluded that the
statute’s silence with regard to which
affiliates may provide the opt-out notice
makes the statute ambiguous on this
point, despite industry comments to the
contrary. The Agencies also continue to
believe that consumers are more likely
to pay attention to a notice provided by
a person known to the consumer. The
Agencies remain concerned that a notice
provided by an entity unknown to the
consumer may not provide meaningful
or effective notice, and that consumers
may ignore or discard notices provided
by unknown entities. Industry
comments on the proposal did little to
address those concerns. For practical
reasons, the Agencies believe that
affiliate marketing opt-out notices
typically would be provided by an
affiliate that has or has previously had
a pre-existing business relationship with
the consumer, or as part of a joint
notice, whether or not required by the
rule.
The Agencies appreciate industry
concerns about civil liability and have
revised the final rules to address those
concerns. Specifically, in contrast to the
proposal, the final rules do not impose
duties on any affiliate other than the
affiliate that intends to use shared
eligibility information to make
solicitations to the consumer. Although
PO 00000
Frm 00013
Fmt 4701
Sfmt 4700
62921
an opt-out notice must be provided by
an affiliate that has or has previously
had a pre-existing business relationship
with the consumer (or as part of a joint
notice), that affiliate has no duty to
provide such a notice. Instead, the final
rule provides that absent such a notice,
an affiliate must not use shared
eligibility information to make
solicitations to the consumer. Industry
concerns about civil liability also may
be mitigated to some extent by the
Supreme Court’s recent decision in
Safeco Ins. Co. of America v. Burr, 127
S. Ct. 2201 (June 4, 2007).
Finally, many institutions currently
require consumers to provide their
Social Security numbers when
exercising their existing GLBA and
FCRA opt-out rights. The Agencies
believe that institutions likely would
follow their existing practice with
regard to affiliate marketing opt-outs. To
combat identity theft and prevent
‘‘phishing,’’ however, the Agencies,
along with many institutions, have been
educating consumers not to provide
their Social Security numbers to
unknown entities. Furthermore, as
participants in the President’s Identity
Theft Task Force, the Agencies have
made a commitment to examine and
recommend ways to limit the private
sector’s use of Social Security numbers.
The approach recommended by
industry commenters would allow an
unknown entity not only to provide an
affiliate marketing opt-out notice to the
consumer, but also to require the
consumer to reveal his or her Social
Security number to that unknown entity
in order to exercise the opt-out right.
Such an approach would send
conflicting messages to consumers about
providing Social Security numbers to
unknown entities. This approach also
would be inconsistent with the
Agencies’ current efforts to develop a
comprehensive record on the uses of the
Social Security number in the private
sector and evaluate their necessity, as
recommended by the President’s
Identity Theft Task Force.13
Making Solicitations
The proposal repeatedly referred to
‘‘making or sending’’ solicitations.
Several commenters suggested revising
the regulations to eliminate all
references to ‘‘sending’’ solicitations.
These commenters believed that the
statute only concerns the use of
eligibility information to ‘‘make’’
solicitations and does not address
‘‘sending’’ solicitations. Commenters
expressed concern that by referring to
13 See Combating Identity Theft: A Strategic Plan
at 26–27 (April 2007) (available at www.idtheft.gov).
E:\FR\FM\07NOR2.SGM
07NOR2
rwilkins on PROD1PC63 with RULES_2
62922
Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations
‘‘sending’’ solicitations, the proposal
would apply the notice and opt-out
requirements to servicers that send
solicitations on behalf of another entity.
The Agencies have revised the final
rules to eliminate all combined
references to ‘‘making or sending’’
solicitations. The general rule in section
624(a)(1), along with the duration
provisions in section 624(a)(3) and the
pre-existing business relationship
exception in section 624(a)(4)(A), refer
to ‘‘making’’ or ‘‘to make’’ a solicitation.
Other provisions of the statute, such as
the consumer choice provision in
section 624(a)(2)(A), the service
provider exception in section
624(a)(4)(C), the non-retroactivity
provision in section 624(a)(5), and the
definition of ‘‘pre-existing business
relationship’’ in section 624(d)(1), refer
to ‘‘sending’’ or ‘‘to send’’ a solicitation.
The verb ‘‘to send,’’ as used in the
statute, refers to a ministerial act that a
service provider, such as a mail house,
performs for the person making the
solicitation, (see 15 U.S.C. 1681s–
3(a)(4)(C)), or indicates the point in time
after which solicitations are no longer
permitted. See 15 U.S.C. 1681s–
3(d)(1)(B) and (C).
The Agencies conclude that ‘‘making’’
and ‘‘sending’’ solicitations are different
activities and that the focus of the
statute is primarily on the ‘‘making’’ of
solicitations. For example, a service
provider may send a solicitation on
behalf of another entity, but it is the
entity on whose behalf the solicitation
is sent that is making the solicitation
and thus is subject to the general
prohibition on making a solicitation,
unless the consumer is given notice and
an opportunity to opt out. Accordingly,
the Agencies have revised the final rules
to refer to ‘‘making’’ a solicitation,
except where the statute specifically
refers to ‘‘sending’’ solicitations.
The statute, however, does not
describe what a person must do in order
‘‘to make’’ a solicitation. Similarly, the
legislative history does not contain
guidance as to the meaning of ‘‘making’’
a solicitation. Nevertheless, the
Agencies believe it is important to
provide clear guidance regarding what
activities result in making a solicitation.
One commenter suggested that the
test for making a solicitation should
turn on whether an affiliate having a
pre-existing business relationship with
the consumer retains the discretion to
determine whether or not to send the
solicitation. This commenter provided
an example where a financial institution
obtains a list of an affiliate’s customers
from a common shared database, applies
its own criteria to this list, and then
requests the affiliate with an existing
VerDate Aug<31>2005
16:20 Nov 06, 2007
Jkt 214001
business relationship to solicit the
affiliate’s own customers to purchase
the financial institution’s products or
services. (Thus, the financial institution
would be using eligibility information to
select a list of its affiliate’s customers to
receive the financial institution’s
marketing materials.) This commenter
believed that section 624 should not
apply so long as the affiliate with the
existing business relationship has
discretion to determine whether or not
to send the solicitations. This
commenter also maintained that the
applicability of section 624’s notice and
opt-out requirement should depend on
who markets the product and not on
what the product is or whose product it
is.
Nothing in the statute indicates that
the discretion of the affiliate providing
the eligibility information to determine
whether or not to send a solicitation on
behalf of a person who has received
eligibility information from that affiliate
is the test for what constitutes making
a solicitation. Rather, the statute focuses
on whether the person receiving
eligibility information from an affiliate
uses that information to market its
products or services to consumers. A
‘‘discretion to send’’ test would also
inappropriately link the terms ‘‘making’’
and ‘‘sending’’ in a manner that would
promote confusion and undercut
arguments made by commenters urging
the Agencies to disassociate the two
terms. Finally, a ‘‘discretion to send’’
test could foster circumvention of the
notice and opt-out requirement, restrict
the ability of consumers to prohibit
solicitations in a manner not
contemplated by the statute, and make
it difficult for the Agencies to
administer and enforce the statute.
Section l.21(b) of the final rules
clarifies what constitutes ‘‘making’’ a
solicitation for purposes of Subpart C.
Section l.21(b)(1) provides that a
person makes a solicitation for
marketing purposes to a consumer if: (a)
The person receives eligibility
information from an affiliate; (b) the
person uses that eligibility information
to do one of the following—identify the
consumer or type of consumer to receive
a solicitation, establish the criteria used
to select the consumer to receive a
solicitation, or decide which of its
products or services to market to the
consumer or tailor its solicitation to that
consumer; and (c) as a result of the
person’s use of the eligibility
information, the consumer is provided a
solicitation about the person’s products
or services.
The Agencies recognize that several
common industry practices may
complicate application of the rule
PO 00000
Frm 00014
Fmt 4701
Sfmt 4700
outlined in § l.21(b)(1). First, affiliated
groups often use a common database as
the repository for eligibility information
obtained by various affiliates, and
information in that database may be
accessible to multiple affiliates. Second,
affiliated companies often use service
providers to perform marketing
activities, and some of those service
providers may provide services for a
number of different affiliates. Third, an
affiliate may use its own eligibility
information to market the products or
services of another affiliate. Sections
l.21(b)(2)–(5) address these issues.
Section l.21(b)(2) clarifies that a
person may receive eligibility
information from an affiliate in various
ways, including when the affiliate
places that information into a common
database that the person may access. Of
course, receipt of eligibility information
from an affiliate is only one element of
the rule outlined in § l.21(b)(1). In the
case of a common database, use of the
eligibility information will be the key
element in determining whether a
person has made a solicitation.
Section l.21(b)(3) provides that a
person receives or uses an affiliate’s
eligibility information if a service
provider acting on behalf of the person
receives or uses that information in the
manner described in §§ l.21(b)(1)(i) or
(b)(1)(ii), except as provided in
§ l.21(b)(5), which is discussed below.
Section l.21(b)(3) also provides that all
relevant facts and circumstances will
determine whether a service provider is
acting on behalf of a person when it
receives or uses an affiliate’s eligibility
information in connection with
marketing that person’s products or
services.
Section l.21(b)(4) addresses
constructive sharing. In the
supplementary information to the
proposal, the Agencies solicited
comment on whether the notice and
opt-out requirements of these rules
should apply to circumstances that
involve a ‘‘constructive sharing’’ of
eligibility information to conduct
marketing, given the policy objectives of
section 214 of the FACT Act. By way of
example, in a ‘‘constructive sharing’’
scenario, a consumer has a relationship
with a financial institution, and the
financial institution is affiliated with an
insurance company. The insurance
company develops specific eligibility
criteria, such as consumers having
combined deposit balances in excess of
$50,000 or average monthly demand
account deposits in excess of $10,000,
without the use of eligibility
information received from the financial
institution. The insurance company
provides its criteria to the financial
E:\FR\FM\07NOR2.SGM
07NOR2
Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations
rwilkins on PROD1PC63 with RULES_2
institution and asks the institution to
identify financial institution consumers
that meet the eligibility criteria and
send insurance company marketing
materials to those consumers. The
financial institution sends the marketing
materials to those consumers who meet
the insurance company’s eligibility
criteria. A consumer who meets the
eligibility criteria contacts the insurance
company after receiving the insurance
company marketing materials in the
manner specified in those materials.
The consumer’s response provides the
insurance company with discernible
eligibility information, such as through
a response form that is coded to identify
the consumer as an individual who
meets the specific eligibility criteria.14
Industry commenters urged the
Agencies not to apply the notice and
opt-out requirement to ‘‘constructive
sharing’’ situations. The principal
arguments made by these commenters
in support of their position were as
follows. First, in a constructive sharing
scenario, there is no sharing of
eligibility information among affiliates.
Rather, the consumer provides
information to an affiliate when
responding. Second, section 624 applies
when a person uses eligibility
information furnished by its affiliate to
make a solicitation for its own products
or services to the consumer. In
constructive sharing, however, the
person does not use eligibility
information and does not make a
solicitation as defined in the statute.
Third, the affiliate that sends the
marketing material has a pre-existing
business relationship with the consumer
and is thus exempt from the notice and
opt-out requirements. Fourth, if the
consumer responds to the marketing
materials, for example, by returning a
response card to an affiliate, one or
more of the exceptions to the notice and
opt-out requirement would apply, such
as the consumer-initiated
communication exception, the preexisting business relationship
exception, or both.
Consumer groups believed that
constructive sharing contravenes the
intent of Congress and amounts to a
loophole that should be fixed. Similarly,
NAAG believed that the letter and spirit
of section 624 required subjecting
constructive sharing to the notice and
opt-out requirements and that to find
14 The supplementary information to the proposal
noted that the notice and opt-out requirement
would not apply if, for example, an insurance
company asked its affiliated financial institution to
include insurance company marketing material in
periodic statements sent to consumers by the
financial institution without regard to eligibility
information.
VerDate Aug<31>2005
16:20 Nov 06, 2007
Jkt 214001
otherwise would create a significant and
unwarranted exception.
After considering the constructive
sharing issue, the Agencies conclude
that the statute only covers situations
where a person uses eligibility
information that it received from an
affiliate to make a solicitation to the
consumer about its products or services.
In a ‘‘constructive sharing’’ scenario like
that described above, a pre-existing
business relationship is established
between the consumer and the
insurance company when the consumer
contacts the insurance company to
inquire about or apply for insurance
products as a result of the consumer’s
receipt of the insurance marketing
materials. This pre-existing business
relationship is established before the
insurance company uses any shared
eligibility information to make
solicitations to the consumer. Because
the insurance company does not use
shared eligibility information to make
solicitations to the consumer before it
establishes a pre-existing business
relationship with the consumer, the
statute does not apply.
The Agencies acknowledge the
concerns expressed by consumer groups
and NAAG regarding the decision not to
apply the notice and opt-out
requirements to constructive sharing
situations. The statute’s affiliate
marketing provisions, however, only
limit the use of eligibility information
received from an affiliate to make
solicitations to a consumer. A separate
provision of the FCRA, section
603(d)(2)(A)(iii), regulates the sharing of
eligibility information among affiliates
and prohibits the sharing of nontransaction or experience information,
such as credit scores from a consumer
report or income from an application,
among affiliates, unless the consumer is
given notice and an opportunity to opt
out of such sharing. The FCRA does not
restrict the sharing of transaction or
experience information among affiliates
unless that information is medical
information. Section 603(d)(2)(A)(iii)
operates independent of the affiliate
marketing rules. Thus, the existence of
a pre-existing business relationship
between a consumer and an affiliate that
seeks to use shared eligibility
information, such as credit scores or
income, to market to that consumer (or
the applicability of another exception to
these affiliate marketing rules) does not
relieve the entity sharing the credit
score or income information of the
requirement to comply with the affiliate
sharing notice and opt-out provisions of
section 603(d)(2)(A)(iii) of the FCRA
before it shares that non-transaction or
PO 00000
Frm 00015
Fmt 4701
Sfmt 4700
62923
experience information with its
affiliate.15
Section l.21(b)(4) describes two
situations where a person is deemed not
to have made a solicitation subject to
Subpart C. Both situations assume that
the person has not used eligibility
information received from an affiliate in
the manner described in § l.21(b)(1)(ii).
First, a person does not make a
solicitation subject to Subpart C if that
person’s affiliate uses its own eligibility
information that it obtained in
connection with a pre-existing business
relationship it has or had with the
consumer to market the person’s
products or services to the consumer.
Second, if, in the situation just
described, the person’s affiliate directs
its service provider to use the affiliate’s
own eligibility information to market
the person’s products or services to the
consumer, and the person does not
communicate directly with the service
provider regarding that use of the
eligibility information, then the person
has not made a solicitation subject to
Subpart C.
The core concept underlying the
second prong of this provision is that
the affiliate that obtained the eligibility
information in connection with a preexisting business relationship with the
consumer controls the actions of the
service provider using that information.
Therefore, the service provider’s use of
the eligibility information should not be
attributed to the person whose products
or services will be marketed to
consumers. In such circumstances, the
service provider is acting on behalf of
the affiliate that obtained the eligibility
information in connection with a preexisting business relationship with the
consumer, and not on behalf of the
person whose products or services will
be marketed to that affiliate’s
consumers.
The Agencies also recognize that there
may be situations where the person
whose products or services are being
marketed does communicate with the
affiliate’s service provider. This may be
the case, for example, where the service
provider performs services for various
affiliates relying on information
maintained in and accessed from a
common database. In certain
circumstances, the person whose
products or services are being marketed
may communicate with the affiliate’s
service provider, yet the service
provider is still acting on behalf of the
affiliate when it uses the affiliate’s
15 A sharing of information occurs if a reference
code included in marketing materials reveals one
affiliate’s information about a consumer to another
affiliate upon receipt of a consumer’s response.
E:\FR\FM\07NOR2.SGM
07NOR2
rwilkins on PROD1PC63 with RULES_2
62924
Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations
eligibility information in connection
with marketing the person’s products or
services. Section l.21(b)(5) describes
the conditions under which a service
provider would be deemed to be acting
on behalf of the affiliate with the preexisting business relationship, rather
than the person whose products or
services are being marketed,
notwithstanding direct communications
between the person and the service
provider.
Section l.21(b)(5) builds upon the
concept of control of a service provider
and thus is a natural outgrowth of
§ l.21(b)(4). Under the conditions set
out in § l.21(b)(5), the service provider
is acting on behalf of an affiliate that
obtained the eligibility information in
connection with a pre-existing business
relationship with the consumer because,
among other things, the affiliate controls
the actions of the service provider in
connection with the service provider’s
receipt and use of the eligibility
information. This provision is designed
to minimize uncertainty that may arise
from application of the facts and
circumstances test in § l.21(b)(3) to
cases that involve direct
communications between a service
provider and a person whose products
and services will be marketed to
consumers.
Section l.21(b)(5) provides that a
person does not make a solicitation
subject to Subpart C if a service provider
(including an affiliated or third-party
service provider that maintains or
accesses a common database that the
person may access) receives eligibility
information from the person’s affiliate
that the person’s affiliate obtained in
connection with a pre-existing business
relationship it has or had with the
consumer and uses that eligibility
information to market the person’s
products or services to the consumer, so
long as the following five conditions are
met.
First, the person’s affiliate controls
access to and use of its eligibility
information by the service provider
(including the right to establish specific
terms and conditions under which the
service provider may use such
information to market the person’s
products or services). This requirement
must be set forth in a written agreement
between the person’s affiliate and the
service provider. The person’s affiliate
may demonstrate control by, for
example, establishing and implementing
reasonable policies and procedures
applicable to the service provider’s
access to and use of its eligibility
information.
Second, the person’s affiliate
establishes specific terms and
VerDate Aug<31>2005
16:20 Nov 06, 2007
Jkt 214001
conditions under which the service
provider may access and use that
eligibility information to market the
person’s products or services (or those
of affiliates generally) to the consumer,
and periodically evaluates the service
provider’s compliance with those terms
and conditions. These terms and
conditions may include the identity of
the affiliated companies whose products
or services may be marketed to the
consumer by the service provider, the
types of products or services of affiliated
companies that may be marketed, and
the number of times the consumer may
receive marketing materials. The
specific terms and conditions
established by the person’s affiliate
must be set forth in writing, but need
not be set forth in a written agreement
between the person’s affiliate and the
service provider. If a periodic evaluation
by the person’s affiliate reveals that the
service provider is not complying with
those terms and conditions, the
Agencies expect the person’s affiliate to
take appropriate corrective action.
Third, the person’s affiliate requires
the service provider to implement
reasonable policies and procedures
designed to ensure that the service
provider uses the affiliate’s eligibility
information in accordance with the
terms and conditions established by the
affiliate relating to the marketing of the
person’s products or services. This
requirement must be set forth in a
written agreement between the person’s
affiliate and the service provider.
Fourth, the person’s affiliate is
identified on or with the marketing
materials provided to the consumer.
This requirement will be construed
flexibly. For example, the person’s
affiliate may be identified directly on
the marketing materials, on an
introductory cover letter, on other
documents included with the marketing
materials, such as a periodic statement,
or on the envelope which contains the
marketing materials.
Fifth, the person does not directly use
the affiliate’s eligibility information in
the manner described in § l.21(b)(1)(ii).
These five conditions together ensure
that the service provider is acting on
behalf of the affiliate that obtained the
eligibility information in connection
with a pre-existing business relationship
with the consumer because that affiliate
controls the service provider’s receipt
and use of that affiliate’s eligibility
information.
Section l.21(b)(6) provides six
illustrative examples of the rules
relating to making solicitations as set
forth in §§ l.21(b)(1)–(5).
PO 00000
Frm 00016
Fmt 4701
Sfmt 4700
Exceptions
Proposed § l.20(c) contained
exceptions to the requirements of
Subpart C and incorporated each of the
statutory exceptions to the affiliate
marketing notice and opt-out
requirements that are set forth in section
624(a)(4) of the FCRA. The Agencies
have revised the preface to the
exceptions for clarity to provide that the
provisions of Subpart C do not apply to
‘‘you’’ or ‘‘the bank’’ if a person uses
eligibility information that it receives
from an affiliate in certain
circumstances. In addition, each of the
exceptions has been moved to § l.21(c)
in the final rules and is discussed
below.
Pre-Existing Business Relationship
Exception
Proposed § l.20(c)(1) provided that
the provisions of Subpart C would not
apply to an affiliate using eligibility
information to make a solicitation to a
consumer with whom the affiliate has a
pre-existing business relationship. As
noted above, a pre-existing business
relationship exists when: (1) There is a
financial contract in force between the
affiliate and the consumer; (2) the
consumer and the affiliate have engaged
in a financial transaction (including
holding an active account or a policy in
force or having another continuing
relationship) during the 18 months
immediately preceding the date of the
solicitation; (3) the consumer has
purchased, rented, or leased the
affiliate’s goods or services during the
18 months immediately preceding the
date of the solicitation; or (4) the
consumer has inquired about or applied
for a product or service offered by the
affiliate during the 3-month period
immediately preceding the date of the
solicitation. Proposed § l.20(d)(1)
provided examples of the pre-existing
business relationship exception. As
explained above, the Agencies have
revised the examples from proposed
§ l.20(d)(1) in the final rules and
included them as examples of the
definition of ‘‘pre-existing business
relationship’’ rather than as examples of
the pre-existing business relationship
exception.
Section l.21(c)(1) of the final rules
revises the pre-existing business
relationship exception to delete the
word ‘‘send’’ and to eliminate as
unnecessary the cross-reference to the
location of the definition of ‘‘preexisting business relationship.’’ As
discussed above, commenters made a
number of suggestions regarding the
definition of ‘‘pre-existing business
relationship.’’ The Agencies have
E:\FR\FM\07NOR2.SGM
07NOR2
Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations
rwilkins on PROD1PC63 with RULES_2
addressed those comments elsewhere.
Most commenters supported the
proposed text of the pre-existing
business relationship exception, which
generally tracks the statutory language.
Some commenters, however,
apparently believed that the pre-existing
business relationship exception is
broader than it actually is. For example,
assume that an insurance company has
a pre-existing business relationship with
a consumer and shares eligibility
information about the consumer with its
affiliates by putting that information
into a common database that is
accessible by all affiliates. The
insurance company’s depository
institution affiliate accesses the
database, reviews the data on the
insurance company’s consumers and,
based on its review, decides to market
to some of the insurance company’s
consumers. Rather than sending the
solicitations itself, the depository
institution asks the insurance company
with the pre-existing business
relationship to send solicitations on its
behalf to the insurance company’s
consumers. As noted above, one
commenter believed that in this
circumstance the pre-existing business
relationship exception would apply so
long as the insurance company retained
the discretion to decide whether or not
to send the solicitations on behalf of the
depository institution. However, the
Agencies conclude that this situation
does not fall within the pre-existing
business relationship exception.
Instead, the depository institution
makes the solicitation because it used
eligibility information received from an
affiliate to select the consumer to
receive a solicitation about its products
or services and, as a result, the
consumer is provided a solicitation. To
eliminate any confusion and clarify the
scope of the exception, the Agencies
have added an example in § l.21(d)(1)
of the final rules to illustrate a situation
where the pre-existing business
relationship exception would apply.
Employee Benefit Plan Exception
Proposed § l.20(c)(2) provided that
the provisions of Subpart C would not
apply to an affiliate using the
information to facilitate
communications to an individual for
whose benefit the affiliate provides
employee benefit or other services
under a contract with an employer
related to and arising out of a current
employment relationship or an
individual’s status as a participant or
beneficiary of an employee benefit plan.
One commenter believed that the
exception should be revised to permit
communications ‘‘to an affiliate about
VerDate Aug<31>2005
16:20 Nov 06, 2007
Jkt 214001
an individual for whose benefit an
entity provides employee benefit or
other services pursuant to a contract
with an employer related to and arising
out of the current employment
relationship or status of the individual
as a participant or beneficiary of an
employee benefit plan.’’ This
commenter also suggested deleting the
phrase ‘‘you receive from an affiliate’’ in
the introduction to proposed § l.20(c).
This commenter believed that this
exception should permit an employer or
plan sponsor to share information with
its affiliates in order to offer other
financial services, such as brokerage
accounts or IRAs, to its employees. This
commenter further requested
clarification on whether the exception
applies only if related to products
offered as an employee benefit.
Section l.21(c)(2) of the final rules
adopts the employee benefit exception
as proposed. The Agencies decline to
adopt the changes suggested by the one
commenter. First, the suggestion to
make the exception applicable to
communications ‘‘to an affiliate about
an individual for whose benefit an
entity provides employee benefit or
other services’’ differs from the language
of the statute. The language of the
proposed and final rules focuses on
facilitating communications ‘‘to an
individual for whose benefit the person
provides employee benefit or other
services,’’ which tracks the statutory
language better than the alternative
language proposed by the commenter.
Second, the only person to whom
section 624 might apply is a person that
receives eligibility information from an
affiliate. Specifically, the statutory
preface to the exceptions provides that
‘‘[t]his section shall not apply to a
person’’ using information to do certain
things. The language of the statute thus
makes clear that the exceptions in
section 624(a)(4) of the FCRA were
meant to apply to persons that
otherwise would be subject to section
624. In the case of the employee benefit
exception, the person using the
information is also ‘‘the person
provid[ing] employee benefit or other
services pursuant to a contract with an
employer.’’ Therefore, the Agencies
conclude that this exception, like the
other provisions of Subpart C, should
apply only to a person that uses
eligibility information it receives from
an affiliate to make solicitations to
consumers about its products or
services.
Service Provider Exception
Proposed § l.20(c)(3) provided that
the provisions of Subpart C would not
apply to an affiliate using the
PO 00000
Frm 00017
Fmt 4701
Sfmt 4700
62925
information to perform services for
another affiliate, unless the services
involve making or sending solicitations
on its own behalf or on behalf of an
affiliate and the service provider or such
affiliate is not permitted to make or send
such solicitations as a result of the
consumer’s election to opt out. Thus,
under the proposal, when the notice has
been provided to a consumer and the
consumer has opted out, an affiliate
subject to the consumer’s opt-out
election may not circumvent the opt-out
by instructing the person with the
consumer relationship or another
affiliate to send solicitations to the
consumer on its behalf.
Several industry commenters urged
the Agencies to revise the proposed
exception to conform to the statutory
language. Specifically, with respect to
the exclusion from the service provider
exception, these commenters
recommended that the Agencies delete
the references to solicitations on behalf
of the service provider. Some of these
commenters maintained that the
references to solicitations on behalf of
the service provider itself would impose
additional burdens and costs on
companies that use a single affiliate to
provide various administrative services
to other affiliates and would make it
more difficult to provide general
educational materials to consumers.
Some of these commenters also asked
the Agencies to clarify that the
limitation in the service provider
exception has no applicability to any
other exception.
Section l.21(c)(3) of the final rules
revises the service provider exception to
delete as surplusage the references to
solicitations by a service provider on its
own behalf. The Agencies note that the
general rule in § l.21(a)(1) prohibits a
service provider from using eligibility
information it received from an affiliate
to make solicitations to the consumer
about its own products or services
unless the consumer is given notice and
an opportunity to opt out or unless one
of the other exceptions applies. The
service provider exception simply
allows a service provider to do what the
affiliate on whose behalf it is acting may
do, such as using shared eligibility
information to make solicitations to
consumers to whom the affiliate is
permitted to make such solicitations.
The final rules also delete the word
‘‘make’’ from the exception to the
service provider exception because, as
discussed above, ‘‘making’’ and
‘‘sending’’ solicitations are distinct
activities and this provision of the
statute uses the verb ‘‘to send.’’ The
Agencies note that, although the statute
contains separate service provider and
E:\FR\FM\07NOR2.SGM
07NOR2
62926
Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations
rwilkins on PROD1PC63 with RULES_2
pre-existing business relationship
exceptions, nothing in those exceptions
prevents an affiliate that has a preexisting business relationship with the
consumer from relying upon the service
provider exception, where appropriate.
Section l.21(d)(2) of the final rules
provides examples of the service
provider exception.
Consumer-Initiated Communication
Exception
Proposed § l.20(c)(4) provided that
the provisions of Subpart C would not
apply to an affiliate using the
information to make solicitations in
response to a communication initiated
by the consumer. The proposed rule
further clarified that this exception may
be triggered by an oral, electronic, or
written communication initiated by the
consumer.
The supplementary information noted
that to be covered by the proposed
exception, the use of eligibility
information must be responsive to the
communication initiated by the
consumer. The supplementary
information also explained that the time
period during which solicitations
remain responsive to the consumer’s
communication would depend on the
facts and circumstances. As illustrated
in the example in proposed
§ l.20(d)(2)(iii), if a consumer were to
call an affiliate to ask about retail
locations and hours, the affiliate could
not use eligibility information to make
solicitations to the consumer about
specific products because those
solicitations would not be responsive to
the consumer’s communication.
Conversely, the example in proposed
§ l.20(d)(2)(i) illustrated that if the
consumer calls an affiliate to ask about
its products or services and provides
contact information, solicitations related
to those products or services would be
responsive to the communication and
thus permitted under the exception.
Finally, as illustrated by the example in
proposed § l.20(d)(2)(ii), the Agencies
also contemplated that a consumer
would not initiate a communication if
an affiliate made the initial call and left
a message for the consumer to call back,
and the consumer responded.
Commenters generally supported the
text of the proposed consumer-initiated
communication exception. Several
commenters, however, urged the
Agencies to either delete the phrase
‘‘orally, electronically, or in writing’’
from the regulation or modify the
language to read ‘‘whether orally,
electronically, or in writing.’’ These
commenters maintained that other
means of communication may be used
by consumers in the future and should
VerDate Aug<31>2005
16:20 Nov 06, 2007
Jkt 214001
not be precluded by the regulations.
Another commenter welcomed the
reference to oral communications and
requested that the Agencies clarify that
electronic communications refers to
both e-mail and facsimile transmissions.
Many industry commenters objected
to the statement in the supplementary
information that to qualify for this
exception, the use of eligibility
information ‘‘must be responsive’’ to the
communication initiated by the
consumer. These commenters believed
that the concept of ‘‘responsiveness’’
creates a vague, subjective, and narrow
standard that could subject institutions
to compliance risk. These commenters
noted that the Agencies did not and
could not provide a clear definition of
what would be ‘‘responsive.’’ Some of
these commenters noted that consumers
may not be familiar with the various
types of products or services available to
them and the different affiliates that
offer those products or services and may
rely on the institution to inform them
about available options. For this reason,
most of these commenters maintained
that the exception should not limit an
affiliate from responding with
solicitations about any product or
service. Some of these commenters
believed that it would be difficult to
monitor compliance with or to develop
scripts for a ‘‘responsiveness’’ standard
by customer service representatives.
One commenter noted that the Senate
bill used more restrictive language in
this exception than the final bill passed
by Congress. Some commenters also
objected to the statement that the time
period during which solicitations
remain responsive would depend on the
facts and circumstances.
NAAG supported the statement in the
supplementary information that, to
qualify for this exception, the use of
eligibility information ‘‘must be
responsive’’ to the communication
initiated by the consumer. NAAG
believed this clarification was so
important that it should be incorporated
into the rule itself. NAAG also suggested
imposing a specific time limit to allow
solicitations to be made for no more
than 30 days after the consumerinitiated communication under this
exception.
Industry commenters also objected to
some of the examples. In particular,
industry commenters objected to the
example in proposed § l.20(d)(2)(i) on
two grounds. First, these commenters
believed that the consumer should not
have to supply contact information in
order to trigger the exception. These
commenters noted that such a
requirement would seem to preclude
solicitations over the phone during the
PO 00000
Frm 00018
Fmt 4701
Sfmt 4700
same call by presuming that a
solicitation would be made by mail or
e-mail. Some of these commenters also
believed that consumers would expect
an affiliated company, especially a
company with a common brand, to have
their contact information already and
would not want to provide it again.
Second, as noted above, some
commenters maintained that the affiliate
should be able to respond by making
solicitations about any product or
service, not just those mentioned by the
consumer.
Many industry commenters objected
to the example in proposed
§ l.20(d)(2)(ii) about the consumer
responding to a call back message.
These commenters believed that such a
call back should qualify as a consumerinitiated communication, noting that the
consumer has the option of not
returning the call. Moreover, these
commenters noted that the customer
service representative receiving the call
would not know what prompted the
consumer’s call. Several commenters
acknowledged that there may be
concerns about calls made under false
pretenses to prompt consumers to return
the call but suggested that those
concerns should be addressed by other
means, such as enforcement of the laws
dealing with unfair or deceptive acts or
practices.
Finally, some industry commenters
expressed concerns about the example
in proposed § l.20(d)(2)(iii) regarding
the consumer who calls to ask for retail
locations and hours. These commenters
noted that it is impossible to know what
will transpire on a particular telephone
call. One commenter noted, for
example, that if a consumer called to
ask for directions to an office, the
customer service representative might
ask why the consumer needed to go to
that office. This, in turn, could prompt
the consumer to mention a product or
service that the consumer hoped to
obtain and lead to a discussion of
specific products or services that might
be appropriate for the consumer.
Section l.21(c)(4) of the final rules
revises the consumer-initiated
communications exception to delete the
reference to oral, electronic, or written
communications. The Agencies believe
that any form of communication may
come within the exception as long as
the consumer initiates the
communication, whether in-person or
by mail, e-mail, telephone, facsimile, or
through other means. New forms of
communication that may develop in the
future could also come within the
exception.
Section l.21(c)(4) of the final rules
also provides that the communications
E:\FR\FM\07NOR2.SGM
07NOR2
rwilkins on PROD1PC63 with RULES_2
Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations
covered by the exception are consumerinitiated communications about a
person’s products or services. For the
exception to apply, the statute requires
that a person use eligibility information
‘‘in response to’’ a communication
initiated by a consumer. The Agencies
believe this statutory language
contemplates that the consumerinitiated communications will relate to
a person’s products or services and that
the solicitations covered by the
exception will be those made in
response to that communication.
The Agencies also believe the
exceptions should be construed
narrowly to avoid undermining the
general rule requiring notice and opt
out. Thus, consistent with the purposes
of the statute, the Agencies do not
believe that a consumer-initiated
communication that is unrelated to a
product or service should trigger the
exception. A rule that allowed any
consumer-initiated communication, no
matter how unrelated to a product or
service, to trigger the exception would
not to give meaning to the phrase ‘‘in
response to’’ and could produce
incongruous results. For example, if a
consumer calls an affiliate solely to
obtain retail hours and directions or
solely to opt out, the exception is not
triggered because the communication
does not relate to the affiliate’s products
or services and making a solicitation
about products or services to the
consumer in those circumstances would
not be a reasonable response to that
communication.
The Agencies recognize, however,
that if the conversation shifts to a
discussion of products or services that
the consumer may need, solicitations
may be responsive depending upon the
facts and circumstances. Likewise, if a
consumer who has opted out of an
affiliate’s use of eligibility information
to make solicitations calls the affiliate
for information about a particular
product or service, for example, life
insurance, solicitations regarding life
insurance could be made in response to
that call, but solicitations regarding
other products or services would not be
responsive. Finally, the Agencies do not
believe it is appropriate to adopt a
specific time limit for making
solicitations following a consumerinitiated communication about products
or services because solicitations will
likely be made quickly and any time
limit would be arbitrary.
In the final rules, the Agencies have
renumbered the example in proposed
§ l.20(d)(2)(i) as § l.21(d)(3)(i), and
revised it to delete the references to a
telephone call as the specific form of
communication and the reference to
VerDate Aug<31>2005
16:20 Nov 06, 2007
Jkt 214001
providing contact information. As
discussed above and illustrated in the
examples in §§ l.20(b)(4)(ii)(E) and (F),
the need to provide contact information
may vary depending on the form of
communication used by the consumer.
The new example in § l.21(d)(3)(ii)
responds to commenters’ concerns by
illustrating a circumstance involving a
consumer-initiated communication in
which a consumer does not know
exactly what products or services he or
she wants, but initiates a
communication to obtain information
about investing for a child’s college
education.
The Agencies have renumbered the
call-back example in proposed
§ l.20(d)(2)(iii) as § l.21(d)(3)(iii) and
revised it. The revised example provides
that where the financial institution
makes an initial marketing call without
using eligibility information received
from an affiliate and leaves a message
that invites the consumer to apply for
the credit card by calling a toll-free
number, the consumer’s response
qualifies as a consumer-initiated
communication about a product or
service. The revised example balances
commenters’ concerns about tracking
which calls are call backs and the
Agencies’ concerns that consumers may
be induced into triggering the
consumer-initiated communication
exception as a result of inaccurate,
incomplete, or deceptive telephone
messages. Moreover, the revised
example is similar to a provision in the
Board’s Regulation Z commentary, 12
CFR part 226, supplement I,
§ 226.5a(a)(3)-2.
For the reasons discussed above, the
Agencies have renumbered the retail
hours example in proposed
§ l.20(d)(2)(iv) as § l.21(d)(3)(iv), but
otherwise adopted it as proposed. In
addition, the new example in
§ l.21(d)(3)(v) responds to commenters’
concerns by illustrating a case where a
consumer calls to ask about retail
locations and hours and the call center
representative, after eliciting
information about the reason why the
consumer wants to visit a retail location,
offers to provide information about
products of interest to the consumer by
telephone and mail, thus demonstrating
how the conversation may develop to
the point where making solicitations
would be responsive to the consumer’s
call.
Consumer Authorization or Request
Exception
Proposed § l.20(c)(5) clarified that
the provisions of Subpart C would not
apply to an affiliate using the
information to make solicitations
PO 00000
Frm 00019
Fmt 4701
Sfmt 4700
62927
affirmatively authorized or requested by
the consumer. The proposal further
provided that this exception may be
triggered by an oral, electronic, or
written authorization or request by the
consumer. However, a pre-selected
check box or boilerplate language in a
disclosure or contract would not
constitute an affirmative authorization
or request under the proposal.
The proposal noted that the consumer
authorization or request exception could
be triggered, for example, if a consumer
obtains a mortgage from a mortgage
lender and authorizes or requests to
receive solicitations about homeowner’s
insurance from an insurance affiliate of
the mortgage lender. The consumer
could provide the authorization or make
the request either through the person
with whom the consumer has a business
relationship or directly to the affiliate
that will make the solicitation. Proposed
§ l.20(d)(3) provided an example of the
affirmative authorization or request
exception.
Most industry commenters argued
that the proposed exception did not
track the language of the statute because
the Agencies included the word
‘‘affirmative’’ in the proposed exception.
These commenters believed that
including the word ‘‘affirmative’’ in the
proposed rules narrowed the exception
in a manner not intended by Congress.
Several of these commenters noted that
the Agencies had declined to specify
what constitutes consumer consent
under the GLBA privacy rules and
indicated that they were not aware of
any policy considerations or compliance
issues that would warrant a departure
from the Agencies’ prior position.
Some industry commenters believed
that a pre-selected check box should be
sufficient to evidence a consumer’s
authorization or request for
solicitations. In other words, a
consumer’s decision not to deselect a
pre-selected check box should
constitute a knowing act of the
consumer to authorize or request
solicitations. Other industry
commenters believed that preprinted
language in a disclosure or contract
should be sufficient to evidence a
consumer’s authorization or request for
solicitations. One commenter cited case
law and FTC informal staff opinion
letters relating to a consumer’s written
instructions to obtain a consumer report
pursuant to section 604(a)(2) of the
FCRA as support for allowing
boilerplate language to constitute
authorization or request.
A few industry commenters requested
that the Agencies clarify that a
consumer’s authorization or request
does not have to refer to a specific
E:\FR\FM\07NOR2.SGM
07NOR2
rwilkins on PROD1PC63 with RULES_2
62928
Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations
product or service or to a specific
provider of products or services in order
for the exception to apply. As discussed
above, industry commenters had
differing views regarding the reference
to oral, written, or electronic means of
triggering the exception.
NAAG suggested imposing a specific
time limit to allow solicitations to be
made for no more than 30 days after the
consumer’s authorization or request
under this exception.
Section l.21(c)(5) of the final rules
revises the consumer authorization or
request exception to delete the word
‘‘affirmative’’ as surplusage. The
deletion of the word ‘‘affirmative’’ does
not change the meaning of the exception
however. The consumer still must take
affirmative steps to ‘‘authorize’’ or
‘‘request’’ solicitations.
The Agencies construe this exception,
like the other exceptions, narrowly and
in a manner that does not undermine
the general notice and opt-out
requirement. For that reason, the
Agencies believe that affiliated
companies cannot avoid use of the
statute’s notice and opt-out provisions
by including preprinted boilerplate
language in the disclosures or contracts
they provide to consumers, such as
language stating that by applying to
open an account, the consumer
authorizes or requests to receive
solicitations from affiliates. Such an
interpretation would permit the
exception to swallow the rule, a result
that cannot be squared with the intent
of Congress to give consumers notice
and an opportunity to opt out of
solicitations.
The comparison made by some
commenters to the GLBA privacy rules
is misplaced. The GLBA and the privacy
rules create an exception to permit the
disclosure of nonpublic personal
information ‘‘with the consent or at the
direction of the consumer.’’ Section 624
of the FCRA creates an exception to
permit the use of shared eligibility
information ‘‘in response to solicitations
authorized or requested by the
consumer.’’ The Agencies interpret the
‘‘authorized or requested’’ language in
the FCRA exception to require the
consumer to take affirmative steps in
order to trigger the exception.
The Agencies have made conforming
changes to the example in proposed
§ l.20(d)(3), which has been
renumbered as § l.21(d)(4)(i) in the
final rules. In addition, the Agencies
have added three additional examples.
The example in § l.21(d)(4)(ii)
illustrates how a consumer can
authorize or request solicitations by
checking a blank check box. The
examples in §§ l.21(d)(4)(iii) and (iv)
VerDate Aug<31>2005
16:20 Nov 06, 2007
Jkt 214001
illustrate that preprinted boilerplate
language and a pre-selected check box
would not meet the authorization or
request exception.
The Agencies do not believe it is
appropriate to set a fixed time period for
an authorization or request. As noted in
the proposal, the duration of the
authorization or request depends on
what is reasonable under the facts and
circumstances. In addition, an
authorization to make solicitations to
the consumer terminates if the
consumer revokes the authorization.
For the same reasons discussed above,
the Agencies have deleted the reference
to oral, electronic, or written
communications from this exception to
track the language of the statute.
Further, the Agencies do not believe it
is necessary to clarify the elements of an
authorization or request. The statute
clearly refers to ‘‘solicitations
authorized or requested by the
consumer.’’ The facts and circumstances
will determine what solicitations have
been authorized or requested by the
consumer.
Compliance With Applicable Laws
Exception
Proposed § l.20(c)(6) clarified that
the provisions of Subpart C would not
apply to an affiliate if compliance with
the requirements of section 624 by the
affiliate would prevent that affiliate
from complying with any provision of
state insurance laws pertaining to unfair
discrimination in a state where the
affiliate is lawfully doing business. See
FCRA, section 624(a)(4). The Agencies
received no comments on this
provision. Section l.21(c)(6) of the
final rules adopts the state insurance
law compliance exception as proposed.
One commenter requested the
creation of an additional exception to
permit the sharing of eligibility
information among affiliates that are
aligned under one line of business
within an organization and that share
common management, branding, and
regulatory oversight (i.e., banking,
securities, and insurance companies).
This commenter was focused on private
banking enterprises. As discussed
above, the Agencies find no statutory
basis for creating such an exception to
the notice and opt-out requirement.
Relation to Affiliate-Sharing Notice and
Opt-Out
Proposed § l.20(f) clarified the
relationship between the affiliate
sharing notice and opt-out under section
603(d)(2)(A)(iii) of the FCRA and the
affiliate marketing notice and opt out in
new section 624 of the FCRA.
Specifically, the proposal provided that
PO 00000
Frm 00020
Fmt 4701
Sfmt 4700
nothing in the affiliate marketing rules
limits the responsibility of a company to
comply with the notice and opt-out
provisions of section 603(d)(2)(A)(iii) of
the FCRA before it shares information
other than transaction or experience
information among affiliates to avoid
becoming a consumer reporting agency.
One commenter urged the Agencies to
delete this provision as unnecessary. In
the alternative, this commenter
requested that the Agencies clarify that
section 603(d)(2)(A)(iii) applies to the
sharing of information that would
otherwise meet the definition of a
‘‘consumer report,’’ and that the sharing
affiliate does not automatically become
a consumer reporting agency, but risks
becoming a consumer reporting agency.
This provision has been renumbered
as § l.21(e) in the final rules. Section
l.21(e) has been revised to delete the
clause that referred to becoming a
consumer reporting agency and to
substitute in its place the neutral phrase
‘‘where applicable.’’
Section l.22
Opt-Out
Scope and Duration of
Scope of the Opt-Out
The Agencies addressed issues
relating to the scope of the opt-out in
various sections of the proposal. In the
supplementary information to the
proposal, the Agencies stated that the
opt-out would be tied to the consumer,
rather than to the information. Some
industry commenters supported the
approach of tying the opt-out to the
consumer, rather than to the
information. Other industry
commenters, however, believed it was
inappropriate to tie the opt-out to the
consumer and requested that
institutions have the flexibility to
implement the consumer’s opt-out at the
account level, rather than at the
consumer level. These commenters
believed that an account-by-account
approach would be consistent with the
menu of opt-out choices provided in
this rule and the GLBA privacy rules.
These commenters also noted that an
account-based approach would provide
the consumer with a new notice and
opportunity to opt out when a former
customer decides to re-establish a new
relationship with the institution.
Proposed § l.21(c) provided that the
notice could be designed to allow a
consumer to choose from a menu of
alternatives when opting out, such as by
selecting certain types of affiliates,
certain types of information, or certain
modes of delivery from which to opt
out, so long as one of the alternatives
gave the consumer the opportunity to
opt out with respect to all affiliates, all
E:\FR\FM\07NOR2.SGM
07NOR2
rwilkins on PROD1PC63 with RULES_2
Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations
eligibility information, and all methods
of delivering solicitations. Several
industry commenters objected to the
requirement that the institution provide
a single universal opt-out option that
would allow consumers to opt out
completely of all solicitations. In
addition, one commenter found the
reference to all types of eligibility
information confusing, while another
commenter noted that some institutions
may want to implement the opt-out on
an account-by-account basis.
Section l.25(d) of the proposal
provided that if a consumer’s
relationship with an institution
terminated for any reason when a
consumer’s opt-out election was in
force, the opt-out would continue to
apply indefinitely, unless revoked by
the consumer. Most industry
commenters objected to having the optout period continue to apply
indefinitely upon termination of the
consumer’s relationship with the
institution. These commenters believed
that this approach was not supported by
the statute, would prove costly and
difficult to administer, and would
require the indefinite tracking of optouts. These commenters also believed
that the five-year opt-out period would
provide sufficient protection to
consumers that terminate their
relationship. One commenter noted that
the proposed rule would impose
particular hardships on mortgage
lenders because those lenders often
have consumer relationships of very
short duration on account of selling the
loans they originate into the secondary
market. Consumer groups supported the
proposed treatment of opt-outs for
terminated consumer relationships.
Upon further examination, the
Agencies believe that the scope of the
opt-out should be addressed
comprehensively in a single section of
the final rules. The Agencies also
conclude that tying the opt-out to the
consumer could have had unintended
consequences. For example, if the optout were tied to the consumer, an
institution would have to track the
consumer indefinitely, even if the
consumer’s relationship with the
institution terminated and a new
relationship were subsequently
established with that institution years
later. The Agencies do not believe that
institutions should be required to track
consumers indefinitely following
termination. In addition, an opt-out tied
to the consumer could apply to the use
of all eligibility information, not just to
eligibility information about the
consumer, received from an affiliate and
used to make solicitations to the
consumer. It is not clear from the statute
VerDate Aug<31>2005
16:20 Nov 06, 2007
Jkt 214001
or the legislative history that Congress
intended the opt-out provisions of
section 624 to apply to eligibility
information about consumers other than
the consumer to whom a solicitation is
made. Finally, the Agencies do not
believe it is necessary to make the optout effective in perpetuity upon
termination of the relationship.
Section l.22(a) of the final rules
brings together these different scope
considerations to address
comprehensively the scope of the optout. Under the revised approach, the
scope of the opt-out is derived from
language of section 624(a)(2)(A) of the
FCRA and generally depends upon the
content of the opt-out notice. Section
l.22(a)(1) provides that, except as
otherwise provided in that section, a
consumer’s election to opt out prohibits
any affiliate covered by the opt-out
notice from using the eligibility
information received from another
affiliate as described in the notice to
make solicitations for marketing
purposes to the consumer.
Section l.22(a)(2)(i) clarifies that, in
the context of a continuing relationship,
an opt-out notice may apply to
eligibility information obtained in
connection with a single continuing
relationship, multiple continuing
relationships, continuing relationships
established subsequent to delivery of
the opt-out notice, or any other
transaction with the consumer. Section
l.22(a)(2)(ii) provides examples of
continuing relationships. These
examples are substantially similar to the
examples used in the GLBA privacy
rules with added references to
relationships between the consumer and
an affiliate.
Section l.22(a)(3)(i) limits the scope
of an opt-out notice that is not
connected with a continuing
relationship. This section provides that
if there is no continuing relationship
between the consumer and a person or
its affiliate, and if the person or its
affiliate provides an opt-out notice to a
consumer that relates to eligibility
information obtained in connection
with a transaction with the consumer,
such as an isolated transaction or a
credit application that is denied, the
opt-out notice only applies to eligibility
information obtained in connection
with that transaction. The notice cannot
apply to eligibility information that may
be obtained in connection with
subsequent transactions or a continuing
relationship that may be subsequently
established by the consumer with the
person or its affiliate. Section
l.22(a)(3)(ii) provides examples of
isolated transactions.
PO 00000
Frm 00021
Fmt 4701
Sfmt 4700
62929
Section l.22(a)(4) provides that a
consumer may be given the opportunity
to choose from a menu of alternatives
when electing to prohibit solicitations.
An opt-out notice may give the
consumer the opportunity to elect to
prohibit solicitations from certain types
of affiliates covered by the opt-out
notice but not other types of affiliates
covered by the notice, solicitations
based on certain types of eligibility
information but not other types of
eligibility information, or solicitations
by certain methods of delivery but not
other methods of delivery, so long as
one of the alternatives is the
opportunity to prohibit all solicitations
from all of the affiliates that are covered
by the notice. The Agencies continue to
believe that the language of section
624(a)(2)(A) of the FCRA requires the
opt-out notice to contain a single optout option for all solicitations within
the scope of the notice.
The Agencies recognize that
consumers could receive a number of
different opt-out notices, even from the
same affiliate. The Agencies will
monitor industry notice practices and
evaluate whether further action is
needed.
Section l.22(a)(5) contains a special
rule for notice following termination of
a continuing relationship. This rule
provides that a consumer must be given
a new opt-out notice if, after all
continuing relationships with a person
or its affiliate have been terminated, the
consumer subsequently establishes a
new continuing relationship with that
person or the same or a different affiliate
and the consumer’s eligibility
information is to be used to make a
solicitation. This special rule affords the
consumer and the company a fresh start
following termination of all continuing
relationships by requiring a new opt-out
notice if a new continuing relationship
is subsequently established.
The new opt-out notice must apply, at
a minimum, to eligibility information
obtained in connection with the new
continuing relationship. The new optout notice may apply more broadly to
information obtained in connection
with a terminated relationship and give
the consumer the opportunity to opt out
with respect to eligibility information
obtained in connection with both the
terminated and the new continuing
relationships. Further, the consumer’s
failure to opt out does not override a
prior opt-out election by the consumer
applicable to eligibility information
obtained in connection with a
terminated relationship that is still in
effect, regardless of whether the new
opt-out notice applies to eligibility
information obtained in connection
E:\FR\FM\07NOR2.SGM
07NOR2
62930
Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations
rwilkins on PROD1PC63 with RULES_2
with the terminated relationship. The
final rules also contain an example of
this special rule. The Agencies note,
however, that where a consumer was
not given an opt-out notice in
connection with the initial continuing
relationship because eligibility
information obtained in connection
with that continuing relationship was
not shared with affiliates for use in
making solicitations, an opt-out notice
provided in connection with a new
continuing relationship would have to
apply to any eligibility information
obtained in connection with the
terminated relationship that is to be
shared with affiliates for use in making
future solicitations.
Duration and Timing of Opt-Out
Proposed § l.25 addressed the
duration and effect of the consumer’s
opt-out election. Proposed § l.25(a)
provided that the consumer’s election to
opt out would be effective for the optout period, which is a period of at least
five years beginning as soon as
reasonably practicable after the
consumer’s opt-out election is received.
The supplementary information noted
that if a consumer elected to opt out
every year, a new opt-out period of at
least five years would begin upon
receipt of each successive opt-out
election.
Some industry commenters believed
that the proposal was inconsistent with
the statute because it provided that the
opt-out period would begin as soon as
reasonably practicable after the
consumer’s opt-out election is received.
These commenters believed that the optout period should begin on the date the
consumer’s opt-out is received and that
the final rules also should allow
institutions a reasonable period of time
to implement a consumer’s initial or
renewal opt-out election before it
becomes effective. Consumer groups
believed that the requirement to honor
an opt-out ‘‘beginning as soon as
reasonably practicable’’ was too vague.
These commenters believed that a
consumer’s opt-out should be honored
within a specific length of time not to
exceed 30 days after the consumer
responds to the opt-out notice.
A few industry commenters urged the
Agencies to allow consumers to revoke
an opt-out election orally. Other
industry commenters requested that the
final rules include a clear statement that
an opt-out period may be shortened to
a period of less than five years by the
consumer’s revocation of an opt-out
election. Consumer groups approved of
the Agencies’ statement that if a
consumer opts out again during the fiveyear opt-out period, then a new five-
VerDate Aug<31>2005
16:20 Nov 06, 2007
Jkt 214001
year period begins. Consumer groups
also supported allowing institutions to
make the opt-out period effective in
perpetuity so long as this is clearly
disclosed to the consumer in the
original notice.
The general provision regarding the
duration of the opt-out has been
renumbered as § l.22(b) in the final
rules, consistent with the Agencies’
decision to address all scope issues in
the same section. The Agencies have
revised the duration provision to clarify
that the opt-out period expires if the
consumer revokes the opt-out in
writing, or if the consumer agrees,
electronically. The requirement for a
written or electronic revocation is
retained and is consistent with the
approach taken in the GLBA privacy
rules. The Agencies do not believe it is
necessary or appropriate to permit oral
revocation. The Agencies note that
many of the exceptions to the notice and
opt-out requirements may be triggered
by oral communications, as discussed
above, which would enable the use of
shared eligibility information to make
solicitations pending receipt of a written
or electronic revocation. Also, as noted
in the proposal, nothing prohibits
setting an opt-out period longer than
five years, including an opt-out period
that does not expire unless revoked by
the consumer.
The Agencies do not agree that the
opt-out period should begin on the date
the consumer’s election to opt out is
received. Commenters generally
recognized that institutions cannot
instantaneously implement a
consumer’s opt-out election but need
time to do so. The Agencies interpret
the statutory language to mean that the
consumer’s opt-out election must be
honored for a period of at least five
years from the date such election is
implemented. The Agencies believe that
Congress did not intend for the opt-out
period to be shortened to a period of
less than the five years specified in the
statute to reflect the time between the
date the consumer’s opt-out election is
received and the date the consumer’s
opt-out election is implemented.
The Agencies also believe it is neither
necessary nor desirable to set a
mandatory deadline for implementing
the consumer’s opt-out election. A
general standard is preferable because
the time it will reasonably take to
implement a consumer’s opt-out
election may vary.
Consistent with the special rule for a
notice following termination of a
continuing relationship, the duration of
the opt-out is not affected by the
termination of a continuing
relationship. When a consumer opts out
PO 00000
Frm 00022
Fmt 4701
Sfmt 4700
in the course of a continuing
relationship and that relationship is
terminated during the opt-out period,
the opt-out remains in effect for the rest
of the opt-out period. If the consumer
subsequently establishes a new
continuing relationship while the optout period remains in effect, the opt-out
period may not be shortened with
respect to information obtained in
connection with the terminated
relationship by sending a new opt-out
notice to the consumer when the new
continuing relationship is established,
even if the consumer does not opt out
upon receipt of the new opt-out notice.
A person may track the eligibility
information obtained in connection
with the terminated relationship and
provide a renewal notice to the
consumer, or may choose not to use
eligibility information obtained in
connection with the terminated
relationship to make solicitations to the
consumer.
Proposed § l.25(c) clarified that a
consumer may opt out at any time. As
explained in the supplementary
information to the proposal, even if the
consumer did not opt out in response to
the initial opt-out notice or if the
consumer’s election to opt out was not
prompted by an opt-out notice, a
consumer may still opt out. Regardless
of when the consumer opts out, the optout must be effective for a period of at
least five years.
The Agencies received few comments
on this provision. Consumer groups
urged the Agencies to reinforce the
continuing nature of the right to opt out
by requiring institutions to give the optout notice annually along with the
annual GLBA privacy notice. These
commenters acknowledged that the
FCRA does not specifically state that the
notice is required annually, but noted
that the statute also does not say that the
consumer has only one opportunity to
opt out.
The Agencies have renumbered the
provision giving the consumer the right
to opt out at any time as § l.22(c) in the
final rules, but otherwise adopted the
provision as proposed. The Agencies
find no statutory basis for requiring the
provision of an annual opt-out notice to
consumers along with the GLBA privacy
notice.
Section l.23 Contents of Opt-Out
Notice; Consolidated and Equivalent
Notices
Contents in General
Section l.21 of the proposal
addressed the contents of the opt-out
notice. Proposed § l.21(a) would have
required that the opt-out notice be clear,
E:\FR\FM\07NOR2.SGM
07NOR2
rwilkins on PROD1PC63 with RULES_2
Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations
conspicuous, and concise, and
accurately disclose: (1) That the
consumer may elect to limit a person’s
affiliate from using eligibility
information about the consumer that it
obtains from that person to make or
send solicitations to the consumer; (2) if
applicable, that the consumer’s election
will apply for a specified period of time
and that the consumer will be allowed
to extend the election once that period
expires; and (3) a reasonable and simple
method for the consumer to opt out.
Some commenters expressed concern
about requiring the notice to specify the
applicable time period and the
consumer’s right to extend the election
once the opt-out expires. One
commenter believed this would require
institutions to determine in advance the
length of the opt-out period. Another
commenter urged the Agencies to clarify
that institutions could subsequently
increase the duration of the opt-out or
make it permanent without providing
another notice to the consumer.
The Agencies have renumbered the
provisions addressing the contents of
the opt-out notice as § l.23(a) in the
final rules and revised them. Section
l.23(a)(1) of the final rules requires
additional information in opt-out
notices. Section l.23(a)(1)(i) provides
that all opt-out notices must identify, by
name, the affiliate(s) that is providing
the notice. A group of affiliates may
jointly provide the notice. If the notice
is provided jointly by multiple affiliates
and each affiliate shares a common
name, such as ‘‘ABC,’’ then the notice
may indicate that it is being provided by
multiple companies with the ABC name
or multiple companies in the ABC group
or family of companies. Acceptable
ways of identifying the multiple
affiliates providing the notice include
stating that the notice is provided by
‘‘all of the ABC companies,’’ ‘‘the ABC
banking, credit card, insurance, and
securities companies,’’ or by listing the
name of each affiliate providing the
notice. A representation that the notice
is provided by ‘‘the ABC banking, credit
card, insurance, and securities
companies’’ applies to all companies in
those categories, not just some of those
companies. But if the affiliates
providing the notice do not all share a
common name, then the notice must
either separately identify each affiliate
by name or identify each of the common
names used by those affiliates. For
example, if the affiliates providing the
notice do business under both the ABC
name and the XYZ name, then the
notice could list each affiliate by name
or indicate that the notice is being
provided by ‘‘all of the ABC and XYZ
companies’’ or by ‘‘the ABC bank and
VerDate Aug<31>2005
16:20 Nov 06, 2007
Jkt 214001
credit card companies and the XYZ
insurance companies.’’
Section l.23(a)(1)(ii) provides that an
opt-out notice must contain a list of the
affiliates or types of affiliates covered by
the notice. The notice may apply to
multiple affiliates and to companies that
become affiliates after the notice is
provided to the consumer. The rules for
identifying the affiliates covered by the
notice are substantially similar to the
rules for identifying the affiliates
providing the notice in § l.23(a)(1)(i),
as described in the previous paragraph.
Sections l.23(a)(1)(iii)–(vii)
respectively require the opt-out notice
to include the following: A general
description of the types of eligibility
information that may be used to make
solicitations to the consumer; a
statement that the consumer may elect
to limit the use of eligibility information
to make solicitations to the consumer; a
statement that the consumer’s election
will apply for the specified period of
time stated in the notice and, if
applicable, that the consumer will be
allowed to renew the election once that
period expires; if the notice is provided
to consumers who may have previously
opted out, such as if a notice is provided
to consumers annually, a statement that
the consumer who has chosen to limit
marketing offers does not need to act
again until the consumer receives a
renewal notice; and a reasonable and
simple method for the consumer to opt
out. The statement described in
§ l.23(a)(1)(vi) regarding consumers
who may have previously opted out
does not apply to the model privacy
form that the Agencies are developing in
a separate rulemaking. Appropriate use
of the model forms in Appendix C will
satisfy these content requirements.
The Agencies continue to believe that
the opt-out notice must specify the
length of the opt-out period, if one is
provided. However, an institution that
subsequently chooses to increase the
duration of the opt-out period that it
previously disclosed or honor the optout in perpetuity has no obligation to
provide a revised notice to the
consumer. In that case, the result is the
same as if the institution established a
five-year opt-out period and then did
not send a renewal notice at the end of
that period. A person receiving
eligibility information from an affiliate
would be prohibited from using that
information to make solicitations to a
consumer unless a renewal notice is
first provided to the consumer and the
consumer does not renew the opt-out.
So long as no solicitations are made
using eligibility information received
from an affiliate, there would be no
violation of the statute or regulation for
PO 00000
Frm 00023
Fmt 4701
Sfmt 4700
62931
failing to send a renewal notice in this
situation.
Joint Notice
Proposed § l.24(c) permitted a
person subject to this rule to provide a
joint opt-out notice with one or more of
its affiliates that are identified in the
notice, so long as the notice was
accurate with respect to each affiliate
jointly issuing the notice. Under the
proposal, a joint notice would not have
to list each affiliate participating in the
joint notice by its name, but could state
that it applies to ‘‘all institutions with
the ABC name’’ or ‘‘all affiliates in the
ABC family of companies.’’
One commenter believed that
individually listing each company could
result in long and confusing notices.
This commenter suggested revising the
rule to permit the generic identification
of the types of affiliates by whom
eligibility information may be used to
make solicitations and to allow the
notice to apply to entities that become
affiliates after the notice is sent.
In the final rules, the separate joint
notice provision has been eliminated.
Instead, the final rules incorporate the
joint notice option into the provisions
that address which affiliates may
provide the opt-out notice and the
contents of the notice.
Joint Relationships
The proposal addressed joint
relationships in the section dealing with
delivery of opt-out notices. Proposed
§ l.24(d) set out rules that would apply
when two or more consumers jointly
obtain a product or service from a
person subject to the rule (referred to in
the proposed regulation as ‘‘joint
consumers’’), such as a joint checking
account. It also provided several
examples. Under the proposal, a person
subject to this rule could provide a
single opt-out notice to joint
accountholders. The notice would have
had to indicate whether the person
would consider an opt-out by a joint
accountholder as an opt-out by all of the
associated accountholders, or whether
each accountholder would have to opt
out separately. The person could not
require all accountholders to opt out
before honoring an opt-out direction by
one of the joint accountholders. Because
section 624 of the FCRA deals with the
use of information for marketing by
affiliates, rather than the sharing of
information among affiliates, comment
was requested on whether information
about a joint account should be allowed
to be used for making solicitations to a
joint consumer who has not opted out.
Some commenters supported the
flexible approach proposed by the
E:\FR\FM\07NOR2.SGM
07NOR2
62932
Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations
rwilkins on PROD1PC63 with RULES_2
Agencies for dealing with joint accounts
and notice to joint accountholders. One
commenter suggested providing
additional flexibility to enable
consumers to opt out in certain
circumstances, such as when eligibility
information from a joint account is
involved, but not in others, such as
when eligibility information from an
individual account is involved. Another
commenter, however, believed that the
provisions regarding joint relationships
may not be appropriate for the affiliate
marketing rule because section 624
relates to the use of information for
marketing to a particular consumer, not
to the sharing of information among
affiliates. Consumer groups urged the
Agencies to prohibit the use of
eligibility information about a joint
account for making solicitations to a
consumer who has not opted out if the
other joint consumer on the account has
opted out.
The Agencies have renumbered the
provision addressing joint relationships
as § l.23(a)(2) in the final rules. The
Agencies have deleted the example of
joint relationships from the final rules
because it addressed, in part, the
sharing of information, rather than the
use of information. The Agencies have
made other revisions to enhance the
readability of this provision. The
revised provision is substantively
similar to the joint relationships
provision of the GLBA privacy rules,
except to the extent those rules refer to
the sharing of information among
affiliates.
The Agencies believe that different
issues may arise with regard to
providing a single opt-out notice to joint
consumers in the context of this rule,
which focuses on the use of
information, compared to issues that
may arise with regard to providing such
a notice in the context of other privacy
rules that focus on the sharing of
information. For example, a consumer
may opt out with respect to affiliate
marketing in connection with an
individually-held account, but not opt
out with respect to affiliate marketing in
connection with a joint relationship. In
that case, it could be challenging to
identify which consumer information
may and may not be used by affiliates
to make solicitations to the consumer.
Nevertheless, the final rules permit
persons providing opt-out notices to
consumers to provide a single opt-out
notice to joint consumers.
Alternative Contents
Proposed § l.21(d) provided that,
where an institution elects to give
consumers a broader right to opt out of
marketing than is required by this
VerDate Aug<31>2005
16:20 Nov 06, 2007
Jkt 214001
subpart, the institution would have the
ability to modify the contents of the optout notice to reflect accurately the scope
of the opt-out right it provides to
consumers. This section also noted that
proposed Appendix C provided a model
form that may be helpful for institutions
that wish to allow consumers to opt out
of all marketing from the institution and
its affiliates, but use of the model form
is not required. Commenters generally
favored the flexibility afforded by this
provision. The Agencies have
renumbered the provision addressing
alternative contents as § l.23(a)(3) in
the final rules, but otherwise adopted it
as proposed.
Model Notices
Section l.23(a)(4) states that model
notices are provided in Appendix C.
The Agencies have provided these
model notices to facilitate compliance
with the rule. However, the final rules
do not require use of the model notices.
Consolidated and Equivalent Notices
Proposed § l.27 provided that an optout notice required by Subpart C could
be coordinated and consolidated with
any other notice or disclosure required
to be issued under any other provision
of law, including but not limited to the
notice described in section
603(d)(2)(A)(iii) of the FCRA and the
notice required by title V of the GLBA.
In addition, a notice or other disclosure
that was equivalent to the notice
required by this subpart, and that was
provided to a consumer together with
disclosures required by any other
provision of law, would satisfy the
requirements of Subpart C. The proposal
specifically requested comment on the
consolidation of the affiliate marketing
notice with the GLBA privacy notice
and the affiliate sharing opt-out notice
under section 603(d)(2)(A)(iii) of the
FCRA.
Commenters generally supported the
proposed provision. Several
commenters believed it was probable
that most institutions would want to
provide the affiliate marketing opt-out
notice with their existing GLBA privacy
notice to reduce compliance costs and
minimize consumer confusion. One
commenter believed that institutions
would be less likely to include the optout notice as part of their annual GLBA
privacy notice because section 214 does
not have an annual notice requirement.
The Agencies have moved the
provisions addressing consolidated and
equivalent notices to the section
addressing the contents of the notice
and renumbered those provisions as
§§ l.23(b) and (c) respectively in the
final rules. Otherwise, those provisions
PO 00000
Frm 00024
Fmt 4701
Sfmt 4700
have been adopted as proposed with
one exception. The provision on
equivalent notices clarifies that an
equivalent notice satisfies the
requirements of § l.23—not the entire
subpart—because the subpart addresses
many issues besides the content of the
notice, such as delivery and renewal of
opt-outs. The Agencies believe that
these provisions are related to the
contents of the notice and should
therefore be included in this section.
The Agencies encourage
consolidation of the affiliate marketing
opt-out notice with the GLBA privacy
notice, including the affiliate sharing
opt-out notice under section
603(d)(2)(A)(iii) of the FCRA, so that
consumers receive a single notice they
can use to review and exercise all
privacy opt-outs. Consolidation of these
notices, however, presents special
issues. For example, the affiliate
marketing opt-out may be limited to a
period of at least five years, subject to
renewal, whereas the GLBA privacy and
FCRA section 603(d)(2)(A)(iii) opt-out
notices are not time-limited. This
difference, if applicable, must be made
clear to the consumer. Thus, if a
consolidated notice is used and the
affiliate marketing opt-out is limited in
duration, the notice must inform
consumers that if they previously opted
out, they do not need to opt out again
until they receive a renewal notice
when the opt-out expires or is about to
expire. In addition, as discussed more
fully below, the Agencies have
developed a model privacy form that
includes the affiliate marketing opt-out.
The Agencies expect that once
published in final form, use of the
model privacy form will satisfy the
requirement to provide an affiliate
marketing opt-out notice.
Section l.24 Reasonable Opportunity
To Opt Out
Section l.22(a) of the proposal
provided that before a receiving affiliate
could use eligibility information to
make or send solicitations to the
consumer, the communicating affiliate
would have to provide the consumer
with a reasonable opportunity to opt out
following delivery of the opt-out notice.
Given the variety of circumstances in
which institutions must provide a
reasonable opportunity to opt out, the
proposal construed the requirement for
a reasonable opportunity to opt out as
a general test that would avoid setting
a mandatory waiting period in all cases.
The proposed rules would not have
required institutions subject to the rule
to disclose how long a consumer would
have to respond to the opt-out notice
before eligibility information
E:\FR\FM\07NOR2.SGM
07NOR2
rwilkins on PROD1PC63 with RULES_2
Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations
communicated to affiliates could be
used to make or send solicitations to the
consumer, although institutions would
have the flexibility to include such
disclosures in their notices. In this
respect, the proposed rules were
consistent with the GLBA privacy rules.
Industry commenters generally
supported the Agencies’ approach of
treating the requirement for a reasonable
opportunity to opt out as a general test
that would avoid setting a mandatory
waiting period. NAAG, on the other
hand, believed that the Agencies should
set a mandatory waiting period of at
least 45 days from the date of mailing
or other transmission of the notice
because consumers may be ill, away
from home, or otherwise unable to
respond to correspondence promptly.
Industry commenters generally
supported the Agencies’ decision not to
require the disclosure of how long a
consumer would have to respond to the
opt-out notice before eligibility
information could be used to make or
send solicitations to the consumer.
Consumer groups believed that
consumers should be told how long they
have to respond to the notice before
eligibility information could be used by
affiliates to make or send solicitations
and that they may exercise their right to
opt out at any time.
The Agencies have renumbered the
section addressing a reasonable
opportunity to opt out as § l.24 in the
final rules, and revised it. Section
l.24(a) of the final rules retains the
approach of construing the requirement
for a reasonable opportunity to opt out
as a general test that avoids setting a
mandatory waiting period in all cases.
Given the variety of circumstances in
which a reasonable opportunity to opt
out must be provided, the Agencies
believe that the appropriate time to
permit solicitations may vary depending
upon the circumstances. A general
standard provides flexibility to allow a
person to use eligibility information it
receives from an affiliate to make
solicitations at an appropriate point in
time that may vary depending upon the
circumstances, while assuring that the
consumer is given a realistic
opportunity to prevent such use of this
information. In the final rules, the
Agencies have retained the approach of
not requiring affiliate marketing opt-out
notices to disclose how long a consumer
has to respond before eligibility
information may be used to make
solicitations to the consumer or that
consumers may exercise their right to
opt out at any time. However, an
institution may, at its option, add this
information to its opt-out notice.
VerDate Aug<31>2005
16:20 Nov 06, 2007
Jkt 214001
Section l.22(b) of the proposal
provided examples to illustrate what
would constitute a reasonable
opportunity to opt out. The proposed
examples would have provided a
generally applicable safe harbor for optout periods of 30 days. As explained in
the supplementary information to the
proposal, although 30 days would be a
safe harbor, a person subject to this
requirement could decide, at its option,
to give consumers more than 30 days in
which to decide whether or not to opt
out. A shorter waiting period could be
adequate in certain situations
depending on the circumstances.
Proposed § l.22(b)(1) contained an
example of a reasonable opportunity to
opt out when the notice was provided
by mail. Proposed § l.22(b)(2)
contained an example of a reasonable
opportunity to opt out when the notice
was provided by electronic means. The
proposed examples were consistent
with examples used in the GLBA
privacy rules.
Proposed § l.22(b)(3) contained an
example of a reasonable opportunity to
opt out where, in a transaction
conducted electronically, the consumer
was required to decide, as a necessary
part of proceeding with the transaction,
whether or not to opt out before
completing the transaction, so long as
the institution provided a simple
process at the Internet Web site that the
consumer could use at that time to opt
out. In this example, the opt-out notice
would automatically be provided to the
consumer, such as through a nonbypassable link to an intermediate Web
page, or ‘‘speedbump.’’ The consumer
would be given a choice of either opting
out or not opting out at that time
through a simple process conducted at
the Web site. For example, the
consumer could be required to check a
box right at the Internet Web site in
order to opt out or decline to opt out
before continuing with the transaction.
However, this example would not cover
a situation where the consumer was
required to send a separate e-mail or
visit a different Internet Web site in
order to opt out.
Proposed § l.22(b)(4) illustrated that
including the affiliate marketing opt-out
notice in a notice under the GLBA
would satisfy the reasonable
opportunity standard. In such cases, the
consumer would be allowed to exercise
the opt-out in the same manner and
would be given the same amount of time
to exercise the opt-out as is provided for
any other opt-out provided in the GLBA
privacy notice.
Proposed § l.22(b)(5) illustrated how
an ‘‘opt-in’’ could meet the requirement
to provide a reasonable opportunity to
PO 00000
Frm 00025
Fmt 4701
Sfmt 4700
62933
opt out. Specifically, if an institution
has a policy of not allowing its affiliates
to use eligibility information to market
to consumers without the consumer’s
affirmative consent, providing the
consumer with an opportunity to ‘‘opt
in’’ or affirmatively consent to such use
would constitute a reasonable
opportunity to opt out. The
supplementary information clarified
that the consumer’s affirmative consent
must be documented and that a preselected check box would not evidence
the consumer’s affirmative consent.
Some industry commenters supported
the proposed 30-day safe harbor and the
examples illustrating the safe harbor.
Other industry commenters, however,
expressed concern that the 30-day safe
harbor would become the mandatory
minimum waiting period in virtually all
cases, particularly because of the risk of
civil liability. For this reason, some
industry commenters objected to the use
of examples altogether and urged that
the Agencies delete the proposed
examples. Other industry commenters
asked the Agencies to include only the
examples from the GLBA.
Consumer groups believed that the
safe harbor should be 45 days, rather
than 30 days. These commenters
believed that 45 days was necessary in
part to account for the time consumed
in mail deliveries and in part to avoid
penalizing consumers who are away
from home for vacation or illness.
Regarding the specific examples, a
few commenters objected to the
example in proposed § l.22(b)(2),
stating that the acknowledgement of
receipt requirement would be
inconsistent with the Electronic
Signatures in Global and National
Commerce Act (E-Sign Act). One of
these commenters believed this
requirement amounted to an opt in for
electronic notices. Several commenters
believed that the example in proposed
§ l.22(b)(3) for requesting the consumer
to opt out as a necessary step in
proceeding with an electronic
transaction should not be limited to
electronic transactions, but should be
expanded to apply to all transaction
methods. A number of commenters
believed that the example in proposed
§ l.22(b)(5) should either be deleted or,
alternatively, should not refer to
‘‘affirmative’’ consent. These
commenters noted that the example in
proposed § l.22(b)(4) allowed a person
to satisfy the reasonable opportunity
standard by permitting the consumer to
exercise the opt-out in the same manner
and giving the consumer the same
amount of time to exercise the opt-out
as provided in the GLBA privacy notice
E:\FR\FM\07NOR2.SGM
07NOR2
rwilkins on PROD1PC63 with RULES_2
62934
Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations
and that the GLBA rules did not require
‘‘affirmative’’ consent.
The Agencies have renumbered the
examples of a reasonable opportunity to
opt out as § l.24(b) in the final rules,
and revised them as discussed below.
The Agencies believe the examples are
helpful in illustrating what constitutes a
reasonable opportunity to opt out.
The generally applicable 30-day safe
harbor is retained in the final rules. The
Agencies believe that providing a
generally applicable safe harbor of 30
days is helpful because it affords
certainty to entities that choose to
follow the 30-day waiting period.
Although 30 days is a safe harbor in all
cases, a person providing an opt-out
notice may decide, at its option, to give
consumers more than 30 days in which
to decide whether or not to opt out. A
shorter waiting period could be
adequate in certain situations,
depending on the circumstances, in
accordance with the general test for a
reasonable opportunity to opt out. The
use of examples and a 30-day safe
harbor is consistent with the approach
followed in the GLBA privacy rules.
However, the Agencies believe that the
examples in these rules should differ to
some extent from the examples in the
GLBA privacy rules because the affiliate
marketing opt-out requires a one-time,
not an annual, notice. Further, the
affiliate marketing notice may, but need
not, be included in the GLBA privacy
notice.
In the final rules, the Agencies have
retained the example of a reasonable
opportunity to opt out by mail with
revisions for clarity. Commenters had
no specific objections to this example.
The Agencies have revised the
example of a reasonable opportunity to
opt out by electronic means and divided
it into two subparts in the final rules to
illustrate the different means of
delivering an electronic notice. The
example illustrates that for notices
provided electronically, such as by
posting the notice at an Internet Web
site at which the consumer has obtained
a product or service, a reasonable
opportunity to opt out would include
giving the consumer 30 days after the
consumer acknowledges receipt of the
electronic notice to opt out by any
reasonable means. The
acknowledgement of receipt aspect of
this example is consistent with an
example in the GLBA privacy
regulations. The example also illustrates
that for notices provided by e-mail to a
consumer who had agreed to receive
disclosures by e-mail from the person
sending the notice, a reasonable
opportunity to opt out would include
giving the consumer 30 days after the e-
VerDate Aug<31>2005
16:20 Nov 06, 2007
Jkt 214001
mail is sent to elect to opt out by any
reasonable means. The Agencies do not
believe that consumer
acknowledgement is necessary where
the consumer has agreed to receive
disclosures by e-mail.
The Agencies have determined that
the electronic delivery of affiliate
marketing opt-out notices does not
require consumer consent in accordance
with the E-Sign Act because neither
section 624 of the FCRA nor these final
rules require that the notice be provided
in writing. Thus, the Agencies do not
believe that the acknowledgement of
receipt trigger is beyond the scope of
their interpretive authority. Persons that
provide affiliate marketing opt-out
notices under this Subpart C
electronically may do so pursuant to the
agreement of the consumer, as specified
in these rules, or in accordance with the
requirements of the E-Sign Act.
The Agencies believe that the
example of a consumer who is required
to opt out as a necessary part of
proceeding with the transaction should
not be limited to electronic transactions.
However, rather than revising the
electronic transactions example, the
Agencies have retained the electronic
transactions example in § l.24(b)(3)
and added a new example for in-person
transactions in § l.24(b)(4). Together,
these examples illustrate that an
abbreviated opt-out period is
appropriate when the consumer is given
a ‘‘yes’’ or ‘‘no’’ choice and is not
permitted to proceed with the
transaction unless the consumer makes
a choice. For in-person transactions,
consumers could be provided a form
with a question that requires the
consumer to write a ‘‘yes’’ or ‘‘no’’ to
indicate their opt-out preference or a
form that contains two blank check
boxes: One that allows consumers to
indicate that they want to opt out and
one that allows consumers to indicate
that they do not want to opt out.
In the final rules, the Agencies have
retained the example of including the
opt-out notice in a privacy notice in
§ l.24(b)(5) as consistent with the
statutory requirement that the Agencies
consider methods for coordinating and
combining notices. The Agencies have
deleted the example of providing an
opt-in as a form of opting out as
unnecessary and confusing.
Section l.25 Reasonable and Simple
Methods of Opting Out
Section l.23 of the proposal set forth
reasonable and simple methods of
opting out. This section generally
tracked the examples of reasonable optout means from § l.7(a)(2)(ii) of the
GLBA privacy regulations with certain
PO 00000
Frm 00026
Fmt 4701
Sfmt 4700
revisions to give effect to Congress’s
mandate that methods of opting out be
simple. For instance, proposed
§ l.23(a)(2) referred to including a selfaddressed envelope with the reply form
and opt-out notice. The Agencies also
contemplated that a toll-free telephone
number would be adequately designed
and staffed to enable consumers to opt
out in a single phone call.
Proposed § l.23(b) set forth methods
of opting out that are not reasonable and
simple, such as requiring the consumer
to write a letter to the institution or to
call or write to obtain an opt-out form
rather than including it with the notice.
This section generally tracked the
examples of unreasonable opt-out
means from § l.7(a)(2)(iii) of the GLBA
privacy rules. In addition, the proposal
contained an example of a consumer
who agrees to receive the opt-out notice
in electronic form only, such as by
electronic mail or by using a process at
a Web site. Such a consumer should not
be required to opt out solely by
telephone or paper mail.
Many industry commenters asked the
Agencies to clarify that the examples are
not the only ways to comply with the
rules. These commenters believed that,
as drafted, the proposal could be
interpreted as exclusive rules, rather
than as examples. These commenters
asked the Agencies to make clear in the
final rules that the methods set out in
the rules are examples and do not
exclude other reasonable and simple
methods of opting out. A few industry
commenters believed that the final rules
should not include any examples of
methods of opting out because of the
potential for civil liability.
Many industry commenters also urged
the Agencies to use the same examples
used in the GLBA privacy rules. These
commenters did not believe that
Congress would allow coordinated and
consolidated notices, but require
different methods of opting out. For
instance, these commenters
recommended deleting the reference to
a self-addressed envelope because there
is no such reference in the GLBA
privacy rules. One commenter noted
that its experience with self-addressed
envelopes was negative because
consumers often used the envelopes for
other purposes resulting in misdirected
communications. Industry commenters
also objected to requiring institutions to
provide an electronic opt-out
mechanism to a consumer who agrees to
receive an opt-out notice in electronic
form. These commenters believed this
example was unjustified and
inconsistent with the GLBA privacy
rules. Commenters also indicated that
some institutions may not have the
E:\FR\FM\07NOR2.SGM
07NOR2
rwilkins on PROD1PC63 with RULES_2
Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations
technical capabilities to accept
electronic opt-outs. Several commenters
recommended that the Agencies clarify
that an institution is not obligated to
honor opt-outs submitted through
means other than those designated by
the institution.
Consumer groups generally believed
that the proposal appropriately tracked
the examples in the GLBA privacy
regulations with revisions to give effect
to Congress’s mandate that methods of
opting out be simple. These commenters
believed, however, that the proposal
was inadequate because it provided
examples instead of requiring the use of
certain methods. These commenters
believed that the final rule should
require self-addressed envelopes and
require that toll-free numbers be
adequately designed and staffed to
enable consumers to opt out in a single
phone call. According to these
commenters, inadequate and poorly
trained staff has been a shortcoming of
the GLBA opt-out procedures. These
commenters also recommended that
consumers be given the opportunity to
opt out by a simple check box on
payment coupons. Finally, these
commenters asked the Agencies to
clarify that the federal standard is a
floor and that if the notice is combined
with other choices made available under
other federal and state laws, the most
consumer-friendly means for opting out
should apply.
The Agencies have renumbered the
section addressing reasonable and
simple methods of opting out as § l.25
in the final rules, and revised it as
discussed below. The Agencies have
restructured this section to include a
general rule and examples in separate
paragraphs (a) and (b) respectively. This
revision clarifies that the specific
methods identified in the rule are
examples, not an exhaustive list of
permissible methods.
The Agencies believe that including
examples in § l.25(b) is helpful.
However, the Agencies decline to adopt
the GLBA examples without change.
Section 624 of the FCRA requires the
Agencies to ensure that the consumer is
given reasonable and simple methods of
opting out. The GLBA did not require
simple methods of opting out. The
Agencies believe that the methods of
opting out can, in some instances, be
simpler than some of the reasonable
methods illustrated in the GLBA privacy
rules. To effectuate the statutory
mandate that consumers have simple
methods of opting out, the Agencies
have modified, for purposes of this
rulemaking, some of the examples of
reasonable methods of opting out that
VerDate Aug<31>2005
16:20 Nov 06, 2007
Jkt 214001
were used in the GLBA privacy
regulations.
Most of the examples in the final rules
are substantially similar to those in
§ l.23(a) and (b) of the proposal with
revisions for clarity. The example in
§ l.25(b)(1)(ii) has been revised to
reflect the Agencies’ understanding that
the reply form and self-addressed
envelope would be included together
with the opt-out notice. As in the
proposal, the Agencies contemplate that
a toll-free telephone number that
consumers may call to opt out, as
illustrated by the example in
§ l.25(b)(1)(iv), would be adequately
designed and staffed to enable
consumers to opt out in a single phone
call. In setting up a toll-free telephone
number that consumers may use to
exercise their opt-out rights, institutions
should minimize extraneous messages
directed to consumers who are in the
process of opting out.
One new example in § l.25(b)(1)(v)
illustrates that reasonable and simple
methods include allowing consumers to
exercise all of their opt-out rights
described in a consolidated opt-out
notice that includes the GLBA privacy,
FCRA affiliate sharing, and FCRA
affiliate marketing opt-outs, by a single
method, such as by calling a single tollfree telephone number. This example
furthers the statutory directive to the
Agencies to ensure that notices and
disclosures may be coordinated and
consolidated. The final rules also clarify
the example renumbered as
§ l.25(b)(2)(iii) to illustrate that it is not
reasonable or simple to require a
consumer who receives the opt-out
notice in electronic form, such as
through posting at an Internet Web site,
to opt out solely by paper mail or by
visiting a different Web site without
providing a link to that site.
Section .25(c) has been added to
clarify that each consumer may be
required to opt out through a specific
means, as long as that means is
reasonable and simple for that
consumer. This new section
corresponds to a provision in the GLBA
privacy rules, § l.7(a)(2)(iv).
Section l.26
Notices
Delivery of Opt-Out
General Rule and Examples
Section l.24 of the proposal
addressed the delivery of opt-out
notices. Proposed § l.24(a) provided
that an institution would have to deliver
an opt-out notice so that each consumer
could reasonably be expected to receive
actual notice. This standard would not
have required actual notice. The
supplementary information to the
PO 00000
Frm 00027
Fmt 4701
Sfmt 4700
62935
proposal also clarified that, for opt-out
notices delivered electronically, the
notices could be delivered either in
accordance with the electronic
disclosure provisions in Subpart C or in
accordance with the E-Sign Act. For
example, the institution could e-mail its
notice to a consumer who agreed to the
electronic delivery of information or
provide the notice on its Internet Web
site for a consumer who obtained a
product or service electronically from
that Web site. Commenters generally
supported the reasonable expectation of
actual notice standard.
Proposed § l.24(b) provided
examples to illustrate what would
constitute delivery of an opt-out notice.
Commenters expressed concern about
the electronic notice example in
proposed paragraph (b)(1)(iii).
Consumer groups objected to this
example by pointing to a growing trend
in which companies require consumers
to agree to electronic notices if they
conduct business on an Internet Web
site. These commenters believed that
there was nothing to ensure that the
notice would be clearly accessible to
consumers on the Web site. These
commenters believed that, at a
minimum, the Agencies should require
the notice to be sent to the consumer’s
e-mail address, rather than posted to an
Internet Web site, where the consumer
has expressly opted in to the electronic
delivery of notices. Some industry
commenters objected to the
acknowledgement of receipt
requirement in this example as
inconsistent with the E-Sign Act. One of
these commenters urged the Agencies to
explicitly incorporate the E-Sign Act
into the requirements for delivering optout notices.
The Agencies have renumbered the
general rule regarding delivery of optout notices as § l.26(a) in the final
rules and divided the examples into
positive and negative examples in
§§ l.26(b) and (c) respectively. In the
final rules, the Agencies have retained
the reasonable expectation of actual
notice standard, which does not require
the institution to determine if the
consumer actually received the opt-out
notice. For example, mailing a printed
copy of the opt-out notice to the last
known mailing address of a consumer
satisfies the requirement to deliver the
opt-out notice so that there is a
reasonable expectation that the
consumer has received actual notice.
The Agencies have revised some of
the examples of a reasonable
expectation of actual notice for
electronic notices. The new example in
§ l.26(b)(3) illustrates that the
reasonable expectation of actual notice
E:\FR\FM\07NOR2.SGM
07NOR2
62936
Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations
rwilkins on PROD1PC63 with RULES_2
standard would be satisfied by
providing notice by e-mail to a
consumer who has agreed to receive
disclosures by e-mail from the person
providing the notice. The Agencies
reiterate that an acknowledgement of
receipt is not necessary for a notice
provided by e-mail to such a consumer.
Conversely, the example in § l.26(c)(2)
illustrates that the reasonable
expectation of actual notice standard
would not be satisfied by providing
notice by e-mail to a consumer who has
not agreed to receive disclosures by email from the person providing the
notice.
The revised example in § l.26(b)(4)
illustrates that for a consumer who
obtains a product or service
electronically, the reasonable
expectation standard would be satisfied
by posting the notice on the Internet
Web site at which the consumer obtains
such product or services and requiring
the consumer to acknowledge receipt of
the notice. Conversely, the new example
in § l.26(c)(3) illustrates that the
reasonable expectation standard would
not be satisfied by posting the notice on
the Internet Web site without requiring
the consumer to acknowledge receipt of
the notice. As discussed above, the
Agencies have determined that the
electronic delivery of opt-out notices
does not require consumer consent in
accordance with the E-Sign Act because
neither section 624 of the FCRA nor the
final rules require that the notice be
provided in writing. Thus, requiring an
acknowledgement of receipt is within
the scope of the Agencies’ interpretive
authority. This example is also
consistent with an example in the GLBA
privacy rules and seems appropriate
where the notice is posted at an Internet
Web site.
The Agencies decline to require the
delivery of electronic notices by e-mail.
Concerns about the security of e-mail,
especially phishing, make it
inappropriate to require e-mail as the
only permissible form of electronic
delivery for opt-out notices.
Section l.27 Renewal of Opt-Out
Proposed §l.26 described the
procedures for extension of an opt-out.
Proposed §l.26(a) provided that a
receiving affiliate could not make or
send solicitations to the consumer after
the expiration of the opt-out period
based on eligibility information it
receives or has received from an
affiliate, unless the person responsible
for providing the initial opt-out notice,
or its successor, has given the consumer
an extension notice and a reasonable
opportunity to extend the opt-out, and
the consumer does not extend the opt-
VerDate Aug<31>2005
16:20 Nov 06, 2007
Jkt 214001
out. Thus, if an extension notice was not
provided to the consumer, the opt-out
period would continue indefinitely.
Proposed §l.26(b) provided that each
opt-out extension would have to be
effective for a period of at least five
years.
Proposed §l.26(c) addressed the
contents of a clear, conspicuous, and
concise extension notice and provided
flexibility to comply in either of two
ways. Under one approach, the notice
would disclose the same items required
to be disclosed in the initial opt-out
notice, along with a statement
explaining that the consumer’s prior
opt-out has expired or is about to expire,
as applicable, and that if the consumer
wishes to keep the consumer’s opt-out
election in force, the consumer must opt
out again. Under a second approach, the
extension notice would provide: (1)
That the consumer previously elected to
limit an affiliate from using eligibility
information about the consumer that it
obtains from the communicating
affiliate to make or send solicitations to
the consumer; (2) that the consumer’s
election has expired or is about to
expire, as applicable; (3) that the
consumer may elect to extend the
consumer’s previous election; and (4) a
reasonable and simple method for the
consumer to opt out. The
supplementary information to the
proposal clarified that institutions
would not need to provide extension
notices if they treated the consumer’s
opt-out election as valid in perpetuity,
unless revoked by the consumer.
Proposed §l.26(d) addressed the
timing of the extension notice and
provided that an extension notice could
be given to the consumer either a
reasonable period of time before the
expiration of the opt-out period, or any
time after the expiration of the opt-out
period but before solicitations that
would have been prohibited by the
expired opt-out are made to the
consumer. The Agencies did not
propose to set a fixed time for what
would constitute a reasonable period of
time before the expiration of the opt-out
period to send an extension notice
because a reasonable period of time may
depend upon the amount of time
afforded to the consumer for a
reasonable opportunity to opt out, the
amount of time necessary to process
opt-outs, and other factors. Proposed
§l.26(e) made clear that sending an
extension notice to the consumer before
the expiration of the opt-out period does
not shorten the five-year opt-out period.
A few industry commenters objected
to the fact that the contents of the
extension notice would differ from the
contents of the initial notice by
PO 00000
Frm 00028
Fmt 4701
Sfmt 4700
requiring that the extension notice
inform the consumer that the
consumer’s prior opt-out has expired or
is about to expire, as applicable, and
that the consumer must opt out again to
keep the opt-out election in force. These
commenters argued that the added
disclosure requirement would be costly
and provide little benefit to consumers.
One commenter maintained that the
added disclosure requirement would
make it difficult, if not impossible, to
combine the extension notice with the
GLBA privacy notice. Commenters also
maintained that the language of the
statute, particularly section 624(a)(1),
contemplates that the same notice
would satisfy the requirements for the
initial and extension notices. Consumer
groups and NAAG recommended that
the Agencies define a ‘‘reasonable
opportunity’’ to extend the opt-out as a
period of at least 45 days before shared
eligibility information is used to make
solicitations to the consumer.
The Agencies have renumbered the
provisions addressing the extension or
renewal of opt-outs as §l.27 in the final
rules and revised them. For purposes of
clarity, the final rules refer to a
‘‘renewal’’ notice, rather than an
‘‘extension’’ notice.
Sectionl.27(a) contains the general
rule, which provides that after the optout period expires, a person may not
make solicitations based on eligibility
information received from an affiliate to
a consumer who previously opted out
unless the consumer has been given a
compliant renewal notice and a
reasonable opportunity to opt out, and
the consumer does not renew the optout. This section also clarifies that a
person can make solicitations to a
consumer after expiration of the opt-out
period if one of the exceptions in
§l.21(c) applies.
The Agencies decline to set a fixed
minimum time period for a reasonable
opportunity to renew the opt-out as
unnecessary and inconsistent with the
approach taken elsewhere in this rule
and in the GLBA privacy rules. The
provision regarding the duration of the
renewed opt-out elicited no comment,
and it has been retained in §l.27(a)(2)
of the final rules.
Sectionl.27(a)(3) identifies the
affiliates who may provide the renewal
notice. A renewal notice must be
provided either by the affiliate that
provided the previous opt-out notice or
its successor, or as part of a joint
renewal notice from two or more
members of an affiliated group of
companies, or their successors, that
jointly provided the previous opt-out
notice. This rule balances the Agencies’
goal of ensuring that the notice is
E:\FR\FM\07NOR2.SGM
07NOR2
rwilkins on PROD1PC63 with RULES_2
Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations
provided by an entity known to the
consumer with a recognition that
flexibility is required to account for
changes in the corporate structure that
may result from mergers and
acquisitions, corporate name changes,
and other events.
The Agencies recognize that the
content of the extension or renewal
notice differs from the content of the
initial notice. Nothing in the statute,
however, requires identical content in
the initial and renewal notices.
Moreover, the statute requires the
Agencies to provide specific guidance to
ensure that opt-out notices are clear,
conspicuous, and concise. It is
unreasonable to expect consumers,
upon receipt of a renewal notice, to
remember that they previously opted
out five years ago (or longer) or, even if
they do remember, to know that they
must opt out again in order to renew
their opt-out decision. Therefore, to
ensure that the renewal notice is
meaningful, the Agencies conclude that
the renewal notice must remind the
consumer that he or she previously
opted out, inform the consumer that the
opt-out has expired or is about to expire,
and advise the consumer that he or she
must opt out again to renew the opt-out
and continue to limit solicitations from
affiliates. Under the final rules, the
renewal notice can state that ‘‘the
consumer’s election has expired or is
about to expire.’’ The Agencies have
deleted the words ‘‘as applicable’’ so
that the notice does not have to be
tailored to differentiate consumers for
whom the election ‘‘has expired’’ from
those for whom the election ‘‘is about to
expire.’’
The Agencies are not persuaded that
the additional content of the renewal
notice will have any impact on the
ability to combine the opt-out notice
with the GLBA privacy notice. Even if
the language of the renewal notice were
identical to the initial notice, it still
could be difficult to avoid honoring a
consumer’s opt-out in perpetuity if the
affiliate marketing opt-out notice is
incorporated into the GLBA privacy
notice. Privacy notices typically state
that if a consumer has previously opted
out, it is not necessary for the consumer
to opt out again. This statement would
be accurate with respect to the affiliate
marketing opt-out only if the
consumer’s opt-out is honored in
perpetuity. It would not be accurate,
however, if the affiliate marketing optout is effective only for a limited period
of time, subject to renewal by the
consumer at intervals of five years or
longer. Thus, if the affiliate marketing
opt-out notice was consolidated with
GLBA privacy notices and were
VerDate Aug<31>2005
16:20 Nov 06, 2007
Jkt 214001
effective for a limited period of time, the
privacy notices would have to be
modified to make clear that statements
that the consumer does not have to opt
out again do not apply to the affiliate
marketing renewal notice. Therefore, the
Agencies do not believe that requiring a
renewal notice to contain information
not included in an initial notice will
significantly affect the ability to
incorporate the affiliate marketing optout notices into GLBA privacy notices
because consolidation of the notices is
most likely to occur when the affiliate
marketing opt-out will be honored in
perpetuity. Entities that prefer not to
provide renewal notices may do so by
honoring the consumer’s opt-out in
perpetuity. The contents of the renewal
notice are adopted in §l.27(b) with
revisions that incorporate the changes to
§l.23, as discussed above.
Sectionl.27(b) of the final rules also
omits the alternative contents set forth
in the proposal, which the Agencies
now believe would be unnecessarily
duplicative.
Proposed §l.26(d) addressed the
timing of the extension or renewal
notice and elicited no comment. The
Agencies have renumbered this
provision as §l.27(d) in the final rules,
and adopted it with technical revisions.
As explained in the supplementary
information to the proposal, providing
the renewal notice a reasonable period
of time before the expiration of the optout period would enable institutions to
begin marketing to consumers who do
not renew their opt-out upon expiration
of the opt-out period. But giving a
renewal notice too far in advance of the
expiration of the opt-out period may
confuse consumers. The Agencies will
deem a renewal notice provided on or
with the last annual privacy notice
required by the GLBA privacy
provisions sent to the consumer before
the expiration of the opt-out period to
be reasonable in all cases.
Proposed §l.26(e) regarding the
effect of an extension or renewal notice
on the existing opt-out period elicited
no comment. The Agencies have
renumbered this provision as §l.27(d)
in the final rules, and adopted it with
technical changes.
Section l.28 Effective Date,
Compliance Date, and Prospective
Application
Effective Date and Compliance Date
Consistent with the requirements of
section 624 of the FCRA, the proposal
indicated that the final rules would
become effective six months after the
date on which they would be issued in
final form. The Agencies requested
PO 00000
Frm 00029
Fmt 4701
Sfmt 4700
62937
comment on whether there was any
need to delay the mandatory
compliance date beyond the effective
date specifically to permit institutions
to incorporate the affiliate marketing
opt-out notice into their next annual
GLBA privacy notice.
Most industry commenters believed
that the Agencies should delay the
mandatory compliance date until some
time after the effective date of the final
rules. These commenters suggested
various periods for delaying the
mandatory compliance date ranging
from three months to more than 24
months. Common recommendations
were for a delayed mandatory
compliance date of six, 12, or 18
months.
Some of these commenters suggested
a two-part mandatory compliance date
consisting of a delayed mandatory
compliance date of either three or six
months for new accounts or for general
application and a special mandatory
compliance date for institutions that
intend to consolidate their affiliate
marketing opt-out notice with their
GLBA privacy notice. Under this special
mandatory compliance date, institutions
would have to comply at the time they
provide their next GLBA privacy notice
following the effective date of the final
rules or a date certain, whichever is
earlier.
Industry commenters believed that a
delayed mandatory compliance date
was necessary in order to make
significant changes to business practices
and procedures, to implement necessary
operational and systems changes, and to
design and provide opt-out notices.
Industry commenters also noted that
many institutions would like to send the
affiliate marketing opt-out notice with
their initial or annual GLBA privacy
notices, both to minimize costs and to
avoid consumer confusion. These
commenters noted that many large
institutions provide GLBA privacy
notices on a rolling basis and that a
delayed mandatory compliance date
was necessary to enable institutions to
introduce the affiliate marketing opt-out
notice into this cycle. One large
institution estimated that its first-year
compliance costs would increase by a
minimum of $660,000 if it was not able
to consolidate the affiliate marketing
opt-out notice with its GLBA privacy
notice. A few industry commenters
believed that Congress knew that an
effective date is not necessarily the same
as a mandatory compliance date because
banking regulations commonly have
effective dates and mandatory
compliance dates that differ.
Consumer groups and NAAG believed
that the effective date of the final rules
E:\FR\FM\07NOR2.SGM
07NOR2
62938
Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations
rwilkins on PROD1PC63 with RULES_2
should be the mandatory compliance
date. These commenters believed that
institutions have had time to prepare for
compliance since the FACT Act became
law in December 2003. Consumer
groups believed that if institutions need
more time to comply, affiliates should
cease using eligibility information to
make solicitations until the notice and
opportunity to opt out is provided.
The final rules will become effective
January 1, 2008. Consistent with the
statute’s directive that the Agencies
ensure that notices may be consolidated
and coordinated, the mandatory
compliance date is delayed to give
institutions a reasonable amount of time
to include the affiliate marketing opt-out
notice with their initial and annual
privacy notices. Accordingly,
compliance with Subpart C is required
not later than October 1, 2008. The
Agencies believe that delaying the
mandatory compliance date for
approximately one year will give all
institutions adequate time to develop
and distribute opt-out notices and give
most institutions sufficient time to
develop and distribute consolidated
notices if they choose to do so.
Prospective Application
Proposed §l.20(e) provided that the
provisions of Subpart C would not
apply to eligibility information that was
received by a receiving affiliate prior to
the date on which compliance with
these regulations would be required.
Some industry commenters supported
this provision. Other industry
commenters, however, believed that the
proposed rule did not track the statutory
language or reflect the intent of
Congress. These commenters believed
that the final rules should grandfather
all information received by any
financial institution or affiliate in a
holding company prior to the
mandatory compliance date, and not
grandfather only that information
received prior to the mandatory
compliance date by a person that
intends to use the information to make
solicitations to the consumer. Some of
these commenters recommended, in the
alternative, that the Agencies clarify that
any information placed into a common
database by an affiliate should be
deemed to have been provided to an
affiliated person if the Agencies opt to
retain the prospective application
provision as proposed. These
commenters argued that without such a
clarification, affiliated companies would
have to undertake the costly
deconstruction of existing databases to
ensure compliance.
In the final rules, the provision
addressing prospective application has
VerDate Aug<31>2005
16:20 Nov 06, 2007
Jkt 214001
been renumbered as §l.28(c), and
revised. The Agencies continue to
believe that the better interpretation of
the non-retroactivity provision is that it
is tied to receipt of eligibility
information by a person that intends to
use the information to make
solicitations to the consumer. The final
rules clarify, however, that a person is
deemed to receive eligibility
information from its affiliate when the
affiliate places that information in a
common database where it is accessible
by the person, even if the person has not
accessed or used that information as of
the compliance date. For example,
assume that an affiliate obtains
eligibility information about a consumer
as a result of having a pre-existing
business relationship with that
consumer. The affiliate places that
information into a common database
that is accessible to other affiliates
before the mandatory compliance date.
The final rules do not apply to that
information and other affiliates may use
that information for marketing to the
consumer. On the other hand, if the
affiliate obtains eligibility information
about the consumer before the
mandatory compliance date, but does
not either place that information into a
common database that is accessible to
other affiliates or otherwise provide that
information to another affiliate before
the mandatory compliance date, the
final rules will apply to that eligibility
information. Further, if the database is
updated with new eligibility
information after the mandatory
compliance date, the final rules will
apply to the new or updated eligibility
information.
Appendix C
Appendix A of the proposal contained
model forms to illustrate by way of
example how institutions could comply
with the notice and opt-out
requirements of section 624 and the
proposed regulations. Appendix A
included three proposed model forms.
Model Form A–1 was a proposed form
of an initial opt-out notice. Model Form
A–2 was a proposed form of an
extension notice. Model Form A–3 was
a proposed form that institutions may
use if they offer consumers a broader
right to opt out of marketing than is
required by law.
The proposed model forms were
designed to convey the necessary
information to consumers as simply as
possible. The Agencies tested the
proposed model forms using two widely
available readability tests, the Flesch
reading ease test and the Flesch-Kincaid
grade level test, each of which generates
PO 00000
Frm 00030
Fmt 4701
Sfmt 4700
a readability score.16 Proposed Model
Form A–1 had a Flesch reading ease
score of 53.7 and a Flesch-Kincaid grade
level score of 9.9. Proposed Model Form
A–2 had a Flesch reading ease score of
57.5 and a Flesch-Kincaid grade level
score of 9.6. Proposed Model Form A–
3 had a Flesch reading ease score of 69.9
and a Flesch-Kincaid grade level score
of 6.7.
Commenters generally supported the
proposed model forms. As noted above,
some commenters had concerns about
the content of the initial and renewal
notices. Some industry commenters
expressed concern about requiring the
notice to specify the applicable time
period and the consumer’s right to
renew the election once the opt-out
expires. Industry commenters also
suggested revising the language of the
notice to refer either to ‘‘financial’’
information or ‘‘credit eligibility’’
information for clarity. One commenter
suggested deleting the examples of the
types of information shared with
affiliates. Another commenter suggested
rephrasing the model forms in the
passive voice. One commenter
encouraged the Agencies to clarify that
use of the model forms provides a safe
harbor. Another commenter believed
that the optional third paragraph of
Model Form A–1 should be revised, or
an alternate paragraph added, to provide
guidance on how to clearly disclose to
consumers that the opt-out may not
limit the sharing of contact information
and other information that does not
meet the definition of ‘‘consumer
report.’’
Consumer groups and NAAG
commended the Agencies for reporting
the Flesch reading ease score and
Flesch-Kincaid grade-level score for
each of the model forms. These
commenters urged the Agencies to
modify the proposed rule to require that
any person that does not use the model
forms must provide a notice that
achieves readability scores at least as
good as the scores for the model forms.
Consumer groups also suggested adding
a sentence about providing the form
annually to mitigate consumer
confusion. These commenters also
urged the Agencies to adopt a shortform notice.
The Agencies have revised and
expanded the number of model forms to
reflect changes made to the final rules.
In addition, for ease of reference, the
model forms have been renumbered as
16 The Flesch reading ease test generates a score
between zero and 100, where the higher score
correlates with improved readability. The FleschKincaid grade level test generates a numerical
assessment of the grade-level at which the text is
written.
E:\FR\FM\07NOR2.SGM
07NOR2
rwilkins on PROD1PC63 with RULES_2
Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations
Appendix C to correspond with Subpart
C to which they pertain. The Agencies
believe that model forms are helpful for
entities that give notices and beneficial
for consumers. The model forms are
provided as stand-alone documents.
However, some persons may choose to
combine the opt-out notice with other
consumer disclosures, such as the GLBA
privacy notice. Creating a consolidated
model form is beyond the scope of this
rulemaking, but, as discussed above,
institutions can combine the affiliate
marketing opt-out notice with other
disclosures, including the GLBA privacy
notice.
On March 31, 2006, the Board, FDIC,
FTC, NCUA, OCC, and SEC released a
report entitled Evolution of a Prototype
Financial Privacy Notice prepared by
Kleimann Communication Group, Inc.,
summarizing research that led to the
development of a prototype short-form
GLBA privacy notice. That prototype
included an affiliate marketing opt-out
notice. The prototype assumed that the
notice would be provided by the
affiliate that is sharing eligibility
information. The Agencies believe that
providing model forms in this rule for
stand-alone opt-out notices that may be
used in a more diverse set of
circumstances than a model privacy
form is appropriate and consistent with
efforts to develop a model privacy form.
On March 29, 2007, the Agencies, the
FTC, SEC, and Commodity Futures
Trading Commission published for
public comment in the Federal Register
(72 FR 14,940) a model privacy form
that includes the affiliate marketing optout. Once such a notice is published in
final form, use of the model privacy
form will satisfy the requirement to
provide an initial affiliate marketing
opt-out notice.
The final rules include five model
forms. Model Form C–1 is the model for
an initial notice provided by a single
affiliate. Model Form C–2 is the model
for an initial notice provided as a joint
notice from two or more affiliates.
Model Form C–3 is the model for a
renewal notice provided by a single
affiliate. Model Form C–4 is the model
for a renewal notice provided as a joint
notice from two or more affiliates.
Model Form C–5 is a model for a
voluntary ‘‘no marketing’’ opt-out.
The Agencies tested each of the model
forms using two widely-available
readability tests, the Flesch reading ease
test and the Flesch-Kincaid grade level
test. In conducting these tests, the
Agencies eliminated parenthetical text
wherever possible, included the
optional clauses, and substituted the
names of fictional entities, for example,
ABC Bank or the ABC group of
VerDate Aug<31>2005
16:20 Nov 06, 2007
Jkt 214001
companies, as the names of the relevant
entities to ensure that the test results
were not skewed by the inclusion of
descriptive text that would not be
included in actual opt-out notices. The
results of these tests are summarized for
each of the model forms in Table 1
below.
Although the Agencies encourage the
use of these tests as well as other types
of consumer testing in designing opt-out
notices, the Agencies decline to adopt a
prescriptive approach that requires
notices to achieve certain scores under
the Flesch reading ease or FleschKincaid grade level tests. Some
variation in readability scores is
inevitable and may be caused by minor
differences in the language of the notice,
such as the name of the entity providing
the notice or the types of information
that may be used for marketing.
62939
opt out again until a renewal notice is
sent.
V. Regulatory Analysis
Paperwork Reduction Act
In accordance with the requirements
of the Paperwork Reduction Act (PRA)
of 1995 (44 U.S.C. 3506; 5 CFR part
1320 Appendix A.1), the Agencies have
reviewed the final rules and determined
that they contain collections of
information subject to the PRA. The
Board made this determination under
authority delegated to the Board by the
Office of Management and Budget
(OMB). The collections of information
required by these rules are found in 12
CFR 41.21–41.27, 12 CFR 222.21–
222.27, 12 CFR 334.21–334.27, 12 CFR
571.21–571.27, and 12 CFR 717.21–
717.27. The Agencies may not conduct
or sponsor, and the respondent is not
required to respond to, an information
TABLE 1
collection unless it displays a currently
valid OMB control number. This
FleschFlesch
collection is mandatory (15 U.S.C. 1693
Kincaid
reading
grade level et seq.). The respondents/recordkeepers
ease score
score
are financial institutions that share
certain information for marketing
Model Form C–1
50.2
11.5
Model Form C–2
51.7
11.5 purposes, and certain consumers of
Model Form C–3
54.6
9.7 their services.
The final rules impose disclosure
Model Form C–4
54.2
9.8
Model Form C–5
81.3
3.8 requirements on certain affiliated
companies subject to each Agency’s
As noted in the proposal, use of the
jurisdiction. Specifically, the FACT Act
model forms is not mandatory.
and the final rules provide that when a
However, appropriate use of the model
company communicates certain
forms provides a safe harbor. There is
information about the consumer
flexibility to use or not use the model
(‘‘eligibility information’’) to an affiliate,
forms, or to modify the forms, so long
the affiliate may not use that
as the requirements of the regulation are information to make solicitations for
met. For example, although several of
marketing purposes to the consumer
the model forms use five years as the
unless the consumer is given a notice
duration of the opt-out period, an optand an opportunity to opt-out of that
out period of longer than five years may use of the information and the consumer
be used and the longer time period
does not opt-out.
In the proposal, the Agencies
substituted in the opt-out notices.
estimated that the average amount of
Alternatively, the consumer’s opt-out
may be treated as effective in perpetuity time for a person to prepare an initial
notice as required under the proposal
and, if so, the opt-out notice should
and distribute the notice to consumers
omit any reference to the limited
would be approximately 18 hours. The
duration of the opt-out period or the
Agencies recognized that the amount of
right to renew the opt-out.
The Agencies have revised the model
time needed for any particular person
forms so that the disclosure regarding
subject to the proposed requirements
the duration of the opt-out may state
may be higher or lower, but believed
that the opt-out applies either for a fixed that this average figure was a reasonable
number of years or ‘‘at least 5 years.’’
estimate. To minimize the compliance
This revision permits institutions that
costs and burdens for persons,
use a longer opt-out period or that
particularly small entities, the proposed
subsequently extend their opt-out
rule contained model disclosures and
period to rely on the model language.
opt-out notices that may be used to
The model form also contains a
satisfy the statutory requirements. The
reference to the consumer’s right to
proposed rule gave covered persons
revoke an opt-out. In addition, language flexibility to satisfy the notice and opthas been added to the model forms to
out requirement by sending the
clarify that, with an opt-out of limited
consumer a free-standing opt-out notice
duration, a consumer does not have to
or by adding the opt-out notice to the
PO 00000
Frm 00031
Fmt 4701
Sfmt 4700
E:\FR\FM\07NOR2.SGM
07NOR2
62940
Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations
rwilkins on PROD1PC63 with RULES_2
privacy notices already provided to
consumers in accordance with the
provisions of Title V of the GLBA. For
covered persons that choose to prepare
a free-standing opt-out notice, the time
necessary to prepare a free-standing optout notice would be minimal, because
those persons could simply copy the
model disclosure, making minor
adjustments as indicated by the model
disclosure. Similarly, for covered
persons that choose to incorporate the
opt-out notice into their GLBA privacy
notices, the time necessary to integrate
the model opt-out notice into their
privacy notices would be minimal. The
Agencies estimated that the average
consumer would take approximately
five minutes to respond to the notice
and opt-out.
The Agencies did not estimate the
burden for preparing and distributing
extension notices by covered persons
that choose to limit the duration of the
opt-out time period because the
minimum effective time period for the
opt-out is five years. The Agencies
proposed to estimate the burden for this
requirement when they conduct a
subsequent review of the information
collection.
Information Collection
The Agencies, other than the Board
and NCUA, are seeking OMB approval
to extend for three years, with revision,
the information collections in
connection with this final rule. The
Board, under its delegated authority
from OMB, has approved the
implementation of this information
collection. The NCUA is seeking OMB
approval for this new collection of
information.
OCC:
Title: Fair Credit Reporting Affiliate
Marketing (12 CFR part 41).
OMB Number: 1557–0230
Frequency of Response: On occasion.
Affected Public: National banks,
Federal branches and agencies of foreign
banks, and their respective operating
subsidiaries that are not functionally
regulated within the meaning of section
5(c)(5) of the Bank Holding Company
Act of 1956, as amended (12 U.S.C.
1844(c)(5).
Number of Respondents: 770 National
banks and 916,895 Consumers.
Estimated Time per Response: 18
hours, Prepare and distribute notice to
consumers, and employee training; 5
minutes, Consumer response to opt-out
notice.
Total Estimated Annual Burden:
90,265 hours.
Board:
Title: Information Collection
Requirements in Connection with
Regulation V (Fair Credit Reporting Act)
VerDate Aug<31>2005
17:18 Nov 06, 2007
Jkt 214001
(Affiliate Marketing Disclosures/
Consumer Opt-Out Notices).
OMB Number: 7100–0308.17
Frequency of Response: On occasion.
Affected Public: State member banks,
branches and agencies of foreign banks
(other than federal branches, Federal
agencies, and insured State branches of
foreign banks), commercial lending
companies owned or controlled by
foreign banks, Edge and agreement
corporations, and bank holding
companies and affiliates of such holding
companies (other than depository
institutions and consumer reporting
agencies).
Number of Respondents: 2,619
Financial institutions and 638,380
Consumers.
Estimated Time per Response: 18
hours, Prepare and distribute notice to
consumers, and employee training; 5
minutes, Consumer response to opt-out
notice.
Total Estimated Annual Burden:
100,423 hours.
FDIC:
Title: Affiliate Marketing Disclosures/
Consumer Opt-Out Notices.
OMB Number: 3064–0149.
Frequency of Response: On occasion.
Affected Public: Insured state
nonmember banks.
Number of Respondents: 978
Financial institutions and 198,450
Consumers.
Estimated Time per Response: 18
hours, Prepare and distribute notice to
consumers, and employee training; 5
minutes, Consumer response to opt-out
notice.
Total Estimated Annual Burden:
34,142 hours.
OTS:
Title: Fair Credit Reporting Affiliate
Marketing Regulations.
OMB Number: 1550–0112.
Frequency of Response: On occasion.
Affected Public: Savings associations
and Federal savings association
operating subsidiaries that are not
functionally regulated within the
meaning of section 5(c)(5) of the Bank
Holding Company Act of 1956, as
amended (12 U.S.C. 1844(c)(5)).
Number of Respondents: 609
Financial institutions and 216,783
Consumers.
Estimated Time per Response: 18
hours, Prepare and distribute notice to
consumers, and employee training; 5
minutes, Consumer response to opt-out
notice.
17 The information collections (ICs) in this rule
will be incorporated with the Board’s Disclosure
Requirements Associated with Regulation V (OMB
No. 7100–0308). The burden estimates provided in
this rule pertain only to the ICs associated with this
final rulemaking. The current OMB inventory for
Regulation V is available at: https://www.reginfo.gov/
public/do/PRAMain.
PO 00000
Frm 00032
Fmt 4701
Sfmt 4700
Total Estimated Annual Burden:
28,955 hours.
NCUA:
Title: Information Collection
Requirements in Connection with Fair
Credit Reporting Act Regulations.
OMB Number: 3133–New.
Frequency of Response: On occasion.
Affected Public: Federal credit unions
with CUSO affiliates.
Number of Respondents: 1,065
Financial institutions and 1,023,693
Consumers.
Estimated Time per Response: 18
hours, Prepare and distribute notice to
consumers, and employee training; 5
minutes, Consumer response to opt-out
notice.
Total Estimated Annual Burden:
104,137 hours.
The Agencies received one comment,
from a trade association, in response to
the PRA section of the proposal. The
commenter raised concerns that the
Agencies’ PRA cost estimates conveyed
a misleading impression of the cost of
complying with the affiliate marketing
opt-out rule. The commenter’s principal
objection was that the cost estimates
assume that the major cost is that of
sending the disclosures, rather than
processing any opt-out requests and
ensuring that solicitations are not sent
to consumers who have opted-out (or
have not yet had a reasonable
opportunity to opt-out). The commenter
was concerned that the cost estimates
did not reflect the costs associated with
building compliance systems, such as
costs attributed to significant database
programming, coordination across
business entities, legal and managerial
review, employee training, and business
process changes. The commenter stated
that the PRA analysis did not take into
account the significant clerical effort
needed to comply with the proposed
rule. The commenter also stated that
companies that currently provide GLBA
privacy and Fair Credit Reporting Act
(FCRA) affiliate sharing opt-out notices
would still incur significant costs
because (1) unlike under the GLBA optout right, the new affiliate marketing
opt-out right applies to affiliates, and (2)
unlike under the FCRA affiliate sharing
opt-out, the new affiliate marketing optout right applies to transaction or
experience information. The commenter
objected to the Agencies’ use of average
figures which take into account the fact
that some companies may not need to
provide affiliate marketing opt-out
notices to consumers, rather than
focusing exclusively on the costs to
companies that must provide the notice.
Finally, the commenter stated that
E:\FR\FM\07NOR2.SGM
07NOR2
rwilkins on PROD1PC63 with RULES_2
Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations
compliance with the proposed rule
would be particularly difficult because
software modifications and employee
training would be required to ensure
that both bank and affiliate employees
have access to consumer’s transaction or
experience information in order to
service their accounts, but are prevented
from using that information to solicit
business from consumers that have
exercised their opt-out rights.
In response, the Agencies continue to
believe that 18 hours is a reasonable
estimate of the average amount of time
to prepare and distribute an initial
notice to consumers and for employee
training; and five minutes is a
reasonable estimate of the average
consumer response time. The Agencies
continue to believe that institutions
should be able to modify existing
database systems and employee training
programs, used to comply with the
GLBA and FCRA notice and opt-out
requirements, to meet the requirements
held in this final rule. As required by
the PRA, the Agencies’ annual burden
estimates take into account the burden
associated with the reporting,
recordkeeping, and third-party
disclosure requirements of the final
rules (see 44 U.S.C. 3502(2); 5 CFR
1320.3(b)). The Agencies also believe
that the availability of model
disclosures and opt-out notices may
significantly reduce the cost of
compliance. In addition, the final rules
give persons flexibility to provide a joint
opt-out notice on behalf of multiple
affiliates and to define the scope and the
duration of the opt-out. This flexibility
may reduce the cost of compliance by
allowing covered persons to make
choices that are most appropriate for
their business. Moreover, since the
notice is only required to be given once
for a minimum period of at least five
years, the Agencies’ estimates assume a
higher burden will be incurred during
the first year of the OMB clearance
period with a lesser burden incurred
during the subsequent two years.
The Agencies have a continuing
interest in the public’s opinions of our
collections of information. At any time,
comments regarding the burden
estimate, or any other aspect of this
collection of information, including
suggestions for reducing the burden,
may be sent to the following:
OCC: Communications Division,
Office of the Comptroller of the
Currency, Public Information Room,
Mailstop 1–5, Attention: 1557–0230,
250 E Street, SW., Washington, DC
20219. In addition, comments may be
sent by fax to (202) 874–4448, or by
electronic mail to
regs.comments@occ.treas.gov. You can
VerDate Aug<31>2005
16:20 Nov 06, 2007
Jkt 214001
inspect and photocopy comments at the
OCC’s Public Information Room, 250 E
Street, SW., Washington, DC 20219. For
security reasons, the OCC requires that
visitors make an appointment to inspect
comments. You may do so by calling
(202) 874–5043. Upon arrival, visitors
will be required to present valid
government-issued photo identification
and submit to security screening in
order to inspect and photocopy
comments.
Board: You may submit comments,
which should refer to ‘‘Information
Collection Requirements in Connection
with Regulation V (Fair Credit Reporting
Act) (Affiliate Marketing Disclosures/
Consumer Opt-Out Notices), 7100–
0308’’ by any of the following methods:
• Agency Web Site: https://
www.federalreserve.gov. Follow the
instructions for submitting comments
on the https://www.federalreserve.gov/
generalinfo/foia/ProposedRegs.cfm.
• Federal eRulemaking Portal: https://
www.regulations.gov. Follow the
instructions for submitting comments.
• E-mail:
regs.comments@federalreserve.gov.
Include docket number in the subject
line of the message.
• Fax: 202–452–3819 or 202–452–
3102.
• Mail: Jennifer J. Johnson, Secretary,
Board of Governors of the Federal
Reserve System, 20th Street and
Constitution Avenue, NW., Washington,
DC 20551.
All public comments are available
from the Board’s Web site at
www.federalreserve.gov/generalinfo/
foia/ProposedRegs.cfm as submitted,
unless modified for technical reasons.
Accordingly, your comments will not be
edited to remove any identifying or
contact information. Public comments
may also be viewed electronically or in
paper in Room MP–500 of the Board’s
Martin Building (20th and C Streets,
NW.) between 9 a.m. and 5 p.m. on
weekdays.
FDIC: You may submit comments,
which should refer to ‘‘Affiliate
Marketing Disclosures/Consumer OptOut Notices, 3064–0149,’’ by any of the
following methods:
• https://www.FDIC.gov/regulations/
laws/federal/notices.html.
• E-mail: comments@FDIC.gov.
Include ‘‘Affiliate Marketing
Disclosures/Consumer Opt-Out Notices,
3064–0149,’’ in the subject line of the
message.
• Mail: Steven F. Hanft (202–898–
3907), Clearance Officer, Attn:
Comments, Room MB–2088, Federal
Deposit Insurance Corporation, 550 17th
Street, NW., Washington, DC 20429.
PO 00000
Frm 00033
Fmt 4701
Sfmt 4700
62941
• Hand Delivery: Comments may be
hand delivered to the guard station at
the rear of the 550 17th Street Building
(located on F Street) on business days
between 7 a.m. and 5 p.m.
Public Inspection: All comments
received will be posted without change
to https://www.fdic.gov/regulations/laws/
federal/notices.html including any
personal information provided.
Comments may be inspected at the FDIC
Public Information Center, Room E–
1002, 3501 Fairfax Drive, Arlington, VA
22226, between 9 a.m. and 5 p.m. on
business days.
OTS: You may submit comments,
identified by ‘‘1550–0112 (Fair Credit
Reporting Affiliate Marketing
Regulations),’’ by any of the following
methods:
• Federal eRulemaking Portal: https://
www.regulations.gov. Follow the
instructions for submitting comments.
• E-mail address:
infocollection.comments@ots.treas.gov.
Please include ‘‘1550–0112 (Fair Credit
Reporting Affiliate Marketing
Regulations),’’ in the subject line of the
message and include your name and
telephone number in the message.
• Fax: (202) 906–6518.
• Mail: Information Collection
Comments, Chief Counsel’s Office,
Office of Thrift Supervision, 1700 G
Street, NW, Washington, DC 20552,
Attention: ‘‘1550–0112 (Fair Credit
Reporting Affiliate Marketing
Regulations).’’
• Hand Delivery/Courier: Guard’s
Desk, East Lobby Entrance, 1700 G
Street, NW, from 9 a.m. to 4 p.m. on
business days, Attention: Information
Collection Comments, Chief Counsel’s
Office, Attention: ‘‘1550–0112 (Fair
Credit Reporting Affiliate Marketing
Regulations).’’
Instructions: All submissions received
must include the agency name and OMB
Control Number for this information
collection. All comments received will
be posted without change to the OTS
Internet Site at https://www.ots.treas.gov/
pagehtml.cfm?catNumber=67&an=1,
including any personal information
provided.
Docket: For access to the docket to
read background documents or
comments received, go to https://
www.ots.treas.gov/
pagehtml.cfm?catNumber=67&an=1.
In addition, you may inspect
comments at the Public Reading Room,
1700 G Street, NW., by appointment. To
make an appointment for access, call
(202) 906–5922, send an e-mail to
public.info@ots.treas.gov, or send a
facsimile transmission to (202) 906–
7755. (Prior notice identifying the
materials you will be requesting will
E:\FR\FM\07NOR2.SGM
07NOR2
62942
Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations
rwilkins on PROD1PC63 with RULES_2
assist us in serving you.) We schedule
appointments on business days between
10 a.m. and 4 p.m. In most cases,
appointments will be available the next
business day following the date we
receive a request.
NCUA: You may submit comments by
any of the following methods (please
send comments by one method only):
• Federal eRulemaking Portal: https://
www.regulations.gov. Follow the
instructions for submitting comments.
• NCUA Web Site: https://
www.ncua.gov/
RegulationsOpinionsLaws/
proposedregs/proposedregs.html.
Follow the instructions for submitting
comments.
• E-mail: Address to
regcomments@ncua.gov. Include ‘‘[Your
name] Comments on Information
Collection Requirements in Connection
with Fair Credit,’’ in the e-mail subject
line.
• Fax: (703) 518–6319. Use the
subject line described above for e-mail.
• Mail: Address to Neil McNamara,
Deputy Chief Information Officer,
National Credit Union Administration,
1775 Duke Street, Alexandria, VA
22314–3428.
• Hand Delivery/Courier: Same as
mail address.
Additionally, you should send a copy
of your comments to [Agency] Desk
Officer, [OMB No.], by mail to U.S.
Office of Management and Budget, 725
17th Street, NW., #10235, Washington,
DC 20503, or by fax to (202) 395–6974.
Regulatory Flexibility Act
OCC: OCC prepared an initial
regulatory flexibility analysis as
required by the Regulatory Flexibility
Act (RFA) (5 U.S.C. 601 et seq.) in
connection with the July 15, 2004
proposed rule. OCC received one
comment on its regulatory flexibility
analysis.
Under Section 605(b) of the RFA, 5
U.S.C. 605(b), the regulatory flexibility
analysis otherwise required under
Section 604 of the RFA is not required
if an agency certifies, along with a
statement providing the factual basis for
such certification, that the rule will not
have a significant economic impact on
a substantial number of small entities.
For purposes of the RFA and OCCregulated entities, a ‘‘small entity’’ is a
national bank with assets of $165
million or less (small national bank).
Based on its analysis and for the reasons
stated below, OCC certifies that this
final rule will not have a significant
economic impact on a substantial
number of small entities. OCC’s final
rule will not impact a substantial
number of small entities because OCC
VerDate Aug<31>2005
16:20 Nov 06, 2007
Jkt 214001
estimates that the final rule will affect
no more than 12 out of 948 small
national banks (approximately 1%) with
assets of $165 million or less.
1. Statement of the Need for, and
Objectives of, the Final Rule
The FACT Act amends the FCRA and
was enacted, in part, for the purpose of
allowing consumers to limit the use of
eligibility information received from an
affiliate to make solicitations to the
consumer. Section 214 of the FACT Act
generally prohibits a person from using
certain information received from an
affiliate to make a solicitation for
marketing purposes to a consumer,
unless the consumer is given notice and
an opportunity and simple method to
opt out of the making of such
solicitations. Section 214 requires the
OCC, together with the other Agencies,
the FTC, and the SEC, to consult and
coordinate with each other and to
prescribe regulations implementing
section 214 that, to the extent possible,
are consistent and comparable. OCC is
adopting the final rule to implement
section 214 of the FACT Act. The
SUPPLEMENTARY INFORMATION contains
information on the objectives of the
final rule.
2. Summary of Issues Raised by
Comments in Response to the Initial
Regulatory Flexibility Analysis
OCC conducted an initial regulatory
flexibility analysis in connection with
the proposed rule as required by section
3(a) of the RFA (5 U.S.C. 603(a)). One
commenter, the Mortgage Bankers
Association (MBA), believed that the
Agencies had underestimated
compliance costs. The issues raised by
the MBA are described in the Paperwork
Reduction Act section of the
SUPPLEMENTARY INFORMATION. The
MBA’s concerns applied equally to
small entities and larger entities. The
MBA did not raise any issues unique to
small entities.
3. Description and Estimate of Small
Entities Affected by the Final Rule
The final rule applies to national
banks, Federal branches and agencies of
foreign banks, and any of their operating
subsidiaries that are not functionally
regulated within the meaning of section
5(c)(5) of the Bank Holding Company
Act of 1956, as amended (12 U.S.C.
1844(c)(5)) (national banks). However,
the rule’s requirements only affect those
entities with affiliates that choose to
structure their marketing activities in a
manner that triggers the rule’s
requirements.
OCC estimates that its final rule could
apply to as many as 1,806 national
PO 00000
Frm 00034
Fmt 4701
Sfmt 4700
banks. The OCC also estimates that
1,036 of these national banks do not
have affiliates and, therefore, will not
affected by the requirements of the final
rule. Of the estimated 770 national
banks that would be subject to the final
rule’s requirements, approximately 12 of
these institutions are small national
banks with assets of $165 million or
less.
In addition, small entities that have
affiliates may choose not to engage in
activities that would require compliance
with the final rule. For example, small
entities may choose not to share
eligibility information with their
affiliates for the purpose of making
solicitations. Alternatively, small
entities and their affiliates may structure
their marketing activities in a way that
does not trigger the requirement to
comply with the final rule, such as by
relying upon the exceptions to the
notice requirement contained in the
final rule.
4. Recordkeeping, Reporting, and Other
Compliance Requirements
The final rule requires all national
banks, including small national banks,
to provide opt-out notices and renewal
notices to consumers in certain
circumstances, as discussed in the
SUPPLEMENTARY INFORMATION section
above, and to implement consumers’
opt-out elections. The final rule
contains no requirement to report
information to the Agencies.
Small entities that have affiliates,
share eligibility information with those
affiliates, and use that information to
make solicitations for marketing
purposes may be subject to the rule.
Small entities that do not have affiliates,
do not share eligibility information with
their affiliates for marketing purposes,
use shared eligibility information for
purposes of making solicitations only in
accordance with one of the exceptions
set forth in the final rule, or structure
their marketing activities to eliminate
the need to provide an opt-out notice
would not be subject to the final rule.
The professional skills necessary for
preparation of the opt-out notice
include compliance and/or privacy
specialists and computer programmers.
5. Steps Taken To Minimize the
Economic Impact on Small Entities
OCC and the other Agencies have
attempted to minimize the economic
impact on small entities by adopting
consistent rules and by allowing joint
notices on behalf of multiple affiliates.
In addition, OCC and the other Agencies
have provided model forms that small
institutions may, but are not required to,
use to minimize the cost of compliance.
E:\FR\FM\07NOR2.SGM
07NOR2
Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations
Board: The Board prepared an initial
regulatory flexibility analysis as
required by the Regulatory Flexibility
Act (RFA) (5 U.S.C. 601 et seq.) in
connection with the July 15, 2004
proposed rule. The Board received one
comment on its regulatory flexibility
analysis.
Under Section 605(b) of the RFA, 5
U.S.C. 605(b), the regulatory flexibility
analysis otherwise required under
Section 604 of the RFA is not required
if an agency certifies, along with a
statement providing the factual basis for
such certification, that the rule will not
have a significant economic impact on
a substantial number of small entities.
Based on its analysis and for the reasons
stated below, the Board certifies that
this final rule will not have a significant
economic impact on a substantial
number of small entities.
1. Statement of the Need for, and
Objectives of, the Final Rule
The FACT Act amends the FCRA and
was enacted, in part, for the purpose of
allowing consumers to limit the use of
eligibility information received from an
affiliate to make solicitations to the
consumer. Section 214 of the FACT Act
generally prohibits a person from using
certain information received from an
affiliate to make a solicitation for
marketing purposes to a consumer,
unless the consumer is given notice and
an opportunity and simple method to
opt out of the making of such
solicitations. Section 214 requires the
Board, together with the other Agencies,
the FTC, and the SEC, to issue
regulations implementing the section in
consultation and coordination with each
other. The Board received no comments
on the reasons for the proposed rule.
The Board is adopting the final rule to
implement § 214 of the FACT Act. The
SUPPLEMENTARY INFORMATION above
contains information on the objectives
of the final rule.
rwilkins on PROD1PC63 with RULES_2
2. Summary of Issues Raised by
Comments in Response to the Initial
Regulatory Flexibility Analysis
16:20 Nov 06, 2007
Jkt 214001
The final rule applies to all banks that
are members of the Federal Reserve
System (other than national banks) and
their respective operating subsidiaries,
branches and Agencies of foreign banks
(other than Federal branches, Federal
Agencies, and insured State branches of
foreign banks), commercial lending
companies owned or controlled by
foreign banks, and organizations
operating under section 25 or 25A of the
Federal Reserve Act (12 U.S.C. 601 et
seq., and 611 et seq.). The Board’s rule
will apply to the following institutions
(numbers approximate): State member
banks (881), operating subsidiaries that
are not functionally regulated with in
the meaning of section 5(c)(5) of the
Bank Holding Company Act of 1956, as
amended (877), U.S. branches and
agencies of foreign banks (219),
commercial lending companies owned
or controlled by foreign banks (3), and
Edge and agreement corporations (64),
for a total of approximately 2,044
institutions. The Board estimates that
more than 1,448 of these institutions
could be considered small entities with
assets of $165 million or less.
All small entities covered by the
Board’s rule potentially could be subject
to the final rule. However, small entities
that do not have affiliates would not be
subject to the final rule. In addition,
small entities that have affiliates may
choose not to engage in activities that
would require compliance with the final
rule. For example, small entities may
choose not to share eligibility
information with their affiliates for the
purpose of making solicitations.
Alternatively, small entities and their
affiliates may structure their marketing
activities in a way that does not trigger
the requirement to comply with the
final rule, such as by relying upon the
exceptions to the notice requirement
contained in the final rule.
4. Recordkeeping, Reporting, and Other
Compliance Requirements
In accordance with Section 3(a) of the
RFA, the Board conducted an initial
regulatory flexibility analysis in
connection with the proposed rule. One
commenter, the Mortgage Bankers
Association (MBA), believed that the
Board and the other Agencies had
underestimated the costs of compliance.
The issues raised by the MBA are
described in the Paperwork Reduction
Act section above. The MBA’s concerns
applied equally to small entities and
larger entities. The MBA did not raise
any issues unique to small entities.
VerDate Aug<31>2005
3. Description and Estimate of Small
Entities Affected by the Final Rule
The final rule requires small entities
to provide opt-out notices and renewal
notices to consumers in certain
circumstances, as discussed in the
SUPPLEMENTARY INFORMATION above. The
final rule also requires small entities to
implement consumers’ opt-out
elections. The final rule contains no
requirement to report information to the
Agencies.
Small entities that have affiliates and
that share eligibility information with
those affiliates for purposes of making
solicitations may be subject to the rule.
Small entities that do not have affiliates,
PO 00000
Frm 00035
Fmt 4701
Sfmt 4700
62943
do not share eligibility information with
their affiliates for marketing purposes,
use shared eligibility information for
purposes of making solicitations only in
accordance with one of the exceptions
set forth in the final rule, or structure
their marketing activities to eliminate
the need to provide an opt-out notice
would not be subject to the final rule.
The professional skills necessary for
preparation of the opt-out notice
include compliance and/or privacy
specialists and computer programmers.
5. Steps Taken To Minimize the
Economic Impact on Small Entities
The Board and the other Agencies
have attempted to minimize the
economic impact on small entities by
adopting consistent rules and by
allowing joint notices on behalf of
multiple affiliates. In addition, the
Board and the other Agencies have
provided model forms that small
institutions may, but are not required to,
use to minimize the cost of compliance.
FDIC: The FDIC prepared an initial
regulatory flexibility analysis as
required by the Regulatory Flexibility
Act (RFA) (5 U.S.C. 601 et seq.) in
connection with the July 15, 2004
proposed rule. The FDIC received one
comment on its regulatory flexibility
analysis.
Under Section 605(b) of the RFA, 5
U.S.C. 605(b), the regulatory flexibility
analysis otherwise required under
Section 604 of the RFA is not required
if an agency certifies, along with a
statement providing the factual basis for
such certification, that the rule will not
have a significant economic impact on
a substantial number of small entities.
Based on its analysis and for the reasons
stated below, the FDIC certifies that this
final rule will not have a significant
economic impact on a substantial
number of small entities.
1. Statement of the Need for, and
Objectives of, the Final Rule
The FACT Act amends the FCRA and
was enacted, in part, for the purpose of
allowing consumers to limit the use of
eligibility information received from an
affiliate to make solicitations to the
consumer. Section 214 of the FACT Act
generally prohibits a person from using
certain information received from an
affiliate to make a solicitation for
marketing purposes to a consumer,
unless the consumer is given notice and
an opportunity and simple method to
opt out of the making of such
solicitations. Section 214 requires the
FDIC, together with the other Agencies,
the FTC, and the SEC, to issue
regulations implementing the section in
consultation and coordination with each
E:\FR\FM\07NOR2.SGM
07NOR2
62944
Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations
other. The FDIC received no comments
on the reasons for the proposed rule.
The FDIC is adopting the final rule to
implement § 214 of the FACT Act. The
SUPPLEMENTARY INFORMATION above
contains information on the objectives
of the final rule.
2. Summary of Issues Raised by
Comments in Response to the Initial
Regulatory Flexibility Analysis
In accordance with Section 3(a) of the
RFA, the FDIC conducted an initial
regulatory flexibility analysis in
connection with the proposed rule. One
commenter, the Mortgage Bankers
Association (MBA), believed that the
FDIC and the other Agencies had
underestimated the costs of compliance.
The issues raised by the MBA are
described in the Paperwork Reduction
Act section above. The MBA’s concerns
applied equally to small entities and
larger entities. The MBA did not raise
any issues unique to small entities.
rwilkins on PROD1PC63 with RULES_2
3. Description and Estimate of Small
Entities Affected by the Final Rule
The final rule applies to insured state
nonmember banks, insured state
licensed branches of foreign banks, and
subsidiaries of such entities (except
brokers, dealers, persons providing
insurance, investment companies, and
investment advisers). The FDIC’s rule
will apply to a total of approximately
978 institutions. The FDIC estimates
that more than 542 of these institutions
could be considered small entities with
assets of $165 million or less. All small
entities covered by the FDIC’s rule
potentially could be subject to the final
rule. However, small entities that do not
have affiliates would not be subject to
the final rule. In addition, small entities
that have affiliates may choose not to
engage in activities that would require
compliance with the final rule. For
example, small entities may choose not
to share eligibility information with
their affiliates for the purpose of making
solicitations. Alternatively, small
entities and their affiliates may structure
their marketing activities in a way that
does not trigger the requirement to
comply with the final rule, such as by
relying upon the exceptions to the
notice requirement contained in the
final rule.
4. Recordkeeping, Reporting, and Other
Compliance Requirements
The final rule requires small entities
to provide opt-out notices and renewal
notices to consumers in certain
circumstances, as discussed in the
SUPPLEMENTARY INFORMATION above. The
final rule also requires small entities to
implement consumers’ opt-out
VerDate Aug<31>2005
16:20 Nov 06, 2007
Jkt 214001
elections. The final rule contains no
requirement to report information to the
Agencies.
Small entities that have affiliates and
that share eligibility information with
those affiliates for purposes of making
solicitations may be subject to the rule.
Small entities that do not have affiliates,
do not share eligibility information with
their affiliates for marketing purposes,
use shared eligibility information for
purposes of making solicitations only in
accordance with one of the exceptions
set forth in the final rule, or structure
their marketing activities to eliminate
the need to provide an opt-out notice
would not be subject to the final rule.
The professional skills necessary for
preparation of the opt-out notice
include compliance and/or privacy
specialists and computer programmers.
5. Steps Taken To Minimize the
Economic Impact on Small Entities
The FDIC and the other Agencies have
attempted to minimize the economic
impact on small entities by adopting
consistent rules and by allowing joint
notices on behalf of multiple affiliates.
In addition, the FDIC and the other
Agencies have provided model forms
that small institutions may, but are not
required to, use to minimize the cost of
compliance.
OTS: OTS prepared an initial
regulatory flexibility analysis under the
Regulatory Flexibility Act (RFA) (5
U.S.C. 601 et seq.) in connection with
the July 15, 2004 proposed rule. OTS
received one comment on its regulatory
flexibility analysis.
Under Section 605(b) of the RFA, 5
U.S.C. 605(b), the regulatory flexibility
analysis otherwise required under
Section 604 of the RFA is not required
if an agency certifies, along with a
statement providing the factual basis for
such certification, that the rule will not
have a significant economic impact on
a substantial number of small entities.
Based on its analysis and for the reasons
stated below, OTS certifies that this
final rule will not have a significant
economic impact on a substantial
number of small entities.
1. Statement of the Need for, and
Objectives of, the Final Rule
The FACT Act amends the FCRA and
was enacted, in part, for the purpose of
allowing consumers to limit the use of
eligibility information received from an
affiliate to make solicitations to the
consumer. Section 214 of the FACT Act
generally prohibits a person from using
certain information received from an
affiliate to make a solicitation for
marketing purposes to a consumer,
unless the consumer is given notice and
PO 00000
Frm 00036
Fmt 4701
Sfmt 4700
an opportunity and simple method to
opt out of the making of such
solicitations. Section 214 requires OTS,
together with the other Agencies, the
FTC, and the SEC, to consult and
coordinate with each other and to
prescribe regulations implementing the
section that, to the extent possible, are
consistent and comparable. OTS is
adopting the final rule to implement
section 214 of the FACT Act. The
SUPPLEMENTARY INFORMATION contains
information on the objectives of the
final rule.
2. Summary of Issues Raised by
Comments in Response to the Initial
Regulatory Flexibility Analysis
OTS conducted an initial regulatory
flexibility analysis in connection with
the proposed rule under section 3(a) of
the RFA (5 U.S.C. 603(a)). One
commenter, the Mortgage Bankers
Association (MBA), believed that the
Agencies had underestimated
compliance costs. The issues raised by
the MBA are described in the Paperwork
Reduction Act section of the
SUPPLEMENTARY INFORMATION. The
MBA’s concerns applied equally to
small entities and larger entities. The
MBA did not raise any issues unique to
small entities.
3. Description and Estimate of Small
Entities Affected by the Final Rule
The final rule applies to all savings
associations and federal savings
associations operating subsidiaries that
are not functionally regulated within the
meaning of section 5(c)(5) of the Bank
Holding Company Act of 1956, as
amended (12 U.S.C. 1844(c)(5).
However, the rule’s requirements only
affect those entities with affiliates and
that choose to structure their marketing
activities in a manner that triggers the
rule’s requirements.
OTS’s estimates that its final rule
could apply to as many as 609 savings
associations, since that is the number of
savings associations with affiliates. OTS
estimates that 230 of these savings
associations are small entities with
assets of $165 million or less.
In addition, small entities that have
affiliates may choose not to engage in
activities that would require compliance
with the final rule. For example, small
entities may choose not to share
eligibility information with their
affiliates for the purpose of making
solicitations. Alternatively, small
entities and their affiliates may structure
their marketing activities in a way that
does not trigger the requirement to
comply with the final rule, such as by
relying upon the exceptions to the
E:\FR\FM\07NOR2.SGM
07NOR2
Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations
notice requirement contained in the
final rule.
unions. The rule will apply to all federal
credit unions regardless of asset size.
4. Recordkeeping, Reporting, and Other
Compliance Requirements
OCC and OTS Executive Order 12866
Determination
The final rule requires all entities,
including small savings associations, to
provide opt-out notices and renewal
notices to consumers in certain
circumstances, as discussed in the
SUPPLEMENTARY INFORMATION, and to
implement consumers’ opt-out
elections. The final rule contains no
requirement to report information to the
Agencies.
Small entities that have affiliates,
share eligibility information with those
affiliates, and use that information to
make solicitations for marketing
purposes may be subject to the rule.
Small entities that do not have affiliates,
do not share eligibility information with
their affiliates for marketing purposes,
use shared eligibility information for
purposes of making solicitations only in
accordance with one of the exceptions
set forth in the final rule, or structure
their marketing activities to eliminate
the need to provide an opt-out notice
would not be subject to the final rule.
The professional skills necessary for
preparation of the opt-out notice
include compliance and/or privacy
specialists and computer programmers.
The OCC and OTS each has
determined that its portion of the rule
is not a significant regulatory action
under Executive Order 12866.
rwilkins on PROD1PC63 with RULES_2
5. Steps Taken To Minimize the
Economic Impact on Small Entities
OTS and the other Agencies have
attempted to minimize the economic
impact on small entities by adopting
consistent rules and by allowing joint
notices on behalf of multiple affiliates.
In addition, OTS and the other Agencies
have provided model forms that small
institutions may, but are not required to,
use to minimize the cost of compliance.
NCUA: The Regulatory Flexibility Act
(RFA) requires NCUA to prepare an
analysis to describe any significant
economic impact a proposed regulation
may have on a substantial number of
small entities. 5 U.S.C. 601–612. NCUA
considers credit unions having less than
ten million dollars in assets to be small
for purposes of RFA. NCUA Interpretive
Ruling and Policy Statement (IRPS) 87–
2 as amended by IRPS 03–2. In
connection with the July 15, 2004
proposed rule, NCUA certified that the
proposed rule would not have a
significant economic impact on a
substantial number of small credit
unions and therefore, a regulatory
flexibility analysis was not required.
Upon further review, the NCUA now
certifies that the final rule also will not
have a significant economic impact on
a substantial number of small credit
VerDate Aug<31>2005
16:20 Nov 06, 2007
Jkt 214001
OCC Executive Order 13132
Determination
The OCC has determined that this
rule does not have any Federalism
implications, as required by Executive
Order 13132.
NCUA Executive Order 13132
Determination
Executive Order 13132 encourages
independent regulatory agencies to
consider the impact of their actions on
state and local interests. In adherence to
fundamental federalism principles, the
NCUA, an independent regulatory
agency as defined in 44 U.S.C. 3502(5),
voluntarily complies with the executive
order. The final rule applies only to
federally chartered credit unions and
would not have substantial direct effects
on the states, on the connection between
the national government and the states,
or on the distribution of power and
responsibilities among the various
levels of government. The NCUA has
determined that this rule does not
constitute a policy that has federalism
implications for purposes of the
executive order.
OCC and OTS Unfunded Mandates
Reform Act of 1995 Determination
Section 202 of the Unfunded
Mandates Reform Act of 1995, Public
Law 104–4 (Unfunded Mandates Act)
requires that an agency prepare a
budgetary impact statement before
promulgating a rule that includes a
Federal mandate that may result in
expenditure by State, local, and tribal
governments, in the aggregate, or by the
private sector, of $100 million or more
in any one year. If a budgetary impact
statement is required, section 205 of the
Unfunded Mandates Act also requires
an agency to identify and consider a
reasonable number of regulatory
alternatives before promulgating a rule.
The OCC and OTS each has determined
that this rule will not result in
expenditures by State, local, and tribal
governments, or by the private sector, of
$100 million or more. Accordingly,
neither the OCC nor the OTS has
prepared a budgetary impact statement
or specifically addressed the regulatory
alternatives considered.
PO 00000
Frm 00037
Fmt 4701
Sfmt 4700
62945
NCUA: The Treasury and General
Government Appropriations Act, 1999—
Assessment of Federal Regulations and
Policies on Families
The NCUA has determined that this
rule would not affect family well-being
within the meaning of section 654 of the
Treasury and General Government
Appropriations Act, 1999, Pub. L. 105–
277, 112 Stat. 2681 (1998).
NCUA: Small Business Regulatory
Enforcement Fairness Act of 1996
(SBREFA)
An SBREFA (Pub. L. 104–121)
reporting requirement is triggered in
instances where NCUA issues a final
rule as defined by section 551 of the
Administrative Procedure Act, 5 U.S.C.
551. NCUA is submitting this final rule
to the Office of Management and Budget
(OMB) for a determination that this rule
is not a major rule for purposes of
SBREFA.
List of Subjects
12 CFR Part 41
Banks, Banking, Consumer protection,
National banks, Reporting and
recordkeeping requirements.
12 CFR Part 222
Banks, Banking, Consumer protection,
Fair Credit Reporting Act, Holding
companies, Privacy, Reporting and
recordkeeping requirements, State
member banks.
12 CFR Part 334
Administrative practice and
procedure, Bank deposit insurance,
Banks, Banking, Reporting and
recordkeeping requirements, Safety and
soundness.
12 CFR Part 571
Consumer protection, Credit, Fair
Credit Reporting Act, Privacy, Reporting
and recordkeeping requirements,
Savings associations.
12 CFR Part 717
Consumer protection, Credit unions,
Fair credit reporting, Privacy, Reporting
and recordkeeping requirements.
Office of the Comptroller of the
Currency
12 CFR Chapter I.
Authority and Issuance
For the reasons set forth in the
preamble, the OCC amends part 41 of
chapter I of title 12 of the Code of
Federal Regulations as follows:
I
E:\FR\FM\07NOR2.SGM
07NOR2
62946
Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations
PART 41—FAIR CREDIT REPORTING
1. The authority citation for part 41 is
revised to read as follows:
I
Authority: 12 U.S.C. 1 et seq., 24 (Seventh),
93a, 481, 484, and 1818; 15 U.S.C. 1681a,
1681b, 1681c, 1681m, 1681s, 1681s–3, 1681t,
1681w, 6801, and 6805; Sec. 214, Pub. L.
108–159, 117 Stat. 1952.
2. A new Subpart C is added to part
41 to read as follows:
I
Subpart C—Affiliate Marketing
Sec.
41.20 Scope and definitions.
41.21 Affiliate marketing opt-out and
exceptions.
41.22 Scope and duration of opt-out.
41.23 Contents of opt-out notice;
consolidated and equivalent notices.
41.24 Reasonable opportunity to opt out.
41.25 Reasonable and simple methods of
opting out.
41.26 Delivery of opt-out notices.
41.27 Renewal of opt-out.
41.28 Effective date, compliance date, and
prospective application.
Subpart C—Affiliate Marketing
rwilkins on PROD1PC63 with RULES_2
§ 41.20
Scope and definitions.
(a) Scope. This subpart applies to
national banks, Federal branches and
agencies of foreign banks, and any of
their operating subsidiaries that are not
functionally regulated within the
meaning of section 5(c)(5) of the Bank
Holding Company Act of 1956, as
amended (12 U.S.C. 1844(c)(5)). These
entities are referred to in this subpart as
‘‘banks.’’
(b) Definitions. For purposes of this
subpart:
(1) Clear and conspicuous. The term
‘‘clear and conspicuous’’ means
reasonably understandable and
designed to call attention to the nature
and significance of the information
presented.
(2) Concise. (i) In general. The term
‘‘concise’’ means a reasonably brief
expression or statement.
(ii) Combination with other required
disclosures. A notice required by this
subpart may be concise even if it is
combined with other disclosures
required or authorized by federal or
state law.
(3) Eligibility information. The term
‘‘eligibility information’’ means any
information the communication of
which would be a consumer report if
the exclusions from the definition of
‘‘consumer report’’ in section
603(d)(2)(A) of the Act did not apply.
Eligibility information does not include
aggregate or blind data that does not
contain personal identifiers such as
account numbers, names, or addresses.
(4) Pre-existing business relationship.
(i) In general. The term ‘‘pre-existing
VerDate Aug<31>2005
16:20 Nov 06, 2007
Jkt 214001
business relationship’’ means a
relationship between a person, or a
person’s licensed agent, and a consumer
based on—
(A) A financial contract between the
person and the consumer which is in
force on the date on which the
consumer is sent a solicitation covered
by this subpart;
(B) The purchase, rental, or lease by
the consumer of the person’s goods or
services, or a financial transaction
(including holding an active account or
a policy in force or having another
continuing relationship) between the
consumer and the person, during the 18month period immediately preceding
the date on which the consumer is sent
a solicitation covered by this subpart; or
(C) An inquiry or application by the
consumer regarding a product or service
offered by that person during the threemonth period immediately preceding
the date on which the consumer is sent
a solicitation covered by this subpart.
(ii) Examples of pre-existing business
relationships. (A) If a consumer has a
time deposit account, such as a
certificate of deposit, at a depository
institution that is currently in force, the
depository institution has a pre-existing
business relationship with the consumer
and can use eligibility information it
receives from its affiliates to make
solicitations to the consumer about its
products or services.
(B) If a consumer obtained a
certificate of deposit from a depository
institution, but did not renew the
certificate at maturity, the depository
institution has a pre-existing business
relationship with the consumer and can
use eligibility information it receives
from its affiliates to make solicitations
to the consumer about its products or
services for 18 months after the date of
maturity of the certificate of deposit.
(C) If a consumer obtains a mortgage,
the mortgage lender has a pre-existing
business relationship with the
consumer. If the mortgage lender sells
the consumer’s entire loan to an
investor, the mortgage lender has a preexisting business relationship with the
consumer and can use eligibility
information it receives from its affiliates
to make solicitations to the consumer
about its products or services for 18
months after the date it sells the loan,
and the investor has a pre-existing
business relationship with the consumer
upon purchasing the loan. If, however,
the mortgage lender sells a fractional
interest in the consumer’s loan to an
investor but also retains an ownership
interest in the loan, the mortgage lender
continues to have a pre-existing
business relationship with the
consumer, but the investor does not
PO 00000
Frm 00038
Fmt 4701
Sfmt 4700
have a pre-existing business
relationship with the consumer. If the
mortgage lender retains ownership of
the loan, but sells ownership of the
servicing rights to the consumer’s loan,
the mortgage lender continues to have a
pre-existing business relationship with
the consumer. The purchaser of the
servicing rights also has a pre-existing
business relationship with the consumer
as of the date it purchases ownership of
the servicing rights, but only if it
collects payments from or otherwise
deals directly with the consumer on a
continuing basis.
(D) If a consumer applies to a
depository institution for a product or
service that it offers, but does not obtain
a product or service from or enter into
a financial contract or transaction with
the institution, the depository
institution has a pre-existing business
relationship with the consumer and can
therefore use eligibility information it
receives from an affiliate to make
solicitations to the consumer about its
products or services for three months
after the date of the application.
(E) If a consumer makes a telephone
inquiry to a depository institution about
its products or services and provides
contact information to the institution,
but does not obtain a product or service
from or enter into a financial contract or
transaction with the institution, the
depository institution has a pre-existing
business relationship with the consumer
and can therefore use eligibility
information it receives from an affiliate
to make solicitations to the consumer
about its products or services for three
months after the date of the inquiry.
(F) If a consumer makes an inquiry to
a depository institution by e-mail about
its products or services, but does not
obtain a product or service from or enter
into a financial contract or transaction
with the institution, the depository
institution has a pre-existing business
relationship with the consumer and can
therefore use eligibility information it
receives from an affiliate to make
solicitations to the consumer about its
products or services for three months
after the date of the inquiry.
(G) If a consumer has an existing
relationship with a depository
institution that is part of a group of
affiliated companies, makes a telephone
call to the centralized call center for the
group of affiliated companies to inquire
about products or services offered by the
insurance affiliate, and provides contact
information to the call center, the call
constitutes an inquiry to the insurance
affiliate that offers those products or
services. The insurance affiliate has a
pre-existing business relationship with
the consumer and can therefore use
E:\FR\FM\07NOR2.SGM
07NOR2
rwilkins on PROD1PC63 with RULES_2
Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations
eligibility information it receives from
its affiliated depository institution to
make solicitations to the consumer
about its products or services for three
months after the date of the inquiry.
(iii) Examples where no pre-existing
business relationship is created. (A) If a
consumer makes a telephone call to a
centralized call center for a group of
affiliated companies to inquire about the
consumer’s existing account at a
depository institution, the call does not
constitute an inquiry to any affiliate
other than the depository institution
that holds the consumer’s account and
does not establish a pre-existing
business relationship between the
consumer and any affiliate of the
account-holding depository institution.
(B) If a consumer who has a deposit
account with a depository institution
makes a telephone call to an affiliate of
the institution to ask about the affiliate’s
retail locations and hours, but does not
make an inquiry about the affiliate’s
products or services, the call does not
constitute an inquiry and does not
establish a pre-existing business
relationship between the consumer and
the affiliate. Also, the affiliate’s capture
of the consumer’s telephone number
does not constitute an inquiry and does
not establish a pre-existing business
relationship between the consumer and
the affiliate.
(C) If a consumer makes a telephone
call to a depository institution in
response to an advertisement that offers
a free promotional item to consumers
who call a toll-free number, but the
advertisement does not indicate that the
depository institution’s products or
services will be marketed to consumers
who call in response, the call does not
create a pre-existing business
relationship between the consumer and
the depository institution because the
consumer has not made an inquiry
about a product or service offered by the
institution, but has merely responded to
an offer for a free promotional item.
(5) Solicitation. (i) In general. The
term ‘‘solicitation’’ means the marketing
of a product or service initiated by a
person to a particular consumer that
is—
(A) Based on eligibility information
communicated to that person by its
affiliate as described in this subpart; and
(B) Intended to encourage the
consumer to purchase or obtain such
product or service.
(ii) Exclusion of marketing directed at
the general public. A solicitation does
not include marketing communications
that are directed at the general public.
For example, television, general
circulation magazine, and billboard
advertisements do not constitute
VerDate Aug<31>2005
16:20 Nov 06, 2007
Jkt 214001
solicitations, even if those
communications are intended to
encourage consumers to purchase
products and services from the person
initiating the communications.
(iii) Examples of solicitations. A
solicitation would include, for example,
a telemarketing call, direct mail, e-mail,
or other form of marketing
communication directed to a particular
consumer that is based on eligibility
information received from an affiliate.
§ 41.21 Affiliate marketing opt-out and
exceptions.
(a) Initial notice and opt-out
requirement. (1) In general. A bank may
not use eligibility information about a
consumer that it receives from an
affiliate to make a solicitation for
marketing purposes to the consumer,
unless—
(i) It is clearly and conspicuously
disclosed to the consumer in writing or,
if the consumer agrees, electronically, in
a concise notice that the bank may use
eligibility information about that
consumer received from an affiliate to
make solicitations for marketing
purposes to the consumer;
(ii) The consumer is provided a
reasonable opportunity and a reasonable
and simple method to ‘‘opt out,’’ or
prohibit the bank from using eligibility
information to make solicitations for
marketing purposes to the consumer;
and
(iii) The consumer has not opted out.
(2) Example. A consumer has a
homeowner’s insurance policy with an
insurance company. The insurance
company furnishes eligibility
information about the consumer to its
affiliated depository institution. Based
on that eligibility information, the
depository institution wants to make a
solicitation to the consumer about its
home equity loan products. The
depository institution does not have a
pre-existing business relationship with
the consumer and none of the other
exceptions apply. The depository
institution is prohibited from using
eligibility information received from its
insurance affiliate to make solicitations
to the consumer about its home equity
loan products unless the consumer is
given a notice and opportunity to opt
out and the consumer does not opt out.
(3) Affiliates who may provide the
notice. The notice required by this
paragraph must be provided:
(i) By an affiliate that has or has
previously had a pre-existing business
relationship with the consumer; or
(ii) As part of a joint notice from two
or more members of an affiliated group
of companies, provided that at least one
of the affiliates on the joint notice has
PO 00000
Frm 00039
Fmt 4701
Sfmt 4700
62947
or has previously had a pre-existing
business relationship with the
consumer.
(b) Making solicitations. (1) In
general. For purposes of this subpart, a
bank makes a solicitation for marketing
purposes if—
(i) The bank receives eligibility
information from an affiliate;
(ii) The bank uses that eligibility
information to do one or more of the
following:
(A) Identify the consumer or type of
consumer to receive a solicitation;
(B) Establish criteria used to select the
consumer to receive a solicitation; or
(C) Decide which of the bank’s
products or services to market to the
consumer or tailor the bank’s
solicitation to that consumer; and
(iii) As a result of the bank’s use of the
eligibility information, the consumer is
provided a solicitation.
(2) Receiving eligibility information
from an affiliate, including through a
common database. A bank may receive
eligibility information from an affiliate
in various ways, including when the
affiliate places that information into a
common database that the bank may
access.
(3) Receipt or use of eligibility
information by a bank’s service
provider. Except as provided in
paragraph (b)(5) of this section, a bank
receives or uses an affiliate’s eligibility
information if a service provider acting
on the bank’s behalf (whether an
affiliate or a nonaffiliated third party)
receives or uses that information in the
manner described in paragraphs (b)(1)(i)
or (b)(1)(ii) of this section. All relevant
facts and circumstances will determine
whether a person is acting as a bank’s
service provider when it receives or
uses an affiliate’s eligibility information
in connection with marketing the bank’s
products and services.
(4) Use by an affiliate of its own
eligibility information. Unless a bank
has used eligibility information that it
receives from an affiliate in the manner
described in paragraph (b)(1)(ii) of this
section, the bank does not make a
solicitation subject to this subpart if the
bank’s affiliate:
(i) Uses its own eligibility information
that it obtained in connection with a
pre-existing business relationship it has
or had with the consumer to market the
bank’s products or services to the
consumer; or
(ii) Directs its service provider to use
the affiliate’s own eligibility information
that it obtained in connection with a
pre-existing business relationship it has
or had with the consumer to market the
bank’s products or services to the
consumer, and the bank does not
E:\FR\FM\07NOR2.SGM
07NOR2
rwilkins on PROD1PC63 with RULES_2
62948
Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations
communicate directly with the service
provider regarding that use.
(5) Use of eligibility information by a
service provider. (i) In general. A bank
does not make a solicitation subject to
Subpart C of this part if a service
provider (including an affiliated or
third-party service provider that
maintains or accesses a common
database that the bank may access)
receives eligibility information from the
bank’s affiliate that the bank’s affiliate
obtained in connection with a preexisting business relationship it has or
had with the consumer and uses that
eligibility information to market the
bank’s products or services to the
consumer, so long as—
(A) The bank’s affiliate controls access
to and use of its eligibility information
by the service provider (including the
right to establish the specific terms and
conditions under which the service
provider may use such information to
market the bank’s products or services);
(B) The bank’s affiliate establishes
specific terms and conditions under
which the service provider may access
and use the affiliate’s eligibility
information to market the bank’s
products and services (or those of
affiliates generally) to the consumer,
such as the identity of the affiliated
companies whose products or services
may be marketed to the consumer by the
service provider, the types of products
or services of affiliated companies that
may be marketed, and the number of
times the consumer may receive
marketing materials, and periodically
evaluates the service provider’s
compliance with those terms and
conditions;
(C) The bank’s affiliate requires the
service provider to implement
reasonable policies and procedures
designed to ensure that the service
provider uses the affiliate’s eligibility
information in accordance with the
terms and conditions established by the
bank’s affiliate relating to the marketing
of the bank’s products or services;
(D) The bank’s affiliate is identified
on or with the marketing materials
provided to the consumer; and
(E) The bank does not directly use its
affiliate’s eligibility information in the
manner described in paragraph (b)(1)(ii)
of this section.
(ii) Writing requirements. (A) The
requirements of paragraphs (b)(5)(i)(A)
and (C) of this section must be set forth
in a written agreement between the
bank’s affiliate and the service provider;
and
(B) The specific terms and conditions
established by the bank’s affiliate as
provided in paragraph (b)(5)(i)(B) of this
section must be set forth in writing.
VerDate Aug<31>2005
16:20 Nov 06, 2007
Jkt 214001
(6) Examples of making solicitations.
(i) A consumer has a deposit account
with a depository institution, which is
affiliated with an insurance company.
The insurance company receives
eligibility information about the
consumer from the depository
institution. The insurance company
uses that eligibility information to
identify the consumer to receive a
solicitation about insurance products,
and, as a result, the insurance company
provides a solicitation to the consumer
about its insurance products. Pursuant
to paragraph (b)(1) of this section, the
insurance company has made a
solicitation to the consumer.
(ii) The same facts as in the example
in paragraph (b)(6)(i) of this section,
except that after using the eligibility
information to identify the consumer to
receive a solicitation about insurance
products, the insurance company asks
the depository institution to send the
solicitation to the consumer and the
depository institution does so. Pursuant
to paragraph (b)(1) of this section, the
insurance company has made a
solicitation to the consumer because it
used eligibility information about the
consumer that it received from an
affiliate to identify the consumer to
receive a solicitation about its products
or services, and, as a result, a
solicitation was provided to the
consumer about the insurance
company’s products.
(iii) The same facts as in the example
in paragraph (b)(6)(i) of this section,
except that eligibility information about
consumers that have deposit accounts
with the depository institution is placed
into a common database that all
members of the affiliated group of
companies may independently access
and use. Without using the depository
institution’s eligibility information, the
insurance company develops selection
criteria and provides those criteria,
marketing materials, and related
instructions to the depository
institution. The depository institution
reviews eligibility information about its
own consumers using the selection
criteria provided by the insurance
company to determine which
consumers should receive the insurance
company’s marketing materials and
sends marketing materials about the
insurance company’s products to those
consumers. Even though the insurance
company has received eligibility
information through the common
database as provided in paragraph (b)(2)
of this section, it did not use that
information to identify consumers or
establish selection criteria; instead, the
depository institution used its own
eligibility information. Therefore,
PO 00000
Frm 00040
Fmt 4701
Sfmt 4700
pursuant to paragraph (b)(4)(i) of this
section, the insurance company has not
made a solicitation to the consumer.
(iv) The same facts as in the example
in paragraph (b)(6)(iii) of this section,
except that the depository institution
provides the insurance company’s
criteria to the depository institution’s
service provider and directs the service
provider to use the depository
institution’s eligibility information to
identify depository institution
consumers who meet the criteria and to
send the insurance company’s
marketing materials to those consumers.
The insurance company does not
communicate directly with the service
provider regarding the use of the
depository institution’s information to
market its products to the depository
institution’s consumers. Pursuant to
paragraph (b)(4)(ii) of this section, the
insurance company has not made a
solicitation to the consumer.
(v) An affiliated group of companies
includes a depository institution, an
insurance company, and a service
provider. Each affiliate in the group
places information about its consumers
into a common database. The service
provider has access to all information in
the common database. The depository
institution controls access to and use of
its eligibility information by the service
provider. This control is set forth in a
written agreement between the
depository institution and the service
provider. The written agreement also
requires the service provider to establish
reasonable policies and procedures
designed to ensure that the service
provider uses the depository
institution’s eligibility information in
accordance with specific terms and
conditions established by the depository
institution relating to the marketing of
the products and services of all
affiliates, including the insurance
company. In a separate written
communication, the depository
institution specifies the terms and
conditions under which the service
provider may use the depository
institution’s eligibility information to
market the insurance company’s
products and services to the depository
institution’s consumers. The specific
terms and conditions are: A list of
affiliated companies (including the
insurance company) whose products or
services may be marketed to the
depository institution’s consumers by
the service provider; the specific
products or types of products that may
be marketed to the depository
institution’s consumers by the service
provider; the categories of eligibility
information that may be used by the
service provider in marketing products
E:\FR\FM\07NOR2.SGM
07NOR2
rwilkins on PROD1PC63 with RULES_2
Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations
or services to the depository
institution’s consumers; the types or
categories of the depository institution’s
consumers to whom the service
provider may market products or
services of depository institution
affiliates; the number and/or types of
marketing communications that the
service provider may send to the
depository institution’s consumers; and
the length of time during which the
service provider may market the
products or services of the depository
institution’s affiliates to its consumers.
The depository institution periodically
evaluates the service provider’s
compliance with these terms and
conditions. The insurance company
asks the service provider to market
insurance products to certain consumers
who have deposit accounts with the
depository institution. Without using
the depository institution’s eligibility
information, the insurance company
develops selection criteria and provides
those criteria, marketing materials, and
related instructions to the service
provider. The service provider uses the
depository institution’s eligibility
information from the common database
to identify the depository institution’s
consumers to whom insurance products
will be marketed. When the insurance
company’s marketing materials are
provided to the identified consumers,
the name of the depository institution is
displayed on the insurance marketing
materials, an introductory letter that
accompanies the marketing materials,
an account statement that accompanies
the marketing materials, or the envelope
containing the marketing materials. The
requirements of paragraph (b)(5) of this
section have been satisfied, and the
insurance company has not made a
solicitation to the consumer.
(vi) The same facts as in the example
in paragraph (b)(6)(v) of this section,
except that the terms and conditions
permit the service provider to use the
depository institution’s eligibility
information to market the products and
services of other affiliates to the
depository institution’s consumers
whenever the service provider deems it
appropriate to do so. The service
provider uses the depository
institution’s eligibility information in
accordance with the discretion afforded
to it by the terms and conditions.
Because the terms and conditions are
not specific, the requirements of
paragraph (b)(5) of this section have not
been satisfied.
(c) Exceptions. The provisions of this
subpart do not apply to a bank if it uses
eligibility information that it receives
from an affiliate:
VerDate Aug<31>2005
16:20 Nov 06, 2007
Jkt 214001
(1) To make a solicitation for
marketing purposes to a consumer with
whom the bank has a pre-existing
business relationship;
(2) To facilitate communications to an
individual for whose benefit the bank
provides employee benefit or other
services pursuant to a contract with an
employer related to and arising out of
the current employment relationship or
status of the individual as a participant
or beneficiary of an employee benefit
plan;
(3) To perform services on behalf of
an affiliate, except that this
subparagraph shall not be construed as
permitting the bank to send solicitations
on behalf of an affiliate if the affiliate
would not be permitted to send the
solicitation as a result of the election of
the consumer to opt out under this
subpart;
(4) In response to a communication
about the bank’s products or services
initiated by the consumer;
(5) In response to an authorization or
request by the consumer to receive
solicitations; or
(6) If the bank’s compliance with this
subpart would prevent it from
complying with any provision of State
insurance laws pertaining to unfair
discrimination in any State in which the
bank is lawfully doing business.
(d) Examples of exceptions. (1)
Example of the pre-existing business
relationship exception. A consumer has
a deposit account with a depository
institution. The consumer also has a
relationship with the depository
institution’s securities affiliate for
management of the consumer’s
securities portfolio. The depository
institution receives eligibility
information about the consumer from its
securities affiliate and uses that
information to make a solicitation to the
consumer about the depository
institution’s wealth management
services. The depository institution may
make this solicitation even if the
consumer has not been given a notice
and opportunity to opt out because the
depository institution has a pre-existing
business relationship with the
consumer.
(2) Examples of service provider
exception. (i) A consumer has an
insurance policy issued by an insurance
company. The insurance company
furnishes eligibility information about
the consumer to its affiliated depository
institution. Based on that eligibility
information, the depository institution
wants to make a solicitation to the
consumer about its deposit products.
The depository institution does not have
a pre-existing business relationship with
the consumer and none of the other
PO 00000
Frm 00041
Fmt 4701
Sfmt 4700
62949
exceptions in paragraph (c) of this
section apply. The consumer has been
given an opt-out notice and has elected
to opt out of receiving such
solicitations. The depository institution
asks a service provider to send the
solicitation to the consumer on its
behalf. The service provider may not
send the solicitation on behalf of the
depository institution because, as a
result of the consumer’s opt-out
election, the depository institution is
not permitted to make the solicitation.
(ii) The same facts as in paragraph
(d)(2)(i) of this section, except the
consumer has been given an opt-out
notice, but has not elected to opt out.
The depository institution asks a service
provider to send the solicitation to the
consumer on its behalf. The service
provider may send the solicitation on
behalf of the depository institution
because, as a result of the consumer’s
not opting out, the depository
institution is permitted to make the
solicitation.
(3) Examples of consumer-initiated
communications. (i) A consumer who
has a deposit account with a depository
institution initiates a communication
with the depository institution’s credit
card affiliate to request information
about a credit card. The credit card
affiliate may use eligibility information
about the consumer it obtains from the
depository institution or any other
affiliate to make solicitations regarding
credit card products in response to the
consumer-initiated communication.
(ii) A consumer who has a deposit
account with a depository institution
contacts the institution to request
information about how to save and
invest for a child’s college education
without specifying the type of product
in which the consumer may be
interested. Information about a range of
different products or services offered by
the depository institution and one or
more affiliates of the institution may be
responsive to that communication. Such
products or services may include the
following: Mutual funds offered by the
institution’s mutual fund affiliate;
section 529 plans offered by the
institution, its mutual fund affiliate, or
another securities affiliate; or trust
services offered by a different financial
institution in the affiliated group. Any
affiliate offering investment products or
services that would be responsive to the
consumer’s request for information
about saving and investing for a child’s
college education may use eligibility
information to make solicitations to the
consumer in response to this
communication.
(iii) A credit card issuer makes a
marketing call to the consumer without
E:\FR\FM\07NOR2.SGM
07NOR2
rwilkins on PROD1PC63 with RULES_2
62950
Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations
using eligibility information received
from an affiliate. The issuer leaves a
voice-mail message that invites the
consumer to call a toll-free number to
apply for the issuer’s credit card. If the
consumer calls the toll-free number to
inquire about the credit card, the call is
a consumer-initiated communication
about a product or service and the credit
card issuer may now use eligibility
information it receives from its affiliates
to make solicitations to the consumer.
(iv) A consumer calls a depository
institution to ask about retail locations
and hours, but does not request
information about products or services.
The institution may not use eligibility
information it receives from an affiliate
to make solicitations to the consumer
about its products or services because
the consumer-initiated communication
does not relate to the depository
institution’s products or services. Thus,
the use of eligibility information
received from an affiliate would not be
responsive to the communication and
the exception does not apply.
(v) A consumer calls a depository
institution to ask about retail locations
and hours. The customer service
representative asks the consumer if
there is a particular product or service
about which the consumer is seeking
information. The consumer responds
that the consumer wants to stop in and
find out about certificates of deposit.
The customer service representative
offers to provide that information by
telephone and mail additional
information and application materials to
the consumer. The consumer agrees and
provides or confirms contact
information for receipt of the materials
to be mailed. The depository institution
may use eligibility information it
receives from an affiliate to make
solicitations to the consumer about
certificates of deposit because such
solicitations would respond to the
consumer-initiated communication
about products or services.
(4) Examples of consumer
authorization or request for
solicitations. (i) A consumer who
obtains a mortgage from a mortgage
lender authorizes or requests
information about homeowner’s
insurance offered by the mortgage
lender’s insurance affiliate. Such
authorization or request, whether given
to the mortgage lender or to the
insurance affiliate, would permit the
insurance affiliate to use eligibility
information about the consumer it
obtains from the mortgage lender or any
other affiliate to make solicitations to
the consumer about homeowner’s
insurance.
VerDate Aug<31>2005
16:20 Nov 06, 2007
Jkt 214001
(ii) A consumer completes an online
application to apply for a credit card
from a credit card issuer. The issuer’s
online application contains a blank
check box that the consumer may check
to authorize or request information from
the credit card issuer’s affiliates. The
consumer checks the box. The consumer
has authorized or requested solicitations
from the card issuer’s affiliates.
(iii) A consumer completes an online
application to apply for a credit card
from a credit card issuer. The issuer’s
online application contains a preselected check box indicating that the
consumer authorizes or requests
information from the issuer’s affiliates.
The consumer does not deselect the
check box. The consumer has not
authorized or requested solicitations
from the card issuer’s affiliates.
(iv) The terms and conditions of a
credit card account agreement contain
preprinted boilerplate language stating
that by applying to open an account the
consumer authorizes or requests to
receive solicitations from the credit card
issuer’s affiliates. The consumer has not
authorized or requested solicitations
from the card issuer’s affiliates.
(e) Relation to affiliate-sharing notice
and opt-out. Nothing in this subpart
limits the responsibility of a person to
comply with the notice and opt-out
provisions of section 603(d)(2)(A)(iii) of
the Act where applicable.
§ 41.22
Scope and duration of opt-out.
(a) Scope of opt-out. (1) In general.
Except as otherwise provided in this
section, the consumer’s election to opt
out prohibits any affiliate covered by the
opt-out notice from using eligibility
information received from another
affiliate as described in the notice to
make solicitations to the consumer.
(2) Continuing relationship. (i) In
general. If the consumer establishes a
continuing relationship with a bank or
its affiliate, an opt-out notice may apply
to eligibility information obtained in
connection with—
(A) A single continuing relationship
or multiple continuing relationships
that the consumer establishes with the
bank or its affiliates, including
continuing relationships established
subsequent to delivery of the opt-out
notice, so long as the notice adequately
describes the continuing relationships
covered by the opt-out; or
(B) Any other transaction between the
consumer and the bank or its affiliates
as described in the notice.
(ii) Examples of continuing
relationships. A consumer has a
continuing relationship with a bank or
its affiliate if the consumer—
PO 00000
Frm 00042
Fmt 4701
Sfmt 4700
(A) Opens a deposit or investment
account with the bank or its affiliate;
(B) Obtains a loan for which the bank
or its affiliate owns the servicing rights;
(C) Purchases an insurance product
from the bank or its affiliate;
(D) Holds an investment product
through the bank or its affiliate, such as
when the bank acts or its affiliate acts
as a custodian for securities or for assets
in an individual retirement
arrangement;
(E) Enters into an agreement or
understanding with the bank or its
affiliate whereby the bank or its affiliate
undertakes to arrange or broker a home
mortgage loan for the consumer;
(F) Enters into a lease of personal
property with the bank or its affiliate; or
(G) Obtains financial, investment, or
economic advisory services from the
bank or its affiliate for a fee.
(3) No continuing relationship. (i) In
general. If there is no continuing
relationship between a consumer and a
bank or its affiliate, and the bank or its
affiliate obtains eligibility information
about the consumer in connection with
a transaction with the consumer, such
as an isolated transaction or a credit
application that is denied, an opt-out
notice provided to the consumer only
applies to eligibility information
obtained in connection with that
transaction.
(ii) Examples of isolated transactions.
An isolated transaction occurs if—
(A) The consumer uses a bank’s or its
affiliate’s ATM to withdraw cash from
an account at another financial
institution; or
(B) A bank or its affiliate sells the
consumer a cashier’s check or money
order, airline tickets, travel insurance,
or traveler’s checks in isolated
transactions.
(4) Menu of alternatives. A consumer
may be given the opportunity to choose
from a menu of alternatives when
electing to prohibit solicitations, such as
by electing to prohibit solicitations from
certain types of affiliates covered by the
opt-out notice but not other types of
affiliates covered by the notice, electing
to prohibit solicitations based on certain
types of eligibility information but not
other types of eligibility information, or
electing to prohibit solicitations by
certain methods of delivery but not
other methods of delivery. However,
one of the alternatives must allow the
consumer to prohibit all solicitations
from all of the affiliates that are covered
by the notice.
(5) Special rule for a notice following
termination of all continuing
relationships. (i) In general. A consumer
must be given a new opt-out notice if,
after all continuing relationships with a
E:\FR\FM\07NOR2.SGM
07NOR2
Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations
bank or its affiliate(s) are terminated, the
consumer subsequently establishes
another continuing relationship with
the bank or its affiliate(s) and the
consumer’s eligibility information is to
be used to make a solicitation. The new
opt-out notice must apply, at a
minimum, to eligibility information
obtained in connection with the new
continuing relationship. Consistent with
paragraph (b) of this section, the
consumer’s decision not to opt out after
receiving the new opt-out notice would
not override a prior opt-out election by
the consumer that applies to eligibility
information obtained in connection
with a terminated relationship,
regardless of whether the new opt-out
notice applies to eligibility information
obtained in connection with the
terminated relationship.
(ii) Example. A consumer has a
checking account with a depository
institution that is part of an affiliated
group. The consumer closes the
checking account. One year after closing
the checking account, the consumer
opens a savings account with the same
depository institution. The consumer
must be given a new notice and
opportunity to opt out before the
depository institution’s affiliates may
make solicitations to the consumer
using eligibility information obtained by
the depository institution in connection
with the new savings account
relationship, regardless of whether the
consumer opted out in connection with
the checking account.
(b) Duration of opt-out. The election
of a consumer to opt out must be
effective for a period of at least five
years (the ‘‘opt-out period’’) beginning
when the consumer’s opt-out election is
received and implemented, unless the
consumer subsequently revokes the optout in writing or, if the consumer agrees,
electronically. An opt-out period of
more than five years may be established,
including an opt-out period that does
not expire unless revoked by the
consumer.
(c) Time of opt-out. A consumer may
opt out at any time.
rwilkins on PROD1PC63 with RULES_2
§ 41.23 Contents of opt-out notice;
consolidated and equivalent notices.
(a) Contents of opt-out notice. (1) In
general. A notice must be clear,
conspicuous, and concise, and must
accurately disclose:
(i) The name of the affiliate(s)
providing the notice. If the notice is
provided jointly by multiple affiliates
and each affiliate shares a common
name, such as ‘‘ABC,’’ then the notice
may indicate that it is being provided by
multiple companies with the ABC name
or multiple companies in the ABC group
VerDate Aug<31>2005
16:20 Nov 06, 2007
Jkt 214001
or family of companies, for example, by
stating that the notice is provided by
‘‘all of the ABC companies,’’ ‘‘the ABC
banking, credit card, insurance, and
securities companies,’’ or by listing the
name of each affiliate providing the
notice. But if the affiliates providing the
joint notice do not all share a common
name, then the notice must either
separately identify each affiliate by
name or identify each of the common
names used by those affiliates, for
example, by stating that the notice is
provided by ‘‘all of the ABC and XYZ
companies’’ or by ‘‘the ABC banking
and credit card companies and the XYZ
insurance companies’’;
(ii) A list of the affiliates or types of
affiliates whose use of eligibility
information is covered by the notice,
which may include companies that
become affiliates after the notice is
provided to the consumer. If each
affiliate covered by the notice shares a
common name, such as ‘‘ABC,’’ then the
notice may indicate that it applies to
multiple companies with the ABC name
or multiple companies in the ABC group
or family of companies, for example, by
stating that the notice is provided by
‘‘all of the ABC companies,’’ ‘‘the ABC
banking, credit card, insurance, and
securities companies,’’ or by listing the
name of each affiliate providing the
notice. But if the affiliates covered by
the notice do not all share a common
name, then the notice must either
separately identify each covered affiliate
by name or identify each of the common
names used by those affiliates, for
example, by stating that the notice
applies to ‘‘all of the ABC and XYZ
companies’’ or to ‘‘the ABC banking and
credit card companies and the XYZ
insurance companies’’;
(iii) A general description of the types
of eligibility information that may be
used to make solicitations to the
consumer;
(iv) That the consumer may elect to
limit the use of eligibility information to
make solicitations to the consumer;
(v) That the consumer’s election will
apply for the specified period of time
stated in the notice and, if applicable,
that the consumer will be allowed to
renew the election once that period
expires;
(vi) If the notice is provided to
consumers who may have previously
opted out, such as if a notice is provided
to consumers annually, that the
consumer who has chosen to limit
solicitations does not need to act again
until the consumer receives a renewal
notice; and
(vii) A reasonable and simple method
for the consumer to opt out.
PO 00000
Frm 00043
Fmt 4701
Sfmt 4700
62951
(2) Joint relationships. (i) If two or
more consumers jointly obtain a product
or service, a single opt-out notice may
be provided to the joint consumers. Any
of the joint consumers may exercise the
right to opt out.
(ii) The opt-out notice must explain
how an opt-out direction by a joint
consumer will be treated. An opt-out
direction by a joint consumer may be
treated as applying to all of the
associated joint consumers, or each joint
consumer may be permitted to opt-out
separately. If each joint consumer is
permitted to opt out separately, one of
the joint consumers must be permitted
to opt out on behalf of all of the joint
consumers and the joint consumers
must be permitted to exercise their
separate rights to opt out in a single
response.
(iii) It is impermissible to require all
joint consumers to opt out before
implementing any opt-out direction.
(3) Alternative contents. If the
consumer is afforded a broader right to
opt out of receiving marketing than is
required by this subpart, the
requirements of this section may be
satisfied by providing the consumer
with a clear, conspicuous, and concise
notice that accurately discloses the
consumer’s opt-out rights.
(4) Model notices. Model notices are
provided in Appendix C of this part.
(b) Coordinated and consolidated
notices. A notice required by this
subpart may be coordinated and
consolidated with any other notice or
disclosure required to be issued under
any other provision of law by the entity
providing the notice, including but not
limited to the notice described in
section 603(d)(2)(A)(iii) of the Act and
the Gramm-Leach-Bliley Act privacy
notice.
(c) Equivalent notices. A notice or
other disclosure that is equivalent to the
notice required by this subpart, and that
is provided to a consumer together with
disclosures required by any other
provision of law, satisfies the
requirements of this section.
§ 41.24
Reasonable opportunity to opt out.
(a) In general. A bank must not use
eligibility information about a consumer
that it receives from an affiliate to make
a solicitation to the consumer about the
bank’s products or services, unless the
consumer is provided a reasonable
opportunity to opt out, as required by
§ 41.21(a)(1)(ii) of this part.
(b) Examples of a reasonable
opportunity to opt out. The consumer is
given a reasonable opportunity to opt
out if:
(1) By mail. The opt-out notice is
mailed to the consumer. The consumer
E:\FR\FM\07NOR2.SGM
07NOR2
rwilkins on PROD1PC63 with RULES_2
62952
Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations
is given 30 days from the date the notice
is mailed to elect to opt out by any
reasonable means.
(2) By electronic means. (i) The optout notice is provided electronically to
the consumer, such as by posting the
notice at an Internet Web site at which
the consumer has obtained a product or
service. The consumer acknowledges
receipt of the electronic notice. The
consumer is given 30 days after the date
the consumer acknowledges receipt to
elect to opt out by any reasonable
means.
(ii) The opt-out notice is provided to
the consumer by e-mail where the
consumer has agreed to receive
disclosures by e-mail from the person
sending the notice. The consumer is
given 30 days after the e-mail is sent to
elect to opt out by any reasonable
means.
(3) At the time of an electronic
transaction. The opt-out notice is
provided to the consumer at the time of
an electronic transaction, such as a
transaction conducted on an Internet
Web site. The consumer is required to
decide, as a necessary part of
proceeding with the transaction,
whether to opt out before completing
the transaction. There is a simple
process that the consumer may use to
opt out at that time using the same
mechanism through which the
transaction is conducted.
(4) At the time of an in-person
transaction. The opt-out notice is
provided to the consumer in writing at
the time of an in-person transaction.
The consumer is required to decide, as
a necessary part of proceeding with the
transaction, whether to opt out before
completing the transaction, and is not
permitted to complete the transaction
without making a choice. There is a
simple process that the consumer may
use during the course of the in-person
transaction to opt out, such as
completing a form that requires
consumers to write a ‘‘yes’’ or ‘‘no’’ to
indicate their opt-out preference or that
requires the consumer to check one of
two blank check boxes—one that allows
consumers to indicate that they want to
opt out and one that allows consumers
to indicate that they do not want to opt
out.
(5) By including in a privacy notice.
The opt-out notice is included in a
Gramm-Leach-Bliley Act privacy notice.
The consumer is allowed to exercise the
opt-out within a reasonable period of
time and in the same manner as the optout under that privacy notice.
VerDate Aug<31>2005
16:20 Nov 06, 2007
Jkt 214001
§ 41.25 Reasonable and simple methods of
opting out.
(a) In general. A bank must not use
eligibility information about a consumer
that it receives from an affiliate to make
a solicitation to the consumer about its
products or services, unless the
consumer is provided a reasonable and
simple method to opt out, as required by
§ 41.21(a)(1)(ii) of this part.
(b) Examples. (1) Reasonable and
simple opt-out methods. Reasonable and
simple methods for exercising the optout right include—
(i) Designating a check-off box in a
prominent position on the opt-out form;
(ii) Including a reply form and a selfaddressed envelope together with the
opt-out notice;
(iii) Providing an electronic means to
opt out, such as a form that can be
electronically mailed or processed at an
Internet Web site, if the consumer agrees
to the electronic delivery of information;
(iv) Providing a toll-free telephone
number that consumers may call to opt
out; or
(v) Allowing consumers to exercise all
of their opt-out rights described in a
consolidated opt-out notice that
includes the privacy opt-out under the
Gramm-Leach-Bliley Act, 15 U.S.C.
6801 et seq., the affiliate sharing opt-out
under the Act, and the affiliate
marketing opt-out under the Act, by a
single method, such as by calling a
single toll-free telephone number.
(2) Opt-out methods that are not
reasonable and simple. Reasonable and
simple methods for exercising an optout right do not include—
(i) Requiring the consumer to write
his or her own letter;
(ii) Requiring the consumer to call or
write to obtain a form for opting out,
rather than including the form with the
opt-out notice;
(iii) Requiring the consumer who
receives the opt-out notice in electronic
form only, such as through posting at an
Internet Web site, to opt out solely by
paper mail or by visiting a different Web
site without providing a link to that site.
(c) Specific opt-out means. Each
consumer may be required to opt out
through a specific means, as long as that
means is reasonable and simple for that
consumer.
§ 41.26
Delivery of opt-out notices.
(a) In general. The opt-out notice must
be provided so that each consumer can
reasonably be expected to receive actual
notice. For opt-out notices provided
electronically, the notice may be
provided in compliance with either the
electronic disclosure provisions in this
subpart or the provisions in section 101
of the Electronic Signatures in Global
PO 00000
Frm 00044
Fmt 4701
Sfmt 4700
and National Commerce Act, 15 U.S.C.
7001 et seq.
(b) Examples of reasonable
expectation of actual notice. A
consumer may reasonably be expected
to receive actual notice if the affiliate
providing the notice:
(1) Hand-delivers a printed copy of
the notice to the consumer;
(2) Mails a printed copy of the notice
to the last known mailing address of the
consumer;
(3) Provides a notice by e-mail to a
consumer who has agreed to receive
electronic disclosures by e-mail from
the affiliate providing the notice; or
(4) Posts the notice on the Internet
Web site at which the consumer
obtained a product or service
electronically and requires the
consumer to acknowledge receipt of the
notice.
(c) Examples of no reasonable
expectation of actual notice. A
consumer may not reasonably be
expected to receive actual notice if the
affiliate providing the notice:
(1) Only posts the notice on a sign in
a branch or office or generally publishes
the notice in a newspaper;
(2) Sends the notice via e-mail to a
consumer who has not agreed to receive
electronic disclosures by e-mail from
the affiliate providing the notice; or
(3) Posts the notice on an Internet
Web site without requiring the
consumer to acknowledge receipt of the
notice.
§ 41.27
Renewal of opt-out.
(a) Renewal notice and opt-out
requirement. (1) In general. After the
opt-out period expires, a bank may not
make solicitations based on eligibility
information it receives from an affiliate
to a consumer who previously opted
out, unless:
(i) The consumer has been given a
renewal notice that complies with the
requirements of this section and
§§ 41.24 through 41.26 of this part, and
a reasonable opportunity and a
reasonable and simple method to renew
the opt-out, and the consumer does not
renew the opt-out; or
(ii) An exception in § 41.21(c) of this
part applies.
(2) Renewal period. Each opt-out
renewal must be effective for a period of
at least five years as provided in
§ 41.22(b) of this part.
(3) Affiliates who may provide the
notice. The notice required by this
paragraph must be provided:
(i) By the affiliate that provided the
previous opt-out notice, or its successor;
or (ii) As part of a joint renewal notice
from two or more members of an
affiliated group of companies, or their
E:\FR\FM\07NOR2.SGM
07NOR2
rwilkins on PROD1PC63 with RULES_2
Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations
successors, that jointly provided the
previous opt-out notice.
(b) Contents of renewal notice. The
renewal notice must be clear,
conspicuous, and concise, and must
accurately disclose:
(1) The name of the affiliate(s)
providing the notice. If the notice is
provided jointly by multiple affiliates
and each affiliate shares a common
name, such as ‘‘ABC,’’ then the notice
may indicate that it is being provided by
multiple companies with the ABC name
or multiple companies in the ABC group
or family of companies, for example, by
stating that the notice is provided by
‘‘all of the ABC companies,’’ ‘‘the ABC
banking, credit card, insurance, and
securities companies,’’ or by listing the
name of each affiliate providing the
notice. But if the affiliates providing the
joint notice do not all share a common
name, then the notice must either
separately identify each affiliate by
name or identify each of the common
names used by those affiliates, for
example, by stating that the notice is
provided by ‘‘all of the ABC and XYZ
companies’’ or by ‘‘the ABC banking
and credit card companies and the XYZ
insurance companies’’;
(2) A list of the affiliates or types of
affiliates whose use of eligibility
information is covered by the notice,
which may include companies that
become affiliates after the notice is
provided to the consumer. If each
affiliate covered by the notice shares a
common name, such as ‘‘ABC,’’ then the
notice may indicate that it applies to
multiple companies with the ABC name
or multiple companies in the ABC group
or family of companies, for example, by
stating that the notice is provided by
‘‘all of the ABC companies,’’ ‘‘the ABC
banking, credit card, insurance, and
securities companies,’’ or by listing the
name of each affiliate providing the
notice. But if the affiliates covered by
the notice do not all share a common
name, then the notice must either
separately identify each covered affiliate
by name or identify each of the common
names used by those affiliates, for
example, by stating that the notice
applies to ‘‘all of the ABC and XYZ
companies’’ or to ‘‘the ABC banking and
credit card companies and the XYZ
insurance companies’’;
(3) A general description of the types
of eligibility information that may be
used to make solicitations to the
consumer;
(4) That the consumer previously
elected to limit the use of certain
information to make solicitations to the
consumer;
(5) That the consumer’s election has
expired or is about to expire;
VerDate Aug<31>2005
16:20 Nov 06, 2007
Jkt 214001
(6) That the consumer may elect to
renew the consumer’s previous election;
(7) If applicable, that the consumer’s
election to renew will apply for the
specified period of time stated in the
notice and that the consumer will be
allowed to renew the election once that
period expires; and
(8) A reasonable and simple method
for the consumer to opt out.
(c) Timing of the renewal notice. (1)
In general. A renewal notice may be
provided to the consumer either—
(i) A reasonable period of time before
the expiration of the opt-out period; or
(ii) Any time after the expiration of
the opt-out period but before
solicitations that would have been
prohibited by the expired opt-out are
made to the consumer.
(2) Combination with annual privacy
notice. If a bank provides an annual
privacy notice under the Gramm-LeachBliley Act, 15 U.S.C. 6801 et seq.,
providing a renewal notice with the last
annual privacy notice provided to the
consumer before expiration of the optout period is a reasonable period of time
before expiration of the opt-out in all
cases.
(d) No effect on opt-out period. An
opt-out period may not be shortened by
sending a renewal notice to the
consumer before expiration of the optout period, even if the consumer does
not renew the opt out.
§ 41.28 Effective date, compliance date,
and prospective application.
(a) Effective date. This subpart is
effective January 1, 2008.
(b) Mandatory compliance date.
Compliance with this subpart is
required not later than October 1, 2008.
(c) Prospective application. The
provisions of this subpart shall not
prohibit a bank from using eligibility
information that it receives from an
affiliate to make solicitations to a
consumer if the bank receives such
information prior to October 1, 2008.
For purposes of this section, a bank is
deemed to receive eligibility
information when such information is
placed into a common database and is
accessible by the bank.
3. Appendixes A and B to part 41 are
added and reserved, and a new
Appendix C to part 41 is added to read
as follows:
Appendix C To Part 41—Model Forms
for Opt-Out Notices
a. Although use of the model forms is not
required, use of the model forms in this
Appendix (as applicable) complies with the
requirement in section 624 of the Act for
clear, conspicuous, and concise notices.
b. Certain changes may be made to the
language or format of the model forms
PO 00000
Frm 00045
Fmt 4701
Sfmt 4700
62953
without losing the protection from liability
afforded by use of the model forms. These
changes may not be so extensive as to affect
the substance, clarity, or meaningful
sequence of the language in the model forms.
Persons making such extensive revisions will
lose the safe harbor that this Appendix
provides. Acceptable changes include, for
example:
1. Rearranging the order of the references
to ‘‘your income,’’ ‘‘your account history,’’
and ‘‘your credit score.’’
2. Substituting other types of information
for ‘‘income,’’ ‘‘account history,’’ or ‘‘credit
score’’ for accuracy, such as ‘‘payment
history,’’ ‘‘credit history,’’ ‘‘payoff status,’’ or
‘‘claims history.’’
3. Substituting a clearer and more accurate
description of the affiliates providing or
covered by the notice for phrases such as
‘‘the [ABC] group of companies,’’ including
without limitation a statement that the entity
providing the notice recently purchased the
consumer’s account.
4. Substituting other types of affiliates
covered by the notice for ‘‘credit card,’’
‘‘insurance,’’ or ‘‘securities’’ affiliates.
5. Omitting items that are not accurate or
applicable. For example, if a person does not
limit the duration of the opt-out period, the
notice may omit information about the
renewal notice.
6. Adding a statement informing
consumers how much time they have to opt
out before shared eligibility information may
be used to make solicitations to them.
7. Adding a statement that the consumer
may exercise the right to opt out at any time.
8. Adding the following statement, if
accurate: ‘‘If you previously opted out, you
do not need to do so again.’’
9. Providing a place on the form for the
consumer to fill in identifying information,
such as his or her name and address:
C–1 Model Form for Initial Opt-out Notice
(Single-Affiliate Notice)
C–2 Model Form for Initial Opt-out Notice
(Joint Notice)
C–3 Model Form for Renewal Notice (SingleAffiliate Notice)
C–4 Model Form for Renewal Notice (Joint
Notice)
C–5 Model Form for Voluntary ‘‘No
Marketing’’ Notice
C–1—Model Form for Initial Opt-out Notice
(Single-Affiliate Notice)—[Your Choice To
Limit Marketing]/[Marketing Opt–out]
• [Name of Affiliate] is providing this
notice.
• [Optional: Federal law gives you the
right to limit some but not all marketing from
our affiliates. Federal law also requires us to
give you this notice to tell you about your
choice to limit marketing from our affiliates.]
• You may limit our affiliates in the [ABC]
group of companies, such as our [credit card,
insurance, and securities] affiliates, from
marketing their products or services to you
based on your personal information that we
collect and share with them. This
information includes your [income], your
[account history with us], and your [credit
score].
• Your choice to limit marketing offers
from our affiliates will apply [until you tell
E:\FR\FM\07NOR2.SGM
07NOR2
62954
Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations
rwilkins on PROD1PC63 with RULES_2
us to change your choice]/[for x years from
when you tell us your choice]/[for at least 5
years from when you tell us your choice].
[Include if the opt-out period expires.] Once
that period expires, you will receive a
renewal notice that will allow you to
continue to limit marketing offers from our
affiliates for [another x years]/[at least
another 5 years].
• [Include, if applicable, in a subsequent
notice, including an annual notice, for
consumers who may have previously opted
out.] If you have already made a choice to
limit marketing offers from our affiliates, you
do not need to act again until you receive the
renewal notice.
To limit marketing offers, contact us
[include all that apply]:
• By telephone: 1–877–###–####
• On the Web: www.---.com
• By mail: Check the box and complete the
form below, and send the form to:
[Company name]
[Company address]
lDo not allow your affiliates to use my
personal information to market to me.
C–2—Model Form for Initial Opt-out Notice
(Joint Notice)—[Your Choice To Limit
Marketing]/[Marketing Opt-out]
• The [ABC group of companies] is
providing this notice.
• [Optional: Federal law gives you the
right to limit some but not all marketing from
the [ABC] companies. Federal law also
requires us to give you this notice to tell you
about your choice to limit marketing from the
[ABC] companies.]
• You may limit the [ABC] companies,
such as the [ABC credit card, insurance, and
securities] affiliates, from marketing their
products or services to you based on your
personal information that they receive from
other [ABC] companies. This information
includes your [income], your [account
history], and your [credit score].
• Your choice to limit marketing offers
from the [ABC] companies will apply [until
you tell us to change your choice]/[for x years
from when you tell us your choice]/[for at
least 5 years from when you tell us your
choice]. [Include if the opt-out period
expires.] Once that period expires, you will
receive a renewal notice that will allow you
to continue to limit marketing offers from the
[ABC] companies for [another x years]/[at
least another 5 years].
• [Include, if applicable, in a subsequent
notice, including an annual notice, for
consumers who may have previously opted
out.] If you have already made a choice to
limit marketing offers from the [ABC]
companies, you do not need to act again until
you receive the renewal notice.
To limit marketing offers, contact us
[include all that apply]:
• By telephone: 1–877–###–####
• On the Web: www.---.com
• By mail: Check the box and complete the
form below, and send the form to:
[Company name]
[Company address]
lDo not allow any company [in the ABC
group of companies] to use my personal
information to market to me.
VerDate Aug<31>2005
16:20 Nov 06, 2007
Jkt 214001
C–3—Model Form for Renewal Notice
(Single-Affiliate Notice)—[Renewing Your
Choice to Limit Marketing]/[Renewing Your
Marketing Opt-out]
• [Name of Affiliate] is providing this
notice.
• [Optional: Federal law gives you the
right to limit some but not all marketing from
our affiliates. Federal law also requires us to
give you this notice to tell you about your
choice to limit marketing from our affiliates.]
• You previously chose to limit our
affiliates in the [ABC] group of companies,
such as our [credit card, insurance, and
securities] affiliates, from marketing their
products or services to you based on your
personal information that we share with
them. This information includes your
[income], your [account history with us], and
your [credit score].
• Your choice has expired or is about to
expire.
To renew your choice to limit marketing
for [x] more years, contact us [include all that
apply]:
• By telephone: 1–877–###–####
• On the Web: www.---.com
• By mail: Check the box and complete the
form below, and send the form to:
[Company name]
[Company address]
lRenew my choice to limit marketing for
[x] more years.
C–4—Model Form for Renewal Notice (Joint
Notice)—[Renewing Your Choice To Limit
Marketing]/[Renewing Your Marketing Optout]
• The [ABC group of companies] is
providing this notice.
• [Optional: Federal law gives you the
right to limit some but not all marketing from
the [ABC] companies. Federal law also
requires us to give you this notice to tell you
about your choice to limit marketing from the
[ABC] companies.]
• You previously chose to limit the [ABC]
companies, such as the [ABC credit card,
insurance, and securities] affiliates, from
marketing their products or services to you
based on your personal information that they
receive from other ABC companies. This
information includes your [income], your
[account history], and your [credit score].
• Your choice has expired or is about to
expire.
To renew your choice to limit marketing
for [x] more years, contact us [include all that
apply]:
• By telephone: 1–877–###–####
• On the Web: www.---.com
• By mail: Check the box and complete the
form below, and send the form to:
[Company name]
[Company address]
lRenew my choice to limit marketing for
[x] more years.
C–5—Model Form for Voluntary ‘‘No
Marketing’’ Notice—Your Choice to Stop
Marketing
• [Name of Affiliate] is providing this
notice.
• You may choose to stop all marketing
from us and our affiliates.
PO 00000
Frm 00046
Fmt 4701
Sfmt 4700
To stop all marketing, contact us [include
all that apply]:
• By telephone: 1–877–###–-####
• On the Web: www.---.com
• By mail: Check the box and complete the
form below, and send the form to:
[Company name]
[Company address]
lDo not market to me.
Board of Governors of the Federal
Reserve System
12 CFR Chapter II.
Authority and Issuance
For the reasons set forth in the joint
preamble, part 222 of title 12, chapter II,
of the Code of Federal Regulations is
amended as follows:
I
PART 222—FAIR CREDIT REPORTING
(REGULATION V)
1. The authority citation for part 222
is revised to read as follows:
I
Authority: 15 U.S.C. 1681a, 1681b, 1681c,
1681m, 1681s, 1681s-2, 1681s-3, 1681t, and
1681w; Secs. 3 and 214, Pub. L. 108–159, 117
Stat. 1952.
Subpart A—General Provisions
2. Section 222.1 is amended by adding
a new paragraph (a) and revising
paragraph (b)(2)(i) to read as follows:
I
§ 222.1
dates.
Purpose, scope, and effective
(a) Purpose. The purpose of this part
is to implement the Fair Credit
Reporting Act. This part generally
applies to persons that obtain and use
information about consumers to
determine the consumer’s eligibility for
products, services, or employment,
share such information among affiliates,
and furnish information to consumer
reporting agencies.
(b) * * *
(2) Institutions covered. (i) Except as
otherwise provided in this part, the
regulations in this part apply to banks
that are members of the Federal Reserve
System (other than national banks) and
their respective operating subsidiaries
that are not functionally regulated
within the meaning of section 5(c)(5) of
the Bank Holding Company Act, as
amended (12 U.S.C. 1844(c)(5)),
branches and Agencies of foreign banks
(other than Federal branches, Federal
Agencies, and insured State branches of
foreign banks), commercial lending
companies owned or controlled by
foreign banks, organizations operating
under section 25 or 25A of the Federal
Reserve Act (12 U.S.C. 601 et seq., and
611 et seq.), and bank holding
companies and affiliates of such holding
companies, but do not apply to affiliates
E:\FR\FM\07NOR2.SGM
07NOR2
Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations
of bank holding companies that are
depository institutions regulated by
another federal banking agency or to
consumer reporting agencies.
*
*
*
*
*
I 3. A new Subpart C is added to part
222 to read as follows:
Subpart C—Affiliate Marketing
Sec.
222.20 Coverage and definitions.
222.21 Affiliate marketing opt-out and
exceptions.
222.22 Scope and duration of opt-out.
222.23 Contents of opt-out notice;
consolidated and equivalent notices.
222.24 Reasonable opportunity to opt out.
222.25 Reasonable and simple methods of
opting out.
222.26 Delivery of opt-out notices.
222.27 Renewal of opt-out.
222.28 Effective date, compliance date, and
prospective application.
Subpart C—Affiliate Marketing
rwilkins on PROD1PC63 with RULES_2
§ 222.20
Coverage and definitions.
(a) Coverage. Subpart C of this part
applies to member banks of the Federal
Reserve System (other than national
banks) and their respective operating
subsidiaries that are not functionally
regulated within the meaning of section
5(c)(5) of the Bank Holding Company
Act, as amended (12 U.S.C. 1844(c)(5)),
branches and Agencies of foreign banks
(other than Federal branches, Federal
Agencies, and insured State branches of
foreign banks), commercial lending
companies owned or controlled by
foreign banks, and organizations
operating under section 25 or 25A of the
Federal Reserve Act (12 U.S.C. 601 et
seq., and 611 et seq.).
(b) Definitions. For purposes of this
subpart:
(1) Clear and conspicuous. The term
‘‘clear and conspicuous’’ means
reasonably understandable and
designed to call attention to the nature
and significance of the information
presented.
(2) Concise. (i) In general. The term
‘‘concise’’ means a reasonably brief
expression or statement.
(ii) Combination with other required
disclosures. A notice required by this
subpart may be concise even if it is
combined with other disclosures
required or authorized by federal or
state law.
(3) Eligibility information. The term
‘‘eligibility information’’ means any
information the communication of
which would be a consumer report if
the exclusions from the definition of
‘‘consumer report’’ in section
603(d)(2)(A) of the Act did not apply.
Eligibility information does not include
aggregate or blind data that does not
VerDate Aug<31>2005
16:20 Nov 06, 2007
Jkt 214001
contain personal identifiers such as
account numbers, names, or addresses.
(4) Pre-existing business relationship.
(i) In general. The term ‘‘pre-existing
business relationship’’ means a
relationship between a person, or a
person’s licensed agent, and a consumer
based on—
(A) A financial contract between the
person and the consumer which is in
force on the date on which the
consumer is sent a solicitation covered
by this subpart;
(B) The purchase, rental, or lease by
the consumer of the person’s goods or
services, or a financial transaction
(including holding an active account or
a policy in force or having another
continuing relationship) between the
consumer and the person, during the 18month period immediately preceding
the date on which the consumer is sent
a solicitation covered by this subpart; or
(C) An inquiry or application by the
consumer regarding a product or service
offered by that person during the threemonth period immediately preceding
the date on which the consumer is sent
a solicitation covered by this subpart.
(ii) Examples of pre-existing business
relationships. (A) If a consumer has a
time deposit account, such as a
certificate of deposit, at a depository
institution that is currently in force, the
depository institution has a pre-existing
business relationship with the consumer
and can use eligibility information it
receives from its affiliates to make
solicitations to the consumer about its
products or services.
(B) If a consumer obtained a
certificate of deposit from a depository
institution, but did not renew the
certificate at maturity, the depository
institution has a pre-existing business
relationship with the consumer and can
use eligibility information it receives
from its affiliates to make solicitations
to the consumer about its products or
services for 18 months after the date of
maturity of the certificate of deposit.
(C) If a consumer obtains a mortgage,
the mortgage lender has a pre-existing
business relationship with the
consumer. If the mortgage lender sells
the consumer’s entire loan to an
investor, the mortgage lender has a preexisting business relationship with the
consumer and can use eligibility
information it receives from its affiliates
to make solicitations to the consumer
about its products or services for 18
months after the date it sells the loan,
and the investor has a pre-existing
business relationship with the consumer
upon purchasing the loan. If, however,
the mortgage lender sells a fractional
interest in the consumer’s loan to an
investor but also retains an ownership
PO 00000
Frm 00047
Fmt 4701
Sfmt 4700
62955
interest in the loan, the mortgage lender
continues to have a pre-existing
business relationship with the
consumer, but the investor does not
have a pre-existing business
relationship with the consumer. If the
mortgage lender retains ownership of
the loan, but sells ownership of the
servicing rights to the consumer’s loan,
the mortgage lender continues to have a
pre-existing business relationship with
the consumer. The purchaser of the
servicing rights also has a pre-existing
business relationship with the consumer
as of the date it purchases ownership of
the servicing rights, but only if it
collects payments from or otherwise
deals directly with the consumer on a
continuing basis.
(D) If a consumer applies to a
depository institution for a product or
service that it offers, but does not obtain
a product or service from or enter into
a financial contract or transaction with
the institution, the depository
institution has a pre-existing business
relationship with the consumer and can
therefore use eligibility information it
receives from an affiliate to make
solicitations to the consumer about its
products or services for three months
after the date of the application.
(E) If a consumer makes a telephone
inquiry to a depository institution about
its products or services and provides
contact information to the institution,
but does not obtain a product or service
from or enter into a financial contract or
transaction with the institution, the
depository institution has a pre-existing
business relationship with the consumer
and can therefore use eligibility
information it receives from an affiliate
to make solicitations to the consumer
about its products or services for three
months after the date of the inquiry.
(F) If a consumer makes an inquiry to
a depository institution by e-mail about
its products or services, but does not
obtain a product or service from or enter
into a financial contract or transaction
with the institution, the depository
institution has a pre-existing business
relationship with the consumer and can
therefore use eligibility information it
receives from an affiliate to make
solicitations to the consumer about its
products or services for three months
after the date of the inquiry.
(G) If a consumer has an existing
relationship with a depository
institution that is part of a group of
affiliated companies, makes a telephone
call to the centralized call center for the
group of affiliated companies to inquire
about products or services offered by the
insurance affiliate, and provides contact
information to the call center, the call
constitutes an inquiry to the insurance
E:\FR\FM\07NOR2.SGM
07NOR2
rwilkins on PROD1PC63 with RULES_2
62956
Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations
affiliate that offers those products or
services. The insurance affiliate has a
pre-existing business relationship with
the consumer and can therefore use
eligibility information it receives from
its affiliated depository institution to
make solicitations to the consumer
about its products or services for three
months after the date of the inquiry.
(iii) Examples where no pre-existing
business relationship is created. (A) If a
consumer makes a telephone call to a
centralized call center for a group of
affiliated companies to inquire about the
consumer’s existing account at a
depository institution, the call does not
constitute an inquiry to any affiliate
other than the depository institution
that holds the consumer’s account and
does not establish a pre-existing
business relationship between the
consumer and any affiliate of the
account-holding depository institution.
(B) If a consumer who has a deposit
account with a depository institution
makes a telephone call to an affiliate of
the institution to ask about the affiliate’s
retail locations and hours, but does not
make an inquiry about the affiliate’s
products or services, the call does not
constitute an inquiry and does not
establish a pre-existing business
relationship between the consumer and
the affiliate. Also, the affiliate’s capture
of the consumer’s telephone number
does not constitute an inquiry and does
not establish a pre-existing business
relationship between the consumer and
the affiliate.
(C) If a consumer makes a telephone
call to a depository institution in
response to an advertisement that offers
a free promotional item to consumers
who call a toll-free number, but the
advertisement does not indicate that the
depository institution’s products or
services will be marketed to consumers
who call in response, the call does not
create a pre-existing business
relationship between the consumer and
the depository institution because the
consumer has not made an inquiry
about a product or service offered by the
institution, but has merely responded to
an offer for a free promotional item.
(5) Solicitation. (i) In general. The
term ‘‘solicitation’’ means the marketing
of a product or service initiated by a
person to a particular consumer that
is—
(A) Based on eligibility information
communicated to that person by its
affiliate as described in this subpart; and
(B) Intended to encourage the
consumer to purchase or obtain such
product or service.
(ii) Exclusion of marketing directed at
the general public. A solicitation does
not include marketing communications
VerDate Aug<31>2005
16:20 Nov 06, 2007
Jkt 214001
that are directed at the general public.
For example, television, general
circulation magazine, and billboard
advertisements do not constitute
solicitations, even if those
communications are intended to
encourage consumers to purchase
products and services from the person
initiating the communications.
(iii) Examples of solicitations. A
solicitation would include, for example,
a telemarketing call, direct mail, e-mail,
or other form of marketing
communication directed to a particular
consumer that is based on eligibility
information received from an affiliate.
(6) You means a person described in
paragraph (a) of this section.
§ 222.21 Affiliate marketing opt-out and
exceptions.
(a) Initial notice and opt-out
requirement. (1) In general. You may not
use eligibility information about a
consumer that you receive from an
affiliate to make a solicitation for
marketing purposes to the consumer,
unless—
(i) It is clearly and conspicuously
disclosed to the consumer in writing or,
if the consumer agrees, electronically, in
a concise notice that you may use
eligibility information about that
consumer received from an affiliate to
make solicitations for marketing
purposes to the consumer;
(ii) The consumer is provided a
reasonable opportunity and a reasonable
and simple method to ‘‘opt out,’’ or
prohibit you from using eligibility
information to make solicitations for
marketing purposes to the consumer;
and
(iii) The consumer has not opted out.
(2) Example. A consumer has a
homeowner’s insurance policy with an
insurance company. The insurance
company furnishes eligibility
information about the consumer to its
affiliated depository institution. Based
on that eligibility information, the
depository institution wants to make a
solicitation to the consumer about its
home equity loan products. The
depository institution does not have a
pre-existing business relationship with
the consumer and none of the other
exceptions apply. The depository
institution is prohibited from using
eligibility information received from its
insurance affiliate to make solicitations
to the consumer about its home equity
loan products unless the consumer is
given a notice and opportunity to opt
out and the consumer does not opt out.
(3) Affiliates who may provide the
notice. The notice required by this
paragraph must be provided:
PO 00000
Frm 00048
Fmt 4701
Sfmt 4700
(i) By an affiliate that has or has
previously had a pre-existing business
relationship with the consumer; or
(ii) As part of a joint notice from two
or more members of an affiliated group
of companies, provided that at least one
of the affiliates on the joint notice has
or has previously had a pre-existing
business relationship with the
consumer.
(b) Making solicitations. (1) In
general. For purposes of this subpart,
you make a solicitation for marketing
purposes if—
(i) You receive eligibility information
from an affiliate;
(ii) You use that eligibility
information to do one or more of the
following:
(A) Identify the consumer or type of
consumer to receive a solicitation;
(B) Establish criteria used to select the
consumer to receive a solicitation; or
(C) Decide which of your products or
services to market to the consumer or
tailor your solicitation to that consumer;
and
(iii) As a result of your use of the
eligibility information, the consumer is
provided a solicitation.
(2) Receiving eligibility information
from an affiliate, including through a
common database. You may receive
eligibility information from an affiliate
in various ways, including when the
affiliate places that information into a
common database that you may access.
(3) Receipt or use of eligibility
information by your service provider.
Except as provided in paragraph (b)(5)
of this section, you receive or use an
affiliate’s eligibility information if a
service provider acting on your behalf
(whether an affiliate or a nonaffiliated
third party) receives or uses that
information in the manner described in
paragraphs (b)(1)(i) or (b)(1)(ii) of this
section. All relevant facts and
circumstances will determine whether a
person is acting as your service provider
when it receives or uses an affiliate’s
eligibility information in connection
with marketing your products and
services.
(4) Use by an affiliate of its own
eligibility information. Unless you have
used eligibility information that you
receive from an affiliate in the manner
described in paragraph (b)(1)(ii) of this
section, you do not make a solicitation
subject to this subpart if your affiliate:
(i) Uses its own eligibility information
that it obtained in connection with a
pre-existing business relationship it has
or had with the consumer to market
your products or services to the
consumer; or
(ii) Directs its service provider to use
the affiliate’s own eligibility information
E:\FR\FM\07NOR2.SGM
07NOR2
rwilkins on PROD1PC63 with RULES_2
Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations
that it obtained in connection with a
pre-existing business relationship it has
or had with the consumer to market
your products or services to the
consumer, and you do not communicate
directly with the service provider
regarding that use.
(5) Use of eligibility information by a
service provider. (i) In general. You do
not make a solicitation subject to
Subpart C of this part if a service
provider (including an affiliated or
third-party service provider that
maintains or accesses a common
database that you may access) receives
eligibility information from your
affiliate that your affiliate obtained in
connection with a pre-existing business
relationship it has or had with the
consumer and uses that eligibility
information to market your products or
services to the consumer, so long as—
(A) Your affiliate controls access to
and use of its eligibility information by
the service provider (including the right
to establish the specific terms and
conditions under which the service
provider may use such information to
market your products or services);
(B) Your affiliate establishes specific
terms and conditions under which the
service provider may access and use the
affiliate’s eligibility information to
market your products and services (or
those of affiliates generally) to the
consumer, such as the identity of the
affiliated companies whose products or
services may be marketed to the
consumer by the service provider, the
types of products or services of affiliated
companies that may be marketed, and
the number of times the consumer may
receive marketing materials, and
periodically evaluates the service
provider’s compliance with those terms
and conditions;
(C) Your affiliate requires the service
provider to implement reasonable
policies and procedures designed to
ensure that the service provider uses the
affiliate’s eligibility information in
accordance with the terms and
conditions established by the affiliate
relating to the marketing of your
products or services;
(D) Your affiliate is identified on or
with the marketing materials provided
to the consumer; and
(E) You do not directly use your
affiliate’s eligibility information in the
manner described in paragraph (b)(1)(ii)
of this section.
(ii) Writing requirements. (A) The
requirements of paragraphs (b)(5)(i)(A)
and (C) of this section must be set forth
in a written agreement between your
affiliate and the service provider; and
(B) The specific terms and conditions
established by your affiliate as provided
VerDate Aug<31>2005
16:20 Nov 06, 2007
Jkt 214001
in paragraph (b)(5)(i)(B) of this section
must be set forth in writing.
(6) Examples of making solicitations.
(i) A consumer has a deposit account
with a depository institution, which is
affiliated with an insurance company.
The insurance company receives
eligibility information about the
consumer from the depository
institution. The insurance company
uses that eligibility information to
identify the consumer to receive a
solicitation about insurance products,
and, as a result, the insurance company
provides a solicitation to the consumer
about its insurance products. Pursuant
to paragraph (b)(1) of this section, the
insurance company has made a
solicitation to the consumer.
(ii) The same facts as in the example
in paragraph (b)(6)(i) of this section,
except that after using the eligibility
information to identify the consumer to
receive a solicitation about insurance
products, the insurance company asks
the depository institution to send the
solicitation to the consumer and the
depository institution does so. Pursuant
to paragraph (b)(1) of this section, the
insurance company has made a
solicitation to the consumer because it
used eligibility information about the
consumer that it received from an
affiliate to identify the consumer to
receive a solicitation about its products
or services, and, as a result, a
solicitation was provided to the
consumer about the insurance
company’s products.
(iii) The same facts as in the example
in paragraph (b)(6)(i) of this section,
except that eligibility information about
consumers that have deposit accounts
with the depository institution is placed
into a common database that all
members of the affiliated group of
companies may independently access
and use. Without using the depository
institution’s eligibility information, the
insurance company develops selection
criteria and provides those criteria,
marketing materials, and related
instructions to the depository
institution. The depository institution
reviews eligibility information about its
own consumers using the selection
criteria provided by the insurance
company to determine which
consumers should receive the insurance
company’s marketing materials and
sends marketing materials about the
insurance company’s products to those
consumers. Even though the insurance
company has received eligibility
information through the common
database as provided in paragraph (b)(2)
of this section, it did not use that
information to identify consumers or
establish selection criteria; instead, the
PO 00000
Frm 00049
Fmt 4701
Sfmt 4700
62957
depository institution used its own
eligibility information. Therefore,
pursuant to paragraph (b)(4)(i) of this
section, the insurance company has not
made a solicitation to the consumer.
(iv) The same facts as in the example
in paragraph (b)(6)(iii) of this section,
except that the depository institution
provides the insurance company’s
criteria to the depository institution’s
service provider and directs the service
provider to use the depository
institution’s eligibility information to
identify depository institution
consumers who meet the criteria and to
send the insurance company’s
marketing materials to those consumers.
The insurance company does not
communicate directly with the service
provider regarding the use of the
depository institution’s information to
market its products to the depository
institution’s consumers. Pursuant to
paragraph (b)(4)(ii) of this section, the
insurance company has not made a
solicitation to the consumer.
(v) An affiliated group of companies
includes a depository institution, an
insurance company, and a service
provider. Each affiliate in the group
places information about its consumers
into a common database. The service
provider has access to all information in
the common database. The depository
institution controls access to and use of
its eligibility information by the service
provider. This control is set forth in a
written agreement between the
depository institution and the service
provider. The written agreement also
requires the service provider to establish
reasonable policies and procedures
designed to ensure that the service
provider uses the depository
institution’s eligibility information in
accordance with specific terms and
conditions established by the depository
institution relating to the marketing of
the products and services of all
affiliates, including the insurance
company. In a separate written
communication, the depository
institution specifies the terms and
conditions under which the service
provider may use the depository
institution’s eligibility information to
market the insurance company’s
products and services to the depository
institution’s consumers. The specific
terms and conditions are: A list of
affiliated companies (including the
insurance company) whose products or
services may be marketed to the
depository institution’s consumers by
the service provider; the specific
products or types of products that may
be marketed to the depository
institution’s consumers by the service
provider; the categories of eligibility
E:\FR\FM\07NOR2.SGM
07NOR2
rwilkins on PROD1PC63 with RULES_2
62958
Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations
information that may be used by the
service provider in marketing products
or services to the depository
institution’s consumers; the types or
categories of the depository institution’s
consumers to whom the service
provider may market products or
services of depository institution
affiliates; the number and/or types of
marketing communications that the
service provider may send to the
depository institution’s consumers; and
the length of time during which the
service provider may market the
products or services of the depository
institution’s affiliates to its consumers.
The depository institution periodically
evaluates the service provider’s
compliance with these terms and
conditions. The insurance company
asks the service provider to market
insurance products to certain consumers
who have deposit accounts with the
depository institution. Without using
the depository institution’s eligibility
information, the insurance company
develops selection criteria and provides
those criteria, marketing materials, and
related instructions to the service
provider. The service provider uses the
depository institution’s eligibility
information from the common database
to identify the depository institution’s
consumers to whom insurance products
will be marketed. When the insurance
company’s marketing materials are
provided to the identified consumers,
the name of the depository institution is
displayed on the insurance marketing
materials, an introductory letter that
accompanies the marketing materials,
an account statement that accompanies
the marketing materials, or the envelope
containing the marketing materials. The
requirements of paragraph (b)(5) of this
section have been satisfied, and the
insurance company has not made a
solicitation to the consumer.
(vi) The same facts as in the example
in paragraph (b)(6)(v) of this section,
except that the terms and conditions
permit the service provider to use the
depository institution’s eligibility
information to market the products and
services of other affiliates to the
depository institution’s consumers
whenever the service provider deems it
appropriate to do so. The service
provider uses the depository
institution’s eligibility information in
accordance with the discretion afforded
to it by the terms and conditions.
Because the terms and conditions are
not specific, the requirements of
paragraph (b)(5) of this section have not
been satisfied.
(c) Exceptions. The provisions of this
subpart do not apply to you if you use
VerDate Aug<31>2005
16:20 Nov 06, 2007
Jkt 214001
eligibility information that you receive
from an affiliate:
(1) To make a solicitation for
marketing purposes to a consumer with
whom you have a pre-existing business
relationship;
(2) To facilitate communications to an
individual for whose benefit you
provide employee benefit or other
services pursuant to a contract with an
employer related to and arising out of
the current employment relationship or
status of the individual as a participant
or beneficiary of an employee benefit
plan;
(3) To perform services on behalf of
an affiliate, except that this
subparagraph shall not be construed as
permitting you to send solicitations on
behalf of an affiliate if the affiliate
would not be permitted to send the
solicitation as a result of the election of
the consumer to opt out under this
subpart;
(4) In response to a communication
about your products or services initiated
by the consumer;
(5) In response to an authorization or
request by the consumer to receive
solicitations; or
(6) If your compliance with this
subpart would prevent you from
complying with any provision of State
insurance laws pertaining to unfair
discrimination in any State in which
you are lawfully doing business.
(d) Examples of exceptions. (1)
Example of the pre-existing business
relationship exception. A consumer has
a deposit account with a depository
institution. The consumer also has a
relationship with the depository
institution’s securities affiliate for
management of the consumer’s
securities portfolio. The depository
institution receives eligibility
information about the consumer from its
securities affiliate and uses that
information to make a solicitation to the
consumer about the depository
institution’s wealth management
services. The depository institution may
make this solicitation even if the
consumer has not been given a notice
and opportunity to opt out because the
depository institution has a pre-existing
business relationship with the
consumer.
(2) Examples of service provider
exception. (i) A consumer has an
insurance policy issued by an insurance
company. The insurance company
furnishes eligibility information about
the consumer to its affiliated depository
institution. Based on that eligibility
information, the depository institution
wants to make a solicitation to the
consumer about its deposit products.
The depository institution does not have
PO 00000
Frm 00050
Fmt 4701
Sfmt 4700
a pre-existing business relationship with
the consumer and none of the other
exceptions in paragraph (c) of this
section apply. The consumer has been
given an opt-out notice and has elected
to opt out of receiving such
solicitations. The depository institution
asks a service provider to send the
solicitation to the consumer on its
behalf. The service provider may not
send the solicitation on behalf of the
depository institution because, as a
result of the consumer’s opt-out
election, the depository institution is
not permitted to make the solicitation.
(ii) The same facts as in paragraph
(d)(2)(i) of this section, except the
consumer has been given an opt-out
notice, but has not elected to opt out.
The depository institution asks a service
provider to send the solicitation to the
consumer on its behalf. The service
provider may send the solicitation on
behalf of the depository institution
because, as a result of the consumer’s
not opting out, the depository
institution is permitted to make the
solicitation.
(3) Examples of consumer-initiated
communications. (i) A consumer who
has a deposit account with a depository
institution initiates a communication
with the depository institution’s credit
card affiliate to request information
about a credit card. The credit card
affiliate may use eligibility information
about the consumer it obtains from the
depository institution or any other
affiliate to make solicitations regarding
credit card products in response to the
consumer-initiated communication.
(ii) A consumer who has a deposit
account with a depository institution
contacts the institution to request
information about how to save and
invest for a child’s college education
without specifying the type of product
in which the consumer may be
interested. Information about a range of
different products or services offered by
the depository institution and one or
more affiliates of the institution may be
responsive to that communication. Such
products or services may include the
following: Mutual funds offered by the
institution’s mutual fund affiliate;
section 529 plans offered by the
institution, its mutual fund affiliate, or
another securities affiliate; or trust
services offered by a different financial
institution in the affiliated group. Any
affiliate offering investment products or
services that would be responsive to the
consumer’s request for information
about saving and investing for a child’s
college education may use eligibility
information to make solicitations to the
consumer in response to this
communication.
E:\FR\FM\07NOR2.SGM
07NOR2
rwilkins on PROD1PC63 with RULES_2
Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations
(iii) A credit card issuer makes a
marketing call to the consumer without
using eligibility information received
from an affiliate. The issuer leaves a
voice-mail message that invites the
consumer to call a toll-free number to
apply for the issuer’s credit card. If the
consumer calls the toll-free number to
inquire about the credit card, the call is
a consumer-initiated communication
about a product or service and the credit
card issuer may now use eligibility
information it receives from its affiliates
to make solicitations to the consumer.
(iv) A consumer calls a depository
institution to ask about retail locations
and hours, but does not request
information about products or services.
The institution may not use eligibility
information it receives from an affiliate
to make solicitations to the consumer
about its products or services because
the consumer-initiated communication
does not relate to the depository
institution’s products or services. Thus,
the use of eligibility information
received from an affiliate would not be
responsive to the communication and
the exception does not apply.
(v) A consumer calls a depository
institution to ask about retail locations
and hours. The customer service
representative asks the consumer if
there is a particular product or service
about which the consumer is seeking
information. The consumer responds
that the consumer wants to stop in and
find out about certificates of deposit.
The customer service representative
offers to provide that information by
telephone and mail additional
information and application materials to
the consumer. The consumer agrees and
provides or confirms contact
information for receipt of the materials
to be mailed. The depository institution
may use eligibility information it
receives from an affiliate to make
solicitations to the consumer about
certificates of deposit because such
solicitations would respond to the
consumer-initiated communication
about products or services.
(4) Examples of consumer
authorization or request for
solicitations. (i) A consumer who
obtains a mortgage from a mortgage
lender authorizes or requests
information about homeowner’s
insurance offered by the mortgage
lender’s insurance affiliate. Such
authorization or request, whether given
to the mortgage lender or to the
insurance affiliate, would permit the
insurance affiliate to use eligibility
information about the consumer it
obtains from the mortgage lender or any
other affiliate to make solicitations to
VerDate Aug<31>2005
16:20 Nov 06, 2007
Jkt 214001
the consumer about homeowner’s
insurance.
(ii) A consumer completes an online
application to apply for a credit card
from a credit card issuer. The issuer’s
online application contains a blank
check box that the consumer may check
to authorize or request information from
the credit card issuer’s affiliates. The
consumer checks the box. The consumer
has authorized or requested solicitations
from the card issuer’s affiliates.
(iii) A consumer completes an online
application to apply for a credit card
from a credit card issuer. The issuer’s
online application contains a preselected check box indicating that the
consumer authorizes or requests
information from the issuer’s affiliates.
The consumer does not deselect the
check box. The consumer has not
authorized or requested solicitations
from the card issuer’s affiliates.
(iv) The terms and conditions of a
credit card account agreement contain
preprinted boilerplate language stating
that by applying to open an account the
consumer authorizes or requests to
receive solicitations from the credit card
issuer’s affiliates. The consumer has not
authorized or requested solicitations
from the card issuer’s affiliates.
(e) Relation to affiliate-sharing notice
and opt-out. Nothing in this subpart
limits the responsibility of a person to
comply with the notice and opt-out
provisions of section 603(d)(2)(A)(iii) of
the Act where applicable.
§ 222.22
Scope and duration of opt-out.
(a) Scope of opt-out. (1) In general.
Except as otherwise provided in this
section, the consumer’s election to opt
out prohibits any affiliate covered by the
opt-out notice from using eligibility
information received from another
affiliate as described in the notice to
make solicitations to the consumer.
(2) Continuing relationship. (i) In
general. If the consumer establishes a
continuing relationship with you or
your affiliate, an opt-out notice may
apply to eligibility information obtained
in connection with—
(A) A single continuing relationship
or multiple continuing relationships
that the consumer establishes with you
or your affiliates, including continuing
relationships established subsequent to
delivery of the opt-out notice, so long as
the notice adequately describes the
continuing relationships covered by the
opt-out; or
(B) Any other transaction between the
consumer and you or your affiliates as
described in the notice.
(ii) Examples of continuing
relationships. A consumer has a
PO 00000
Frm 00051
Fmt 4701
Sfmt 4700
62959
continuing relationship with you or
your affiliate if the consumer—
(A) Opens a deposit or investment
account with you or your affiliate;
(B) Obtains a loan for which you or
your affiliate owns the servicing rights;
(C) Purchases an insurance product
from you or your affiliate;
(D) Holds an investment product
through you or your affiliate, such as
when you act or your affiliate acts as a
custodian for securities or for assets in
an individual retirement arrangement;
(E) Enters into an agreement or
understanding with you or your affiliate
whereby you or your affiliate undertakes
to arrange or broker a home mortgage
loan for the consumer;
(F) Enters into a lease of personal
property with you or your affiliate; or
(G) Obtains financial, investment, or
economic advisory services from you or
your affiliate for a fee.
(3) No continuing relationship. (i) In
general. If there is no continuing
relationship between a consumer and
you or your affiliate, and you or your
affiliate obtain eligibility information
about a consumer in connection with a
transaction with the consumer, such as
an isolated transaction or a credit
application that is denied, an opt-out
notice provided to the consumer only
applies to eligibility information
obtained in connection with that
transaction.
(ii) Examples of isolated transactions.
An isolated transaction occurs if–
(A) The consumer uses your or your
affiliate’s ATM to withdraw cash from
an account at another financial
institution; or
(B) You or your affiliate sells the
consumer a cashier’s check or money
order, airline tickets, travel insurance,
or traveler’s checks in isolated
transactions.
(4) Menu of alternatives. A consumer
may be given the opportunity to choose
from a menu of alternatives when
electing to prohibit solicitations, such as
by electing to prohibit solicitations from
certain types of affiliates covered by the
opt-out notice but not other types of
affiliates covered by the notice, electing
to prohibit solicitations based on certain
types of eligibility information but not
other types of eligibility information, or
electing to prohibit solicitations by
certain methods of delivery but not
other methods of delivery. However,
one of the alternatives must allow the
consumer to prohibit all solicitations
from all of the affiliates that are covered
by the notice.
(5) Special rule for a notice following
termination of all continuing
relationships. (i) In general. A consumer
must be given a new opt-out notice if,
E:\FR\FM\07NOR2.SGM
07NOR2
62960
Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations
after all continuing relationships with
you or your affiliate(s) are terminated,
the consumer subsequently establishes
another continuing relationship with
you or your affiliate(s) and the
consumer’s eligibility information is to
be used to make a solicitation. The new
opt-out notice must apply, at a
minimum, to eligibility information
obtained in connection with the new
continuing relationship. Consistent with
paragraph (b) of this section, the
consumer’s decision not to opt out after
receiving the new opt-out notice would
not override a prior opt-out election by
the consumer that applies to eligibility
information obtained in connection
with a terminated relationship,
regardless of whether the new opt-out
notice applies to eligibility information
obtained in connection with the
terminated relationship.
(ii) Example. A consumer has a
checking account with a depository
institution that is part of an affiliated
group. The consumer closes the
checking account. One year after closing
the checking account, the consumer
opens a savings account with the same
depository institution. The consumer
must be given a new notice and
opportunity to opt out before the
depository institution’s affiliates may
make solicitations to the consumer
using eligibility information obtained by
the depository institution in connection
with the new savings account
relationship, regardless of whether the
consumer opted out in connection with
the checking account.
(b) Duration of opt-out. The election
of a consumer to opt out must be
effective for a period of at least five
years (the ‘‘opt-out period’’) beginning
when the consumer’s opt-out election is
received and implemented, unless the
consumer subsequently revokes the optout in writing or, if the consumer agrees,
electronically. An opt-out period of
more than five years may be established,
including an opt-out period that does
not expire unless revoked by the
consumer.
(c) Time of opt-out. A consumer may
opt out at any time.
rwilkins on PROD1PC63 with RULES_2
§ 222.23 Contents of opt-out notice;
consolidated and equivalent notices.
(a) Contents of opt-out notice. (1) In
general. A notice must be clear,
conspicuous, and concise, and must
accurately disclose:
(i) The name of the affiliate(s)
providing the notice. If the notice is
provided jointly by multiple affiliates
and each affiliate shares a common
name, such as ‘‘ABC,’’ then the notice
may indicate that it is being provided by
multiple companies with the ABC name
VerDate Aug<31>2005
16:20 Nov 06, 2007
Jkt 214001
or multiple companies in the ABC group
or family of companies, for example, by
stating that the notice is provided by
‘‘all of the ABC companies,’’ ‘‘the ABC
banking, credit card, insurance, and
securities companies,’’ or by listing the
name of each affiliate providing the
notice. But if the affiliates providing the
joint notice do not all share a common
name, then the notice must either
separately identify each affiliate by
name or identify each of the common
names used by those affiliates, for
example, by stating that the notice is
provided by ‘‘all of the ABC and XYZ
companies’’ or by ‘‘the ABC banking
and credit card companies and the XYZ
insurance companies’’;
(ii) A list of the affiliates or types of
affiliates whose use of eligibility
information is covered by the notice,
which may include companies that
become affiliates after the notice is
provided to the consumer. If each
affiliate covered by the notice shares a
common name, such as ‘‘ABC,’’ then the
notice may indicate that it applies to
multiple companies with the ABC name
or multiple companies in the ABC group
or family of companies, for example, by
stating that the notice is provided by
‘‘all of the ABC companies,’’ ‘‘the ABC
banking, credit card, insurance, and
securities companies,’’ or by listing the
name of each affiliate providing the
notice. But if the affiliates covered by
the notice do not all share a common
name, then the notice must either
separately identify each covered affiliate
by name or identify each of the common
names used by those affiliates, for
example, by stating that the notice
applies to ‘‘all of the ABC and XYZ
companies’’ or to ‘‘the ABC banking and
credit card companies and the XYZ
insurance companies’’;
(iii) A general description of the types
of eligibility information that may be
used to make solicitations to the
consumer;
(iv) That the consumer may elect to
limit the use of eligibility information to
make solicitations to the consumer;
(v) That the consumer’s election will
apply for the specified period of time
stated in the notice and, if applicable,
that the consumer will be allowed to
renew the election once that period
expires;
(vi) If the notice is provided to
consumers who may have previously
opted out, such as if a notice is provided
to consumers annually, that the
consumer who has chosen to limit
solicitations does not need to act again
until the consumer receives a renewal
notice; and
(vii) A reasonable and simple method
for the consumer to opt out.
PO 00000
Frm 00052
Fmt 4701
Sfmt 4700
(2) Joint relationships. (i) If two or
more consumers jointly obtain a product
or service, a single opt-out notice may
be provided to the joint consumers. Any
of the joint consumers may exercise the
right to opt out.
(ii) The opt-out notice must explain
how an opt-out direction by a joint
consumer will be treated. An opt-out
direction by a joint consumer may be
treated as applying to all of the
associated joint consumers, or each joint
consumer may be permitted to opt out
separately. If each joint consumer is
permitted to opt out separately, one of
the joint consumers must be permitted
to opt out on behalf of all of the joint
consumers and the joint consumers
must be permitted to exercise their
separate rights to opt out in a single
response.
(iii) It is impermissible to require all
joint consumers to opt out before
implementing any opt-out direction.
(3) Alternative contents. If the
consumer is afforded a broader right to
opt out of receiving marketing than is
required by this subpart, the
requirements of this section may be
satisfied by providing the consumer
with a clear, conspicuous, and concise
notice that accurately discloses the
consumer’s opt-out rights.
(4) Model notices. Model notices are
provided in Appendix C of this part.
(b) Coordinated and consolidated
notices. A notice required by this
subpart may be coordinated and
consolidated with any other notice or
disclosure required to be issued under
any other provision of law by the entity
providing the notice, including but not
limited to the notice described in
section 603(d)(2)(A)(iii) of the Act and
the Gramm-Leach-Bliley Act privacy
notice.
(c) Equivalent notices. A notice or
other disclosure that is equivalent to the
notice required by this subpart, and that
is provided to a consumer together with
disclosures required by any other
provision of law, satisfies the
requirements of this section.
§ 222.24
out.
Reasonable opportunity to opt
(a) In general. You must not use
eligibility information about a consumer
that you receive from an affiliate to
make a solicitation to the consumer
about your products or services, unless
the consumer is provided a reasonable
opportunity to opt out, as required by
§ 222.21(a)(1)(ii) of this part.
(b) Examples of a reasonable
opportunity to opt out. The consumer is
given a reasonable opportunity to opt
out if:
E:\FR\FM\07NOR2.SGM
07NOR2
rwilkins on PROD1PC63 with RULES_2
Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations
(1) By mail. The opt-out notice is
mailed to the consumer. The consumer
is given 30 days from the date the notice
is mailed to elect to opt out by any
reasonable means.
(2) By electronic means. (i) The optout notice is provided electronically to
the consumer, such as by posting the
notice at an Internet Web site at which
the consumer has obtained a product or
service. The consumer acknowledges
receipt of the electronic notice. The
consumer is given 30 days after the date
the consumer acknowledges receipt to
elect to opt out by any reasonable
means.
(ii) The opt-out notice is provided to
the consumer by e-mail where the
consumer has agreed to receive
disclosures by e-mail from the person
sending the notice. The consumer is
given 30 days after the e-mail is sent to
elect to opt out by any reasonable
means.
(3) At the time of an electronic
transaction. The opt-out notice is
provided to the consumer at the time of
an electronic transaction, such as a
transaction conducted on an Internet
Web site. The consumer is required to
decide, as a necessary part of
proceeding with the transaction,
whether to opt out before completing
the transaction. There is a simple
process that the consumer may use to
opt out at that time using the same
mechanism through which the
transaction is conducted.
(4) At the time of an in-person
transaction. The opt-out notice is
provided to the consumer in writing at
the time of an in-person transaction.
The consumer is required to decide, as
a necessary part of proceeding with the
transaction, whether to opt out before
completing the transaction, and is not
permitted to complete the transaction
without making a choice. There is a
simple process that the consumer may
use during the course of the in-person
transaction to opt out, such as
completing a form that requires
consumers to write a ‘‘yes’’ or ‘‘no’’ to
indicate their opt-out preference or that
requires the consumer to check one of
two blank check boxes—one that allows
consumers to indicate that they want to
opt out and one that allows consumers
to indicate that they do not want to opt
out.
(5) By including in a privacy notice.
The opt-out notice is included in a
Gramm-Leach-Bliley Act privacy notice.
The consumer is allowed to exercise the
opt-out within a reasonable period of
time and in the same manner as the optout under that privacy notice.
VerDate Aug<31>2005
16:20 Nov 06, 2007
Jkt 214001
§ 222.25 Reasonable and simple methods
of opting out.
(a) In general. You must not use
eligibility information about a consumer
that you receive from an affiliate to
make a solicitation to the consumer
about your products or services, unless
the consumer is provided a reasonable
and simple method to opt out, as
required by § 222.21(a)(1)(ii) of this part.
(b) Examples. (1) Reasonable and
simple opt-out methods. Reasonable and
simple methods for exercising the optout right include—
(i) Designating a check-off box in a
prominent position on the opt-out form;
(ii) Including a reply form and a selfaddressed envelope together with the
opt-out notice;
(iii) Providing an electronic means to
opt out, such as a form that can be
electronically mailed or processed at an
Internet Web site, if the consumer agrees
to the electronic delivery of information;
(iv) Providing a toll-free telephone
number that consumers may call to opt
out; or
(v) Allowing consumers to exercise all
of their opt-out rights described in a
consolidated opt-out notice that
includes the privacy opt-out under the
Gramm-Leach-Bliley Act, 15 U.S.C.
6801 et seq., the affiliate sharing opt-out
under the Act, and the affiliate
marketing opt-out under the Act, by a
single method, such as by calling a
single toll-free telephone number.
(2) Opt-out methods that are not
reasonable and simple. Reasonable and
simple methods for exercising an optout right do not include—
(i) Requiring the consumer to write
his or her own letter;
(ii) Requiring the consumer to call or
write to obtain a form for opting out,
rather than including the form with the
opt-out notice;
(iii) Requiring the consumer who
receives the opt-out notice in electronic
form only, such as through posting at an
Internet Web site, to opt out solely by
paper mail or by visiting a different Web
site without providing a link to that site.
(c) Specific opt-out means. Each
consumer may be required to opt out
through a specific means, as long as that
means is reasonable and simple for that
consumer.
§ 222.26
Delivery of opt-out notices.
(a) In general. The opt-out notice must
be provided so that each consumer can
reasonably be expected to receive actual
notice. For opt-out notices provided
electronically, the notice may be
provided in compliance with either the
electronic disclosure provisions in this
subpart or the provisions in section 101
of the Electronic Signatures in Global
PO 00000
Frm 00053
Fmt 4701
Sfmt 4700
62961
and National Commerce Act, 15 U.S.C.
7001 et seq.
(b) Examples of reasonable
expectation of actual notice. A
consumer may reasonably be expected
to receive actual notice if the affiliate
providing the notice:
(1) Hand-delivers a printed copy of
the notice to the consumer;
(2) Mails a printed copy of the notice
to the last known mailing address of the
consumer;
(3) Provides a notice by e-mail to a
consumer who has agreed to receive
electronic disclosures by e-mail from
the affiliate providing the notice; or
(4) Posts the notice on the Internet
Web site at which the consumer
obtained a product or service
electronically and requires the
consumer to acknowledge receipt of the
notice.
(c) Examples of no reasonable
expectation of actual notice. A
consumer may not reasonably be
expected to receive actual notice if the
affiliate providing the notice:
(1) Only posts the notice on a sign in
a branch or office or generally publishes
the notice in a newspaper;
(2) Sends the notice via e-mail to a
consumer who has not agreed to receive
electronic disclosures by e-mail from
the affiliate providing the notice; or
(3) Posts the notice on an Internet
Web site without requiring the
consumer to acknowledge receipt of the
notice.
§ 222.27
Renewal of opt-out.
(a) Renewal notice and opt-out
requirement. (1) In general. After the
opt-out period expires, you may not
make solicitations based on eligibility
information you receive from an affiliate
to a consumer who previously opted
out, unless:
(i) The consumer has been given a
renewal notice that complies with the
requirements of this section and
§§ 222.24 through 222.26 of this part,
and a reasonable opportunity and a
reasonable and simple method to renew
the opt-out, and the consumer does not
renew the opt-out; or
(ii) An exception in § 222.21(c) of this
part applies.
(2) Renewal period. Each opt-out
renewal must be effective for a period of
at least five years as provided in
§ 222.22(b) of this part.
(3) Affiliates who may provide the
notice. The notice required by this
paragraph must be provided:
(i) By the affiliate that provided the
previous opt-out notice, or its successor;
or
(ii) As part of a joint renewal notice
from two or more members of an
E:\FR\FM\07NOR2.SGM
07NOR2
rwilkins on PROD1PC63 with RULES_2
62962
Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations
affiliated group of companies, or their
successors, that jointly provided the
previous opt-out notice.
(b) Contents of renewal notice. The
renewal notice must be clear,
conspicuous, and concise, and must
accurately disclose:
(1) The name of the affiliate(s)
providing the notice. If the notice is
provided jointly by multiple affiliates
and each affiliate shares a common
name, such as ‘‘ABC,’’ then the notice
may indicate that it is being provided by
multiple companies with the ABC name
or multiple companies in the ABC group
or family of companies, for example, by
stating that the notice is provided by
‘‘all of the ABC companies,’’ ‘‘the ABC
banking, credit card, insurance, and
securities companies,’’ or by listing the
name of each affiliate providing the
notice. But if the affiliates providing the
joint notice do not all share a common
name, then the notice must either
separately identify each affiliate by
name or identify each of the common
names used by those affiliates, for
example, by stating that the notice is
provided by ‘‘all of the ABC and XYZ
companies’’ or by ‘‘the ABC banking
and credit card companies and the XYZ
insurance companies’’;
(2) A list of the affiliates or types of
affiliates whose use of eligibility
information is covered by the notice,
which may include companies that
become affiliates after the notice is
provided to the consumer. If each
affiliate covered by the notice shares a
common name, such as ‘‘ABC,’’ then the
notice may indicate that it applies to
multiple companies with the ABC name
or multiple companies in the ABC group
or family of companies, for example, by
stating that the notice is provided by
‘‘all of the ABC companies,’’ ‘‘the ABC
banking, credit card, insurance, and
securities companies,’’ or by listing the
name of each affiliate providing the
notice. But if the affiliates covered by
the notice do not all share a common
name, then the notice must either
separately identify each covered affiliate
by name or identify each of the common
names used by those affiliates, for
example, by stating that the notice
applies to ‘‘all of the ABC and XYZ
companies’’ or to ‘‘the ABC banking and
credit card companies and the XYZ
insurance companies’’;
(3) A general description of the types
of eligibility information that may be
used to make solicitations to the
consumer;
(4) That the consumer previously
elected to limit the use of certain
information to make solicitations to the
consumer;
VerDate Aug<31>2005
16:20 Nov 06, 2007
Jkt 214001
(5) That the consumer’s election has
expired or is about to expire;
(6) That the consumer may elect to
renew the consumer’s previous election;
(7) If applicable, that the consumer’s
election to renew will apply for the
specified period of time stated in the
notice and that the consumer will be
allowed to renew the election once that
period expires; and
(8) A reasonable and simple method
for the consumer to opt out.
(c) Timing of the renewal notice. (1)
In general. A renewal notice may be
provided to the consumer either—
(i) A reasonable period of time before
the expiration of the opt-out period; or
(ii) Any time after the expiration of
the opt-out period but before
solicitations that would have been
prohibited by the expired opt-out are
made to the consumer.
(2) Combination with annual privacy
notice. If you provide an annual privacy
notice under the Gramm-Leach-Bliley
Act, 15 U.S.C. 6801 et seq., providing a
renewal notice with the last annual
privacy notice provided to the consumer
before expiration of the opt-out period
is a reasonable period of time before
expiration of the opt-out in all cases.
(d) No effect on opt-out period. An
opt-out period may not be shortened by
sending a renewal notice to the
consumer before expiration of the optout period, even if the consumer does
not renew the opt out.
§ 222.28 Effective date, compliance date,
and prospective application.
(a) Effective date. This subpart is
effective January 1, 2008.
(b) Mandatory compliance date.
Compliance with this subpart is
required not later than October 1, 2008.
(c) Prospective application. The
provisions of this subpart shall not
prohibit you from using eligibility
information that you receive from an
affiliate to make solicitations to a
consumer if you receive such
information prior to October 1, 2008.
For purposes of this section, you are
deemed to receive eligibility
information when such information is
placed into a common database and is
accessible by you.
I 4. A new Appendix C to part 222 is
added to read as follows:
Appendix C to Part 222—Model Forms
for Opt-Out Notices
a. Although use of the model forms is not
required, use of the model forms in this
Appendix (as applicable) complies with the
requirement in section 624 of the Act for
clear, conspicuous, and concise notices.
b. Certain changes may be made to the
language or format of the model forms
PO 00000
Frm 00054
Fmt 4701
Sfmt 4700
without losing the protection from liability
afforded by use of the model forms. These
changes may not be so extensive as to affect
the substance, clarity, or meaningful
sequence of the language in the model forms.
Persons making such extensive revisions will
lose the safe harbor that this Appendix
provides. Acceptable changes include, for
example:
1. Rearranging the order of the references
to ‘‘your income,’’ ‘‘your account history,’’
and ‘‘your credit score.’’
2. Substituting other types of information
for ‘‘income,’’ ‘‘account history,’’ or ‘‘credit
score’’ for accuracy, such as ‘‘payment
history,’’ ‘‘credit history,’’ ‘‘payoff status,’’ or
‘‘claims history.’’
3. Substituting a clearer and more accurate
description of the affiliates providing or
covered by the notice for phrases such as
‘‘the [ABC] group of companies,’’ including
without limitation a statement that the entity
providing the notice recently purchased the
consumer’s account.
4. Substituting other types of affiliates
covered by the notice for ‘‘credit card,’’
‘‘insurance,’’ or ‘‘securities’’ affiliates.
5. Omitting items that are not accurate or
applicable. For example, if a person does not
limit the duration of the opt-out period, the
notice may omit information about the
renewal notice.
6. Adding a statement informing
consumers how much time they have to opt
out before shared eligibility information may
be used to make solicitations to them.
7. Adding a statement that the consumer
may exercise the right to opt out at any time.
8. Adding the following statement, if
accurate: ‘‘If you previously opted out, you
do not need to do so again.’’
9. Providing a place on the form for the
consumer to fill in identifying information,
such as his or her name and address
C–1 Model Form for Initial Opt-out Notice
(Single-Affiliate Notice)
C–2 Model Form for Initial Opt-out Notice
(Joint Notice)
C–3 Model Form for Renewal Notice
(Single-Affiliate Notice)
C–4 Model Form for Renewal Notice (Joint
Notice)
C–5 Model Form for Voluntary ‘‘No
Marketing’’ Notice
C–1—Model Form for Initial Opt-out Notice
(Single-Affiliate Notice)—[Your Choice To
Limit Marketing]/[Marketing Opt-out]
• [Name of Affiliate] is providing this
notice.
• [Optional: Federal law gives you the
right to limit some but not all marketing from
our affiliates. Federal law also requires us to
give you this notice to tell you about your
choice to limit marketing from our affiliates.]
• You may limit our affiliates in the [ABC]
group of companies, such as our [credit card,
insurance, and securities] affiliates, from
marketing their products or services to you
based on your personal information that we
collect and share with them. This
information includes your [income], your
[account history with us], and your [credit
score].
• Your choice to limit marketing offers
from our affiliates will apply [until you tell
E:\FR\FM\07NOR2.SGM
07NOR2
Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations
rwilkins on PROD1PC63 with RULES_2
us to change your choice]/[for x years from
when you tell us your choice]/[for at least 5
years from when you tell us your choice].
[Include if the opt-out period expires.] Once
that period expires, you will receive a
renewal notice that will allow you to
continue to limit marketing offers from our
affiliates for [another x years]/[at least
another 5 years].
• [Include, if applicable, in a subsequent
notice, including an annual notice, for
consumers who may have previously opted
out.] If you have already made a choice to
limit marketing offers from our affiliates, you
do not need to act again until you receive the
renewal notice.
To limit marketing offers, contact us
[include all that apply]:
• By telephone: 1–877–###–####
• On the Web: www.---.com
• By mail: Check the box and complete the
form below, and send the form to:
[Company name]
[Company address]
lDo not allow your affiliates to use my
personal information to market to me.
C–2—Model Form for Initial Opt-out Notice
(Joint Notice)—[Your Choice To Limit
Marketing]/[Marketing Opt-out]
• The [ABC group of companies] is
providing this notice.
• [Optional: Federal law gives you the
right to limit some but not all marketing from
the [ABC] companies. Federal law also
requires us to give you this notice to tell you
about your choice to limit marketing from the
[ABC] companies.]
• You may limit the [ABC] companies,
such as the [ABC credit card, insurance, and
securities] affiliates, from marketing their
products or services to you based on your
personal information that they receive from
other [ABC] companies. This information
includes your [income], your [account
history], and your [credit score].
• Your choice to limit marketing offers
from the [ABC] companies will apply [until
you tell us to change your choice]/[for x years
from when you tell us your choice]/[for at
least 5 years from when you tell us your
choice]. [Include if the opt-out period
expires.] Once that period expires, you will
receive a renewal notice that will allow you
to continue to limit marketing offers from the
[ABC] companies for [another x years]/[at
least another 5 years].
• [Include, if applicable, in a subsequent
notice, including an annual notice, for
consumers who may have previously opted
out.] If you have already made a choice to
limit marketing offers from the [ABC]
companies, you do not need to act again until
you receive the renewal notice.
To limit marketing offers, contact us
[include all that apply]:
• By telephone: 1–877–###–####
• On the Web: www.---.com
• By mail: Check the box and complete the
form below, and send the form to:
[Company name]
[Company address]
lDo not allow any company [in the ABC
group of companies] to use my personal
information to market to me.
VerDate Aug<31>2005
17:18 Nov 06, 2007
Jkt 214001
C–3—Model Form for Renewal Notice
(Single-Affiliate Notice)—[Renewing Your
Choice To Limit Marketing]/[Renewing Your
Marketing Opt-Out]
• [Name of Affiliate] is providing this
notice.
• [Optional: Federal law gives you the
right to limit some but not all marketing from
our affiliates. Federal law also requires us to
give you this notice to tell you about your
choice to limit marketing from our affiliates.]
• You previously chose to limit our
affiliates in the [ABC] group of companies,
such as our [credit card, insurance, and
securities] affiliates, from marketing their
products or services to you based on your
personal information that we share with
them. This information includes your
[income], your [account history with us], and
your [credit score].
• Your choice has expired or is about to
expire.
To renew your choice to limit marketing
for [x] more years, contact us [include all that
apply]:
• By telephone: 1–877–###–####
• On the Web: www.---.com
• By mail: Check the box and complete the
form below, and send the form to:
[Company name]
[Company address]
lRenew my choice to limit marketing for [x]
more years.
C–4—Model Form for Renewal Notice (Joint
Notice)—[Renewing Your Choice To Limit
Marketing]/[Renewing Your Marketing OptOut]
• The [ABC group of companies] is
providing this notice.
• [Optional: Federal law gives you the
right to limit some but not all marketing from
the [ABC] companies. Federal law also
requires us to give you this notice to tell you
about your choice to limit marketing from the
[ABC] companies.]
• You previously chose to limit the [ABC]
companies, such as the [ABC credit card,
insurance, and securities] affiliates, from
marketing their products or services to you
based on your personal information that they
receive from other ABC companies. This
information includes your [income], your
[account history], and your [credit score].
• Your choice has expired or is about to
expire.
To renew your choice to limit marketing
for [x] more years, contact us [include all that
apply]:
• By telephone: 1–877–###–####
• On the Web: www.---.com
• By mail: Check the box and complete the
form below, and send the form to:
[Company name]
[Company address]
lRenew my choice to limit marketing for [x]
more years.
C–5—Model Form for Voluntary ‘‘No
Marketing’’ Notice—Your Choice To Stop
Marketing
• [Name of Affiliate] is providing this
notice.
• You may choose to stop all marketing
from us and our affiliates.
PO 00000
Frm 00055
Fmt 4701
Sfmt 4700
62963
To stop all marketing, contact us [include
all that apply]:
• By telephone: 1–877–###–####
• On the Web: www.---.com
• By mail: Check the box and complete the
form below, and send the form to:
[Company name]
[Company address]
lDo not market to me.
Federal Deposit Insurance Corporation
12 CFR Chapter III.
Authority and Issuance
For the reasons set forth in the joint
preamble, part 334 of title 12, chapter
III, of the Code of Federal Regulations is
amended as follows:
I
PART 334—FAIR CREDIT REPORTING
1. The authority citation for part 334
is revised to read as follows:
I
Authority: 12 U.S.C. 1818 and 1819
(Tenth); 15 U.S.C. 1681b, 1681c, 1681m,
1681s, 1681w, 6801 and 6805.
Subpart A—General Provisions
2. A new § 334.1 is added to part 334
to read as follows:
I
§ 334.1
Purpose and scope.
(a) Purpose. The purpose of this part
is to implement the Fair Credit
Reporting Act. This part generally
applies to persons that obtain and use
information about consumers to
determine the consumer’s eligibility for
products, services, or employment,
share such information among affiliates,
and furnish information to consumer
reporting agencies.
(b) Scope. Except as otherwise
provided in this part, the regulations in
this part apply to insured state
nonmember banks, insured state
licensed branches of foreign banks, and
subsidiaries of such entities (except
brokers, dealers, persons providing
insurance, investment companies, and
investment advisers).
3. A new Subpart C is added to part
334 to read as follows:
I
Subpart C—Affiliate Marketing
Sec.
334.20 Coverage and definitions.
334.21 Affiliate marketing opt-out and
exceptions.
334.22 Scope and duration of opt-out.
334.23 Contents of opt-out notice;
consolidated and equivalent notices.
334.24 Reasonable opportunity to opt out.
334.25 Reasonable and simple methods of
opting out.
334.26 Delivery of opt-out notices.
334.27 Renewal of opt-out.
334.28 Effective date, compliance date, and
prospective application.
E:\FR\FM\07NOR2.SGM
07NOR2
62964
Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations
Subpart C—Affiliate Marketing
rwilkins on PROD1PC63 with RULES_2
§ 334.20
Coverage and definitions.
(a) Coverage. Subpart C of this part
applies to insured state nonmember
banks, insured state licensed branches
of foreign banks, and subsidiaries of
such entities (except brokers, dealers,
persons providing insurance,
investment companies, and investment
advisers).
(b) Definitions. For purposes of this
subpart:
(1) Clear and conspicuous. The term
‘‘clear and conspicuous’’ means
reasonably understandable and
designed to call attention to the nature
and significance of the information
presented.
(2) Concise. (i) In general. The term
‘‘concise’’ means a reasonably brief
expression or statement.
(ii) Combination with other required
disclosures. A notice required by this
subpart may be concise even if it is
combined with other disclosures
required or authorized by federal or
state law.
(3) Eligibility information. The term
‘‘eligibility information’’ means any
information the communication of
which would be a consumer report if
the exclusions from the definition of
‘‘consumer report’’ in section
603(d)(2)(A) of the Act did not apply.
Eligibility information does not include
aggregate or blind data that does not
contain personal identifiers such as
account numbers, names, or addresses.
(4) Pre-existing business relationship.
(i) In general. The term ‘‘pre-existing
business relationship’’ means a
relationship between a person, or a
person’s licensed agent, and a consumer
based on—
(A) A financial contract between the
person and the consumer which is in
force on the date on which the
consumer is sent a solicitation covered
by this subpart;
(B) The purchase, rental, or lease by
the consumer of the person’s goods or
services, or a financial transaction
(including holding an active account or
a policy in force or having another
continuing relationship) between the
consumer and the person, during the 18month period immediately preceding
the date on which the consumer is sent
a solicitation covered by this subpart; or
(C) An inquiry or application by the
consumer regarding a product or service
offered by that person during the threemonth period immediately preceding
the date on which the consumer is sent
a solicitation covered by this subpart.
(ii) Examples of pre-existing business
relationships. (A) If a consumer has a
time deposit account, such as a
VerDate Aug<31>2005
16:20 Nov 06, 2007
Jkt 214001
certificate of deposit, at a depository
institution that is currently in force, the
depository institution has a pre-existing
business relationship with the consumer
and can use eligibility information it
receives from its affiliates to make
solicitations to the consumer about its
products or services.
(B) If a consumer obtained a
certificate of deposit from a depository
institution, but did not renew the
certificate at maturity, the depository
institution has a pre-existing business
relationship with the consumer and can
use eligibility information it receives
from its affiliates to make solicitations
to the consumer about its products or
services for 18 months after the date of
maturity of the certificate of deposit.
(C) If a consumer obtains a mortgage,
the mortgage lender has a pre-existing
business relationship with the
consumer. If the mortgage lender sells
the consumer’s entire loan to an
investor, the mortgage lender has a preexisting business relationship with the
consumer and can use eligibility
information it receives from its affiliates
to make solicitations to the consumer
about its products or services for 18
months after the date it sells the loan,
and the investor has a pre-existing
business relationship with the consumer
upon purchasing the loan. If, however,
the mortgage lender sells a fractional
interest in the consumer’s loan to an
investor but also retains an ownership
interest in the loan, the mortgage lender
continues to have a pre-existing
business relationship with the
consumer, but the investor does not
have a pre-existing business
relationship with the consumer. If the
mortgage lender retains ownership of
the loan, but sells ownership of the
servicing rights to the consumer’s loan,
the mortgage lender continues to have a
pre-existing business relationship with
the consumer. The purchaser of the
servicing rights also has a pre-existing
business relationship with the consumer
as of the date it purchases ownership of
the servicing rights, but only if it
collects payments from or otherwise
deals directly with the consumer on a
continuing basis.
(D) If a consumer applies to a
depository institution for a product or
service that it offers, but does not obtain
a product or service from or enter into
a financial contract or transaction with
the institution, the depository
institution has a pre-existing business
relationship with the consumer and can
therefore use eligibility information it
receives from an affiliate to make
solicitations to the consumer about its
products or services for three months
after the date of the application.
PO 00000
Frm 00056
Fmt 4701
Sfmt 4700
(E) If a consumer makes a telephone
inquiry to a depository institution about
its products or services and provides
contact information to the institution,
but does not obtain a product or service
from or enter into a financial contract or
transaction with the institution, the
depository institution has a pre-existing
business relationship with the consumer
and can therefore use eligibility
information it receives from an affiliate
to make solicitations to the consumer
about its products or services for three
months after the date of the inquiry.
(F) If a consumer makes an inquiry to
a depository institution by e-mail about
its products or services, but does not
obtain a product or service from or enter
into a financial contract or transaction
with the institution, the depository
institution has a pre-existing business
relationship with the consumer and can
therefore use eligibility information it
receives from an affiliate to make
solicitations to the consumer about its
products or services for three months
after the date of the inquiry.
(G) If a consumer has an existing
relationship with a depository
institution that is part of a group of
affiliated companies, makes a telephone
call to the centralized call center for the
group of affiliated companies to inquire
about products or services offered by the
insurance affiliate, and provides contact
information to the call center, the call
constitutes an inquiry to the insurance
affiliate that offers those products or
services. The insurance affiliate has a
pre-existing business relationship with
the consumer and can therefore use
eligibility information it receives from
its affiliated depository institution to
make solicitations to the consumer
about its products or services for three
months after the date of the inquiry.
(iii) Examples where no pre-existing
business relationship is created. (A) If a
consumer makes a telephone call to a
centralized call center for a group of
affiliated companies to inquire about the
consumer’s existing account at a
depository institution, the call does not
constitute an inquiry to any affiliate
other than the depository institution
that holds the consumer’s account and
does not establish a pre-existing
business relationship between the
consumer and any affiliate of the
account-holding depository institution.
(B) If a consumer who has a deposit
account with a depository institution
makes a telephone call to an affiliate of
the institution to ask about the affiliate’s
retail locations and hours, but does not
make an inquiry about the affiliate’s
products or services, the call does not
constitute an inquiry and does not
establish a pre-existing business
E:\FR\FM\07NOR2.SGM
07NOR2
Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations
relationship between the consumer and
the affiliate. Also, the affiliate’s capture
of the consumer’s telephone number
does not constitute an inquiry and does
not establish a pre-existing business
relationship between the consumer and
the affiliate.
(C) If a consumer makes a telephone
call to a depository institution in
response to an advertisement that offers
a free promotional item to consumers
who call a toll-free number, but the
advertisement does not indicate that the
depository institution’s products or
services will be marketed to consumers
who call in response, the call does not
create a pre-existing business
relationship between the consumer and
the depository institution because the
consumer has not made an inquiry
about a product or service offered by the
institution, but has merely responded to
an offer for a free promotional item.
(5) Solicitation. (i) In general. The
term ‘‘solicitation’’ means the marketing
of a product or service initiated by a
person to a particular consumer that
is—
(A) Based on eligibility information
communicated to that person by its
affiliate as described in this subpart; and
(B) Intended to encourage the
consumer to purchase or obtain such
product or service.
(ii) Exclusion of marketing directed at
the general public. A solicitation does
not include marketing communications
that are directed at the general public.
For example, television, general
circulation magazine, and billboard
advertisements do not constitute
solicitations, even if those
communications are intended to
encourage consumers to purchase
products and services from the person
initiating the communications.
(iii) Examples of solicitations. A
solicitation would include, for example,
a telemarketing call, direct mail, e-mail,
or other form of marketing
communication directed to a particular
consumer that is based on eligibility
information received from an affiliate.
(6) You means a person described in
paragraph (a) of this section.
rwilkins on PROD1PC63 with RULES_2
§ 334.21 Affiliate marketing opt-out and
exceptions.
(a) Initial notice and opt-out
requirement. (1) In general. You may not
use eligibility information about a
consumer that you receive from an
affiliate to make a solicitation for
marketing purposes to the consumer,
unless—
(i) It is clearly and conspicuously
disclosed to the consumer in writing or,
if the consumer agrees, electronically, in
a concise notice that you may use
VerDate Aug<31>2005
16:20 Nov 06, 2007
Jkt 214001
eligibility information about that
consumer received from an affiliate to
make solicitations for marketing
purposes to the consumer;
(ii) The consumer is provided a
reasonable opportunity and a reasonable
and simple method to ‘‘opt out,’’ or
prohibit you from using eligibility
information to make solicitations for
marketing purposes to the consumer;
and
(iii) The consumer has not opted out.
(2) Example. A consumer has a
homeowner’s insurance policy with an
insurance company. The insurance
company furnishes eligibility
information about the consumer to its
affiliated depository institution. Based
on that eligibility information, the
depository institution wants to make a
solicitation to the consumer about its
home equity loan products. The
depository institution does not have a
pre-existing business relationship with
the consumer and none of the other
exceptions apply. The depository
institution is prohibited from using
eligibility information received from its
insurance affiliate to make solicitations
to the consumer about its home equity
loan products unless the consumer is
given a notice and opportunity to opt
out and the consumer does not opt out.
(3) Affiliates who may provide the
notice. The notice required by this
paragraph must be provided:
(i) By an affiliate that has or has
previously had a pre-existing business
relationship with the consumer; or
(ii) As part of a joint notice from two
or more members of an affiliated group
of companies, provided that at least one
of the affiliates on the joint notice has
or has previously had a pre-existing
business relationship with the
consumer.
(b) Making solicitations. (1) In
general. For purposes of this subpart,
you make a solicitation for marketing
purposes if—
(i) You receive eligibility information
from an affiliate;
(ii) You use that eligibility
information to do one or more of the
following:
(A) Identify the consumer or type of
consumer to receive a solicitation;
(B) Establish criteria used to select the
consumer to receive a solicitation; or
(C) Decide which of your products or
services to market to the consumer or
tailor your solicitation to that consumer;
and
(iii) As a result of your use of the
eligibility information, the consumer is
provided a solicitation.
(2) Receiving eligibility information
from an affiliate, including through a
common database. You may receive
PO 00000
Frm 00057
Fmt 4701
Sfmt 4700
62965
eligibility information from an affiliate
in various ways, including when the
affiliate places that information into a
common database that you may access.
(3) Receipt or use of eligibility
information by your service provider.
Except as provided in paragraph (b)(5)
of this section, you receive or use an
affiliate’s eligibility information if a
service provider acting on your behalf
(whether an affiliate or a nonaffiliated
third party) receives or uses that
information in the manner described in
paragraphs (b)(1)(i) or (b)(1)(ii) of this
section. All relevant facts and
circumstances will determine whether a
person is acting as your service provider
when it receives or uses an affiliate’s
eligibility information in connection
with marketing your products and
services.
(4) Use by an affiliate of its own
eligibility information. Unless you have
used eligibility information that you
receive from an affiliate in the manner
described in paragraph (b)(1)(ii) of this
section, you do not make a solicitation
subject to this subpart if your affiliate:
(i) Uses its own eligibility information
that it obtained in connection with a
pre-existing business relationship it has
or had with the consumer to market
your products or services to the
consumer; or
(ii) Directs its service provider to use
the affiliate’s own eligibility information
that it obtained in connection with a
pre-existing business relationship it has
or had with the consumer to market
your products or services to the
consumer, and you do not communicate
directly with the service provider
regarding that use.
(5) Use of eligibility information by a
service provider. (i) In general. You do
not make a solicitation subject to
Subpart C of this part if a service
provider (including an affiliated or
third-party service provider that
maintains or accesses a common
database that you may access) receives
eligibility information from your
affiliate that your affiliate obtained in
connection with a pre-existing business
relationship it has or had with the
consumer and uses that eligibility
information to market your products or
services to the consumer, so long as—
(A) Your affiliate controls access to
and use of its eligibility information by
the service provider (including the right
to establish the specific terms and
conditions under which the service
provider may use such information to
market your products or services);
(B) Your affiliate establishes specific
terms and conditions under which the
service provider may access and use the
affiliate’s eligibility information to
E:\FR\FM\07NOR2.SGM
07NOR2
rwilkins on PROD1PC63 with RULES_2
62966
Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations
market your products and services (or
those of affiliates generally) to the
consumer, such as the identity of the
affiliated companies whose products or
services may be marketed to the
consumer by the service provider, the
types of products or services of affiliated
companies that may be marketed, and
the number of times the consumer may
receive marketing materials, and
periodically evaluates the service
provider’s compliance with those terms
and conditions;
(C) Your affiliate requires the service
provider to implement reasonable
policies and procedures designed to
ensure that the service provider uses the
affiliate’s eligibility information in
accordance with the terms and
conditions established by the affiliate
relating to the marketing of your
products or services;
(D) Your affiliate is identified on or
with the marketing materials provided
to the consumer; and
(E) You do not directly use your
affiliate’s eligibility information in the
manner described in paragraph (b)(1)(ii)
of this section.
(ii) Writing requirements. (A) The
requirements of paragraphs (b)(5)(i)(A)
and (C) of this section must be set forth
in a written agreement between your
affiliate and the service provider; and
(B) The specific terms and conditions
established by your affiliate as provided
in paragraph (b)(5)(i)(B) of this section
must be set forth in writing.
(6) Examples of making solicitations.
(i) A consumer has a deposit account
with a depository institution, which is
affiliated with an insurance company.
The insurance company receives
eligibility information about the
consumer from the depository
institution. The insurance company
uses that eligibility information to
identify the consumer to receive a
solicitation about insurance products,
and, as a result, the insurance company
provides a solicitation to the consumer
about its insurance products. Pursuant
to paragraph (b)(1) of this section, the
insurance company has made a
solicitation to the consumer.
(ii) The same facts as in the example
in paragraph (b)(6)(i) of this section,
except that after using the eligibility
information to identify the consumer to
receive a solicitation about insurance
products, the insurance company asks
the depository institution to send the
solicitation to the consumer and the
depository institution does so. Pursuant
to paragraph (b)(1) of this section, the
insurance company has made a
solicitation to the consumer because it
used eligibility information about the
consumer that it received from an
VerDate Aug<31>2005
16:20 Nov 06, 2007
Jkt 214001
affiliate to identify the consumer to
receive a solicitation about its products
or services, and, as a result, a
solicitation was provided to the
consumer about the insurance
company’s products.
(iii) The same facts as in the example
in paragraph (b)(6)(i) of this section,
except that eligibility information about
consumers that have deposit accounts
with the depository institution is placed
into a common database that all
members of the affiliated group of
companies may independently access
and use. Without using the depository
institution’s eligibility information, the
insurance company develops selection
criteria and provides those criteria,
marketing materials, and related
instructions to the depository
institution. The depository institution
reviews eligibility information about its
own consumers using the selection
criteria provided by the insurance
company to determine which
consumers should receive the insurance
company’s marketing materials and
sends marketing materials about the
insurance company’s products to those
consumers. Even though the insurance
company has received eligibility
information through the common
database as provided in paragraph (b)(2)
of this section, it did not use that
information to identify consumers or
establish selection criteria; instead, the
depository institution used its own
eligibility information. Therefore,
pursuant to paragraph (b)(4)(i) of this
section, the insurance company has not
made a solicitation to the consumer.
(iv) The same facts as in the example
in paragraph (b)(6)(iii) of this section,
except that the depository institution
provides the insurance company’s
criteria to the depository institution’s
service provider and directs the service
provider to use the depository
institution’s eligibility information to
identify depository institution
consumers who meet the criteria and to
send the insurance company’s
marketing materials to those consumers.
The insurance company does not
communicate directly with the service
provider regarding the use of the
depository institution’s information to
market its products to the depository
institution’s consumers. Pursuant to
paragraph (b)(4)(ii) of this section, the
insurance company has not made a
solicitation to the consumer.
(v) An affiliated group of companies
includes a depository institution, an
insurance company, and a service
provider. Each affiliate in the group
places information about its consumers
into a common database. The service
provider has access to all information in
PO 00000
Frm 00058
Fmt 4701
Sfmt 4700
the common database. The depository
institution controls access to and use of
its eligibility information by the service
provider. This control is set forth in a
written agreement between the
depository institution and the service
provider. The written agreement also
requires the service provider to establish
reasonable policies and procedures
designed to ensure that the service
provider uses the depository
institution’s eligibility information in
accordance with specific terms and
conditions established by the depository
institution relating to the marketing of
the products and services of all
affiliates, including the insurance
company. In a separate written
communication, the depository
institution specifies the terms and
conditions under which the service
provider may use the depository
institution’s eligibility information to
market the insurance company’s
products and services to the depository
institution’s consumers. The specific
terms and conditions are: a list of
affiliated companies (including the
insurance company) whose products or
services may be marketed to the
depository institution’s consumers by
the service provider; the specific
products or types of products that may
be marketed to the depository
institution’s consumers by the service
provider; the categories of eligibility
information that may be used by the
service provider in marketing products
or services to the depository
institution’s consumers; the types or
categories of the depository institution’s
consumers to whom the service
provider may market products or
services of depository institution
affiliates; the number and/or types of
marketing communications that the
service provider may send to the
depository institution’s consumers; and
the length of time during which the
service provider may market the
products or services of the depository
institution’s affiliates to its consumers.
The depository institution periodically
evaluates the service provider’s
compliance with these terms and
conditions. The insurance company
asks the service provider to market
insurance products to certain consumers
who have deposit accounts with the
depository institution. Without using
the depository institution’s eligibility
information, the insurance company
develops selection criteria and provides
those criteria, marketing materials, and
related instructions to the service
provider. The service provider uses the
depository institution’s eligibility
information from the common database
E:\FR\FM\07NOR2.SGM
07NOR2
rwilkins on PROD1PC63 with RULES_2
Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations
to identify the depository institution’s
consumers to whom insurance products
will be marketed. When the insurance
company’s marketing materials are
provided to the identified consumers,
the name of the depository institution is
displayed on the insurance marketing
materials, an introductory letter that
accompanies the marketing materials,
an account statement that accompanies
the marketing materials, or the envelope
containing the marketing materials. The
requirements of paragraph (b)(5) of this
section have been satisfied, and the
insurance company has not made a
solicitation to the consumer.
(vi) The same facts as in the example
in paragraph (b)(6)(v) of this section,
except that the terms and conditions
permit the service provider to use the
depository institution’s eligibility
information to market the products and
services of other affiliates to the
depository institution’s consumers
whenever the service provider deems it
appropriate to do so. The service
provider uses the depository
institution’s eligibility information in
accordance with the discretion afforded
to it by the terms and conditions.
Because the terms and conditions are
not specific, the requirements of
paragraph (b)(5) of this section have not
been satisfied.
(c) Exceptions. The provisions of this
subpart do not apply to you if you use
eligibility information that you receive
from an affiliate:
(1) To make a solicitation for
marketing purposes to a consumer with
whom you have a pre-existing business
relationship;
(2) To facilitate communications to an
individual for whose benefit you
provide employee benefit or other
services pursuant to a contract with an
employer related to and arising out of
the current employment relationship or
status of the individual as a participant
or beneficiary of an employee benefit
plan;
(3) To perform services on behalf of
an affiliate, except that this
subparagraph shall not be construed as
permitting you to send solicitations on
behalf of an affiliate if the affiliate
would not be permitted to send the
solicitation as a result of the election of
the consumer to opt out under this
subpart;
(4) In response to a communication
about your products or services initiated
by the consumer;
(5) In response to an authorization or
request by the consumer to receive
solicitations; or
(6) If your compliance with this
subpart would prevent you from
complying with any provision of State
VerDate Aug<31>2005
16:20 Nov 06, 2007
Jkt 214001
insurance laws pertaining to unfair
discrimination in any State in which
you are lawfully doing business.
(d) Examples of exceptions. (1)
Example of the pre-existing business
relationship exception. A consumer has
a deposit account with a depository
institution. The consumer also has a
relationship with the depository
institution’s securities affiliate for
management of the consumer’s
securities portfolio. The depository
institution receives eligibility
information about the consumer from its
securities affiliate and uses that
information to make a solicitation to the
consumer about the depository
institution’s wealth management
services. The depository institution may
make this solicitation even if the
consumer has not been given a notice
and opportunity to opt out because the
depository institution has a pre-existing
business relationship with the
consumer.
(2) Examples of service provider
exception. (i) A consumer has an
insurance policy issued by an insurance
company. The insurance company
furnishes eligibility information about
the consumer to its affiliated depository
institution. Based on that eligibility
information, the depository institution
wants to make a solicitation to the
consumer about its deposit products.
The depository institution does not have
a pre-existing business relationship with
the consumer and none of the other
exceptions in paragraph (c) of this
section apply. The consumer has been
given an opt-out notice and has elected
to opt out of receiving such
solicitations. The depository institution
asks a service provider to send the
solicitation to the consumer on its
behalf. The service provider may not
send the solicitation on behalf of the
depository institution because, as a
result of the consumer’s opt-out
election, the depository institution is
not permitted to make the solicitation.
(ii) The same facts as in paragraph
(d)(2)(i) of this section, except the
consumer has been given an opt-out
notice, but has not elected to opt out.
The depository institution asks a service
provider to send the solicitation to the
consumer on its behalf. The service
provider may send the solicitation on
behalf of the depository institution
because, as a result of the consumer’s
not opting out, the depository
institution is permitted to make the
solicitation.
(3) Examples of consumer-initiated
communications. (i) A consumer who
has a deposit account with a depository
institution initiates a communication
with the depository institution’s credit
PO 00000
Frm 00059
Fmt 4701
Sfmt 4700
62967
card affiliate to request information
about a credit card. The credit card
affiliate may use eligibility information
about the consumer it obtains from the
depository institution or any other
affiliate to make solicitations regarding
credit card products in response to the
consumer-initiated communication.
(ii) A consumer who has a deposit
account with a depository institution
contacts the institution to request
information about how to save and
invest for a child’s college education
without specifying the type of product
in which the consumer may be
interested. Information about a range of
different products or services offered by
the depository institution and one or
more affiliates of the institution may be
responsive to that communication. Such
products or services may include the
following: Mutual funds offered by the
institution’s mutual fund affiliate;
section 529 plans offered by the
institution, its mutual fund affiliate, or
another securities affiliate; or trust
services offered by a different financial
institution in the affiliated group. Any
affiliate offering investment products or
services that would be responsive to the
consumer’s request for information
about saving and investing for a child’s
college education may use eligibility
information to make solicitations to the
consumer in response to this
communication.
(iii) A credit card issuer makes a
marketing call to the consumer without
using eligibility information received
from an affiliate. The issuer leaves a
voice-mail message that invites the
consumer to call a toll-free number to
apply for the issuer’s credit card. If the
consumer calls the toll-free number to
inquire about the credit card, the call is
a consumer-initiated communication
about a product or service and the credit
card issuer may now use eligibility
information it receives from its affiliates
to make solicitations to the consumer.
(iv) A consumer calls a depository
institution to ask about retail locations
and hours, but does not request
information about products or services.
The institution may not use eligibility
information it receives from an affiliate
to make solicitations to the consumer
about its products or services because
the consumer-initiated communication
does not relate to the depository
institution’s products or services. Thus,
the use of eligibility information
received from an affiliate would not be
responsive to the communication and
the exception does not apply.
(v) A consumer calls a depository
institution to ask about retail locations
and hours. The customer service
representative asks the consumer if
E:\FR\FM\07NOR2.SGM
07NOR2
rwilkins on PROD1PC63 with RULES_2
62968
Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations
there is a particular product or service
about which the consumer is seeking
information. The consumer responds
that the consumer wants to stop in and
find out about certificates of deposit.
The customer service representative
offers to provide that information by
telephone and mail additional
information and application materials to
the consumer. The consumer agrees and
provides or confirms contact
information for receipt of the materials
to be mailed. The depository institution
may use eligibility information it
receives from an affiliate to make
solicitations to the consumer about
certificates of deposit because such
solicitations would respond to the
consumer-initiated communication
about products or services.
(4) Examples of consumer
authorization or request for
solicitations. (i) A consumer who
obtains a mortgage from a mortgage
lender authorizes or requests
information about homeowner’s
insurance offered by the mortgage
lender’s insurance affiliate. Such
authorization or request, whether given
to the mortgage lender or to the
insurance affiliate, would permit the
insurance affiliate to use eligibility
information about the consumer it
obtains from the mortgage lender or any
other affiliate to make solicitations to
the consumer about homeowner’s
insurance.
(ii) A consumer completes an online
application to apply for a credit card
from a credit card issuer. The issuer’s
online application contains a blank
check box that the consumer may check
to authorize or request information from
the credit card issuer’s affiliates. The
consumer checks the box. The consumer
has authorized or requested solicitations
from the card issuer’s affiliates.
(iii) A consumer completes an online
application to apply for a credit card
from a credit card issuer. The issuer’s
online application contains a preselected check box indicating that the
consumer authorizes or requests
information from the issuer’s affiliates.
The consumer does not deselect the
check box. The consumer has not
authorized or requested solicitations
from the card issuer’s affiliates.
(iv) The terms and conditions of a
credit card account agreement contain
preprinted boilerplate language stating
that by applying to open an account the
consumer authorizes or requests to
receive solicitations from the credit card
issuer’s affiliates. The consumer has not
authorized or requested solicitations
from the card issuer’s affiliates.
(e) Relation to affiliate-sharing notice
and opt-out. Nothing in this subpart
VerDate Aug<31>2005
16:20 Nov 06, 2007
Jkt 214001
limits the responsibility of a person to
comply with the notice and opt-out
provisions of section 603(d)(2)(A)(iii) of
the Act where applicable.
§ 334.22
Scope and duration of opt-out.
(a) Scope of opt-out. (1) In general.
Except as otherwise provided in this
section, the consumer’s election to opt
out prohibits any affiliate covered by the
opt-out notice from using eligibility
information received from another
affiliate as described in the notice to
make solicitations to the consumer.
(2) Continuing relationship. (i) In
general. If the consumer establishes a
continuing relationship with you or
your affiliate, an opt-out notice may
apply to eligibility information obtained
in connection with—
(A) A single continuing relationship
or multiple continuing relationships
that the consumer establishes with you
or your affiliates, including continuing
relationships established subsequent to
delivery of the opt-out notice, so long as
the notice adequately describes the
continuing relationships covered by the
opt-out; or
(B) Any other transaction between the
consumer and you or your affiliates as
described in the notice.
(ii) Examples of continuing
relationships. A consumer has a
continuing relationship with you or
your affiliate if the consumer—
(A) Opens a deposit or investment
account with you or your affiliate;
(B) Obtains a loan for which you or
your affiliate owns the servicing rights;
(C) Purchases an insurance product
from you or your affiliate;
(D) Holds an investment product
through you or your affiliate, such as
when you act or your affiliate acts as a
custodian for securities or for assets in
an individual retirement arrangement;
(E) Enters into an agreement or
understanding with you or your affiliate
whereby you or your affiliate undertakes
to arrange or broker a home mortgage
loan for the consumer;
(F) Enters into a lease of personal
property with you or your affiliate; or
(G) Obtains financial, investment, or
economic advisory services from you or
your affiliate for a fee.
(3) No continuing relationship. (i) In
general. If there is no continuing
relationship between a consumer and
you or your affiliate, and you or your
affiliate obtain eligibility information
about a consumer in connection with a
transaction with the consumer, such as
an isolated transaction or a credit
application that is denied, an opt-out
notice provided to the consumer only
applies to eligibility information
obtained in connection with that
transaction.
PO 00000
Frm 00060
Fmt 4701
Sfmt 4700
(ii) Examples of isolated transactions.
An isolated transaction occurs if—
(A) The consumer uses your or your
affiliate’s ATM to withdraw cash from
an account at another financial
institution; or
(B) You or your affiliate sells the
consumer a cashier’s check or money
order, airline tickets, travel insurance,
or traveler’s checks in isolated
transactions.
(4) Menu of alternatives. A consumer
may be given the opportunity to choose
from a menu of alternatives when
electing to prohibit solicitations, such as
by electing to prohibit solicitations from
certain types of affiliates covered by the
opt-out notice but not other types of
affiliates covered by the notice, electing
to prohibit solicitations based on certain
types of eligibility information but not
other types of eligibility information, or
electing to prohibit solicitations by
certain methods of delivery but not
other methods of delivery. However,
one of the alternatives must allow the
consumer to prohibit all solicitations
from all of the affiliates that are covered
by the notice.
(5) Special rule for a notice following
termination of all continuing
relationships. (i) In general. A consumer
must be given a new opt-out notice if,
after all continuing relationships with
you or your affiliate(s) are terminated,
the consumer subsequently establishes
another continuing relationship with
you or your affiliate(s) and the
consumer’s eligibility information is to
be used to make a solicitation. The new
opt-out notice must apply, at a
minimum, to eligibility information
obtained in connection with the new
continuing relationship. Consistent with
paragraph (b) of this section, the
consumer’s decision not to opt out after
receiving the new opt-out notice would
not override a prior opt-out election by
the consumer that applies to eligibility
information obtained in connection
with a terminated relationship,
regardless of whether the new opt-out
notice applies to eligibility information
obtained in connection with the
terminated relationship.
(ii) Example. A consumer has a
checking account with a depository
institution that is part of an affiliated
group. The consumer closes the
checking account. One year after closing
the checking account, the consumer
opens a savings account with the same
depository institution. The consumer
must be given a new notice and
opportunity to opt out before the
depository institution’s affiliates may
make solicitations to the consumer
using eligibility information obtained by
the depository institution in connection
E:\FR\FM\07NOR2.SGM
07NOR2
Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations
with the new savings account
relationship, regardless of whether the
consumer opted out in connection with
the checking account.
(b) Duration of opt-out. The election
of a consumer to opt out must be
effective for a period of at least five
years (the ‘‘opt-out period’’) beginning
when the consumer’s opt-out election is
received and implemented, unless the
consumer subsequently revokes the optout in writing or, if the consumer agrees,
electronically. An opt-out period of
more than five years may be established,
including an opt-out period that does
not expire unless revoked by the
consumer.
(c) Time of opt-out. A consumer may
opt out at any time.
rwilkins on PROD1PC63 with RULES_2
§ 334.23 Contents of opt-out notice;
consolidated and equivalent notices.
(a) Contents of opt-out notice. (1) In
general. A notice must be clear,
conspicuous, and concise, and must
accurately disclose:
(i) The name of the affiliate(s)
providing the notice. If the notice is
provided jointly by multiple affiliates
and each affiliate shares a common
name, such as ‘‘ABC,’’ then the notice
may indicate that it is being provided by
multiple companies with the ABC name
or multiple companies in the ABC group
or family of companies, for example, by
stating that the notice is provided by
‘‘all of the ABC companies,’’ ‘‘the ABC
banking, credit card, insurance, and
securities companies,’’ or by listing the
name of each affiliate providing the
notice. But if the affiliates providing the
joint notice do not all share a common
name, then the notice must either
separately identify each affiliate by
name or identify each of the common
names used by those affiliates, for
example, by stating that the notice is
provided by ‘‘all of the ABC and XYZ
companies’’ or by ‘‘the ABC banking
and credit card companies and the XYZ
insurance companies’’;
(ii) A list of the affiliates or types of
affiliates whose use of eligibility
information is covered by the notice,
which may include companies that
become affiliates after the notice is
provided to the consumer. If each
affiliate covered by the notice shares a
common name, such as ‘‘ABC,’’ then the
notice may indicate that it applies to
multiple companies with the ABC name
or multiple companies in the ABC group
or family of companies, for example, by
stating that the notice is provided by
‘‘all of the ABC companies,’’ ‘‘the ABC
banking, credit card, insurance, and
securities companies,’’ or by listing the
name of each affiliate providing the
notice. But if the affiliates covered by
VerDate Aug<31>2005
16:20 Nov 06, 2007
Jkt 214001
the notice do not all share a common
name, then the notice must either
separately identify each covered affiliate
by name or identify each of the common
names used by those affiliates, for
example, by stating that the notice
applies to ‘‘all of the ABC and XYZ
companies’’ or to ‘‘the ABC banking and
credit card companies and the XYZ
insurance companies’’;
(iii) A general description of the types
of eligibility information that may be
used to make solicitations to the
consumer;
(iv) That the consumer may elect to
limit the use of eligibility information to
make solicitations to the consumer;
(v) That the consumer’s election will
apply for the specified period of time
stated in the notice and, if applicable,
that the consumer will be allowed to
renew the election once that period
expires;
(vi) If the notice is provided to
consumers who may have previously
opted out, such as if a notice is provided
to consumers annually, that the
consumer who has chosen to limit
solicitations does not need to act again
until the consumer receives a renewal
notice; and
(vii) A reasonable and simple method
for the consumer to opt out.
(2) Joint relationships. (i) If two or
more consumers jointly obtain a product
or service, a single opt-out notice may
be provided to the joint consumers. Any
of the joint consumers may exercise the
right to opt out.
(ii) The opt-out notice must explain
how an opt-out direction by a joint
consumer will be treated. An opt-out
direction by a joint consumer may be
treated as applying to all of the
associated joint consumers, or each joint
consumer may be permitted to opt-out
separately. If each joint consumer is
permitted to opt out separately, one of
the joint consumers must be permitted
to opt out on behalf of all of the joint
consumers and the joint consumers
must be permitted to exercise their
separate rights to opt out in a single
response.
(iii) It is impermissible to require all
joint consumers to opt out before
implementing any opt-out direction.
(3) Alternative contents. If the
consumer is afforded a broader right to
opt out of receiving marketing than is
required by this subpart, the
requirements of this section may be
satisfied by providing the consumer
with a clear, conspicuous, and concise
notice that accurately discloses the
consumer’s opt-out rights.
(4) Model notices. Model notices are
provided in Appendix C of this part.
PO 00000
Frm 00061
Fmt 4701
Sfmt 4700
62969
(b) Coordinated and consolidated
notices. A notice required by this
subpart may be coordinated and
consolidated with any other notice or
disclosure required to be issued under
any other provision of law by the entity
providing the notice, including but not
limited to the notice described in
section 603(d)(2)(A)(iii) of the Act and
the Gramm-Leach-Bliley Act privacy
notice.
(c) Equivalent notices. A notice or
other disclosure that is equivalent to the
notice required by this subpart, and that
is provided to a consumer together with
disclosures required by any other
provision of law, satisfies the
requirements of this section.
§ 334.24
out.
Reasonable opportunity to opt
(a) In general. You must not use
eligibility information about a consumer
that you receive from an affiliate to
make a solicitation to the consumer
about your products or services, unless
the consumer is provided a reasonable
opportunity to opt out, as required by
§ 334.21(a)(1)(ii) of this part.
(b) Examples of a reasonable
opportunity to opt out. The consumer is
given a reasonable opportunity to opt
out if:
(1) By mail. The opt-out notice is
mailed to the consumer. The consumer
is given 30 days from the date the notice
is mailed to elect to opt out by any
reasonable means.
(2) By electronic means. (i) The optout notice is provided electronically to
the consumer, such as by posting the
notice at an Internet Web site at which
the consumer has obtained a product or
service. The consumer acknowledges
receipt of the electronic notice. The
consumer is given 30 days after the date
the consumer acknowledges receipt to
elect to opt out by any reasonable
means.
(ii) The opt-out notice is provided to
the consumer by e-mail where the
consumer has agreed to receive
disclosures by e-mail from the person
sending the notice. The consumer is
given 30 days after the e-mail is sent to
elect to opt out by any reasonable
means.
(3) At the time of an electronic
transaction. The opt-out notice is
provided to the consumer at the time of
an electronic transaction, such as a
transaction conducted on an Internet
Web site. The consumer is required to
decide, as a necessary part of
proceeding with the transaction,
whether to opt out before completing
the transaction. There is a simple
process that the consumer may use to
opt out at that time using the same
E:\FR\FM\07NOR2.SGM
07NOR2
62970
Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations
mechanism through which the
transaction is conducted.
(4) At the time of an in-person
transaction. The opt-out notice is
provided to the consumer in writing at
the time of an in-person transaction.
The consumer is required to decide, as
a necessary part of proceeding with the
transaction, whether to opt out before
completing the transaction, and is not
permitted to complete the transaction
without making a choice. There is a
simple process that the consumer may
use during the course of the in-person
transaction to opt out, such as
completing a form that requires
consumers to write a ‘‘yes’’ or ‘‘no’’ to
indicate their opt-out preference or that
requires the consumer to check one of
two blank check boxes—one that allows
consumers to indicate that they want to
opt out and one that allows consumers
to indicate that they do not want to opt
out.
(5) By including in a privacy notice.
The opt-out notice is included in a
Gramm-Leach-Bliley Act privacy notice.
The consumer is allowed to exercise the
opt-out within a reasonable period of
time and in the same manner as the optout under that privacy notice.
rwilkins on PROD1PC63 with RULES_2
§ 334.25 Reasonable and simple methods
of opting out.
(a) In general. You must not use
eligibility information about a consumer
that you receive from an affiliate to
make a solicitation to the consumer
about your products or services, unless
the consumer is provided a reasonable
and simple method to opt out, as
required by § 334.21(a)(1)(ii) of this part.
(b) Examples. (1) Reasonable and
simple opt-out methods. Reasonable and
simple methods for exercising the optout right include—
(i) Designating a check-off box in a
prominent position on the opt-out form;
(ii) Including a reply form and a selfaddressed envelope together with the
opt-out notice;
(iii) Providing an electronic means to
opt out, such as a form that can be
electronically mailed or processed at an
Internet Web site, if the consumer agrees
to the electronic delivery of information;
(iv) Providing a toll-free telephone
number that consumers may call to opt
out; or
(v) Allowing consumers to exercise all
of their opt-out rights described in a
consolidated opt-out notice that
includes the privacy opt-out under the
Gramm-Leach-Bliley Act, 15 U.S.C.
6801 et seq., the affiliate sharing opt-out
under the Act, and the affiliate
marketing opt-out under the Act, by a
single method, such as by calling a
single toll-free telephone number.
VerDate Aug<31>2005
16:20 Nov 06, 2007
Jkt 214001
(2) Opt-out methods that are not
reasonable and simple. Reasonable and
simple methods for exercising an optout right do not include—
(i) Requiring the consumer to write
his or her own letter;
(ii) Requiring the consumer to call or
write to obtain a form for opting out,
rather than including the form with the
opt-out notice;
(iii) Requiring the consumer who
receives the opt-out notice in electronic
form only, such as through posting at an
Internet Web site, to opt out solely by
paper mail or by visiting a different Web
site without providing a link to that site.
(c) Specific opt-out means. Each
consumer may be required to opt out
through a specific means, as long as that
means is reasonable and simple for that
consumer.
§ 334.26
Delivery of opt-out notices.
(a) In general. The opt-out notice must
be provided so that each consumer can
reasonably be expected to receive actual
notice. For opt-out notices provided
electronically, the notice may be
provided in compliance with either the
electronic disclosure provisions in this
subpart or the provisions in section 101
of the Electronic Signatures in Global
and National Commerce Act, 15 U.S.C.
7001 et seq.
(b) Examples of reasonable
expectation of actual notice. A
consumer may reasonably be expected
to receive actual notice if the affiliate
providing the notice:
(1) Hand-delivers a printed copy of
the notice to the consumer;
(2) Mails a printed copy of the notice
to the last known mailing address of the
consumer;
(3) Provides a notice by e-mail to a
consumer who has agreed to receive
electronic disclosures by e-mail from
the affiliate providing the notice; or
(4) Posts the notice on the Internet
Web site at which the consumer
obtained a product or service
electronically and requires the
consumer to acknowledge receipt of the
notice.
(c) Examples of no reasonable
expectation of actual notice. A
consumer may not reasonably be
expected to receive actual notice if the
affiliate providing the notice:
(1) Only posts the notice on a sign in
a branch or office or generally publishes
the notice in a newspaper;
(2) Sends the notice via e-mail to a
consumer who has not agreed to receive
electronic disclosures by e-mail from
the affiliate providing the notice; or
(3) Posts the notice on an Internet
Web site without requiring the
consumer to acknowledge receipt of the
notice.
PO 00000
Frm 00062
Fmt 4701
Sfmt 4700
§ 334.27
Renewal of opt-out.
(a) Renewal notice and opt-out
requirement. (1) In general. After the
opt-out period expires, you may not
make solicitations based on eligibility
information you receive from an affiliate
to a consumer who previously opted
out, unless:
(i) The consumer has been given a
renewal notice that complies with the
requirements of this section and
§§ 334.24 through 334.26 of this part,
and a reasonable opportunity and a
reasonable and simple method to renew
the opt-out, and the consumer does not
renew the opt-out; or
(ii) An exception in § 334.21(c) of this
part applies.
(2) Renewal period. Each opt-out
renewal must be effective for a period of
at least five years as provided in
§ 334.22(b) of this part.
(3) Affiliates who may provide the
notice. The notice required by this
paragraph must be provided:
(i) By the affiliate that provided the
previous opt-out notice, or its successor;
or
(ii) As part of a joint renewal notice
from two or more members of an
affiliated group of companies, or their
successors, that jointly provided the
previous opt-out notice.
(b) Contents of renewal notice. The
renewal notice must be clear,
conspicuous, and concise, and must
accurately disclose:
(1) The name of the affiliate(s)
providing the notice. If the notice is
provided jointly by multiple affiliates
and each affiliate shares a common
name, such as ‘‘ABC,’’ then the notice
may indicate that it is being provided by
multiple companies with the ABC name
or multiple companies in the ABC group
or family of companies, for example, by
stating that the notice is provided by
‘‘all of the ABC companies,’’ ‘‘the ABC
banking, credit card, insurance, and
securities companies,’’ or by listing the
name of each affiliate providing the
notice. But if the affiliates providing the
joint notice do not all share a common
name, then the notice must either
separately identify each affiliate by
name or identify each of the common
names used by those affiliates, for
example, by stating that the notice is
provided by ‘‘all of the ABC and XYZ
companies’’ or by ‘‘the ABC banking
and credit card companies and the XYZ
insurance companies;’’
(2) A list of the affiliates or types of
affiliates whose use of eligibility
information is covered by the notice,
which may include companies that
become affiliates after the notice is
provided to the consumer. If each
affiliate covered by the notice shares a
E:\FR\FM\07NOR2.SGM
07NOR2
rwilkins on PROD1PC63 with RULES_2
Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations
common name, such as ‘‘ABC,’’ then the
notice may indicate that it applies to
multiple companies with the ABC name
or multiple companies in the ABC group
or family of companies, for example, by
stating that the notice is provided by
‘‘all of the ABC companies,’’ ‘‘the ABC
banking, credit card, insurance, and
securities companies,’’ or by listing the
name of each affiliate providing the
notice. But if the affiliates covered by
the notice do not all share a common
name, then the notice must either
separately identify each covered affiliate
by name or identify each of the common
names used by those affiliates, for
example, by stating that the notice
applies to ‘‘all of the ABC and XYZ
companies’’ or to ‘‘the ABC banking and
credit card companies and the XYZ
insurance companies;’’
(3) A general description of the types
of eligibility information that may be
used to make solicitations to the
consumer;
(4) That the consumer previously
elected to limit the use of certain
information to make solicitations to the
consumer;
(5) That the consumer’s election has
expired or is about to expire;
(6) That the consumer may elect to
renew the consumer’s previous election;
(7) If applicable, that the consumer’s
election to renew will apply for the
specified period of time stated in the
notice and that the consumer will be
allowed to renew the election once that
period expires; and
(8) A reasonable and simple method
for the consumer to opt out.
(c) Timing of the renewal notice. (1)
In general. A renewal notice may be
provided to the consumer either—
(i) A reasonable period of time before
the expiration of the opt-out period; or
(ii) Any time after the expiration of
the opt-out period but before
solicitations that would have been
prohibited by the expired opt-out are
made to the consumer.
(2) Combination with annual privacy
notice. If you provide an annual privacy
notice under the Gramm-Leach-Bliley
Act, 15 U.S.C. 6801 et seq., providing a
renewal notice with the last annual
privacy notice provided to the consumer
before expiration of the opt-out period
is a reasonable period of time before
expiration of the opt-out in all cases.
(d) No effect on opt-out period. An
opt-out period may not be shortened by
sending a renewal notice to the
consumer before expiration of the optout period, even if the consumer does
not renew the opt-out.
VerDate Aug<31>2005
16:20 Nov 06, 2007
Jkt 214001
§ 334.28 Effective date, compliance date,
and prospective application.
(a) Effective date. This subpart is
effective January 1, 2008.
(b) Mandatory compliance date.
Compliance with this subpart is
required not later than October 1, 2008.
(c) Prospective application. The
provisions of this subpart shall not
prohibit you from using eligibility
information that you receive from an
affiliate to make solicitations to a
consumer if you receive such
information prior to October 1, 2008.
For purposes of this section, you are
deemed to receive eligibility
information when such information is
placed into a common database and is
accessible by you.
I 4. Appendixes A and B to part 334 are
added and reserved, and a new
Appendix C to part 334 is added to read
as follows:
Appendix C To Part 334—Model Forms
for Opt-Out Notices
a. Although use of the model forms is not
required, use of the model forms in this
Appendix (as applicable) complies with the
requirement in section 624 of the Act for
clear, conspicuous, and concise notices.
b. Certain changes may be made to the
language or format of the model forms
without losing the protection from liability
afforded by use of the model forms. These
changes may not be so extensive as to affect
the substance, clarity, or meaningful
sequence of the language in the model forms.
Persons making such extensive revisions will
lose the safe harbor that this Appendix
provides. Acceptable changes include, for
example:
1. Rearranging the order of the references
to ‘‘your income,’’ ‘‘your account history,’’
and ‘‘your credit score.’’
2. Substituting other types of information
for ‘‘income,’’ ‘‘account history,’’ or ‘‘credit
score’’ for accuracy, such as ‘‘payment
history,’’ ‘‘credit history,’’ ‘‘payoff status,’’ or
‘‘claims history.’’
3. Substituting a clearer and more accurate
description of the affiliates providing or
covered by the notice for phrases such as
‘‘the [ABC] group of companies,’’ including
without limitation a statement that the entity
providing the notice recently purchased the
consumer’s account.
4. Substituting other types of affiliates
covered by the notice for ‘‘credit card,’’
‘‘insurance,’’ or ‘‘securities’’ affiliates.
5. Omitting items that are not accurate or
applicable. For example, if a person does not
limit the duration of the opt-out period, the
notice may omit information about the
renewal notice.
6. Adding a statement informing
consumers how much time they have to opt
out before shared eligibility information may
be used to make solicitations to them.
7. Adding a statement that the consumer
may exercise the right to opt out at any time.
8. Adding the following statement, if
accurate: ‘‘If you previously opted out, you
do not need to do so again.’’
PO 00000
Frm 00063
Fmt 4701
Sfmt 4700
62971
9. Providing a place on the form for the
consumer to fill in identifying information,
such as his or her name and address:
C–1 Model Form for Initial Opt-out Notice
(Single-Affiliate Notice)
C–2 Model Form for Initial Opt-out Notice
(Joint Notice)
C–3 Model Form for Renewal Notice
(Single-Affiliate Notice)
C–4 Model Form for Renewal Notice (Joint
Notice)
C–5 Model Form for Voluntary ‘‘No
Marketing’’ Notice
C–1—Model Form for Initial Opt-out Notice
(Single-Affiliate Notice)—[Your Choice To
Limit Marketing]/[Marketing Opt-out]
• [Name of Affiliate] is providing this
notice.
• [Optional: Federal law gives you the
right to limit some but not all marketing from
our affiliates. Federal law also requires us to
give you this notice to tell you about your
choice to limit marketing from our affiliates.]
• You may limit our affiliates in the [ABC]
group of companies, such as our [credit card,
insurance, and securities] affiliates, from
marketing their products or services to you
based on your personal information that we
collect and share with them. This
information includes your [income], your
[account history with us], and your [credit
score].
• Your choice to limit marketing offers
from our affiliates will apply [until you tell
us to change your choice]/[for x years from
when you tell us your choice]/[for at least 5
years from when you tell us your choice].
[Include if the opt-out period expires.] Once
that period expires, you will receive a
renewal notice that will allow you to
continue to limit marketing offers from our
affiliates for [another x years]/[at least
another 5 years].
• [Include, if applicable, in a subsequent
notice, including an annual notice, for
consumers who may have previously opted
out.] If you have already made a choice to
limit marketing offers from our affiliates, you
do not need to act again until you receive the
renewal notice.
To limit marketing offers, contact us
[include all that apply]:
• By telephone: 1–877–###–####
• On the Web: www.---.com
• By mail: Check the box and complete the
form below, and send the form to:
[Company name]
[Company address]
lDo not allow your affiliates to use my
personal information to market to me.
C–2—Model Form for Initial Opt-out Notice
(Joint Notice)—[Your Choice To Limit
Marketing]/[Marketing Opt-out]
• The [ABC group of companies] is
providing this notice.
• [Optional: Federal law gives you the
right to limit some but not all marketing from
the [ABC] companies. Federal law also
requires us to give you this notice to tell you
about your choice to limit marketing from the
[ABC] companies.]
• You may limit the [ABC] companies,
such as the [ABC credit card, insurance, and
securities] affiliates, from marketing their
E:\FR\FM\07NOR2.SGM
07NOR2
62972
Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations
products or services to you based on your
personal information that they receive from
other [ABC] companies. This information
includes your [income], your [account
history], and your [credit score].
• Your choice to limit marketing offers
from the [ABC] companies will apply [until
you tell us to change your choice]/[for x years
from when you tell us your choice]/[for at
least 5 years from when you tell us your
choice]. [Include if the opt-out period
expires.] Once that period expires, you will
receive a renewal notice that will allow you
to continue to limit marketing offers from the
[ABC] companies for [another x years]/[at
least another 5 years].
• [Include, if applicable, in a subsequent
notice, including an annual notice, for
consumers who may have previously opted
out.] If you have already made a choice to
limit marketing offers from the [ABC]
companies, you do not need to act again until
you receive the renewal notice.
To limit marketing offers, contact us
[include all that apply]:
• By telephone: 1–877–###–####
• On the Web: www.---.com
• By mail: Check the box and complete the
form below, and send the form to:
[Company name]
[Company address]
lDo not allow any company [in the ABC
group of companies] to use my personal
information to market to me.
rwilkins on PROD1PC63 with RULES_2
C–3—Model Form for Renewal Notice
(Single-Affiliate Notice)—[Renewing Your
Choice To Limit Marketing]/[Renewing Your
Marketing Opt-out]
• [Name of Affiliate] is providing this
notice.
• [Optional: Federal law gives you the
right to limit some but not all marketing from
our affiliates. Federal law also requires us to
give you this notice to tell you about your
choice to limit marketing from our affiliates.]
• You previously chose to limit our
affiliates in the [ABC] group of companies,
such as our [credit card, insurance, and
securities] affiliates, from marketing their
products or services to you based on your
personal information that we share with
them. This information includes your
[income], your [account history with us], and
your [credit score].
• Your choice has expired or is about to
expire.
To renew your choice to limit marketing
for [x] more years, contact us [include all that
apply]:
• By telephone: 1–877–###–####
• On the Web: www.---.com
• By mail: Check the box and complete the
form below, and send the form to:
[Company name]
[Company address]
lRenew my choice to limit marketing for
[x] more years.
C–4—Model Form for Renewal Notice (Joint
Notice)—[Renewing Your Choice To Limit
Marketing]/[Renewing Your Marketing Optout]
• The [ABC group of companies] is
providing this notice.
VerDate Aug<31>2005
16:20 Nov 06, 2007
Jkt 214001
• [Optional: Federal law gives you the
right to limit some but not all marketing from
the [ABC] companies. Federal law also
requires us to give you this notice to tell you
about your choice to limit marketing from the
[ABC] companies.]
• You previously chose to limit the [ABC]
companies, such as the [ABC credit card,
insurance, and securities] affiliates, from
marketing their products or services to you
based on your personal information that they
receive from other ABC companies. This
information includes your [income], your
[account history], and your [credit score].
• Your choice has expired or is about to
expire.
To renew your choice to limit marketing
for [x] more years, contact us [include all that
apply]:
• By telephone: 1–877–###–####
• On the Web: www.---.com
• By mail: Check the box and complete the
form below, and send the form to:
[Company name]
[Company address]
lRenew my choice to limit marketing for
[x] more years.
C–5—Model Form for Voluntary ‘‘No
Marketing’’ Notice—Your Choice To Stop
Marketing
• [Name of Affiliate] is providing this
notice.
• You may choose to stop all marketing
from us and our affiliates.
To stop all marketing, contact us [include
all that apply]:
• By telephone: 1–877–###–####
• On the Web: www.---.com
• By mail: Check the box and complete the
form below, and send the form to:
[Company name]
[Company address]
lDo not market to me.
Department of the Treasury
Office of Thrift Supervision
12 CFR Chapter V.
Authority and Issuance
For the reasons discussed in the joint
preamble, the Office of Thrift
Supervision is amending chapter V of
title 12 of the Code of Federal
Regulations by amending 12 CFR part
571 as follows:
I
PART 571—FAIR CREDIT REPORTING
1. The authority citation for part 571
is revised to read as follows:
I
Authority: 12 U.S.C. 1462a, 1463, 1464,
1467a, 1828, 1831p–1, and 1881–1884; 15
U.S.C. 1681b, 1681c, 1681m, 1681s, and
1681w; 15 U.S.C. 6801 and 6805; Sec. 214
Pub. L. 108–159, 117 Stat. 1952.
Subpart A—General Provisions
2. Amend § 571.1 by adding a new
paragraph (b)(3) to read as follows:
I
§ 571.1
*
PO 00000
*
Purpose and scope.
*
Frm 00064
*
Fmt 4701
*
Sfmt 4700
(b) * * *
(3) The scope of Subpart C of this part
is stated in § 571.20(a) of this part.
*
*
*
*
*
I 3. Add a new Subpart C to part 571
to read as follows:
Subpart C—Affiliate Marketing
Sec.
571.20 Coverage and definitions.
571.21 Affiliate marketing opt-out and
exceptions.
571.22 Scope and duration of opt-out.
571.23 Contents of opt-out notice;
consolidated and equivalent notices.
571.24 Reasonable opportunity to opt out.
571.25 Reasonable and simple methods of
opting out.
571.26 Delivery of opt-out notices.
571.27 Renewal of opt-out.
571.28 Effective date, compliance date, and
prospective application.
Subpart C—Affiliate Marketing
§ 571.20
Coverage and definitions.
(a) Coverage. Subpart C of this part
applies to savings associations whose
deposits are insured by the Federal
Deposit Insurance Corporation or, in
accordance with § 559.3(h)(1) of this
chapter, federal savings association
operating subsidiaries that are not
functionally regulated within the
meaning of section 5(c)(5) of the Bank
Holding Company Act of 1956, as
amended (12 U.S.C. 1844(c)(5)).
(b) Definitions. For purposes of this
subpart:
(1) Clear and conspicuous. The term
‘‘clear and conspicuous’’ means
reasonably understandable and
designed to call attention to the nature
and significance of the information
presented.
(2) Concise. (i) In general. The term
‘‘concise’’ means a reasonably brief
expression or statement.
(ii) Combination with other required
disclosures. A notice required by this
subpart may be concise even if it is
combined with other disclosures
required or authorized by federal or
state law.
(3) Eligibility information. The term
‘‘eligibility information’’ means any
information the communication of
which would be a consumer report if
the exclusions from the definition of
‘‘consumer report’’ in section
603(d)(2)(A) of the Act did not apply.
Eligibility information does not include
aggregate or blind data that does not
contain personal identifiers such as
account numbers, names, or addresses.
(4) Pre-existing business relationship.
(i) In general. The term ‘‘pre-existing
business relationship’’ means a
relationship between a person, or a
person’s licensed agent, and a consumer
based on—
E:\FR\FM\07NOR2.SGM
07NOR2
rwilkins on PROD1PC63 with RULES_2
Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations
(A) A financial contract between the
person and the consumer which is in
force on the date on which the
consumer is sent a solicitation covered
by this subpart;
(B) The purchase, rental, or lease by
the consumer of the person’s goods or
services, or a financial transaction
(including holding an active account or
a policy in force or having another
continuing relationship) between the
consumer and the person, during the 18month period immediately preceding
the date on which the consumer is sent
a solicitation covered by this subpart; or
(C) An inquiry or application by the
consumer regarding a product or service
offered by that person during the threemonth period immediately preceding
the date on which the consumer is sent
a solicitation covered by this subpart.
(ii) Examples of pre-existing business
relationships. (A) If a consumer has a
time deposit account, such as a
certificate of deposit, at a depository
institution that is currently in force, the
depository institution has a pre-existing
business relationship with the consumer
and can use eligibility information it
receives from its affiliates to make
solicitations to the consumer about its
products or services.
(B) If a consumer obtained a
certificate of deposit from a depository
institution, but did not renew the
certificate at maturity, the depository
institution has a pre-existing business
relationship with the consumer and can
use eligibility information it receives
from its affiliates to make solicitations
to the consumer about its products or
services for 18 months after the date of
maturity of the certificate of deposit.
(C) If a consumer obtains a mortgage,
the mortgage lender has a pre-existing
business relationship with the
consumer. If the mortgage lender sells
the consumer’s entire loan to an
investor, the mortgage lender has a preexisting business relationship with the
consumer and can use eligibility
information it receives from its affiliates
to make solicitations to the consumer
about its products or services for 18
months after the date it sells the loan,
and the investor has a pre-existing
business relationship with the consumer
upon purchasing the loan. If, however,
the mortgage lender sells a fractional
interest in the consumer’s loan to an
investor but also retains an ownership
interest in the loan, the mortgage lender
continues to have a pre-existing
business relationship with the
consumer, but the investor does not
have a pre-existing business
relationship with the consumer. If the
mortgage lender retains ownership of
the loan, but sells ownership of the
VerDate Aug<31>2005
16:20 Nov 06, 2007
Jkt 214001
servicing rights to the consumer’s loan,
the mortgage lender continues to have a
pre-existing business relationship with
the consumer. The purchaser of the
servicing rights also has a pre-existing
business relationship with the consumer
as of the date it purchases ownership of
the servicing rights, but only if it
collects payments from or otherwise
deals directly with the consumer on a
continuing basis.
(D) If a consumer applies to a
depository institution for a product or
service that it offers, but does not obtain
a product or service from or enter into
a financial contract or transaction with
the institution, the depository
institution has a pre-existing business
relationship with the consumer and can
therefore use eligibility information it
receives from an affiliate to make
solicitations to the consumer about its
products or services for three months
after the date of the application.
(E) If a consumer makes a telephone
inquiry to a depository institution about
its products or services and provides
contact information to the institution,
but does not obtain a product or service
from or enter into a financial contract or
transaction with the institution, the
depository institution has a pre-existing
business relationship with the consumer
and can therefore use eligibility
information it receives from an affiliate
to make solicitations to the consumer
about its products or services for three
months after the date of the inquiry.
(F) If a consumer makes an inquiry to
a depository institution by e-mail about
its products or services, but does not
obtain a product or service from or enter
into a financial contract or transaction
with the institution, the depository
institution has a pre-existing business
relationship with the consumer and can
therefore use eligibility information it
receives from an affiliate to make
solicitations to the consumer about its
products or services for three months
after the date of the inquiry.
(G) If a consumer has an existing
relationship with a depository
institution that is part of a group of
affiliated companies, makes a telephone
call to the centralized call center for the
group of affiliated companies to inquire
about products or services offered by the
insurance affiliate, and provides contact
information to the call center, the call
constitutes an inquiry to the insurance
affiliate that offers those products or
services. The insurance affiliate has a
pre-existing business relationship with
the consumer and can therefore use
eligibility information it receives from
its affiliated depository institution to
make solicitations to the consumer
PO 00000
Frm 00065
Fmt 4701
Sfmt 4700
62973
about its products or services for three
months after the date of the inquiry.
(iii) Examples where no pre-existing
business relationship is created. (A) If a
consumer makes a telephone call to a
centralized call center for a group of
affiliated companies to inquire about the
consumer’s existing account at a
depository institution, the call does not
constitute an inquiry to any affiliate
other than the depository institution
that holds the consumer’s account and
does not establish a pre-existing
business relationship between the
consumer and any affiliate of the
account-holding depository institution.
(B) If a consumer who has a deposit
account with a depository institution
makes a telephone call to an affiliate of
the institution to ask about the affiliate’s
retail locations and hours, but does not
make an inquiry about the affiliate’s
products or services, the call does not
constitute an inquiry and does not
establish a pre-existing business
relationship between the consumer and
the affiliate. Also, the affiliate’s capture
of the consumer’s telephone number
does not constitute an inquiry and does
not establish a pre-existing business
relationship between the consumer and
the affiliate.
(C) If a consumer makes a telephone
call to a depository institution in
response to an advertisement that offers
a free promotional item to consumers
who call a toll-free number, but the
advertisement does not indicate that the
depository institution’s products or
services will be marketed to consumers
who call in response, the call does not
create a pre-existing business
relationship between the consumer and
the depository institution because the
consumer has not made an inquiry
about a product or service offered by the
institution, but has merely responded to
an offer for a free promotional item.
(5) Solicitation. (i) In general. The
term ‘‘solicitation’’ means the marketing
of a product or service initiated by a
person to a particular consumer that
is—
(A) Based on eligibility information
communicated to that person by its
affiliate as described in this subpart; and
(B) Intended to encourage the
consumer to purchase or obtain such
product or service.
(ii) Exclusion of marketing directed at
the general public. A solicitation does
not include marketing communications
that are directed at the general public.
For example, television, general
circulation magazine, and billboard
advertisements do not constitute
solicitations, even if those
communications are intended to
encourage consumers to purchase
E:\FR\FM\07NOR2.SGM
07NOR2
62974
Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations
products and services from the person
initiating the communications.
(iii) Examples of solicitations. A
solicitation would include, for example,
a telemarketing call, direct mail, e-mail,
or other form of marketing
communication directed to a particular
consumer that is based on eligibility
information received from an affiliate.
(6) You means a person described in
paragraph (a) of this section.
rwilkins on PROD1PC63 with RULES_2
§ 571.21 Affiliate marketing opt-out and
exceptions.
(a) Initial notice and opt-out
requirement. (1) In general. You may not
use eligibility information about a
consumer that you receive from an
affiliate to make a solicitation for
marketing purposes to the consumer,
unless—
(i) It is clearly and conspicuously
disclosed to the consumer in writing or,
if the consumer agrees, electronically, in
a concise notice that you may use
eligibility information about that
consumer received from an affiliate to
make solicitations for marketing
purposes to the consumer;
(ii) The consumer is provided a
reasonable opportunity and a reasonable
and simple method to ‘‘opt out,’’ or
prohibit you from using eligibility
information to make solicitations for
marketing purposes to the consumer;
and
(iii) The consumer has not opted out.
(2) Example. A consumer has a
homeowner’s insurance policy with an
insurance company. The insurance
company furnishes eligibility
information about the consumer to its
affiliated depository institution. Based
on that eligibility information, the
depository institution wants to make a
solicitation to the consumer about its
home equity loan products. The
depository institution does not have a
pre-existing business relationship with
the consumer and none of the other
exceptions apply. The depository
institution is prohibited from using
eligibility information received from its
insurance affiliate to make solicitations
to the consumer about its home equity
loan products unless the consumer is
given a notice and opportunity to opt
out and the consumer does not opt out.
(3) Affiliates who may provide the
notice. The notice required by this
paragraph must be provided:
(i) By an affiliate that has or has
previously had a pre-existing business
relationship with the consumer; or
(ii) As part of a joint notice from two
or more members of an affiliated group
of companies, provided that at least one
of the affiliates on the joint notice has
or has previously had a pre-existing
VerDate Aug<31>2005
16:20 Nov 06, 2007
Jkt 214001
business relationship with the
consumer.
(b) Making solicitations. (1) In
general. For purposes of this subpart,
you make a solicitation for marketing
purposes if—
(i) You receive eligibility information
from an affiliate;
(ii) You use that eligibility
information to do one or more of the
following:
(A) Identify the consumer or type of
consumer to receive a solicitation;
(B) Establish criteria used to select the
consumer to receive a solicitation; or
(C) Decide which of your products or
services to market to the consumer or
tailor your solicitation to that consumer;
and
(iii) As a result of your use of the
eligibility information, the consumer is
provided a solicitation.
(2) Receiving eligibility information
from an affiliate, including through a
common database. You may receive
eligibility information from an affiliate
in various ways, including when the
affiliate places that information into a
common database that you may access.
(3) Receipt or use of eligibility
information by your service provider.
Except as provided in paragraph (b)(5)
of this section, you receive or use an
affiliate’s eligibility information if a
service provider acting on your behalf
(whether an affiliate or a nonaffiliated
third party) receives or uses that
information in the manner described in
paragraphs (b)(1)(i) or (b)(1)(ii) of this
section. All relevant facts and
circumstances will determine whether a
person is acting as your service provider
when it receives or uses an affiliate’s
eligibility information in connection
with marketing your products and
services.
(4) Use by an affiliate of its own
eligibility information. Unless you have
used eligibility information that you
receive from an affiliate in the manner
described in paragraph (b)(1)(ii) of this
section, you do not make a solicitation
subject to this subpart if your affiliate:
(i) Uses its own eligibility information
that it obtained in connection with a
pre-existing business relationship it has
or had with the consumer to market
your products or services to the
consumer; or
(ii) Directs its service provider to use
the affiliate’s own eligibility information
that it obtained in connection with a
pre-existing business relationship it has
or had with the consumer to market
your products or services to the
consumer, and you do not communicate
directly with the service provider
regarding that use.
PO 00000
Frm 00066
Fmt 4701
Sfmt 4700
(5) Use of eligibility information by a
service provider. (i) In general. You do
not make a solicitation subject to
Subpart C of this part if a service
provider (including an affiliated or
third-party service provider that
maintains or accesses a common
database that you may access) receives
eligibility information from your
affiliate that your affiliate obtained in
connection with a pre-existing business
relationship it has or had with the
consumer and uses that eligibility
information to market your products or
services to the consumer, so long as—
(A) Your affiliate controls access to
and use of its eligibility information by
the service provider (including the right
to establish the specific terms and
conditions under which the service
provider may use such information to
market your products or services);
(B) Your affiliate establishes specific
terms and conditions under which the
service provider may access and use the
affiliate’s eligibility information to
market your products and services (or
those of affiliates generally) to the
consumer, such as the identity of the
affiliated companies whose products or
services may be marketed to the
consumer by the service provider, the
types of products or services of affiliated
companies that may be marketed, and
the number of times the consumer may
receive marketing materials, and
periodically evaluates the service
provider’s compliance with those terms
and conditions;
(C) Your affiliate requires the service
provider to implement reasonable
policies and procedures designed to
ensure that the service provider uses the
affiliate’s eligibility information in
accordance with the terms and
conditions established by the affiliate
relating to the marketing of your
products or services;
(D) Your affiliate is identified on or
with the marketing materials provided
to the consumer; and
(E) You do not directly use your
affiliate’s eligibility information in the
manner described in paragraph (b)(1)(ii)
of this section.
(ii) Writing requirements. (A) The
requirements of paragraphs (b)(5)(i)(A)
and (C) of this section must be set forth
in a written agreement between your
affiliate and the service provider; and
(B) The specific terms and conditions
established by your affiliate as provided
in paragraph (b)(5)(i)(B) of this section
must be set forth in writing.
(6) Examples of making solicitations.
(i) A consumer has a deposit account
with a depository institution, which is
affiliated with an insurance company.
The insurance company receives
E:\FR\FM\07NOR2.SGM
07NOR2
rwilkins on PROD1PC63 with RULES_2
Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations
eligibility information about the
consumer from the depository
institution. The insurance company
uses that eligibility information to
identify the consumer to receive a
solicitation about insurance products,
and, as a result, the insurance company
provides a solicitation to the consumer
about its insurance products. Pursuant
to paragraph (b)(1) of this section, the
insurance company has made a
solicitation to the consumer.
(ii) The same facts as in the example
in paragraph (b)(6)(i) of this section,
except that after using the eligibility
information to identify the consumer to
receive a solicitation about insurance
products, the insurance company asks
the depository institution to send the
solicitation to the consumer and the
depository institution does so. Pursuant
to paragraph (b)(1) of this section, the
insurance company has made a
solicitation to the consumer because it
used eligibility information about the
consumer that it received from an
affiliate to identify the consumer to
receive a solicitation about its products
or services, and, as a result, a
solicitation was provided to the
consumer about the insurance
company’s products.
(iii) The same facts as in the example
in paragraph (b)(6)(i) of this section,
except that eligibility information about
consumers that have deposit accounts
with the depository institution is placed
into a common database that all
members of the affiliated group of
companies may independently access
and use. Without using the depository
institution’s eligibility information, the
insurance company develops selection
criteria and provides those criteria,
marketing materials, and related
instructions to the depository
institution. The depository institution
reviews eligibility information about its
own consumers using the selection
criteria provided by the insurance
company to determine which
consumers should receive the insurance
company’s marketing materials and
sends marketing materials about the
insurance company’s products to those
consumers. Even though the insurance
company has received eligibility
information through the common
database as provided in paragraph (b)(2)
of this section, it did not use that
information to identify consumers or
establish selection criteria; instead, the
depository institution used its own
eligibility information. Therefore,
pursuant to paragraph (b)(4)(i) of this
section, the insurance company has not
made a solicitation to the consumer.
(iv) The same facts as in the example
in paragraph (b)(6)(iii) of this section,
VerDate Aug<31>2005
16:20 Nov 06, 2007
Jkt 214001
except that the depository institution
provides the insurance company’s
criteria to the depository institution’s
service provider and directs the service
provider to use the depository
institution’s eligibility information to
identify depository institution
consumers who meet the criteria and to
send the insurance company’s
marketing materials to those consumers.
The insurance company does not
communicate directly with the service
provider regarding the use of the
depository institution’s information to
market its products to the depository
institution’s consumers. Pursuant to
paragraph (b)(4)(ii) of this section, the
insurance company has not made a
solicitation to the consumer.
(v) An affiliated group of companies
includes a depository institution, an
insurance company, and a service
provider. Each affiliate in the group
places information about its consumers
into a common database. The service
provider has access to all information in
the common database. The depository
institution controls access to and use of
its eligibility information by the service
provider. This control is set forth in a
written agreement between the
depository institution and the service
provider. The written agreement also
requires the service provider to establish
reasonable policies and procedures
designed to ensure that the service
provider uses the depository
institution’s eligibility information in
accordance with specific terms and
conditions established by the depository
institution relating to the marketing of
the products and services of all
affiliates, including the insurance
company. In a separate written
communication, the depository
institution specifies the terms and
conditions under which the service
provider may use the depository
institution’s eligibility information to
market the insurance company’s
products and services to the depository
institution’s consumers. The specific
terms and conditions are: A list of
affiliated companies (including the
insurance company) whose products or
services may be marketed to the
depository institution’s consumers by
the service provider; the specific
products or types of products that may
be marketed to the depository
institution’s consumers by the service
provider; the categories of eligibility
information that may be used by the
service provider in marketing products
or services to the depository
institution’s consumers; the types or
categories of the depository institution’s
consumers to whom the service
PO 00000
Frm 00067
Fmt 4701
Sfmt 4700
62975
provider may market products or
services of depository institution
affiliates; the number and/or types of
marketing communications that the
service provider may send to the
depository institution’s consumers; and
the length of time during which the
service provider may market the
products or services of the depository
institution’s affiliates to its consumers.
The depository institution periodically
evaluates the service provider’s
compliance with these terms and
conditions. The insurance company
asks the service provider to market
insurance products to certain consumers
who have deposit accounts with the
depository institution. Without using
the depository institution’s eligibility
information, the insurance company
develops selection criteria and provides
those criteria, marketing materials, and
related instructions to the service
provider. The service provider uses the
depository institution’s eligibility
information from the common database
to identify the depository institution’s
consumers to whom insurance products
will be marketed. When the insurance
company’s marketing materials are
provided to the identified consumers,
the name of the depository institution is
displayed on the insurance marketing
materials, an introductory letter that
accompanies the marketing materials,
an account statement that accompanies
the marketing materials, or the envelope
containing the marketing materials. The
requirements of paragraph (b)(5) of this
section have been satisfied, and the
insurance company has not made a
solicitation to the consumer.
(vi) The same facts as in the example
in paragraph (b)(6)(v) of this section,
except that the terms and conditions
permit the service provider to use the
depository institution’s eligibility
information to market the products and
services of other affiliates to the
depository institution’s consumers
whenever the service provider deems it
appropriate to do so. The service
provider uses the depository
institution’s eligibility information in
accordance with the discretion afforded
to it by the terms and conditions.
Because the terms and conditions are
not specific, the requirements of
paragraph (b)(5) of this section have not
been satisfied.
(c) Exceptions. The provisions of this
subpart do not apply to you if you use
eligibility information that you receive
from an affiliate:
(1) To make a solicitation for
marketing purposes to a consumer with
whom you have a pre-existing business
relationship;
E:\FR\FM\07NOR2.SGM
07NOR2
rwilkins on PROD1PC63 with RULES_2
62976
Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations
(2) To facilitate communications to an
individual for whose benefit you
provide employee benefit or other
services pursuant to a contract with an
employer related to and arising out of
the current employment relationship or
status of the individual as a participant
or beneficiary of an employee benefit
plan;
(3) To perform services on behalf of
an affiliate, except that this
subparagraph shall not be construed as
permitting you to send solicitations on
behalf of an affiliate if the affiliate
would not be permitted to send the
solicitation as a result of the election of
the consumer to opt out under this
subpart;
(4) In response to a communication
about your products or services initiated
by the consumer;
(5) In response to an authorization or
request by the consumer to receive
solicitations; or
(6) If your compliance with this
subpart would prevent you from
complying with any provision of State
insurance laws pertaining to unfair
discrimination in any State in which
you are lawfully doing business.
(d) Examples of exceptions. (1)
Example of the pre-existing business
relationship exception. A consumer has
a deposit account with a depository
institution. The consumer also has a
relationship with the depository
institution’s securities affiliate for
management of the consumer’s
securities portfolio. The depository
institution receives eligibility
information about the consumer from its
securities affiliate and uses that
information to make a solicitation to the
consumer about the depository
institution’s wealth management
services. The depository institution may
make this solicitation even if the
consumer has not been given a notice
and opportunity to opt out because the
depository institution has a pre-existing
business relationship with the
consumer.
(2) Examples of service provider
exception. (i) A consumer has an
insurance policy issued by an insurance
company. The insurance company
furnishes eligibility information about
the consumer to its affiliated depository
institution. Based on that eligibility
information, the depository institution
wants to make a solicitation to the
consumer about its deposit products.
The depository institution does not have
a pre-existing business relationship with
the consumer and none of the other
exceptions in paragraph (c) of this
section apply. The consumer has been
given an opt-out notice and has elected
to opt out of receiving such
VerDate Aug<31>2005
16:20 Nov 06, 2007
Jkt 214001
solicitations. The depository institution
asks a service provider to send the
solicitation to the consumer on its
behalf. The service provider may not
send the solicitation on behalf of the
depository institution because, as a
result of the consumer’s opt-out
election, the depository institution is
not permitted to make the solicitation.
(ii) The same facts as in paragraph
(d)(2)(i) of this section, except the
consumer has been given an opt-out
notice, but has not elected to opt out.
The depository institution asks a service
provider to send the solicitation to the
consumer on its behalf. The service
provider may send the solicitation on
behalf of the depository institution
because, as a result of the consumer’s
not opting out, the depository
institution is permitted to make the
solicitation.
(3) Examples of consumer-initiated
communications. (i) A consumer who
has a deposit account with a depository
institution initiates a communication
with the depository institution’s credit
card affiliate to request information
about a credit card. The credit card
affiliate may use eligibility information
about the consumer it obtains from the
depository institution or any other
affiliate to make solicitations regarding
credit card products in response to the
consumer-initiated communication.
(ii) A consumer who has a deposit
account with a depository institution
contacts the institution to request
information about how to save and
invest for a child’s college education
without specifying the type of product
in which the consumer may be
interested. Information about a range of
different products or services offered by
the depository institution and one or
more affiliates of the institution may be
responsive to that communication. Such
products or services may include the
following: Mutual funds offered by the
institution’s mutual fund affiliate;
section 529 plans offered by the
institution, its mutual fund affiliate, or
another securities affiliate; or trust
services offered by a different financial
institution in the affiliated group. Any
affiliate offering investment products or
services that would be responsive to the
consumer’s request for information
about saving and investing for a child’s
college education may use eligibility
information to make solicitations to the
consumer in response to this
communication.
(iii) A credit card issuer makes a
marketing call to the consumer without
using eligibility information received
from an affiliate. The issuer leaves a
voice-mail message that invites the
consumer to call a toll-free number to
PO 00000
Frm 00068
Fmt 4701
Sfmt 4700
apply for the issuer’s credit card. If the
consumer calls the toll-free number to
inquire about the credit card, the call is
a consumer-initiated communication
about a product or service and the credit
card issuer may now use eligibility
information it receives from its affiliates
to make solicitations to the consumer.
(iv) A consumer calls a depository
institution to ask about retail locations
and hours, but does not request
information about products or services.
The institution may not use eligibility
information it receives from an affiliate
to make solicitations to the consumer
about its products or services because
the consumer-initiated communication
does not relate to the depository
institution’s products or services. Thus,
the use of eligibility information
received from an affiliate would not be
responsive to the communication and
the exception does not apply.
(v) A consumer calls a depository
institution to ask about retail locations
and hours. The customer service
representative asks the consumer if
there is a particular product or service
about which the consumer is seeking
information. The consumer responds
that the consumer wants to stop in and
find out about certificates of deposit.
The customer service representative
offers to provide that information by
telephone and mail additional
information and application materials to
the consumer. The consumer agrees and
provides or confirms contact
information for receipt of the materials
to be mailed. The depository institution
may use eligibility information it
receives from an affiliate to make
solicitations to the consumer about
certificates of deposit because such
solicitations would respond to the
consumer-initiated communication
about products or services.
(4) Examples of consumer
authorization or request for
solicitations. (i) A consumer who
obtains a mortgage from a mortgage
lender authorizes or requests
information about homeowner’s
insurance offered by the mortgage
lender’s insurance affiliate. Such
authorization or request, whether given
to the mortgage lender or to the
insurance affiliate, would permit the
insurance affiliate to use eligibility
information about the consumer it
obtains from the mortgage lender or any
other affiliate to make solicitations to
the consumer about homeowner’s
insurance.
(ii) A consumer completes an online
application to apply for a credit card
from a credit card issuer. The issuer’s
online application contains a blank
check box that the consumer may check
E:\FR\FM\07NOR2.SGM
07NOR2
Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations
to authorize or request information from
the credit card issuer’s affiliates. The
consumer checks the box. The consumer
has authorized or requested solicitations
from the card issuer’s affiliates.
(iii) A consumer completes an online
application to apply for a credit card
from a credit card issuer. The issuer’s
online application contains a preselected check box indicating that the
consumer authorizes or requests
information from the issuer’s affiliates.
The consumer does not deselect the
check box. The consumer has not
authorized or requested solicitations
from the card issuer’s affiliates.
(iv) The terms and conditions of a
credit card account agreement contain
preprinted boilerplate language stating
that by applying to open an account the
consumer authorizes or requests to
receive solicitations from the credit card
issuer’s affiliates. The consumer has not
authorized or requested solicitations
from the card issuer’s affiliates.
(e) Relation to affiliate-sharing notice
and opt-out. Nothing in this subpart
limits the responsibility of a person to
comply with the notice and opt-out
provisions of section 603(d)(2)(A)(iii) of
the Act where applicable.
rwilkins on PROD1PC63 with RULES_2
§ 571.22
Scope and duration of opt-out.
(a) Scope of opt-out. (1) In general.
Except as otherwise provided in this
section, the consumer’s election to opt
out prohibits any affiliate covered by the
opt-out notice from using eligibility
information received from another
affiliate as described in the notice to
make solicitations to the consumer.
(2) Continuing relationship. (i) In
general. If the consumer establishes a
continuing relationship with you or
your affiliate, an opt-out notice may
apply to eligibility information obtained
in connection with—
(A) A single continuing relationship
or multiple continuing relationships
that the consumer establishes with you
or your affiliates, including continuing
relationships established subsequent to
delivery of the opt-out notice, so long as
the notice adequately describes the
continuing relationships covered by the
opt-out; or
(B) Any other transaction between the
consumer and you or your affiliates as
described in the notice.
(ii) Examples of continuing
relationships. A consumer has a
continuing relationship with you or
your affiliate if the consumer—
(A) Opens a deposit or investment
account with you or your affiliate;
(B) Obtains a loan for which you or
your affiliate owns the servicing rights;
(C) Purchases an insurance product
from you or your affiliate;
VerDate Aug<31>2005
16:20 Nov 06, 2007
Jkt 214001
(D) Holds an investment product
through you or your affiliate, such as
when you act or your affiliate acts as a
custodian for securities or for assets in
an individual retirement arrangement;
(E) Enters into an agreement or
understanding with you or your affiliate
whereby you or your affiliate undertakes
to arrange or broker a home mortgage
loan for the consumer;
(F) Enters into a lease of personal
property with you or your affiliate; or
(G) Obtains financial, investment, or
economic advisory services from you or
your affiliate for a fee.
(3) No continuing relationship. (i) In
general. If there is no continuing
relationship between a consumer and
you or your affiliate, and you or your
affiliate obtain eligibility information
about a consumer in connection with a
transaction with the consumer, such as
an isolated transaction or a credit
application that is denied, an opt-out
notice provided to the consumer only
applies to eligibility information
obtained in connection with that
transaction.
(ii) Examples of isolated transactions.
An isolated transaction occurs if—
(A) The consumer uses your or your
affiliate’s ATM to withdraw cash from
an account at another financial
institution; or
(B) You or your affiliate sells the
consumer a cashier’s check or money
order, airline tickets, travel insurance,
or traveler’s checks in isolated
transactions.
(4) Menu of alternatives. A consumer
may be given the opportunity to choose
from a menu of alternatives when
electing to prohibit solicitations, such as
by electing to prohibit solicitations from
certain types of affiliates covered by the
opt-out notice but not other types of
affiliates covered by the notice, electing
to prohibit solicitations based on certain
types of eligibility information but not
other types of eligibility information, or
electing to prohibit solicitations by
certain methods of delivery but not
other methods of delivery. However,
one of the alternatives must allow the
consumer to prohibit all solicitations
from all of the affiliates that are covered
by the notice.
(5) Special rule for a notice following
termination of all continuing
relationships. (i) In general. A consumer
must be given a new opt-out notice if,
after all continuing relationships with
you or your affiliate(s) are terminated,
the consumer subsequently establishes
another continuing relationship with
you or your affiliate(s) and the
consumer’s eligibility information is to
be used to make a solicitation. The new
opt-out notice must apply, at a
PO 00000
Frm 00069
Fmt 4701
Sfmt 4700
62977
minimum, to eligibility information
obtained in connection with the new
continuing relationship. Consistent with
paragraph (b) of this section, the
consumer’s decision not to opt out after
receiving the new opt-out notice would
not override a prior opt-out election by
the consumer that applies to eligibility
information obtained in connection
with a terminated relationship,
regardless of whether the new opt-out
notice applies to eligibility information
obtained in connection with the
terminated relationship.
(ii) Example. A consumer has a
checking account with a depository
institution that is part of an affiliated
group. The consumer closes the
checking account. One year after closing
the checking account, the consumer
opens a savings account with the same
depository institution. The consumer
must be given a new notice and
opportunity to opt out before the
depository institution’s affiliates may
make solicitations to the consumer
using eligibility information obtained by
the depository institution in connection
with the new savings account
relationship, regardless of whether the
consumer opted out in connection with
the checking account.
(b) Duration of opt-out. The election
of a consumer to opt out must be
effective for a period of at least five
years (the ‘‘opt-out period’’) beginning
when the consumer’s opt-out election is
received and implemented, unless the
consumer subsequently revokes the optout in writing or, if the consumer agrees,
electronically. An opt-out period of
more than five years may be established,
including an opt-out period that does
not expire unless revoked by the
consumer.
(c) Time of opt-out. A consumer may
opt out at any time.
§ 571.23 Contents of opt-out notice;
consolidated and equivalent notices.
(a) Contents of opt-out notice. (1) In
general. A notice must be clear,
conspicuous, and concise, and must
accurately disclose:
(i) The name of the affiliate(s)
providing the notice. If the notice is
provided jointly by multiple affiliates
and each affiliate shares a common
name, such as ‘‘ABC,’’ then the notice
may indicate that it is being provided by
multiple companies with the ABC name
or multiple companies in the ABC group
or family of companies, for example, by
stating that the notice is provided by
‘‘all of the ABC companies,’’ ‘‘the ABC
banking, credit card, insurance, and
securities companies,’’ or by listing the
name of each affiliate providing the
notice. But if the affiliates providing the
E:\FR\FM\07NOR2.SGM
07NOR2
rwilkins on PROD1PC63 with RULES_2
62978
Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations
joint notice do not all share a common
name, then the notice must either
separately identify each affiliate by
name or identify each of the common
names used by those affiliates, for
example, by stating that the notice is
provided by ‘‘all of the ABC and XYZ
companies’’ or by ‘‘the ABC banking
and credit card companies and the XYZ
insurance companies’’;
(ii) A list of the affiliates or types of
affiliates whose use of eligibility
information is covered by the notice,
which may include companies that
become affiliates after the notice is
provided to the consumer. If each
affiliate covered by the notice shares a
common name, such as ‘‘ABC,’’ then the
notice may indicate that it applies to
multiple companies with the ABC name
or multiple companies in the ABC group
or family of companies, for example, by
stating that the notice is provided by
‘‘all of the ABC companies,’’ ‘‘the ABC
banking, credit card, insurance, and
securities companies,’’ or by listing the
name of each affiliate providing the
notice. But if the affiliates covered by
the notice do not all share a common
name, then the notice must either
separately identify each covered affiliate
by name or identify each of the common
names used by those affiliates, for
example, by stating that the notice
applies to ‘‘all of the ABC and XYZ
companies’’ or to ‘‘the ABC banking and
credit card companies and the XYZ
insurance companies’’;
(iii) A general description of the types
of eligibility information that may be
used to make solicitations to the
consumer;
(iv) That the consumer may elect to
limit the use of eligibility information to
make solicitations to the consumer;
(v) That the consumer’s election will
apply for the specified period of time
stated in the notice and, if applicable,
that the consumer will be allowed to
renew the election once that period
expires;
(vi) If the notice is provided to
consumers who may have previously
opted out, such as if a notice is provided
to consumers annually, that the
consumer who has chosen to limit
solicitations does not need to act again
until the consumer receives a renewal
notice; and
(vii) A reasonable and simple method
for the consumer to opt out.
(2) Joint relationships. (i) If two or
more consumers jointly obtain a product
or service, a single opt-out notice may
be provided to the joint consumers. Any
of the joint consumers may exercise the
right to opt out.
(ii) The opt-out notice must explain
how an opt-out direction by a joint
VerDate Aug<31>2005
16:20 Nov 06, 2007
Jkt 214001
consumer will be treated. An opt-out
direction by a joint consumer may be
treated as applying to all of the
associated joint consumers, or each joint
consumer may be permitted to opt-out
separately. If each joint consumer is
permitted to opt out separately, one of
the joint consumers must be permitted
to opt out on behalf of all of the joint
consumers and the joint consumers
must be permitted to exercise their
separate rights to opt out in a single
response.
(iii) It is impermissible to require all
joint consumers to opt out before
implementing any opt-out direction.
(3) Alternative contents. If the
consumer is afforded a broader right to
opt out of receiving marketing than is
required by this subpart, the
requirements of this section may be
satisfied by providing the consumer
with a clear, conspicuous, and concise
notice that accurately discloses the
consumer’s opt-out rights.
(4) Model notices. Model notices are
provided in Appendix C of this part.
(b) Coordinated and consolidated
notices. A notice required by this
subpart may be coordinated and
consolidated with any other notice or
disclosure required to be issued under
any other provision of law by the entity
providing the notice, including but not
limited to the notice described in
section 603(d)(2)(A)(iii) of the Act and
the Gramm-Leach-Bliley Act privacy
notice.
(c) Equivalent notices. A notice or
other disclosure that is equivalent to the
notice required by this subpart, and that
is provided to a consumer together with
disclosures required by any other
provision of law, satisfies the
requirements of this section.
§ 571.24
out.
Reasonable opportunity to opt
(a) In general. You must not use
eligibility information about a consumer
that you receive from an affiliate to
make a solicitation to the consumer
about your products or services, unless
the consumer is provided a reasonable
opportunity to opt out, as required by
§ 571.21(a)(1)(ii) of this part.
(b) Examples of a reasonable
opportunity to opt out. The consumer is
given a reasonable opportunity to opt
out if:
(1) By mail. The opt-out notice is
mailed to the consumer. The consumer
is given 30 days from the date the notice
is mailed to elect to opt out by any
reasonable means.
(2) By electronic means. (i) The optout notice is provided electronically to
the consumer, such as by posting the
notice at an Internet Web site at which
PO 00000
Frm 00070
Fmt 4701
Sfmt 4700
the consumer has obtained a product or
service. The consumer acknowledges
receipt of the electronic notice. The
consumer is given 30 days after the date
the consumer acknowledges receipt to
elect to opt out by any reasonable
means.
(ii) The opt-out notice is provided to
the consumer by e-mail where the
consumer has agreed to receive
disclosures by e-mail from the person
sending the notice. The consumer is
given 30 days after the e-mail is sent to
elect to opt out by any reasonable
means.
(3) At the time of an electronic
transaction. The opt-out notice is
provided to the consumer at the time of
an electronic transaction, such as a
transaction conducted on an Internet
Web site. The consumer is required to
decide, as a necessary part of
proceeding with the transaction,
whether to opt out before completing
the transaction. There is a simple
process that the consumer may use to
opt out at that time using the same
mechanism through which the
transaction is conducted.
(4) At the time of an in-person
transaction. The opt-out notice is
provided to the consumer in writing at
the time of an in-person transaction.
The consumer is required to decide, as
a necessary part of proceeding with the
transaction, whether to opt out before
completing the transaction, and is not
permitted to complete the transaction
without making a choice. There is a
simple process that the consumer may
use during the course of the in-person
transaction to opt out, such as
completing a form that requires
consumers to write a ‘‘yes’’ or ‘‘no’’ to
indicate their opt-out preference or that
requires the consumer to check one of
two blank check boxes—one that allows
consumers to indicate that they want to
opt out and one that allows consumers
to indicate that they do not want to opt
out.
(5) By including in a privacy notice.
The opt-out notice is included in a
Gramm-Leach-Bliley Act privacy notice.
The consumer is allowed to exercise the
opt-out within a reasonable period of
time and in the same manner as the optout under that privacy notice.
§ 571.25 Reasonable and simple methods
of opting out.
(a) In general. You must not use
eligibility information about a consumer
that you receive from an affiliate to
make a solicitation to the consumer
about your products or services, unless
the consumer is provided a reasonable
and simple method to opt out, as
required by § 571.21(a)(1)(ii) of this part.
E:\FR\FM\07NOR2.SGM
07NOR2
Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations
(b) Examples. (1) Reasonable and
simple opt-out methods. Reasonable and
simple methods for exercising the optout right include—
(i) Designating a check-off box in a
prominent position on the opt-out form;
(ii) Including a reply form and a selfaddressed envelope together with the
opt-out notice;
(iii) Providing an electronic means to
opt out, such as a form that can be
electronically mailed or processed at an
Internet Web site, if the consumer agrees
to the electronic delivery of information;
(iv) Providing a toll-free telephone
number that consumers may call to opt
out; or
(v) Allowing consumers to exercise all
of their opt-out rights described in a
consolidated opt-out notice that
includes the privacy opt-out under the
Gramm-Leach-Bliley Act (15 U.S.C.
6801 et seq.), the affiliate sharing optout under the Act, and the affiliate
marketing opt-out under the Act, by a
single method, such as by calling a
single toll-free telephone number.
(2) Opt-out methods that are not
reasonable and simple. Reasonable and
simple methods for exercising an optout right do not include—
(i) Requiring the consumer to write
his or her own letter;
(ii) Requiring the consumer to call or
write to obtain a form for opting out,
rather than including the form with the
opt-out notice;
(iii) Requiring the consumer who
receives the opt-out notice in electronic
form only, such as through posting at an
Internet Web site, to opt out solely by
paper mail or by visiting a different Web
site without providing a link to that site.
(c) Specific opt-out means. Each
consumer may be required to opt out
through a specific means, as long as that
means is reasonable and simple for that
consumer.
rwilkins on PROD1PC63 with RULES_2
§ 571.26
Delivery of opt-out notices.
(a) In general. The opt-out notice must
be provided so that each consumer can
reasonably be expected to receive actual
notice. For opt-out notices provided
electronically, the notice may be
provided in compliance with either the
electronic disclosure provisions in this
subpart or the provisions in section 101
of the Electronic Signatures in Global
and National Commerce Act, 15 U.S.C.
7001 et seq.
(b) Examples of reasonable
expectation of actual notice. A
consumer may reasonably be expected
to receive actual notice if the affiliate
providing the notice:
(1) Hand-delivers a printed copy of
the notice to the consumer;
VerDate Aug<31>2005
16:20 Nov 06, 2007
Jkt 214001
(2) Mails a printed copy of the notice
to the last known mailing address of the
consumer;
(3) Provides a notice by e-mail to a
consumer who has agreed to receive
electronic disclosures by e-mail from
the affiliate providing the notice; or
(4) Posts the notice on the Internet
Web site at which the consumer
obtained a product or service
electronically and requires the
consumer to acknowledge receipt of the
notice.
(c) Examples of no reasonable
expectation of actual notice. A
consumer may not reasonably be
expected to receive actual notice if the
affiliate providing the notice:
(1) Only posts the notice on a sign in
a branch or office or generally publishes
the notice in a newspaper;
(2) Sends the notice via e-mail to a
consumer who has not agreed to receive
electronic disclosures by e-mail from
the affiliate providing the notice; or
(3) Posts the notice on an Internet
Web site without requiring the
consumer to acknowledge receipt of the
notice.
§ 571.27
Renewal of opt-out.
(a) Renewal notice and opt-out
requirement. (1) In general. After the
opt-out period expires, you may not
make solicitations based on eligibility
information you receive from an affiliate
to a consumer who previously opted
out, unless:
(i) The consumer has been given a
renewal notice that complies with the
requirements of this section and
§§ 571.24 through 571.26 of this part,
and a reasonable opportunity and a
reasonable and simple method to renew
the opt-out, and the consumer does not
renew the opt-out; or
(ii) An exception in § 571.21(c) of this
part applies.
(2) Renewal period. Each opt-out
renewal must be effective for a period of
at least five years as provided in
§ 571.22(b) of this part.
(3) Affiliates who may provide the
notice. The notice required by this
paragraph must be provided:
(i) By the affiliate that provided the
previous opt-out notice, or its successor;
or
(ii) As part of a joint renewal notice
from two or more members of an
affiliated group of companies, or their
successors, that jointly provided the
previous opt-out notice.
(b) Contents of renewal notice. The
renewal notice must be clear,
conspicuous, and concise, and must
accurately disclose:
(1) The name of the affiliate(s)
providing the notice. If the notice is
PO 00000
Frm 00071
Fmt 4701
Sfmt 4700
62979
provided jointly by multiple affiliates
and each affiliate shares a common
name, such as ‘‘ABC,’’ then the notice
may indicate that it is being provided by
multiple companies with the ABC name
or multiple companies in the ABC group
or family of companies, for example, by
stating that the notice is provided by
‘‘all of the ABC companies,’’ ‘‘the ABC
banking, credit card, insurance, and
securities companies,’’ or by listing the
name of each affiliate providing the
notice. But if the affiliates providing the
joint notice do not all share a common
name, then the notice must either
separately identify each affiliate by
name or identify each of the common
names used by those affiliates, for
example, by stating that the notice is
provided by ‘‘all of the ABC and XYZ
companies’’ or by ‘‘the ABC banking
and credit card companies and the XYZ
insurance companies’’;
(2) A list of the affiliates or types of
affiliates whose use of eligibility
information is covered by the notice,
which may include companies that
become affiliates after the notice is
provided to the consumer. If each
affiliate covered by the notice shares a
common name, such as ‘‘ABC,’’ then the
notice may indicate that it applies to
multiple companies with the ABC name
or multiple companies in the ABC group
or family of companies, for example, by
stating that the notice is provided by
‘‘all of the ABC companies,’’ ‘‘the ABC
banking, credit card, insurance, and
securities companies,’’ or by listing the
name of each affiliate providing the
notice. But if the affiliates covered by
the notice do not all share a common
name, then the notice must either
separately identify each covered affiliate
by name or identify each of the common
names used by those affiliates, for
example, by stating that the notice
applies to ‘‘all of the ABC and XYZ
companies’’ or to ‘‘the ABC banking and
credit card companies and the XYZ
insurance companies’’;
(3) A general description of the types
of eligibility information that may be
used to make solicitations to the
consumer;
(4) That the consumer previously
elected to limit the use of certain
information to make solicitations to the
consumer;
(5) That the consumer’s election has
expired or is about to expire;
(6) That the consumer may elect to
renew the consumer’s previous election;
(7) If applicable, that the consumer’s
election to renew will apply for the
specified period of time stated in the
notice and that the consumer will be
allowed to renew the election once that
period expires; and
E:\FR\FM\07NOR2.SGM
07NOR2
62980
Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations
(8) A reasonable and simple method
for the consumer to opt out.
(c) Timing of the renewal notice. (1)
In general. A renewal notice may be
provided to the consumer either—
(i) A reasonable period of time before
the expiration of the opt-out period; or
(ii) Any time after the expiration of
the opt-out period but before
solicitations that would have been
prohibited by the expired opt-out are
made to the consumer.
(2) Combination with annual privacy
notice. If you provide an annual privacy
notice under the Gramm-Leach-Bliley
Act, 15 U.S.C. 6801 et seq., providing a
renewal notice with the last annual
privacy notice provided to the consumer
before expiration of the opt-out period
is a reasonable period of time before
expiration of the opt-out in all cases.
(d) No effect on opt-out period. An
opt-out period may not be shortened by
sending a renewal notice to the
consumer before expiration of the optout period, even if the consumer does
not renew the opt-out.
§ 571.28 Effective date, compliance date,
and prospective application.
(a) Effective date. This subpart is
effective January 1, 2008.
(b) Mandatory compliance date.
Compliance with this subpart is
required not later than October 1, 2008.
(c) Prospective application. The
provisions of this subpart shall not
prohibit you from using eligibility
information that you receive from an
affiliate to make solicitations to a
consumer if you receive such
information prior to October 1, 2008.
For purposes of this section, you are
deemed to receive eligibility
information when such information is
placed into a common database and is
accessible by you.
I 4. Add and reserve Appendixes A and
B to part 571, and add a new Appendix
C to part 571 to read as follows:
rwilkins on PROD1PC63 with RULES_2
Appendix C To Part 571—Model Forms
for Opt-Out Notices
a. Although use of the model forms is not
required, use of the model forms in this
Appendix (as applicable) complies with the
requirement in section 624 of the Act for
clear, conspicuous, and concise notices.
b. Certain changes may be made to the
language or format of the model forms
without losing the protection from liability
afforded by use of the model forms. These
changes may not be so extensive as to affect
the substance, clarity, or meaningful
sequence of the language in the model forms.
Persons making such extensive revisions will
lose the safe harbor that this Appendix
provides. Acceptable changes include, for
example:
VerDate Aug<31>2005
16:20 Nov 06, 2007
Jkt 214001
1. Rearranging the order of the references
to ‘‘your income,’’ ‘‘your account history,’’
and ‘‘your credit score.’’
2. Substituting other types of information
for ‘‘income,’’ ‘‘account history,’’ or ‘‘credit
score’’ for accuracy, such as ‘‘payment
history,’’ ‘‘credit history,’’ ‘‘payoff status,’’ or
‘‘claims history.’’
3. Substituting a clearer and more accurate
description of the affiliates providing or
covered by the notice for phrases such as
‘‘the [ABC] group of companies,’’ including
without limitation a statement that the entity
providing the notice recently purchased the
consumer’s account.
4. Substituting other types of affiliates
covered by the notice for ‘‘credit card,’’
‘‘insurance,’’ or ‘‘securities’’ affiliates.
5. Omitting items that are not accurate or
applicable. For example, if a person does not
limit the duration of the opt-out period, the
notice may omit information about the
renewal notice.
6. Adding a statement informing
consumers how much time they have to opt
out before shared eligibility information may
be used to make solicitations to them.
7. Adding a statement that the consumer
may exercise the right to opt out at any time.
8. Adding the following statement, if
accurate: ‘‘If you previously opted out, you
do not need to do so again.’’
9. Providing a place on the form for the
consumer to fill in identifying information,
such as his or her name and address:
C–1 Model Form for Initial Opt-out Notice
(Single-Affiliate Notice)
C–2 Model Form for Initial Opt-out Notice
(Joint Notice)
C–3 Model Form for Renewal Notice
(Single-Affiliate Notice)
C–4 Model Form for Renewal Notice (Joint
Notice)
C–5 Model Form for Voluntary ‘‘No
Marketing’’ Notice
C–1—Model Form for Initial Opt-out Notice
(Single-Affiliate Notice)—[Your Choice To
Limit Marketing]/[Marketing Opt-out]
• [Name of Affiliate] is providing this
notice.
• [Optional: Federal law gives you the
right to limit some but not all marketing from
our affiliates. Federal law also requires us to
give you this notice to tell you about your
choice to limit marketing from our affiliates.]
• You may limit our affiliates in the [ABC]
group of companies, such as our [credit card,
insurance, and securities] affiliates, from
marketing their products or services to you
based on your personal information that we
collect and share with them. This
information includes your [income], your
[account history with us], and your [credit
score].
• Your choice to limit marketing offers
from our affiliates will apply [until you tell
us to change your choice]/[for x years from
when you tell us your choice]/[for at least 5
years from when you tell us your choice].
[Include if the opt-out period expires.] Once
that period expires, you will receive a
renewal notice that will allow you to
continue to limit marketing offers from our
affiliates for [another x years]/[at least
another 5 years].
PO 00000
Frm 00072
Fmt 4701
Sfmt 4700
• [Include, if applicable, in a subsequent
notice, including an annual notice, for
consumers who may have previously opted
out.] If you have already made a choice to
limit marketing offers from our affiliates, you
do not need to act again until you receive the
renewal notice.
To limit marketing offers, contact us
[include all that apply]:
• By telephone: 1–877–###–####
• On the Web: www.---.com
• By mail: Check the box and complete the
form below, and send the form to:
[Company name]
[Company address]
lDo not allow your affiliates to use my
personal information to market to me.
C–2—Model Form for Initial Opt-out Notice
(Joint Notice)—[Your Choice To Limit
Marketing]/[Marketing Opt-out]
• The [ABC group of companies] is
providing this notice.
• [Optional: Federal law gives you the
right to limit some but not all marketing from
the [ABC] companies. Federal law also
requires us to give you this notice to tell you
about your choice to limit marketing from the
[ABC] companies.]
• You may limit the [ABC] companies,
such as the [ABC credit card, insurance, and
securities] affiliates, from marketing their
products or services to you based on your
personal information that they receive from
other [ABC] companies. This information
includes your [income], your [account
history], and your [credit score].
• Your choice to limit marketing offers
from the [ABC] companies will apply [until
you tell us to change your choice]/[for x years
from when you tell us your choice]/[for at
least 5 years from when you tell us your
choice]. [Include if the opt-out period
expires.] Once that period expires, you will
receive a renewal notice that will allow you
to continue to limit marketing offers from the
[ABC] companies for [another x years]/[at
least another 5 years].
• [Include, if applicable, in a subsequent
notice, including an annual notice, for
consumers who may have previously opted
out.] If you have already made a choice to
limit marketing offers from the [ABC]
companies, you do not need to act again until
you receive the renewal notice.
To limit marketing offers, contact us
[include all that apply]:
• By telephone: 1–877–###–####
• On the Web: www.---.com
• By mail: Check the box and complete the
form below, and send the form to:
[Company name]
[Company address]
lDo not allow any company [in the ABC
group of companies] to use my personal
information to market to me.
C–3—Model Form for Renewal Notice
(Single-Affiliate Notice)—[Renewing Your
Choice To Limit Marketing]/[Renewing Your
Marketing Opt-out]
• [Name of Affiliate] is providing this
notice.
• [Optional: Federal law gives you the
right to limit some but not all marketing from
our affiliates. Federal law also requires us to
E:\FR\FM\07NOR2.SGM
07NOR2
Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations
National Credit Union Administration
12 CFR Chapter VII.
C–4—Model Form for Renewal Notice (Joint
Notice)—[Renewing Your Choice To Limit
Marketing]/[Renewing Your Marketing Optout]
• The [ABC group of companies] is
providing this notice.
• [Optional: Federal law gives you the
right to limit some but not all marketing from
the [ABC] companies. Federal law also
requires us to give you this notice to tell you
about your choice to limit marketing from the
[ABC] companies.]
• You previously chose to limit the [ABC]
companies, such as the [ABC credit card,
insurance, and securities] affiliates, from
marketing their products or services to you
based on your personal information that they
receive from other ABC companies. This
information includes your [income], your
[account history], and your [credit score].
• Your choice has expired or is about to
expire.
To renew your choice to limit marketing
for [x] more years, contact us [include all that
apply]:
• By telephone: 1–877–###–####
• On the Web: www.---.com
• By mail: Check the box and complete the
form below, and send the form to:
[Company name]
[Company address]
lRenew my choice to limit marketing for
[x] more years.
rwilkins on PROD1PC63 with RULES_2
give you this notice to tell you about your
choice to limit marketing from our affiliates.]
• You previously chose to limit our
affiliates in the [ABC] group of companies,
such as our [credit card, insurance, and
securities] affiliates, from marketing their
products or services to you based on your
personal information that we share with
them. This information includes your
[income], your [account history with us], and
your [credit score].
• Your choice has expired or is about to
expire.
To renew your choice to limit marketing
for [x] more years, contact us [include all that
apply]:
• By telephone: 1–877–###–####
• On the Web: www.---.com
• By mail: Check the box and complete the
form below, and send the form to:
[Company name]
[Company address]
lRenew my choice to limit marketing for
[x] more years.
§ 717.1
dates.
C–5—Model Form for Voluntary ‘‘No
Marketing’’ Notice Your Choice To Stop
Marketing
• [Name of Affiliate] is providing this
notice.
• You may choose to stop all marketing
from us and our affiliates.
To stop all marketing, contact us [include
all that apply]:
• By telephone: 1–877–###–####
• On the Web: www.---.com
• By mail: Check the box and complete the
form below, and send the form to:
[Company name]
[Company address]
lDo not market to me.
VerDate Aug<31>2005
16:20 Nov 06, 2007
Jkt 214001
Authority and Issuance
For the reasons discussed in the joint
preamble, the National Credit Union
Administration is amending chapter VII
of title 12 of the Code of Federal
Regulations by amending 12 CFR part
717 as follows:
I
PART 717—FAIR CREDIT REPORTING
1. The authority citation for part 717
is revised to read as follows:
I
Authority: 12 U.S.C. 1751 et seq.; 15 U.S.C.
1681a, 1681b, 1681c, 1681m, 1681s, 1681w,
6801 and 6805.
Subpart A—General Provisions
I
2. Revise § 717.1 to read as follows:
Purpose, scope, and effective
(a) Purpose. The purpose of this part
is to implement the provisions of the
Fair Credit Reporting Act. This part
generally applies to federal credit
unions that obtain and use information
about consumers to determine the
consumer’s eligibility for products,
services, or employment, share such
information among affiliates, and
furnish information to consumer
reporting agencies.
(b) Scope.
(1) [Reserved]
(2) Institutions covered. (i) Except as
otherwise provided in this part, the
regulations in this part apply to federal
credit unions.
I 3. A new Subpart C is added to part
717 to read as follows:
Subpart C—Affiliate Marketing
Sec.
717.20 Coverage and definitions.
717.21 Affiliate marketing opt-out and
exceptions.
717.22 Scope and duration of opt-out.
717.23 Contents of opt-out notice;
consolidated and equivalent notices.
717.24 Reasonable opportunity to opt out.
717.25 Reasonable and simple methods of
opting out.
717.26 Delivery of opt-out notices.
717.27 Renewal of opt-out.
717.28 Effective date, compliance date, and
prospective application.
Subpart C—Affiliate Marketing
§ 717.20
Coverage and definitions
(a) Coverage. Subpart C of this part
applies to federal credit unions and
their affiliates as defined in § 717.3(a) of
Subpart A.
(b) Definitions. For purposes of this
subpart:
(1) Clear and conspicuous. The term
‘‘clear and conspicuous’’ means
PO 00000
Frm 00073
Fmt 4701
Sfmt 4700
62981
reasonably understandable and
designed to call attention to the nature
and significance of the information
presented.
(2) Concise. (i) In general. The term
‘‘concise’’ means a reasonably brief
expression or statement.
(ii) Combination with other required
disclosures. A notice required by this
subpart may be concise even if it is
combined with other disclosures
required or authorized by federal or
state law.
(3) Eligibility information. The term
‘‘eligibility information’’ means any
information the communication of
which would be a consumer report if
the exclusions from the definition of
‘‘consumer report’’ in section
603(d)(2)(A) of the Act did not apply.
Eligibility information does not include
aggregate or blind data that does not
contain personal identifiers such as
account numbers, names, or addresses.
(4) Pre-existing business relationship.
(i) In general. The term ‘‘pre-existing
business relationship’’ means a
relationship between a person, or a
person’s licensed agent, and a consumer
based on—
(A) A financial contract between the
person and the consumer which is in
force on the date on which the
consumer is sent a solicitation covered
by this subpart;
(B) The purchase, rental, or lease by
the consumer of the person’s goods or
services, or a financial transaction
(including holding an active account or
a policy in force or having another
continuing relationship) between the
consumer and the person, during the 18month period immediately preceding
the date on which the consumer is sent
a solicitation covered by this subpart; or
(C) An inquiry or application by the
consumer regarding a product or service
offered by that person during the threemonth period immediately preceding
the date on which the consumer is sent
a solicitation covered by this subpart.
(ii) Examples of pre-existing business
relationships. (A) If a consumer has a
time deposit account, such as a share
certificate, at a federal credit union that
is currently in force, the federal credit
union has a pre-existing business
relationship with the consumer and can
use eligibility information it receives
from its affiliates to make solicitations
to the consumer about its products or
services.
(B) If a consumer obtained a share
certificate from a federal credit union,
but did not renew the certificate at
maturity, the federal credit union has a
pre-existing business relationship with
the consumer and can use eligibility
information it receives from its affiliates
E:\FR\FM\07NOR2.SGM
07NOR2
rwilkins on PROD1PC63 with RULES_2
62982
Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations
to make solicitations to the consumer
about its products or services for 18
months after the date of maturity of the
share certificate.
(C) If a consumer obtains a mortgage,
the mortgage lender has a pre-existing
business relationship with the
consumer. If the mortgage lender sells
the consumer’s entire loan to an
investor, the mortgage lender has a preexisting business relationship with the
consumer and can use eligibility
information it receives from its affiliates
to make solicitations to the consumer
about its products or services for 18
months after the date it sells the loan,
and the investor has a pre-existing
business relationship with the consumer
upon purchasing the loan. If, however,
the mortgage lender sells a fractional
interest in the consumer’s loan to an
investor but also retains an ownership
interest in the loan, the mortgage lender
continues to have a pre-existing
business relationship with the
consumer, but the investor does not
have a pre-existing business
relationship with the consumer. If the
mortgage lender retains ownership of
the loan, but sells ownership of the
servicing rights to the consumer’s loan,
the mortgage lender continues to have a
pre-existing business relationship with
the consumer. The purchaser of the
servicing rights also has a pre-existing
business relationship with the consumer
as of the date it purchases ownership of
the servicing rights, but only if it
collects payments from or otherwise
deals directly with the consumer on a
continuing basis.
(D) If a consumer applies to a federal
credit union for a product or service that
it offers, but does not obtain a product
or service from or enter into a financial
contract or transaction with the
institution, the federal credit union has
a pre-existing business relationship with
the consumer and can therefore use
eligibility information it receives from
an affiliate to make solicitations to the
consumer about its products or services
for three months after the date of the
application.
(E) If a consumer makes a telephone
inquiry to a federal credit union about
its products or services and provides
contact information to the institution,
but does not obtain a product or service
from or enter into a financial contract or
transaction with the institution, the
federal credit union has a pre-existing
business relationship with the consumer
and can therefore use eligibility
information it receives from an affiliate
to make solicitations to the consumer
about its products or services for three
months after the date of the inquiry.
VerDate Aug<31>2005
16:20 Nov 06, 2007
Jkt 214001
(F) If a consumer makes an inquiry to
a federal credit union by e-mail about its
products or services, but does not obtain
a product or service from or enter into
a financial contract or transaction with
the institution, the federal credit union
has a pre-existing business relationship
with the consumer and can therefore
use eligibility information it receives
from an affiliate to make solicitations to
the consumer about its products or
services for three months after the date
of the inquiry.
(G) If a consumer has an existing
relationship with a federal credit union
that is part of a group of affiliated
companies, makes a telephone call to
the centralized call center for the group
of affiliated companies to inquire about
products or services offered by the
insurance brokerage affiliate, and
provides contact information to the call
center, the call constitutes an inquiry to
the insurance brokerage affiliate that
offers those products or services. The
insurance brokerage affiliate has a preexisting business relationship with the
consumer and can therefore use
eligibility information it receives from
its affiliated federal credit union to
make solicitations to the consumer
about its products or services for three
months after the date of the inquiry.
(iii) Examples where no pre-existing
business relationship is created. (A) If a
consumer makes a telephone call to a
centralized call center for a group of
affiliated companies to inquire about the
consumer’s existing account at a federal
credit union, the call does not constitute
an inquiry to any affiliate other than the
federal credit union that holds the
consumer’s account and does not
establish a pre-existing business
relationship between the consumer and
any affiliate of the account-holding
federal credit union.
(B) If a consumer who has a deposit
account with a federal credit union
makes a telephone call to an affiliate of
the institution to ask about the affiliate’s
retail locations and hours, but does not
make an inquiry about the affiliate’s
products or services, the call does not
constitute an inquiry and does not
establish a pre-existing business
relationship between the consumer and
the affiliate. Also, the affiliate’s capture
of the consumer’s telephone number
does not constitute an inquiry and does
not establish a pre-existing business
relationship between the consumer and
the affiliate.
(C) If a consumer makes a telephone
call to a federal credit union in response
to an advertisement that offers a free
promotional item to consumers who call
a toll-free number, but the
advertisement does not indicate that the
PO 00000
Frm 00074
Fmt 4701
Sfmt 4700
federal credit union’s products or
services will be marketed to consumers
who call in response, the call does not
create a pre-existing business
relationship between the consumer and
the federal credit union because the
consumer has not made an inquiry
about a product or service offered by the
institution, but has merely responded to
an offer for a free promotional item.
(5) Solicitation. (i) In general. The
term ‘‘solicitation’’ means the marketing
of a product or service initiated by a
person to a particular consumer that
is—
(A) Based on eligibility information
communicated to that person by its
affiliate as described in this subpart; and
(B) Intended to encourage the
consumer to purchase or obtain such
product or service.
(ii) Exclusion of marketing directed at
the general public. A solicitation does
not include marketing communications
that are directed at the general public.
For example, television, general
circulation magazine, and billboard
advertisements do not constitute
solicitations, even if those
communications are intended to
encourage consumers to purchase
products and services from the person
initiating the communications.
(iii) Examples of solicitations. A
solicitation would include, for example,
a telemarketing call, direct mail, e-mail,
or other form of marketing
communication directed to a particular
consumer that is based on eligibility
information received from an affiliate.
(6) You means a person described in
paragraph (a) of this section.
§ 717.21 Affiliate marketing opt-out and
exceptions.
(a) Initial notice and opt-out
requirement. (1) In general. You may not
use eligibility information about a
consumer that you receive from an
affiliate to make a solicitation for
marketing purposes to the consumer,
unless—
(i) It is clearly and conspicuously
disclosed to the consumer in writing or,
if the consumer agrees, electronically, in
a concise notice that you may use
eligibility information about that
consumer received from an affiliate to
make solicitations for marketing
purposes to the consumer;
(ii) The consumer is provided a
reasonable opportunity and a reasonable
and simple method to ‘‘opt out,’’ or
prohibit you from using eligibility
information to make solicitations for
marketing purposes to the consumer;
and
(iii) The consumer has not opted out.
E:\FR\FM\07NOR2.SGM
07NOR2
rwilkins on PROD1PC63 with RULES_2
Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations
(2) Example. A consumer has a
homeowner’s insurance policy obtained
through an insurance brokerage. The
insurance brokerage furnishes eligibility
information about the consumer to its
affiliated federal credit union. Based on
that eligibility information, the federal
credit union wants to make a
solicitation to the consumer about its
home equity loan products. The federal
credit union does not have a preexisting business relationship with the
consumer and none of the other
exceptions apply. The federal credit
union is prohibited from using
eligibility information received from its
insurance brokerage affiliate to make
solicitations to the consumer about its
home equity loan products unless the
consumer is given a notice and
opportunity to opt out and the
consumer does not opt out.
(3) Affiliates who may provide the
notice. The notice required by this
paragraph must be provided:
(i) By an affiliate that has or has
previously had a pre-existing business
relationship with the consumer; or
(ii) As part of a joint notice from two
or more members of an affiliated group
of companies, provided that at least one
of the affiliates on the joint notice has
or has previously had a pre-existing
business relationship with the
consumer.
(b) Making solicitations. (1) In
general. For purposes of this subpart,
you make a solicitation for marketing
purposes if—
(i) You receive eligibility information
from an affiliate;
(ii) You use that eligibility
information to do one or more of the
following:
(A) Identify the consumer or type of
consumer to receive a solicitation;
(B) Establish criteria used to select the
consumer to receive a solicitation; or
(C) Decide which of your products or
services to market to the consumer or
tailor your solicitation to that consumer;
and
(iii) As a result of your use of the
eligibility information, the consumer is
provided a solicitation.
(2) Receiving eligibility information
from an affiliate, including through a
common database. You may receive
eligibility information from an affiliate
in various ways, including when the
affiliate places that information into a
common database that you may access.
(3) Receipt or use of eligibility
information by your service provider.
Except as provided in paragraph (b)(5)
of this section, you receive or use an
affiliate’s eligibility information if a
service provider acting on your behalf
(whether an affiliate or a nonaffiliated
VerDate Aug<31>2005
16:20 Nov 06, 2007
Jkt 214001
third party) receives or uses that
information in the manner described in
paragraphs (b)(1)(i) or (b)(1)(ii) of this
section. All relevant facts and
circumstances will determine whether a
person is acting as your service provider
when it receives or uses an affiliate’s
eligibility information in connection
with marketing your products and
services.
(4) Use by an affiliate of its own
eligibility information. Unless you have
used eligibility information that you
receive from an affiliate in the manner
described in paragraph (b)(1)(ii) of this
section, you do not make a solicitation
subject to this subpart if your affiliate:
(i) Uses its own eligibility information
that it obtained in connection with a
pre-existing business relationship it has
or had with the consumer to market
your products or services to the
consumer; or
(ii) Directs its service provider to use
the affiliate’s own eligibility information
that it obtained in connection with a
pre-existing business relationship it has
or had with the consumer to market
your products or services to the
consumer, and you do not communicate
directly with the service provider
regarding that use.
(5) Use of eligibility information by a
service provider. (i) In general. You do
not make a solicitation subject to
Subpart C of this part if a service
provider (including an affiliated or
third-party service provider that
maintains or accesses a common
database that you may access) receives
eligibility information from your
affiliate that your affiliate obtained in
connection with a pre-existing business
relationship it has or had with the
consumer and uses that eligibility
information to market your products or
services to the consumer, so long as—
(A) Your affiliate controls access to
and use of its eligibility information by
the service provider (including the right
to establish the specific terms and
conditions under which the service
provider may use such information to
market your products or services);
(B) Your affiliate establishes specific
terms and conditions under which the
service provider may access and use the
affiliate’s eligibility information to
market your products and services (or
those of affiliates generally) to the
consumer, such as the identity of the
affiliated companies whose products or
services may be marketed to the
consumer by the service provider, the
types of products or services of affiliated
companies that may be marketed, and
the number of times the consumer may
receive marketing materials, and
periodically evaluates the service
PO 00000
Frm 00075
Fmt 4701
Sfmt 4700
62983
provider’s compliance with those terms
and conditions;
(C) Your affiliate requires the service
provider to implement reasonable
policies and procedures designed to
ensure that the service provider uses the
affiliate’s eligibility information in
accordance with the terms and
conditions established by the affiliate
relating to the marketing of your
products or services;
(D) Your affiliate is identified on or
with the marketing materials provided
to the consumer; and
(E) You do not directly use your
affiliate’s eligibility information in the
manner described in paragraph (b)(1)(ii)
of this section.
(ii) Writing requirements. (A) The
requirements of paragraphs (b)(5)(i)(A)
and (C) of this section must be set forth
in a written agreement between your
affiliate and the service provider; and
(B) The specific terms and conditions
established by your affiliate as provided
in paragraph (b)(5)(i)(B) of this section
must be set forth in writing.
(6) Examples of making solicitations.
(i) A consumer has a deposit account
with a federal credit union, which is
affiliated with an insurance brokerage.
The insurance brokerage receives
eligibility information about the
consumer from the federal credit union.
The insurance brokerage uses that
eligibility information to identify the
consumer to receive a solicitation about
insurance brokerage services, and, as a
result, the insurance brokerage provides
a solicitation to the consumer about its
services. Pursuant to paragraph (b)(1) of
this section, the insurance brokerage has
made a solicitation to the consumer.
(ii) The same facts as in the example
in paragraph (b)(6)(i) of this section,
except that after using the eligibility
information to identify the consumer to
receive a solicitation about insurance
brokerage services, the insurance
brokerage asks the federal credit union
to send the solicitation to the consumer
and the federal credit union does so.
Pursuant to paragraph (b)(1) of this
section, the insurance brokerage has
made a solicitation to the consumer
because it used eligibility information
about the consumer that it received from
an affiliate to identify the consumer to
receive a solicitation about its products
or services, and, as a result, a
solicitation was provided to the
consumer about the insurance
brokerage’s services.
(iii) The same facts as in the example
in paragraph (b)(6)(i) of this section,
except that eligibility information about
consumers that have deposit accounts
with the federal credit union is placed
into a common database that all
E:\FR\FM\07NOR2.SGM
07NOR2
rwilkins on PROD1PC63 with RULES_2
62984
Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations
members of the affiliated group of
companies may independently access
and use. Without using the federal
credit union’s eligibility information,
the insurance brokerage develops
selection criteria and provides those
criteria, marketing materials, and related
instructions to the federal credit union.
The federal credit union reviews
eligibility information about its own
consumers using the selection criteria
provided by the insurance brokerage to
determine which consumers should
receive the insurance brokerage’s
marketing materials and sends
marketing materials about the insurance
brokerage’s services to those consumers.
Even though the insurance brokerage
has received eligibility information
through the common database as
provided in paragraph (b)(2) of this
section, it did not use that information
to identify consumers or establish
selection criteria; instead, the federal
credit union used its own eligibility
information. Therefore, pursuant to
paragraph (b)(4)(i) of this section, the
insurance brokerage has not made a
solicitation to the consumer.
(iv) The same facts as in the example
in paragraph (b)(6)(iii) of this section,
except that the federal credit union
provides the insurance brokerage’s
criteria to the federal credit union’s
service provider and directs the service
provider to use the federal credit
union’s eligibility information to
identify federal credit union consumers
who meet the criteria and to send the
insurance brokerage’s marketing
materials to those consumers. The
insurance brokerage does not
communicate directly with the service
provider regarding the use of the federal
credit union’s information to market its
services to the federal credit union’s
consumers. Pursuant to paragraph
(b)(4)(ii) of this section, the insurance
brokerage has not made a solicitation to
the consumer.
(v) An affiliated group of companies
includes a federal credit union, an
insurance brokerage, and a service
provider. Each affiliate in the group
places information about its consumers
into a common database. The service
provider has access to all information in
the common database. The federal credit
union controls access to and use of its
eligibility information by the service
provider. This control is set forth in a
written agreement between the federal
credit union and the service provider.
The written agreement also requires the
service provider to establish reasonable
policies and procedures designed to
ensure that the service provider uses the
federal credit union’s eligibility
information in accordance with specific
VerDate Aug<31>2005
16:20 Nov 06, 2007
Jkt 214001
terms and conditions established by the
federal credit union relating to the
marketing of the products and services
of all affiliates, including the insurance
brokerage. In a separate written
communication, the federal credit union
specifies the terms and conditions
under which the service provider may
use the federal credit union’s eligibility
information to market the insurance
brokerage’s products and services to the
federal credit union’s consumers. The
specific terms and conditions are: a list
of affiliated companies (including the
insurance brokerage) whose products or
services may be marketed to the federal
credit union’s consumers by the service
provider; the specific products or types
of products that may be marketed to the
federal credit union’s consumers by the
service provider; the categories of
eligibility information that may be used
by the service provider in marketing
products or services to the federal credit
union’s consumers; the types or
categories of the federal credit union’s
consumers to whom the service
provider may market products or
services of federal credit union
affiliates; the number and/or types of
marketing communications that the
service provider may send to the federal
credit union’s consumers; and the
length of time during which the service
provider may market the products or
services of the federal credit union’s
affiliates to its consumers. The federal
credit union periodically evaluates the
service provider’s compliance with
these terms and conditions. The
insurance brokerage asks the service
provider to market insurance products
to certain consumers who have deposit
accounts with the federal credit union.
Without using the federal credit union’s
eligibility information, the insurance
brokerage develops selection criteria
and provides those criteria, marketing
materials, and related instructions to the
service provider. The service provider
uses the federal credit union’s eligibility
information from the common database
to identify the federal credit union’s
consumers to whom insurance
brokerage services will be marketed.
When the insurance brokerage’s
marketing materials are provided to the
identified consumers, the name of the
federal credit union is displayed on the
brokerage marketing materials, an
introductory letter that accompanies the
marketing materials, an account
statement that accompanies the
marketing materials, or the envelope
containing the marketing materials. The
requirements of paragraph (b)(5) of this
section have been satisfied, and the
PO 00000
Frm 00076
Fmt 4701
Sfmt 4700
insurance brokerage has not made a
solicitation to the consumer.
(vi) The same facts as in the example
in paragraph (b)(6)(v) of this section,
except that the terms and conditions
permit the service provider to use the
federal credit union’s eligibility
information to market the products and
services of other affiliates to the federal
credit union’s consumers whenever the
service provider deems it appropriate to
do so. The service provider uses the
federal credit union’s eligibility
information in accordance with the
discretion afforded to it by the terms
and conditions. Because the terms and
conditions are not specific, the
requirements of paragraph (b)(5) of this
section have not been satisfied.
(c) Exceptions. The provisions of this
subpart do not apply to you if you use
eligibility information that you receive
from an affiliate:
(1) To make a solicitation for
marketing purposes to a consumer with
whom you have a pre-existing business
relationship;
(2) To facilitate communications to an
individual for whose benefit you
provide employee benefit or other
services pursuant to a contract with an
employer related to and arising out of
the current employment relationship or
status of the individual as a participant
or beneficiary of an employee benefit
plan;
(3) To perform services on behalf of
an affiliate, except that this
subparagraph shall not be construed as
permitting you to send solicitations on
behalf of an affiliate if the affiliate
would not be permitted to send the
solicitation as a result of the election of
the consumer to opt out under this
subpart;
(4) In response to a communication
about your products or services initiated
by the consumer;
(5) In response to an authorization or
request by the consumer to receive
solicitations; or
(6) If your compliance with this
subpart would prevent you from
complying with any provision of State
insurance laws pertaining to unfair
discrimination in any State in which
you are lawfully doing business.
(d) Examples of exceptions. (1)
Example of the pre-existing business
relationship exception. A consumer has
a deposit account with a federal credit
union. The consumer also has a
relationship with the federal credit
union’s securities brokerage affiliate.
The federal credit union receives
eligibility information about the
consumer from its securities brokerage
affiliate and uses that information to
make a solicitation to the consumer
E:\FR\FM\07NOR2.SGM
07NOR2
rwilkins on PROD1PC63 with RULES_2
Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations
about the federal credit union’s wealth
management services. The federal credit
union may make this solicitation even if
the consumer has not been given a
notice and opportunity to opt out
because the federal credit union has a
pre-existing business relationship with
the consumer.
(2) Examples of service provider
exception. (i) A consumer has an
insurance policy obtained through an
insurance brokerage. The insurance
brokerage furnishes eligibility
information about the consumer to its
affiliated federal credit union. Based on
that eligibility information, the federal
credit union wants to make a
solicitation to the consumer about
membership and its deposit products.
The federal credit union does not have
a pre-existing business relationship with
the consumer and none of the other
exceptions in paragraph (c) of this
section apply. The consumer has been
given an opt-out notice and has elected
to opt out of receiving such
solicitations. The federal credit union
asks a service provider to send the
solicitation to the consumer on its
behalf. The service provider may not
send the solicitation on behalf of the
federal credit union because, as a result
of the consumer’s opt-out election, the
federal credit union is not permitted to
make the solicitation.
(ii) The same facts as in paragraph
(d)(2)(i) of this section, except the
consumer has been given an opt-out
notice, but has not elected to opt out.
The federal credit union asks a service
provider to send the solicitation to the
consumer on its behalf. The service
provider may send the solicitation on
behalf of the federal credit union
because, as a result of the consumer’s
not opting out, the federal credit union
is permitted to make the solicitation.
(3) Examples of consumer-initiated
communications. (i) A consumer who
has a deposit account with a federal
credit union initiates a communication
with the federal credit union’s credit
card affiliate to request information
about a credit card. The credit card
affiliate may use eligibility information
about the consumer it obtains from the
federal credit union or any other
affiliate to make solicitations regarding
credit card products in response to the
consumer-initiated communication.
(ii) A consumer who has a deposit
account with a federal credit union
contacts the institution to request
information about how to save and
invest for a child’s college education
without specifying the type of product
in which the consumer may be
interested. Information about a range of
different products or services offered by
VerDate Aug<31>2005
16:20 Nov 06, 2007
Jkt 214001
the federal credit union and one or more
affiliates of the institution may be
responsive to that communication. Such
products or services may include the
following: Mutual funds offered by the
institution; section 529 plans offered by
the institution or its securities brokerage
affiliate; or trust services offered by the
institution or its trust services affiliate.
Any affiliate offering investment
counseling services that would be
responsive to the consumer’s request for
information about saving and investing
for a child’s college education may use
eligibility information to make
solicitations to the consumer in
response to this communication.
(iii) A credit card issuer makes a
marketing call to the consumer without
using eligibility information received
from an affiliate. The issuer leaves a
voice-mail message that invites the
consumer to call a toll-free number to
apply for the issuer’s credit card. If the
consumer calls the toll-free number to
inquire about the credit card, the call is
a consumer-initiated communication
about a product or service and the credit
card issuer may now use eligibility
information it receives from its affiliates
to make solicitations to the consumer.
(iv) A consumer calls a federal credit
union to ask about retail locations and
hours, but does not request information
about products or services. The
institution may not use eligibility
information it receives from an affiliate
to make solicitations to the consumer
about its products or services because
the consumer-initiated communication
does not relate to the federal credit
union’s products or services. Thus, the
use of eligibility information received
from an affiliate would not be
responsive to the communication and
the exception does not apply.
(v) A consumer calls a federal credit
union to ask about retail locations and
hours. The customer service
representative asks the consumer if
there is a particular product or service
about which the consumer is seeking
information. The consumer responds
that the consumer wants to stop in and
find out about share certificates. The
customer service representative offers to
provide that information by telephone
and mail additional information and
application materials to the consumer.
The consumer agrees and provides or
confirms contact information for receipt
of the materials to be mailed. The
federal credit union may use eligibility
information it receives from an affiliate
to make solicitations to the consumer
about share certificates because such
solicitations would respond to the
consumer-initiated communication
about products or services.
PO 00000
Frm 00077
Fmt 4701
Sfmt 4700
62985
(4) Examples of consumer
authorization or request for
solicitations. (i) A consumer who
obtains a mortgage from a federal credit
union authorizes or requests
information about obtaining
homeowner’s insurance through the
federal credit union’s insurance
brokerage affiliate. Such authorization
or request, whether given to the federal
credit union or to the insurance
brokerage affiliate, would permit the
insurance brokerage to use eligibility
information about the consumer it
obtains from the federal credit union or
any other affiliate to make solicitations
to the consumer about its homeowner’s
insurance services.
(ii) A consumer completes an online
application to apply for a credit card
from a credit card issuer. The issuer’s
online application contains a blank
check box that the consumer may check
to authorize or request information from
the credit card issuer’s affiliates. The
consumer checks the box. The consumer
has authorized or requested solicitations
from the card issuer’s affiliates.
(iii) A consumer completes an online
application to apply for a credit card
from a credit card issuer. The issuer’s
online application contains a preselected check box indicating that the
consumer authorizes or requests
information from the issuer’s affiliates.
The consumer does not deselect the
check box. The consumer has not
authorized or requested solicitations
from the card issuer’s affiliates.
(iv) The terms and conditions of a
credit card account agreement contain
preprinted boilerplate language stating
that by applying to open an account the
consumer authorizes or requests to
receive solicitations from the credit card
issuer’s affiliates. The consumer has not
authorized or requested solicitations
from the card issuer’s affiliates.
(e) Relation to affiliate-sharing notice
and opt-out. Nothing in this subpart
limits the responsibility of a person to
comply with the notice and opt-out
provisions of section 603(d)(2)(A)(iii) of
the Act where applicable.
§ 717.22
Scope and duration of opt-out.
(a) Scope of opt-out. (1) In general.
Except as otherwise provided in this
section, the consumer’s election to opt
out prohibits any affiliate covered by the
opt-out notice from using eligibility
information received from another
affiliate as described in the notice to
make solicitations to the consumer.
(2) Continuing relationship. (i) In
general. If the consumer establishes a
continuing relationship with you or
your affiliate, an opt-out notice may
E:\FR\FM\07NOR2.SGM
07NOR2
rwilkins on PROD1PC63 with RULES_2
62986
Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations
apply to eligibility information obtained
in connection with—
(A) A single continuing relationship
or multiple continuing relationships
that the consumer establishes with you
or your affiliates, including continuing
relationships established subsequent to
delivery of the opt-out notice, so long as
the notice adequately describes the
continuing relationships covered by the
opt-out; or
(B) Any other transaction between the
consumer and you or your affiliates as
described in the notice.
(ii) Examples of continuing
relationships. A consumer has a
continuing relationship with you or
your affiliate if the consumer—
(A) Opens a deposit or investment
account with you or your affiliate;
(B) Obtains a loan for which you or
your affiliate owns the servicing rights;
(C) Purchases an insurance product
from you or your affiliate;
(D) Holds an investment product
through you or your affiliate, such as
when you act or your affiliate acts as a
custodian for securities or for assets in
an individual retirement arrangement;
(E) Enters into an agreement or
understanding with you or your affiliate
whereby you or your affiliate undertakes
to arrange or broker a home mortgage
loan for the consumer;
(F) Enters into a lease of personal
property with you or your affiliate; or
(G) Obtains financial, investment, or
economic advisory services from you or
your affiliate for a fee.
(3) No continuing relationship. (i) In
general. If there is no continuing
relationship between a consumer and
you or your affiliate, and you or your
affiliate obtain eligibility information
about a consumer in connection with a
transaction with the consumer, such as
an isolated transaction or a credit
application that is denied, an opt-out
notice provided to the consumer only
applies to eligibility information
obtained in connection with that
transaction.
(ii) Examples of isolated transactions.
An isolated transaction occurs if—
(A) The consumer uses your or your
affiliate’s ATM to withdraw cash from
an account at another financial
institution; or
(B) You or your affiliate sells the
consumer a cashier’s check or money
order, airline tickets, travel insurance,
or traveler’s checks in isolated
transactions.
(4) Menu of alternatives. A consumer
may be given the opportunity to choose
from a menu of alternatives when
electing to prohibit solicitations, such as
by electing to prohibit solicitations from
certain types of affiliates covered by the
VerDate Aug<31>2005
16:20 Nov 06, 2007
Jkt 214001
opt-out notice but not other types of
affiliates covered by the notice, electing
to prohibit solicitations based on certain
types of eligibility information but not
other types of eligibility information, or
electing to prohibit solicitations by
certain methods of delivery but not
other methods of delivery. However,
one of the alternatives must allow the
consumer to prohibit all solicitations
from all of the affiliates that are covered
by the notice.
(5) Special rule for a notice following
termination of all continuing
relationships. (i) In general. A consumer
must be given a new opt-out notice if,
after all continuing relationships with
you or your affiliate(s) are terminated,
the consumer subsequently establishes
another continuing relationship with
you or your affiliate(s) and the
consumer’s eligibility information is to
be used to make a solicitation. The new
opt-out notice must apply, at a
minimum, to eligibility information
obtained in connection with the new
continuing relationship. Consistent with
paragraph (b) of this section, the
consumer’s decision not to opt out after
receiving the new opt-out notice would
not override a prior opt-out election by
the consumer that applies to eligibility
information obtained in connection
with a terminated relationship,
regardless of whether the new opt-out
notice applies to eligibility information
obtained in connection with the
terminated relationship.
(ii) Example. A consumer is a member
of a federal credit union that is part of
an affiliated group. The consumer
terminates his membership. One year
later, the consumer rejoins and opens a
savings account with the same federal
credit union. The consumer must be
given a new notice and opportunity to
opt out before the federal credit union’s
affiliates may make solicitations to the
consumer using eligibility information
obtained by the federal credit union in
connection with the newly established
account relationship, regardless of
whether the consumer opted out in
connection with accounts held during
the previous member relationship.
(b) Duration of opt-out. The election
of a consumer to opt out must be
effective for a period of at least five
years (the ‘‘opt-out period’’) beginning
when the consumer’s opt-out election is
received and implemented, unless the
consumer subsequently revokes the optout in writing or, if the consumer agrees,
electronically. An opt-out period of
more than five years may be established,
including an opt-out period that does
not expire unless revoked by the
consumer.
PO 00000
Frm 00078
Fmt 4701
Sfmt 4700
(c) Time of opt-out. A consumer may
opt out at any time.
§ 717.23 Contents of opt-out notice;
consolidated and equivalent notices.
(a) Contents of opt-out notice. (1) In
general. A notice must be clear,
conspicuous, and concise, and must
accurately disclose:
(i) The name of the affiliate(s)
providing the notice. If the notice is
provided jointly by multiple affiliates
and each affiliate shares a common
name, such as ‘‘ABC,’’ then the notice
may indicate that it is being provided by
multiple companies with the ABC name
or multiple companies in the ABC group
or family of companies, for example, by
stating that the notice is provided by
‘‘all of the ABC companies,’’ ‘‘the ABC
federal credit union, credit card,
insurance brokerage, and securities
brokerage companies,’’ or by listing the
name of each affiliate providing the
notice. But if the affiliates providing the
joint notice do not all share a common
name, then the notice must either
separately identify each affiliate by
name or identify each of the common
names used by those affiliates, for
example, by stating that the notice is
provided by ‘‘all of the ABC and XYZ
companies’’ or by ‘‘the ABC federal
credit union and credit card companies
and the XYZ insurance brokerage
company’’;
(ii) A list of the affiliates or types of
affiliates whose use of eligibility
information is covered by the notice,
which may include companies that
become affiliates after the notice is
provided to the consumer. If each
affiliate covered by the notice shares a
common name, such as ‘‘ABC,’’ then the
notice may indicate that it applies to
multiple companies with the ABC name
or multiple companies in the ABC group
or family of companies, for example, by
stating that the notice is provided by
‘‘all of the ABC companies,’’ ‘‘the ABC
federal credit union, credit card,
insurance brokerage, and securities
brokerage companies,’’ or by listing the
name of each affiliate providing the
notice. But if the affiliates covered by
the notice do not all share a common
name, then the notice must either
separately identify each covered affiliate
by name or identify each of the common
names used by those affiliates, for
example, by stating that the notice
applies to ‘‘all of the ABC and XYZ
companies’’ or to ‘‘the ABC federal
credit union and credit card companies
and the XYZ insurance brokerage
company’’;
(iii) A general description of the types
of eligibility information that may be
E:\FR\FM\07NOR2.SGM
07NOR2
rwilkins on PROD1PC63 with RULES_2
Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations
used to make solicitations to the
consumer;
(iv) That the consumer may elect to
limit the use of eligibility information to
make solicitations to the consumer;
(v) That the consumer’s election will
apply for the specified period of time
stated in the notice and, if applicable,
that the consumer will be allowed to
renew the election once that period
expires;
(vi) If the notice is provided to
consumers who may have previously
opted out, such as if a notice is provided
to consumers annually, that the
consumer who has chosen to limit
solicitations does not need to act again
until the consumer receives a renewal
notice; and
(vii) A reasonable and simple method
for the consumer to opt out.
(2) Joint relationships. (i) If two or
more consumers jointly obtain a product
or service, a single opt-out notice may
be provided to the joint consumers. Any
of the joint consumers may exercise the
right to opt out.
(ii) The opt-out notice must explain
how an opt-out direction by a joint
consumer will be treated. An opt-out
direction by a joint consumer may be
treated as applying to all of the
associated joint consumers, or each joint
consumer may be permitted to opt-out
separately. If each joint consumer is
permitted to opt out separately, one of
the joint consumers must be permitted
to opt out on behalf of all of the joint
consumers and the joint consumers
must be permitted to exercise their
separate rights to opt out in a single
response.
(iii) It is impermissible to require all
joint consumers to opt out before
implementing any opt-out direction.
(3) Alternative contents. If the
consumer is afforded a broader right to
opt out of receiving marketing than is
required by this subpart, the
requirements of this section may be
satisfied by providing the consumer
with a clear, conspicuous, and concise
notice that accurately discloses the
consumer’s opt-out rights.
(4) Model notices. Model notices are
provided in Appendix C of this part.
(b) Coordinated and consolidated
notices. A notice required by this
subpart may be coordinated and
consolidated with any other notice or
disclosure required to be issued under
any other provision of law by the entity
providing the notice, including but not
limited to the notice described in
section 603(d)(2)(A)(iii) of the Act and
the Gramm-Leach-Bliley Act privacy
notice.
(c) Equivalent notices. A notice or
other disclosure that is equivalent to the
VerDate Aug<31>2005
16:20 Nov 06, 2007
Jkt 214001
notice required by this subpart, and that
is provided to a consumer together with
disclosures required by any other
provision of law, satisfies the
requirements of this section.
§ 717.24
out.
Reasonable opportunity to opt
(a) In general. You must not use
eligibility information about a consumer
that you receive from an affiliate to
make a solicitation to the consumer
about your products or services, unless
the consumer is provided a reasonable
opportunity to opt out, as required by
§ 717.21(a)(1)(ii) of this part.
(b) Examples of a reasonable
opportunity to opt out. The consumer is
given a reasonable opportunity to opt
out if:
(1) By mail. The opt-out notice is
mailed to the consumer. The consumer
is given 30 days from the date the notice
is mailed to elect to opt out by any
reasonable means.
(2) By electronic means. (i) The optout notice is provided electronically to
the consumer, such as by posting the
notice at an Internet Web site at which
the consumer has obtained a product or
service. The consumer acknowledges
receipt of the electronic notice. The
consumer is given 30 days after the date
the consumer acknowledges receipt to
elect to opt out by any reasonable
means.
(ii) The opt-out notice is provided to
the consumer by e-mail where the
consumer has agreed to receive
disclosures by e-mail from the person
sending the notice. The consumer is
given 30 days after the e-mail is sent to
elect to opt out by any reasonable
means.
(3) At the time of an electronic
transaction. The opt-out notice is
provided to the consumer at the time of
an electronic transaction, such as a
transaction conducted on an Internet
Web site. The consumer is required to
decide, as a necessary part of
proceeding with the transaction,
whether to opt out before completing
the transaction. There is a simple
process that the consumer may use to
opt out at that time using the same
mechanism through which the
transaction is conducted.
(4) At the time of an in-person
transaction. The opt-out notice is
provided to the consumer in writing at
the time of an in-person transaction.
The consumer is required to decide, as
a necessary part of proceeding with the
transaction, whether to opt out before
completing the transaction, and is not
permitted to complete the transaction
without making a choice. There is a
simple process that the consumer may
PO 00000
Frm 00079
Fmt 4701
Sfmt 4700
62987
use during the course of the in-person
transaction to opt out, such as
completing a form that requires
consumers to write a ‘‘yes’’ or ‘‘no’’ to
indicate their opt-out preference or that
requires the consumer to check one of
two blank check boxes—one that allows
consumers to indicate that they want to
opt out and one that allows consumers
to indicate that they do not want to opt
out.
(5) By including in a privacy notice.
The opt-out notice is included in a
Gramm-Leach-Bliley Act privacy notice.
The consumer is allowed to exercise the
opt-out within a reasonable period of
time and in the same manner as the optout under that privacy notice.
§ 717.25 Reasonable and simple methods
of opting out.
(a) In general. You must not use
eligibility information about a consumer
that you receive from an affiliate to
make a solicitation to the consumer
about your products or services, unless
the consumer is provided a reasonable
and simple method to opt out, as
required by § 717.21(a)(1)(ii) of this part.
(b) Examples. (1) Reasonable and
simple opt-out methods. Reasonable and
simple methods for exercising the optout right include—
(i) Designating a check-off box in a
prominent position on the opt-out form;
(ii) Including a reply form and a selfaddressed envelope together with the
opt-out notice;
(iii) Providing an electronic means to
opt out, such as a form that can be
electronically mailed or processed at an
Internet Web site, if the consumer agrees
to the electronic delivery of information;
(iv) Providing a toll-free telephone
number that consumers may call to opt
out; or
(v) Allowing consumers to exercise all
of their opt-out rights described in a
consolidated opt-out notice that
includes the privacy opt-out under the
Gramm-Leach-Bliley Act, 15 U.S.C.
6801 et seq., the affiliate sharing opt-out
under the Act, and the affiliate
marketing opt-out under the Act, by a
single method, such as by calling a
single toll-free telephone number.
(2) Opt-out methods that are not
reasonable and simple. Reasonable and
simple methods for exercising an optout right do not include—
(i) Requiring the consumer to write
his or her own letter;
(ii) Requiring the consumer to call or
write to obtain a form for opting out,
rather than including the form with the
opt-out notice;
(iii) Requiring the consumer who
receives the opt-out notice in electronic
form only, such as through posting at an
E:\FR\FM\07NOR2.SGM
07NOR2
62988
Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations
Internet Web site, to opt out solely by
paper mail or by visiting a different Web
site without providing a link to that site.
(c) Specific opt-out means. Each
consumer may be required to opt out
through a specific means, as long as that
means is reasonable and simple for that
consumer.
§ 717.26
Delivery of opt-out notices.
(a) In general. The opt-out notice must
be provided so that each consumer can
reasonably be expected to receive actual
notice. For opt-out notices provided
electronically, the notice may be
provided in compliance with either the
electronic disclosure provisions in this
subpart or the provisions in section 101
of the Electronic Signatures in Global
and National Commerce Act, 15 U.S.C.
7001 et seq.
(b) Examples of reasonable
expectation of actual notice. A
consumer may reasonably be expected
to receive actual notice if the affiliate
providing the notice:
(1) Hand-delivers a printed copy of
the notice to the consumer;
(2) Mails a printed copy of the notice
to the last known mailing address of the
consumer;
(3) Provides a notice by e-mail to a
consumer who has agreed to receive
electronic disclosures by e-mail from
the affiliate providing the notice; or
(4) Posts the notice on the Internet
Web site at which the consumer
obtained a product or service
electronically and requires the
consumer to acknowledge receipt of the
notice.
(c) Examples of no reasonable
expectation of actual notice. A
consumer may not reasonably be
expected to receive actual notice if the
affiliate providing the notice:
(1) Only posts the notice on a sign in
a branch or office or generally publishes
the notice in a newspaper;
(2) Sends the notice via e-mail to a
consumer who has not agreed to receive
electronic disclosures by e-mail from
the affiliate providing the notice; or
(3) Posts the notice on an Internet
Web site without requiring the
consumer to acknowledge receipt of the
notice.
rwilkins on PROD1PC63 with RULES_2
§ 717.27
Renewal of opt-out.
(a) Renewal notice and opt-out
requirement. (1) In general. After the
opt-out period expires, you may not
make solicitations based on eligibility
information you receive from an affiliate
to a consumer who previously opted
out, unless:
(i) The consumer has been given a
renewal notice that complies with the
requirements of this section and
VerDate Aug<31>2005
16:20 Nov 06, 2007
Jkt 214001
§§ 717.24 through 717.26 of this part,
and a reasonable opportunity and a
reasonable and simple method to renew
the opt-out, and the consumer does not
renew the opt-out; or
(ii) An exception in § 717.21(c) of this
part applies.
(2) Renewal period. Each opt-out
renewal must be effective for a period of
at least five years as provided in
§ 717.22(b) of this part.
(3) Affiliates who may provide the
notice. The notice required by this
paragraph must be provided:
(i) By the affiliate that provided the
previous opt-out notice, or its successor;
or
(ii) As part of a joint renewal notice
from two or more members of an
affiliated group of companies, or their
successors, that jointly provided the
previous opt-out notice.
(b) Contents of renewal notice. The
renewal notice must be clear,
conspicuous, and concise, and must
accurately disclose:
(1) The name of the affiliate(s)
providing the notice. If the notice is
provided jointly by multiple affiliates
and each affiliate shares a common
name, such as ‘‘ABC,’’ then the notice
may indicate that it is being provided by
multiple companies with the ABC name
or multiple companies in the ABC group
or family of companies, for example, by
stating that the notice is provided by
‘‘all of the ABC companies,’’ ‘‘the ABC
federal credit union, credit card,
insurance brokerage, and securities
brokerage companies,’’ or by listing the
name of each affiliate providing the
notice. But if the affiliates providing the
joint notice do not all share a common
name, then the notice must either
separately identify each affiliate by
name or identify each of the common
names used by those affiliates, for
example, by stating that the notice is
provided by ‘‘all of the ABC and XYZ
companies’’ or by ‘‘the ABC federal
credit union and credit card companies
and the XYZ insurance brokerage
company’’;
(2) A list of the affiliates or types of
affiliates whose use of eligibility
information is covered by the notice,
which may include companies that
become affiliates after the notice is
provided to the consumer. If each
affiliate covered by the notice shares a
common name, such as ‘‘ABC,’’ then the
notice may indicate that it applies to
multiple companies with the ABC name
or multiple companies in the ABC group
or family of companies, for example, by
stating that the notice is provided by
‘‘all of the ABC companies,’’ ‘‘the ABC
federal credit union, credit card,
insurance brokerage, and securities
PO 00000
Frm 00080
Fmt 4701
Sfmt 4700
brokerage companies,’’ or by listing the
name of each affiliate providing the
notice. But if the affiliates covered by
the notice do not all share a common
name, then the notice must either
separately identify each covered affiliate
by name or identify each of the common
names used by those affiliates, for
example, by stating that the notice
applies to ‘‘all of the ABC and XYZ
companies’’ or to ‘‘the ABC federal
credit union and credit card companies
and the XYZ insurance brokerage
company’’;
(3) A general description of the types
of eligibility information that may be
used to make solicitations to the
consumer;
(4) That the consumer previously
elected to limit the use of certain
information to make solicitations to the
consumer;
(5) That the consumer’s election has
expired or is about to expire;
(6) That the consumer may elect to
renew the consumer’s previous election;
(7) If applicable, that the consumer’s
election to renew will apply for the
specified period of time stated in the
notice and that the consumer will be
allowed to renew the election once that
period expires; and
(8) A reasonable and simple method
for the consumer to opt out.
(c) Timing of the renewal notice. (1)
In general. A renewal notice may be
provided to the consumer either—
(i) A reasonable period of time before
the expiration of the opt-out period; or
(ii) Any time after the expiration of
the opt-out period but before
solicitations that would have been
prohibited by the expired opt-out are
made to the consumer.
(2) Combination with annual privacy
notice. If you provide an annual privacy
notice under the Gramm-Leach-Bliley
Act, 15 U.S.C. 6801 et seq., providing a
renewal notice with the last annual
privacy notice provided to the consumer
before expiration of the opt-out period
is a reasonable period of time before
expiration of the opt-out in all cases.
(d) No effect on opt-out period. An
opt-out period may not be shortened by
sending a renewal notice to the
consumer before expiration of the optout period, even if the consumer does
not renew the opt out.
§ 717.28 Effective date, compliance date,
and prospective application.
(a) Effective date. This subpart is
effective January 1, 2008.
(b) Mandatory compliance date.
Compliance with this subpart is
required not later than October 1, 2008.
(c) Prospective application. The
provisions of this subpart shall not
E:\FR\FM\07NOR2.SGM
07NOR2
Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations
prohibit you from using eligibility
information that you receive from an
affiliate to make solicitations to a
consumer if you receive such
information prior to October 1, 2008.
For purposes of this section, you are
deemed to receive eligibility
information when such information is
placed into a common database and is
accessible by you.
4. Appendixes A and B to part 717 are
added and reserved, a new Appendix C
to part 717 is added to read as follows:
rwilkins on PROD1PC63 with RULES_2
Appendix C To Part 717—Model Forms
for Opt-Out Notices
a. Although use of the model forms is not
required, use of the model forms in this
Appendix (as applicable) complies with the
requirement in section 624 of the Act for
clear, conspicuous, and concise notices.
b. Certain changes may be made to the
language or format of the model forms
without losing the protection from liability
afforded by use of the model forms. These
changes may not be so extensive as to affect
the substance, clarity, or meaningful
sequence of the language in the model forms.
Persons making such extensive revisions will
lose the safe harbor that this Appendix
provides. Acceptable changes include, for
example:
1. Rearranging the order of the references
to ‘‘your income,’’ ‘‘your account history,’’
and ‘‘your credit score.’’
2. Substituting other types of information
for ‘‘income,’’ ‘‘account history,’’ or ‘‘credit
score’’ for accuracy, such as ‘‘payment
history,’’ ‘‘credit history,’’ ‘‘payoff status,’’ or
‘‘claims history.’’
3. Substituting a clearer and more accurate
description of the affiliates providing or
covered by the notice for phrases such as
‘‘the [ABC] group of companies,’’ including
without limitation a statement that the entity
providing the notice recently purchased the
consumer’s account.
4. Substituting other types of affiliates
covered by the notice for ‘‘credit card,’’
‘‘insurance brokerage,’’ or ‘‘securities
brokerage’’ affiliates.
5. Omitting items that are not accurate or
applicable. For example, if a person does not
limit the duration of the opt-out period, the
notice may omit information about the
renewal notice.
6. Adding a statement informing
consumers how much time they have to opt
out before shared eligibility information may
be used to make solicitations to them.
7. Adding a statement that the consumer
may exercise the right to opt out at any time.
8. Adding the following statement, if
accurate: ‘‘If you previously opted out, you
do not need to do so again.’’
9. Providing a place on the form for the
consumer to fill in identifying information,
such as his or her name and address:
C–1 Model Form for Initial Opt-out Notice
(Single-Affiliate Notice)
C–2 Model Form for Initial Opt-out Notice
(Joint Notice)
C–3 Model Form for Renewal Notice
(Single-Affiliate Notice)
VerDate Aug<31>2005
16:20 Nov 06, 2007
Jkt 214001
C–4 Model Form for Renewal Notice (Joint
Notice)
C–5 Model Form for Voluntary ‘‘No
Marketing’’ Notice
C–1—Model Form for Initial Opt-out Notice
(Single-Affiliate Notice)—[Your Choice To
Limit Marketing]/[Marketing Opt-out]
• [Name of Affiliate] is providing this
notice.
• [Optional: Federal law gives you the
right to limit some but not all marketing from
our affiliates. Federal law also requires us to
give you this notice to tell you about your
choice to limit marketing from our affiliates.]
• You may limit our affiliates in the [ABC]
group of companies, such as our [credit card,
insurance brokerage, and securities
brokerage] affiliates, from marketing their
products or services to you based on your
personal information that we collect and
share with them. This information includes
your [income], your [account history with
us], and your [credit score].
• Your choice to limit marketing offers
from our affiliates will apply [until you tell
us to change your choice]/[for x years from
when you tell us your choice]/[for at least 5
years from when you tell us your choice].
[Include if the opt-out period expires.] Once
that period expires, you will receive a
renewal notice that will allow you to
continue to limit marketing offers from our
affiliates for [another x years]/[at least
another 5 years].
• [Include, if applicable, in a subsequent
notice, including an annual notice, for
consumers who may have previously opted
out.] If you have already made a choice to
limit marketing offers from our affiliates, you
do not need to act again until you receive the
renewal notice.
To limit marketing offers, contact us
[include all that apply]:
• By telephone: 1–877–###–####
• On the Web: www.---.com
• By mail: Check the box and complete the
form below, and send the form to:
[Company name]
[Company address]
lDo not allow your affiliates to use my
personal information to market to me.
C–2—Model Form for Initial Opt-out Notice
(Joint Notice)—[Your Choice To Limit
Marketing]/[Marketing Opt-out]
• The [ABC group of companies] is
providing this notice.
• [Optional: Federal law gives you the
right to limit some but not all marketing from
the [ABC] companies. Federal law also
requires us to give you this notice to tell you
about your choice to limit marketing from the
[ABC] companies.]
• You may limit the [ABC] companies,
such as the [ABC credit card, insurance
brokerage, and securities brokerage] affiliates,
from marketing their products or services to
you based on your personal information that
they receive from other [ABC] companies.
This information includes your [income],
your [account history], and your [credit
score].
• Your choice to limit marketing offers
from the [ABC] companies will apply [until
you tell us to change your choice]/[for x years
PO 00000
Frm 00081
Fmt 4701
Sfmt 4700
62989
from when you tell us your choice]/[for at
least 5 years from when you tell us your
choice]. [Include if the opt-out period
expires.] Once that period expires, you will
receive a renewal notice that will allow you
to continue to limit marketing offers from the
[ABC] companies for [another x years]/[at
least another 5 years].
• [Include, if applicable, in a subsequent
notice, including an annual notice, for
consumers who may have previously opted
out.] If you have already made a choice to
limit marketing offers from the [ABC]
companies, you do not need to act again until
you receive the renewal notice.
To limit marketing offers, contact us
[include all that apply]:
• By telephone: 1–877–###–####
• On the Web: www.---.com
• By mail: Check the box and complete the
form below, and send the form to:
[Company name]
[Company address]
lDo not allow any company [in the ABC
group of companies] to use my personal
information to market to me.
C–3—Model Form for Renewal Notice
(Single-Affiliate Notice)—[Renewing Your
Choice To Limit Marketing]/[Renewing Your
Marketing Opt-out]
• [Name of Affiliate] is providing this
notice.
• [Optional: Federal law gives you the
right to limit some but not all marketing from
our affiliates. Federal law also requires us to
give you this notice to tell you about your
choice to limit marketing from our affiliates.]
• You previously chose to limit our
affiliates in the [ABC] group of companies,
such as our [credit card, insurance brokerage,
and securities brokerage] affiliates, from
marketing their products or services to you
based on your personal information that we
share with them. This information includes
your [income], your [account history with
us], and your [credit score].
• Your choice has expired or is about to
expire.
To renew your choice to limit marketing
for [x] more years, contact us [include all that
apply]:
• By telephone: 1–877–###–####
• On the Web: www.---.com
• By mail: Check the box and complete the
form below, and send the form to:
[Company name]
[Company address]
lRenew my choice to limit marketing for
[x] more years.
C–4—Model Form for Renewal Notice (Joint
Notice)—[Renewing Your Choice To Limit
Marketing]/[Renewing Your Marketing Optout]
• The [ABC group of companies] is
providing this notice.
• [Optional: Federal law gives you the
right to limit some but not all marketing from
the [ABC] companies. Federal law also
requires us to give you this notice to tell you
about your choice to limit marketing from the
[ABC] companies.]
• You previously chose to limit the [ABC]
companies, such as the [ABC credit card,
insurance brokerage, and securities
E:\FR\FM\07NOR2.SGM
07NOR2
62990
Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations
brokerage] affiliates, from marketing their
products or services to you based on your
personal information that they receive from
other ABC companies. This information
includes your [income], your [account
history], and your [credit score].
• Your choice has expired or is about to
expire.
To renew your choice to limit marketing
for [x] more years, contact us [include all that
apply]:
• By telephone: 1–877–###–####
• On the Web: www.---.com
• By mail: Check the box and complete the
form below, and send the form to:
[Company name]
[Company address]
lRenew my choice to limit marketing for
[x] more years.
rwilkins on PROD1PC63 with RULES_2
C–5—Model Form for Voluntary ‘‘No
Marketing’’ Notice—Your Choice To Stop
Marketing
• [Name of Affiliate] is providing this
notice.
VerDate Aug<31>2005
16:20 Nov 06, 2007
Jkt 214001
• You may choose to stop all marketing
from us and our affiliates.
To stop all marketing, contact us [include
all that apply]:
• By telephone: 1–877–###–####
• On the Web: www.---.com
• By mail: Check the box and complete the
form below, and send the form to:
[Company name]
[Company address]
lDo not market to me.
Dated: October 12, 2007.
John C. Dugan,
Comptroller of the Currency.
By order of the Board of Governors of the
Federal Reserve System, October 23, 2007.
Jennifer J. Johnson,
Secretary of the Board.
By order of the Board of Directors,
Dated at Washington, DC., this 16th day of
October, 2007.
PO 00000
Frm 00082
Fmt 4701
Sfmt 4700
FEDERAL DEPOSIT INSURANCE
CORPORATION
Robert E. Feldman,
Executive Secretary.
Dated: September 27, 2007.
By the Office of Thrift Supervision,
John M. Reich,
Director.
By order of the National Credit Union
Administration Board, October 15, 2007.
Mary F. Rupp,
Secretary of the Board.
[FR Doc. 07–5349 Filed 11–6–07; 8:45 am]
BILLING CODE 4810–33–P; 6210–01–P; 6714–01–P;
6720–01–P; 7535–01–P
E:\FR\FM\07NOR2.SGM
07NOR2
Agencies
[Federal Register Volume 72, Number 215 (Wednesday, November 7, 2007)]
[Rules and Regulations]
[Pages 62910-62990]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: 07-5349]
[[Page 62909]]
-----------------------------------------------------------------------
Part II
Department of the Treasury
Office of the Comptroller of the Currency
12 CFR Part 41
Federal Reserve System
12 CFR Part 222
Federal Deposit Insurance Corporation
12 CFR Part 334
Department of the Treasury
Office of Thrift Supervision
12 CFR Part 571
National Credit Union Administration
12 CFR Part 717
Fair Credit Reporting Affiliate Marketing Regulations; Final Rule
Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 /
Rules and Regulations
[[Page 62910]]
-----------------------------------------------------------------------
DEPARTMENT OF THE TREASURY
Office of the Comptroller of the Currency
12 CFR Part 41
[Docket ID. OCC-2007-0010]
RIN 1557-AC88
FEDERAL RESERVE SYSTEM
12 CFR Part 222
[Regulation V; Docket No. R-1203]
FEDERAL DEPOSIT INSURANCE CORPORATION
12 CFR Part 334
RIN 3064-AC83
DEPARTMENT OF THE TREASURY
Office of Thrift Supervision
12 CFR Part 571
[Docket ID. OTS-2007-0020]
RIN 1550-AB90
NATIONAL CREDIT UNION ADMINISTRATION
12 CFR Part 717
Fair Credit Reporting Affiliate Marketing Regulations
AGENCIES: Office of the Comptroller of the Currency, Treasury (OCC);
Board of Governors of the Federal Reserve System (Board); Federal
Deposit Insurance Corporation (FDIC); Office of Thrift Supervision,
Treasury (OTS); and National Credit Union Administration (NCUA).
ACTION: Final rules.
-----------------------------------------------------------------------
SUMMARY: The OCC, Board, FDIC, OTS, and NCUA (Agencies) are publishing
final rules to implement the affiliate marketing provisions in section
214 of the Fair and Accurate Credit Transactions Act of 2003, which
amends the Fair Credit Reporting Act. The final rules generally
prohibit a person from using information received from an affiliate to
make a solicitation for marketing purposes to a consumer, unless the
consumer is given notice and a reasonable opportunity and a reasonable
and simple method to opt out of the making of such solicitations.
DATES: Effective Date: These rules are effective January 1, 2008.
Mandatory Compliance Date: October 1, 2008.
FOR FURTHER INFORMATION CONTACT: OCC: Amy Friend, Assistant Chief
Counsel, (202) 874-5200; Michael Bylsma, Director, or Stephen Van
Meter, Assistant Director, Community and Consumer Law, (202) 874-5750;
or Patrick T. Tierney, Senior Attorney, Legislative and Regulatory
Activities Division, (202) 874-5090, Office of the Comptroller of the
Currency, 250 E Street, SW., Washington, DC 20219.
Board: David A. Stein, Counsel; Ky Tran-Trong, Counsel; or Amy E.
Burke, Attorney, Division of Consumer and Community Affairs, (202) 452-
3667 or (202) 452-2412; or Kara Handzlik, Attorney, Legal Division,
(202) 452-3852, Board of Governors of the Federal Reserve System, 20th
and C Streets, NW., Washington, DC 20551. For users of a
Telecommunications Device for the Deaf (TDD) only, contact (202) 263-
4869.
FDIC: Ruth R. Amberg, Senior Counsel, (202) 898-3736, or Richard M.
Schwartz, Counsel, Legal Division, (202) 898-7424; April Breslaw,
Chief, Compliance Section, (202) 898-6609; David P. Lafleur, Policy
Analyst, Division of Supervision and Consumer Protection, (202) 898-
6569, Federal Deposit Insurance Corporation, 550 17th Street, NW.,
Washington, DC 20429.
OTS: Suzanne McQueen, Consumer Regulations Analyst, Compliance and
Consumer Protection Division, (202) 906-6459; or Richard Bennett,
Senior Compliance Counsel, (202) 906-7409, Office of Thrift
Supervision, 1700 G Street, NW., Washington, DC 20552.
NCUA: Linda Dent, Staff Attorney, Office of General Counsel, (703)
518-6540, National Credit Union Administration, 1775 Duke Street,
Alexandria, VA 22314-3428.
SUPPLEMENTARY INFORMATION:
I. Background
The Fair Credit Reporting Act
The Fair Credit Reporting Act (FCRA or Act), which was enacted in
1970, sets standards for the collection, communication, and use of
information bearing on a consumer's credit worthiness, credit standing,
credit capacity, character, general reputation, personal
characteristics, or mode of living. (15 U.S.C. 1681-1681x.) In 1996,
the Consumer Credit Reporting Reform Act extensively amended the FCRA.
(Pub. L. 104-208, 110 Stat. 3009.)
The FCRA, as amended, provides that a person may communicate to an
affiliate or a non-affiliated third party information solely as to
transactions or experiences between the consumer and the person without
becoming a consumer reporting agency.\1\ In addition, the communication
of such transaction or experience information among affiliates will not
result in any affiliate becoming a consumer reporting agency. See FCRA
Sec. Sec. 603(d)(2)(A)(i) and (ii).
---------------------------------------------------------------------------
\1\ The FCRA creates substantial obligations for a person that
meets the definition of a ``consumer reporting agency'' in section
603(f) of the statute.
---------------------------------------------------------------------------
Section 603(d)(2)(A)(iii) of the FCRA provides that a person may
communicate ``other'' information--that is, information that is not
transaction or experience information--among its affiliates without
becoming a consumer reporting agency if it is clearly and conspicuously
disclosed to the consumer that such information may be communicated
among affiliates and the consumer is given an opportunity, before the
information is communicated, to ``opt out'' or direct that the
information not be communicated among such affiliates, and the consumer
has not opted out.
The Fair and Accurate Credit Transactions Act of 2003
The President signed into law the Fair and Accurate Credit
Transactions Act of 2003 (FACT Act) on December 4, 2003. (Pub. L. 108-
159, 117 Stat. 1952.) In general, the FACT Act amends the FCRA to
enhance the ability of consumers to combat identity theft, increase the
accuracy of consumer reports, restrict the use of medical information
in credit eligibility determinations, and allow consumers to exercise
greater control regarding the type and number of solicitations they
receive.
Section 214 of the FACT Act added a new section 624 to the FCRA.
This provision gives consumers the right to restrict a person from
using certain information obtained from an affiliate to make
solicitations to that consumer. Section 624 generally provides that if
a person receives certain consumer eligibility information from an
affiliate, the person may not use that information to make
solicitations to the consumer about its products or services, unless
the consumer is given notice and an opportunity and a simple method to
opt out of such use of the information, and the consumer does not opt
out. The statute also provides that section 624 does not apply, for
example, to a person using eligibility information: (1) To make
solicitations to a consumer with whom the person has a pre-existing
business relationship; (2) to perform services for another affiliate
subject to certain conditions; (3) in response to a communication
initiated by the
[[Page 62911]]
consumer; or (4) to make a solicitation that has been authorized or
requested by the consumer. Unlike the FCRA affiliate sharing opt-out
and the Gramm-Leach-Bliley Act (GLBA) non-affiliate sharing opt-out,
which apply indefinitely, section 624 provides that a consumer's
affiliate marketing opt-out election must be effective for a period of
at least five years. Upon expiration of the opt-out period, the
consumer must be given a renewal notice and an opportunity to renew the
opt-out before information received from an affiliate may be used to
make solicitations to the consumer.
Section 624 governs the use of information by an affiliate, not the
sharing of information among affiliates, and thus is distinct from the
affiliate sharing opt-out under section 603(d)(2)(A)(iii) of the FCRA.
Nevertheless, the affiliate marketing and affiliate sharing opt-outs
and the information subject to the two opt-outs overlap to some extent.
As noted above, the FCRA allows transaction or experience information
to be shared among affiliates without giving the consumer notice and an
opportunity to opt out, but provides that ``other'' information, such
as information from credit reports and credit applications, may not be
shared among affiliates without giving the consumer notice and an
opportunity to opt out. The new affiliate marketing opt-out applies to
both transaction or experience information and ``other'' information.
Thus, certain information will be subject to two opt-outs, a sharing
opt-out and a marketing use opt-out.
Section 214(b) of the FACT Act requires the Agencies, the Federal
Trade Commission (FTC), and the Securities and Exchange Commission
(SEC) to prescribe regulations, in consultation and coordination with
each other, to implement the FCRA's affiliate marketing opt-out
provisions. In adopting regulations, each Agency must ensure that the
affiliate marketing notification methods provide a simple means for
consumers to make choices under section 624, consider the affiliate
sharing notification practices employed on the date of enactment by
persons subject to section 624, and ensure that notices may be
coordinated and consolidated with other notices required by law.
II. The Interagency Proposal
On July 15, 2004, the Agencies published a notice of proposed
rulemaking in the Federal Register (69 FR 42502) to implement section
214 of the FACT Act.\2\ The proposal defined the key terms ``pre-
existing business relationship'' and ``solicitation'' essentially as
defined in the statute. The Agencies did not propose to include
additional circumstances within the meaning of ``pre-existing business
relationship'' or other types of communications within the meaning of
``solicitation.''
---------------------------------------------------------------------------
\2\ The FTC published its proposed affiliate marketing rule in
the Federal Register on June 15, 2004 (69 FR 33324). The SEC
published its proposed affiliate marketing rule in the Federal
Register on July 14, 2004 (69 FR 42301).
---------------------------------------------------------------------------
To address the scope of the affiliate marketing opt-out, the
proposal defined ``eligibility information'' to mean any information
the communication of which would be a ``consumer report'' if the
statutory exclusions from the definition of ``consumer report'' in
section 603(d)(2)(A) of the FCRA for transaction or experience
information and for ``other'' information that is subject to the
affiliate-sharing opt-out did not apply. The Agencies substituted the
term ``eligibility information'' for the more complicated statutory
language regarding the communication of information that would be a
consumer report, but for clauses (i), (ii), and (iii) of section
603(d)(2)(A) of the FCRA.\3\ In addition, the proposal incorporated
each of the scope limitations contained in the statute, such as the
pre-existing business relationship exception.
---------------------------------------------------------------------------
\3\ Under section 603(d)(1) of the FCRA, a ``consumer report''
means any written, oral, or other communication of any information
by a consumer reporting agency bearing on a consumer's credit
worthiness, credit standing, credit capacity, character, general
reputation, personal characteristics, or mode of living which is
used or expected to be used or collected in whole or in part for the
purpose of serving as a factor in establishing the consumer's
eligibility for credit or insurance to be used primarily for
personal, family, or household purposes, employment purposes, or any
other purpose authorized in section 604 of the FCRA. 15 U.S.C.
1681a(d).
---------------------------------------------------------------------------
Section 624 does not state which affiliate must give the consumer
the affiliate marketing opt-out notice. The proposal provided that the
person communicating information about a consumer to its affiliate
would be responsible for satisfying the notice requirement, if
applicable. A rule of construction provided flexibility to allow the
notice to be given by the person that communicates information to its
affiliate, by the person's agent, or through a joint notice with one or
more other affiliates. The Agencies designed this approach to provide
flexibility and to facilitate the use of a single coordinated notice,
while taking into account existing affiliate sharing notification
practices. At the same time, the approach sought to ensure that the
notice would be effective because it generally would be provided by or
on behalf of an entity from which the consumer would expect to receive
important notices, and would not be provided along with solicitations.
The proposal also provided guidance on the contents of the opt-out
notice, what constitutes a reasonable opportunity to opt out,
reasonable and simple methods of opting out, and the delivery of opt-
out notices. Finally, the proposal provided guidance on the effect of
the limited duration of the opt-out and the requirement to provide an
extension notice upon expiration of the opt-out period.
III. Overview of Comments Received
Each agency received the following number of comment letters: OCC--
30, Board--42, FDIC--29, OTS--20, NCUA--18. Many commenters sent copies
of the same letter to more than one Agency. The Agencies received
comments from a variety of banks, thrifts, credit unions, credit card
companies, mortgage lenders, other non-bank creditors, and industry
trade associations. The Agencies also received comments from consumer
groups, the National Association of Attorneys General (``NAAG''), and
individual consumers. In addition, the Agencies considered comments
submitted to the FTC and the SEC.
Most industry commenters objected to several key aspects of the
proposal. The most significant areas of concern raised by industry
commenters related to which affiliate would be responsible for
providing the notice, the scope of certain exceptions to the notice and
opt-out requirement, and the content or the inclusion of definitions
for terms such as ``clear and conspicuous'' and ``pre-existing business
relationship.'' Consumer groups and NAAG generally supported the
proposal, although these commenters believed that the proposal could be
strengthened in certain respects. A more detailed discussion of the
comments is contained in the Section-by-Section Analysis below.
IV. Section-by-Section Analysis
Section --.1 Purpose, Scope, and Effective Dates
Section --.1 of the proposal set forth the purpose and scope of
each Agency's regulations. The Agencies received few comments on this
section. Some of the Agencies have revised this section in the final
rules for clarity and to reflect the fact that the institutions subject
to the FCRA regulation will vary in different subparts of the Agencies'
FCRA rules. The coverage provision for
[[Page 62912]]
each Agency's affiliate marketing rule is set forth in Subpart C, Sec.
--.20(a).
Section --.2 Examples
Proposed Sec. ----.2 described the scope and effect of the
examples included in the proposed rule. Most commenters supported the
proposed use of non-exclusive examples to illustrate the operation of
the rules. One commenter, concerned that the use of examples would
increase the risk of litigation, urged the Agencies to delete all
examples.
The Agencies adopted Sec. --.2 as part of the final medical
information rules. See 70 FR 70664 (Nov. 22, 2005). The comments
received in this rulemaking do not warrant any revisions to Sec. --.2.
The Agencies do not believe the use of illustrative examples will
materially increase the risk of litigation, but rather will provide
useful guidance for compliance purposes, which may alleviate litigation
risks for institutions. Therefore, it is unnecessary to re-publish
Sec. --.2 in these final rules.
As Sec. --.2 states, examples in a paragraph illustrate only the
issue described in the paragraph and do not illustrate any other issue
that may arise in the part. Similarly, the examples do not illustrate
any issues that may arise under other laws or regulations.\4\
---------------------------------------------------------------------------
\4\ NCUA has modified examples in its final rule text where the
original example referenced products or services impermissible for
federal credit unions.
---------------------------------------------------------------------------
Section --.3 Definitions
Section --.3 of the proposal contained definitions for the
following terms: ``Act,'' ``affiliate'' (as well as the related terms
``company'' and ``control''); ``clear and conspicuous''; ``consumer'';
``eligibility information''; ``person''; ``pre-existing business
relationship''; ``solicitation''; and, except for the OCC's proposal,
``you.''
The Agencies have previously defined the terms ``Act,''
``affiliate,'' ``company,'' ``consumer,'' and ``person,'' along with a
definition of ``common ownership or common corporate control'' as a
substitute for the definition of ``control,'' as part of the final
medical information rules. See 70 FR 70664 (Nov. 22, 2005). Those
definitions that elicited comment are discussed below. However, it is
unnecessary to re-publish Sec. --.3 in these final rules because the
Agencies have not revised these definitions.
The Agencies have moved the definitions of ``clear and
conspicuous,'' ``eligibility information,'' ``pre-existing business
relationship,'' ``solicitation,'' and ``you'' or ``bank'' to Subpart C,
Sec. --.20(b). Three of these terms relate solely to the affiliate
marketing provisions and, thus, are more appropriately defined in
Subpart C. For the reasons discussed below, the Agencies also believe
that it is more appropriate to define ``clear and conspicuous'' for the
limited purpose of the affiliate marketing rules. Each of these
definitions is discussed in detail below.
Affiliate, Common Ownership or Common Corporate Control, and Company
Several FCRA provisions apply to information sharing with persons
``related by common ownership or affiliated by corporate control,''
``related by common ownership or affiliated by common corporate
control,'' or ``affiliated by common ownership or common corporate
control.'' E.g., FCRA, sections 603(d)(2), 615(b)(2), and 625(b)(2).
Each of these provisions was enacted as part of the 1996 amendments to
the FCRA. Similarly, section 2 of the FACT Act defines the term
``affiliate'' to mean ``persons that are related by common ownership or
affiliated by corporate control.'' In contrast, the GLBA defines
``affiliate'' to mean ``any company that controls, is controlled by, or
is under common control with another company.'' See 15 U.S.C. 6809(6).
In the proposal, the Agencies sought to harmonize the various FCRA
and FACT Act formulations by defining ``affiliate'' to mean ``any
person that is related by common ownership or common corporate control
with another person.'' Industry commenters generally supported the
Agencies' goal of harmonizing the various FCRA definitions of
``affiliate'' for consistency. Many of these commenters, however,
believed that the most effective way to do this was for the Agencies to
incorporate into the FCRA the definition of ``affiliate'' used in the
GLBA privacy regulations. In addition, a few industry commenters urged
the Agencies to incorporate into the definition of ``affiliate''
certain concepts from California's Financial Information Privacy Act so
as to exempt certain classes of corporate affiliates from the
restrictions on affiliate sharing or marketing.\5\
---------------------------------------------------------------------------
\5\ These commenters noted that the California law places no
restriction on information sharing among affiliates if they: (1) Are
regulated by the same or similar functional regulators; (2) are
involved in the same broad line of business, such as banking,
insurance, or securities; and (3) share a common brand identity.
---------------------------------------------------------------------------
In the final medical information rules, the Agencies defined the
term ``affiliate'' to mean a company that is related by common
ownership or common corporate control with another company. See 70 FR
70,664 (Nov. 22, 2005).\6\ The Agencies substituted the term
``company'' for ``person'' in the definition because they did not
believe that certain types of persons, such as individuals, could be
related by common ownership or common corporate control.
---------------------------------------------------------------------------
\6\ For purposes of the regulation, an ``affiliate'' includes an
operating subsidiary of a bank or savings association, and a credit
union service organization that is controlled by a federal credit
union.
---------------------------------------------------------------------------
The Agencies do not believe there is a substantive difference
between the FACT Act definition of ``affiliate'' and the definition of
``affiliate'' in section 509 of the GLBA. The Agencies are not aware of
any circumstances in which two entities would be affiliates for
purposes of the FCRA but not for purposes of the GLBA privacy rules, or
vice versa. Also, even though affiliated entities have had to comply
with different FCRA and GLBA formulations of the ``affiliate''
definition since 1999, commenters did not identify any specific
compliance difficulties or uncertainty resulting from the fact that the
two statutes use somewhat different wording to describe what
constitutes an affiliate.
As explained in the supplementary information to the final medical
information rules, the Agencies declined to incorporate into the
definition of ``affiliate'' exceptions for entities regulated by the
same or similar functional regulators, entities in the same line of
business, or entities that share a common brand or identity. See 70 FR
70,665 (Nov. 22, 2005). These exceptions were incorporated into the
California Financial Information Privacy Act in August 2003.\7\
Congress, however, did not incorporate these exceptions from California
law into the definition of ``affiliate'' when it enacted the FACT Act
at the end of 2003. Accordingly, the Agencies believe that the approach
followed in the final medical information rules best effectuates the
intent of Congress.
---------------------------------------------------------------------------
\7\ See Cal. Financial Code Sec. 4053(c).
---------------------------------------------------------------------------
Under the GLBA privacy rules, the definition of ``control''
determines whether two or more entities meet the definition of
``affiliate.'' \8\ The Agencies included the same definition of
``control'' in the proposal and received no comments on the proposed
definition. The Agencies interpret the phrase ``related by common
ownership or common corporate control'' used in the FACT Act to have
the same meaning
[[Page 62913]]
as ``control'' in the GLBA privacy rules. For example, if an individual
owns 25 percent of two companies, the companies would be affiliates
under both the GLBA and FCRA definitions. However, the individual would
not be considered an affiliate of the companies because the definition
of ``affiliate'' is limited to companies. For purposes of clarity, the
final medical information rules defined the term ``control'' to mean
``common ownership or common corporate control'' in order to track more
closely the terminology used in the FACT Act. See 70 FR 70,664 (Nov.
22, 2005).\9\
---------------------------------------------------------------------------
\8\ See 12 CFR 40.3(g), 216.3(g), 332.3(g), 573.3(g), and
716(g).
\9\ For purposes of the regulation, NCUA presumes that a federal
credit union has a controlling influence over the management or
policies of a credit union service organization if it is 67 percent
owned by credit unions.
---------------------------------------------------------------------------
The proposal also defined the term ``company'' to mean any
corporation, limited liability company, business trust, general or
limited partnership, association, or similar organization. The proposed
definition of ``company'' excluded some entities that are ``persons''
under the FCRA, including estates, cooperatives, and governments or
governmental subdivisions or agencies, as well as individuals. The
Agencies received no comments on the proposed definition of
``company,'' which was adopted in the final medical information rules.
The Agencies adopted definitions of ``affiliate,'' ``common
ownership and common corporate control,'' and ``company'' in the final
FCRA medical information rules. See 70 FR 70,664 (Nov. 22, 2005). It is
unnecessary to re-publish those definitions in these rules.
Consumer
Proposed paragraph (e) defined the term ``consumer'' to mean an
individual. This definition is identical to the definition of
``consumer'' in section 603(c) of the FCRA.
Several commenters asked the Agencies to narrow the proposed
definition to apply only to individuals who obtain financial products
or services primarily for personal, family, or household purposes, in
part to achieve consistency with the definition of ``consumer'' in the
GLBA. The FCRA's definition of ``consumer,'' however, differs from, and
is broader than, the definition of that term in the GLBA. The Agencies
believe that the use of distinct definitions of ``consumer'' in the two
statutes reflects differences in the scope and objectives of each
statute. Therefore, the Agencies adopted the FCRA's statutory
definition of ``consumer'' in the final medical information rules. See
70 FR 70,664 (Nov. 22, 2005). It is unnecessary to re-publish the
definition in these rules. For purposes of this definition, an
individual acting through a legal representative would qualify as a
consumer.
Person
Proposed paragraph (l) defined the term ``person'' to mean any
individual, partnership, corporation, trust, estate, cooperative,
association, government or governmental subdivision or agency, or other
entity. This definition is identical to the definition of ``person'' in
section 603(b) of the FCRA.
One commenter requested clarification of how the proposed
definition of ``person'' would affect other provisions of the affiliate
marketing rules. Specifically, this commenter asked how the
supplementary information's discussion of agents might affect the scope
provisions of the rule.
The supplementary information to the proposal stated that a person
may act through an agent, including but not limited to a licensed agent
(in the case of an insurance company) or a trustee. The supplementary
information also provided that actions taken by an agent on behalf of a
person that are within the scope of the agency relationship would be
treated as actions of that person. The Agencies included these
statements to address comprehensively the status of agents and to
eliminate the need to refer specifically to licensed agents in the
proposed definition of ``pre-existing business relationship.'' As
discussed below, many commenters believed that licensed agents should
be expressly included in the definition of ``pre-existing business
relationship.'' The Agencies have revised the final rules in response
to those comments. By specifically addressing licensed agents, the
final rules do not alter the general principles of principal-agent
relationships that apply to all agents, not just licensed agents. The
Agencies will treat actions taken by an agent on behalf of a person
that are within the scope of the agency relationship as actions of that
person, regardless of whether the agent is a licensed agent or not.
The Agencies adopted the FCRA's statutory definition of ``person''
in the final medical information rules. See 70 FR 70664 (Nov. 22,
2005). Therefore, it is unnecessary to re-publish the definition in
these rules.
Section --.20 Coverage and definitions
Coverage
Section --.20(a) of the final rules identifies the persons covered
by Subpart C of each Agency's rule. Section --.20(a) thus describes the
scope of each Agency's rule.
Definitions
Section --.20(b) of the final rules contains the definitions of six
terms for purposes of Subpart C.
Clear and Conspicuous
Proposed Sec. --.3(c) defined the term ``clear and conspicuous''
to mean reasonably understandable and designed to call attention to the
nature and significance of the information presented. Under this
definition, institutions would retain flexibility in determining how
best to meet the clear and conspicuous standard. The supplementary
information to the proposal provided guidance regarding a number of
practices that institutions might wish to consider in making their
notices clear and conspicuous. These practices were derived largely
from guidance included in the GLBA privacy rules.
Industry commenters urged the Agencies not to define ``clear and
conspicuous'' in the final rules. The principal objection these
commenters raised was that this definition would significantly increase
the risk of litigation and civil liability. Although these commenters
recognized that the proposed definition was derived from the GLBA
privacy regulations, they noted that compliance with the GLBA privacy
regulations is enforced exclusively through administrative action, not
through private litigation. These commenters also stated that the Board
had withdrawn a similar proposal to define ``clear and conspicuous''
for purposes of Regulations B, E, M, Z, and DD, in part because of
concerns about civil liability. Some industry commenters believed that
it was not necessary to define the term in order for consumers to
receive clear and conspicuous disclosures based on industry's
experience in providing clear and conspicuous affiliate sharing opt-out
notices. Consumer groups believed that incorporation of the standard
and examples from the GLBA privacy regulations was not adequate because
they did not believe that the existing standard has proven sufficient
to ensure effective privacy notices.
In the final rules, the Agencies have relocated the definition of
``clear and conspicuous'' to Sec. --.20(b)(1) in order to limit its
applicability to the affiliate
[[Page 62914]]
marketing opt-out notice and renewal notice. Except for certain non-
substantive changes made for purposes of clarity, the definition of
``clear and conspicuous'' is the same as in the proposal and is
substantively the same as the definition used in the GLBA privacy
rules. The Agencies believe that the clear and conspicuous standard for
the affiliate marketing opt-out notices should be substantially similar
to the standard that applies to GLBA privacy notices because the
affiliate marketing opt-out notice may be provided on or with the GLBA
privacy notice.
In defining ``clear and conspicuous,'' the Agencies believe it is
more appropriate to focus on the affiliate marketing opt-out notices
that are the subject of this rulemaking, rather than adopting a
generally applicable definition governing all consumer disclosures
under the FCRA. This approach gives the Agencies the flexibility to
refine or clarify the clear and conspicuous requirement for different
disclosures, if necessary. In addition, this approach is consistent
with the approach the Board indicated it would take when it withdrew
its proposed clear and conspicuous rules. The Board noted that it
intended ``to focus on individual disclosures and to consider ways to
make specific improvements to the effectiveness of each disclosure.''
See 69 FR 35541, 35543 (June 25, 2004).
The statute directs the Agencies to provide specific guidance
regarding how to comply with the clear and conspicuous standard. See 15
U.S.C. 1681s-3(a)(2)(B). For that reason, the Agencies do not agree
with commenters that requested the elimination of the definition of
``clear and conspicuous'' and related guidance. Rather, the Agencies
believe it is necessary to define ``clear and conspicuous'' in the
final rules and provide specific guidance for how to satisfy that
standard in connection with this notice.
Accordingly, the final rules contain two types of specific guidance
on satisfying the requirement to provide a clear and conspicuous opt-
out notice. First, as in the proposal, the supplementary information to
the final rules describes certain techniques that may be used to make
notices clear and conspicuous. These techniques are described below.
Second, the Agencies have adopted model forms that may, but are not
required to, be used to facilitate compliance with the affiliate
marketing notice requirements. The requirement for clear and
conspicuous notices would be satisfied by the appropriate use of one of
the model forms.
As noted in the supplementary information to the proposal,
institutions may wish to consider a number of methods to make their
notices clear and conspicuous. The various methods described below for
making a notice clear and conspicuous are suggestions that institutions
may wish to consider in designing their notices. Use of any of these
methods alone or in combination is voluntary. Institutions are not
required to use any particular method or combination of methods to make
their disclosures clear and conspicuous. Rather, the particular facts
and circumstances will determine whether a disclosure is clear and
conspicuous.
A notice or disclosure may be made reasonably understandable
through various methods that include: Using clear and concise
sentences, paragraphs, and sections; using short explanatory sentences;
using bullet lists; using definite, concrete, everyday words; using
active voice; avoiding multiple negatives; avoiding legal and highly
technical business terminology; and avoiding explanations that are
imprecise and are readily subject to different interpretations. In
addition, a notice or disclosure may be designed to call attention to
the nature and significance of the information in it through various
methods that include: Using a plain-language heading; using a typeface
and type size that are easy to read; using wide margins and ample line
spacing; and using boldface or italics for key words. Further,
institutions that provide the notice on a Web page may use text or
visual cues to encourage scrolling down the page, if necessary, to view
the entire notice and may take steps to ensure that other elements on
the Web site (such as text, graphics, hyperlinks, or sound) do not
distract attention from the notice. When a notice or disclosure is
combined with other information, methods for designing the notice or
disclosure to call attention to the nature and significance of the
information in it may include using distinctive type sizes, styles,
fonts, paragraphs, headings, graphic devices, and appropriate groupings
of information. However, there is no need to use distinctive features,
such as distinctive type sizes, styles, or fonts, to differentiate an
affiliate marketing opt-out notice from other components of a required
disclosure, for example, where a GLBA privacy notice combines several
opt-out disclosures in a single notice. Moreover, nothing in the clear
and conspicuous standard requires segregation of the affiliate
marketing opt-out notice when it is combined with a GLBA privacy notice
or other required disclosures.
The Agencies recognize that it will not be feasible or appropriate
to incorporate all of the methods described above all the time. The
Agencies recommend, but do not require, that institutions consider the
methods described above in designing their opt-out notices. The
Agencies also encourage the use of consumer or other readability
testing to devise notices that are understandable to consumers.
Finally, although the Agencies understand the concerns of some
industry commenters about the potential for civil liability, the
Agencies believe that these concerns are mitigated by the safe harbors
afforded by the model forms in Appendix C. The Agencies note that the
affiliate sharing opt-out notice under section 603(d)(2)(A)(iii) of the
FCRA, which may be enforced through private rights of action, must be
included in the GLBA privacy notice. Therefore, the affiliate sharing
opt-out notice generally is disclosed in a manner consistent with the
clear and conspicuous standard set forth in the GLBA privacy
regulations. Commenters did not identify any litigation that has
resulted from the requirement to provide a clear and conspicuous
affiliate sharing opt-out notice. The Agencies believe that compliance
with the examples and use of the model forms, although optional, should
minimize the risk of litigation.
Concise
Proposed Sec. --.21(b) defined the term ``concise'' to mean a
reasonably brief expression or statement. The proposal also provided
that a notice required by Subpart C may be concise even if it is
combined with other disclosures required or authorized by federal or
state law. Such disclosures include, but are not limited to, a GLBA
privacy notice, an affiliate-sharing notice under section
603(d)(2)(A)(iii) of the FCRA, and other consumer disclosures. Finally,
the proposal clarified that the requirement for a concise notice would
be satisfied by the appropriate use of one of the model forms contained
in proposed Appendix C to each Agency's FCRA rule, although use of the
model forms is not required. The Agencies received no comments on the
proposed definition of ``concise.'' The final rules renumber the
definition of ``concise'' as Sec. --.20(b)(2). The reference to the
model forms has been moved to Appendix C, but otherwise the definition
is adopted as proposed.
[[Page 62915]]
Eligibility Information
Proposed Sec. --.3(j) defined the term ``eligibility information''
to mean any information the communication of which would be a consumer
report if the exclusions from the definition of ``consumer report'' in
section 603(d)(2)(A) of the FCRA did not apply. As proposed,
eligibility information would include a person's own transaction or
experience information, such as information about a consumer's account
history with that person, and ``other'' information under section
603(d)(2)(A)(iii), such as information from consumer reports or
applications.
Most commenters generally supported the proposed definition of
``eligibility information'' as an appropriate means of simplifying the
statutory terminology without changing the scope of the information
covered by the rule. A number of commenters requested that the Agencies
clarify that certain types of information do not constitute eligibility
information, such as name, address, telephone number, Social Security
number, and other identifying information. One commenter requested the
exclusion of publicly available information from the definition.
Another commenter requested additional clarification regarding the term
``transaction or experience information.'' A few commenters suggested
that the Agencies include examples of what is and is not included
within ``eligibility information.'' Finally, one commenter urged the
Agencies to revise the definition to restate much of the statutory
definition of ``consumer report'' to eliminate the need for cross-
references.
The final rules renumber the definition of ``eligibility
information'' as --.20(b)(3). The Agencies have revised the definition
to clarify that the term ``eligibility information'' does not include
aggregate or blind data that does not contain personal identifiers.
Examples of personal identifiers include account numbers, names, or
addresses, as indicated in the definition, as well as Social Security
numbers, driver's license numbers, telephone numbers, or other types of
information that, depending on the circumstances or when used in
combination, could identify the individual.
The Agencies also believe that further clarification of, or
exclusions from, the term ``eligibility information,'' such as the
categorical exclusion of names, addresses, telephone numbers, other
identifying information, or publicly available information, would
directly implicate the definitions of ``consumer report'' and
``consumer reporting agency'' in sections 603(d) and (f), respectively,
of the FCRA. The Agencies decided not to define the terms ``consumer
report'' and ``consumer reporting agency'' in this rulemaking and not
to interpret the meaning of terms used in those definitions, such as
``transaction or experience'' information. The Agencies anticipate
addressing the definitions of ``consumer report'' and ``consumer
reporting agency'' in a separate rulemaking after the required FACT Act
rules have been completed. The Agencies also note that financial
institutions have relied on these statutory definitions for many years.
Pre-Existing Business Relationship
Proposed Sec. --.3(m) defined the term ``pre-existing business
relationship'' to mean a relationship between a person and a consumer
based on the following:
(1) A financial contract between the person and the consumer that
is in force;
(2) The purchase, rental, or lease by the consumer of that person's
goods or services, or a financial transaction (including holding an
active account or a policy in force or having another continuing
relationship) between the consumer and that person, during the 18-month
period immediately preceding the date on which a solicitation covered
by Subpart C is sent to the consumer; or
(3) An inquiry or application by the consumer regarding a product
or service offered by that person during the three-month period
immediately preceding the date on which a solicitation covered by
Subpart C is sent to the consumer.
The proposed definition generally tracked the statutory definition
contained in section 624 of the FCRA, with certain revisions for
clarity. Although the statute gave the Agencies the authority to
identify by regulation other circumstances that qualify as a pre-
existing business relationship, the Agencies did not propose to
exercise this authority. In the final rules, the definition of ``pre-
existing business relationship'' has been renumbered as Sec.
--.20(b)(4).
Industry commenters suggested certain revisions to the proposed
definition of ``pre-existing business relationship.'' Many industry
commenters asked the Agencies to include in the definition statutory
language relating to ``a person's licensed agent.'' A number of these
commenters noted that this concept was particularly important to the
insurance industry where independent, licensed agents frequently act as
the main point of contact between the consumer and the insurance
company.
In the final rules, the phrase ``or a person's licensed agent'' has
been added to the definition of ``pre-existing business relationship''
to track the statutory language. For example, assume that a person is a
licensed agent for the affiliated ABC life, auto, and homeowners'
insurance companies. A consumer purchases an ABC auto insurance policy
through the licensed agent. The licensed agent may use eligibility
information about the consumer obtained in connection with the ABC auto
policy it sold to the consumer to market ABC life and homeowner's
insurance policies to the consumer for the duration of the pre-existing
business relationship without offering the consumer the opportunity to
opt out of that use.
Regarding the first basis for a pre-existing business relationship
(a financial contract in force), several industry commenters asked the
Agencies to clarify that a financial contract includes any in-force
contract that relates to a financial product or service covered by
title V of the GLBA. One commenter objected to the requirement that the
contract be in force on the date of the solicitation. This commenter
believed that the Agencies should interpret the statute to permit the
exception to apply if a contract is in force at the time the affiliate
uses the information, rather than when the solicitation is sent, noting
that there may be a delay between the use and the solicitation.
The Agencies have revised the first prong of the definition of
``pre-existing business relationship'' to reflect the definition's
relocation to Subpart C, but have otherwise adopted it as proposed.
Although a comprehensive definition of the term ``financial contract''
has not been included in the final rules, the Agencies construe the
statutory term ``financial contract'' at least to include a contract
that relates to a consumer's purchase or lease of a financial product
or service that a financial holding company could offer under section
4(k) of the Bank Holding Company Act of 1956 (12 U.S.C. 1843(k)). In
addition, a financial contract which is in force will, in virtually all
instances, qualify as a ``financial transaction,'' as that term is used
in the second prong of the definition of ``pre-existing business
relationship.'' The Agencies do not agree with the suggestion that the
financial contract should be in force on the date of use rather than on
the date the solicitation is sent. The approach taken in the proposed
and final rules is consistent with the approach used in the other two
prongs of the statutory definition.
[[Page 62916]]
Industry commenters also suggested certain clarifications to the
second basis for a pre-existing business relationship--a purchase,
rental, or lease by the consumer of the person's goods or services, or
a financial transaction between the consumer and the person during the
preceding 18 months. Several industry commenters noted that,
notwithstanding the example in the proposal regarding a lapsed
insurance policy, it was not clear from what point in time the 18-month
period begins to run in the case of many purchase, rental, lease, or
financial transactions. These commenters asked the Agencies to clarify
that the 18-month period begins to run at the time all contractual
responsibilities of either party under the purchase, rental, lease, or
financial transaction expire. In addition, some commenters indicated
that the term ``active account'' should be clarified to mean any
account with outstanding contractual responsibilities on either side of
an account relationship, regardless of whether specific transactions do
or do not occur on that account.
The Agencies have revised the second prong of the definition of
``pre-existing business relationship'' to reflect the definition's
relocation to Subpart C, but have otherwise adopted it as proposed. The
Agencies decline to interpret the term ``active account'' as requested
by some commenters. The Agencies note that section 603(r) of the FCRA
defines the term ``account'' to have the same meaning as in section 903
of the Electronic Fund Transfer Act (EFTA). Under the EFTA, the term
``account'' means a demand deposit, savings deposit, or other asset
account established primarily for personal, family, or household
purposes. Some commenters, however, apparently believed that the term
``active account'' included extensions of credit. Credit extensions
presumably would qualify as ``another continuing relationship,'' as
used in the definition of ``pre-existing business relationship.''
More generally, however, even though a ``financial transaction''
would include in virtually all cases a financial contract which is in
force, as noted above, the Agencies do not believe it is appropriate to
state that the 18-month period begins to run when all outstanding
contractual responsibilities of both parties expire, regardless of
whether specific transactions occur. Such a clarification would not
appropriately address circumstances such as charge-offs, bankruptcies,
early terminations, or extended periods of credit inactivity that could
trigger commencement of the 18 month period. In addition, some contract
provisions, such as arbitration clauses and choice of law provisions,
may continue to have legal effect after all contractual performance has
ended. The Agencies do not believe that the continued effectiveness of
such provisions should delay commencement of the 18-month period.
Nevertheless, the Agencies believe that a few examples may provide
useful guidance to facilitate compliance. For example, in the case of a
closed-end mortgage or auto loan, the 18-month period generally would
begin to run when the consumer pays off the outstanding balance on the
loan. In a lease or rental transaction, the 18-month period generally
would begin to run when the lease or rental agreement expires or is
terminated by mutual agreement. In the case of general purpose credit
cards that are issued with an expiration date, the 18-month period
generally would begin to run when the consumer pays off the outstanding
balance on the card and the card is either cancelled or expires without
being renewed.
Commenters also made certain suggestions regarding the third basis
for a pre-existing business relationship--an inquiry or application by
the consumer regarding a product or service offered by the person
during the preceding three months. Consumer groups urged the Agencies
to clarify that an inquiry must be made of the specific affiliate,
rather than a general inquiry about a product or service. Industry
commenters expressed concern about certain statements in the
supplementary information that explained the meaning of an inquiry.
The Agencies do not agree that an inquiry must be made of a
specific affiliate. Many affiliated institutions use a central call
center to handle consumer inquiries. The clarification urged by
consumer groups could preclude the establishment of a pre-existing
business relationship based on a consumer's call to a central call
center about a specific product or service offered by an affiliate.
In the supplementary information to the proposal, the Agencies
noted that certain elements of the definition of ``pre-existing
business relationship'' were substantially similar to the definition of
``established business relationship'' under the amended Telemarketing
Sales Rule (TSR) (16 CFR 310.2(n)). The TSR definition was informed by
Congress's intent that the ``established business relationship''
exemption to the ``do not call'' provisions of the Telephone Consumer
Protection Act (47 U.S.C. 227 et seq.) should be grounded on the
reasonable expectations of the consumer.\10\ The Agencies observed that
Congress's incorporation of similar language in the definition of
``pre-existing business relationship'' \11\ suggested that it would be
appropriate to consider the reasonable expectations of the consumer in
determining the scope of this exception. Thus, the Agencies explained
that, for purposes of this regulation, an inquiry would include any
affirmative request by a consumer for information after which the
consumer would reasonably expect to receive information from the
affiliate about its products or services.\12\ Moreover, a consumer
would not reasonably expect to receive information from the affiliate
if the consumer did not request information or did not provide contact
information to the affiliate.
---------------------------------------------------------------------------
\10\ H.R. Rep. No. 102-317, at 14-15 (1991). See also 68 FR
4,580, 4,591-94 (Jan. 29, 2003).
\11\ 149 Cong. Rec. S13,980 (daily ed. Nov. 5, 2003) (statement
of Senator Feinstein) (noting that the ``pre-existing business
relationship'' definition ``is the same definition developed by the
Federal Trade Commission in creating a national `Do Not Call'
registry for telemarketers'').
\12\ See 68 FR at 4,594.
---------------------------------------------------------------------------
Industry commenters objected to the discussion in the supplementary
information. Some of these commenters believed that looking to the
reasonable expectations of the consumer would narrow the scope of the
exception and impose on institutions a subjective standard that
depended upon the consumer's state of mind. These commenters also
maintained that the availability of the exception should not depend
upon the consumer both requesting information and providing contact
information to the affiliate. Some commenters noted that either
requesting information or providing contact information should suffice
to establish an expectation of receiving solicitations. Other
commenters noted that consumers would not provide contact information
if they believed that the affiliate would already have the consumer's
contact information or would obtain it from the consumer's financial
institution. Some commenters believed that the consumer should not have
to make an affirmative request for information in order to have an
inquiry. Commenters also expressed concern that the discussion in the
supplementary information would require consumers to use specific words
to trigger the exception.
The Agencies have revised the third prong of the definition of
``pre-existing business relationship'' to reflect the definition's
relocation to Subpart C, but have otherwise adopted it as proposed. The
Agencies continue to believe that it
[[Page 62917]]
is appropriate to consider what the consumer says in determining
whether the consumer has made an inquiry about a product or service. It
may not be necessary, however, for the consumer to provide contact
information in all cases. As discussed below, the Agencies have revised
the examples of inquiries to illustrate different circumstances.
Consumer groups and NAAG urged the Agencies not to expand the
definition of ``pre-existing business relationship'' to include any
additional types of relationships. Industry commenters suggested a
number of additional bases for establishing a pre-existing business
relationship. Several industry commenters believed that the term ``pre-
existing business relationship'' should be defined to include
relationships arising out of the ownership of servicing rights, a
participation interest in lending transactions, and similar
relationships. These commenters provided no further explanation for why
such an expansion was necessary. One commenter urged the Agencies to
expand the definition of ``pre-existing business relationship'' to
apply to affiliates that share a common trade name, share the same
employees or representatives, operate out of the same physical location
or locations, and offer similar products.
In addition, a number of industry commenters requested
clarification of the term ``pre-existing business relationship'' as
applied to manufacturers that make sales through dealers. These
commenters explained that automobile manufacturers do not sell vehicles
directly to consumers, but through franchised dealers. Vehicle
financing may be arranged through a manufacturer's captive finance
company or independent sources of financing. These commenters noted
that manufacturers often provide consumers with information about
warranty coverage, recall notices, and other product information.
According to these commenters, manufacturers also send solicitations to
consumers about their products and services, drawing in part on
transaction or experience information from the captive finance company.
These commenters asked the Agencies to clarify that the relationship
between a manufacturer and a consumer qualifies as a pre-existing
business relationship based on the purchase, rental, or lease of the
manufacturer's goods, or, alternatively, to exercise their authority to
add this relationship as an additional basis for a pre-existing
business relationship. One commenter asked the Agencies to clarify that
a pre-existing business relationship could be established even if the
person provides a product or service to the consumer without charging a
fee.
The Agencies do not believe it is necessary to add any additional
bases for a pre-existing business relationship. The Agencies
acknowledge that a pre-existing business relationship exists where a
person owns the servicing rights to a consumer's loan and such person
collects payments from, or otherwise deals directly with, the consumer.
In the Agencies' view, however, that situation qualifies as a financial
transaction and thus falls within the second prong of the definition of
``pre-existing business relationship.'' The Agencies have included an
example, discussed below, to illustrate how the ownership of servicing
rights can create a pre-existing business relationship.
A pre-existing business relationship does not arise, however,
solely from a participation interest in a lending transaction because
such an interest does not result in a financial contract or a financial
transaction between the consumer and the participating party. The
Agencies decline to add a specific provision for franchised dealers.
The statute contains no special provision addressing franchised
dealers, as it does for licensed agents. Moreover, a franchised dealer
and a manufacturer generally are not affiliates and thus are subject to
the GLBA privacy rules relating to information sharing with non-
affiliated third parties. The Agencies also find no basis for including
within the meaning of ``pre-existing business relationship'' any
affiliate that shares a common trade name or representatives, or that
operates from the same location or offers similar products. Finally,
the Agencies decline to add a provision that would create a pre-
existing business relationship when a consumer obtains a product or
service without charge from a person. Such a provision would be overly
broad, is not necessary given the breadth of the statutory definition
of ``pre-existing business relationship,'' and could result in
circumvention of the notice requirement.
Proposed Sec. --.20(d)(1) provided four examples of the pre-
existing business relationship exception. In the final rules, these
examples have been renumbered as Sec. --.20(b)(4)(ii) and (iii), and
revised to illustrate the definition of ``pre-existing business
relationship,'' rather than the corresponding exception.
The two examples relating to the first and second prongs of the
definition of ``pre-existing business relationship'' have been revised
in Sec. --.20(b)(4)(ii)(A) and (B) to focus on a depository
institution as the person with the pre-existing business relationship,
but are otherwise substantively similar to the proposal. One commenter
recommended expanding the example now contained in Sec.
--.20(b)(4)(ii)(A) to refer to the licensed agent that wrote the policy
or services the relationship. The Agencies believe that adding the term
``licensed agent'' to the definition is sufficient and see no reason to
further complicate this example to illustrate how the definition
applies to licensed agents.
Section --.20(b)(4)(ii)(C) is new and illustrates when a pre-
existing business relationship is created in the context of a mortgage
loan. This example specifically addresses circumstances where either
the loan or ownership of the servicing rights to the loan is sold to a
third party. As this example illustrates, sale of the entire loan by
the original lender terminates the financial transaction between the
consumer and that lender and creates a new financial transaction
between the consumer and the purchaser of the loan. However, the
original lender's sale of a fractional interest in the loan to an
investor does not create a new financial transaction between the
consumer and the investor. When the original lender sells a fractional
interest in the consumer's loan to an investor but also retains an
ownership interest in the loan, however, the original lender continues
to have a pre-existing business relationship with the consumer because
the consumer obtained a loan from the lender and the lender continues
to own an interest in the loan. In addition, the ownership of servicing
rights coupled with direct dealings with the consumer results in a
financial transaction between the consumer and the owner of the
servicing rights, thereby creating a pre-existing business relationship
between the consumer and the owner of the servicing rights. The
Agencies note that a financial institution that owns servicing rights
generally has a customer relationship with the consumer and an
obligation to provide a GLBA privacy notice to the consumer.
The example in proposed Sec. --.20(d)(1)(iii) regarding
applications and inquiries elicited comment. Some industry commenters
urged the Agencies to revise this example so that it does not depend
upon the consumer's expectations or the consumer providing contact
information. These commenters noted, for example, that the contact
information would be self-evident if the consumer makes an e-mail
request or provides a return address on an envelope. These commenters
also believed that in the case of a telephone
[[Page 62918]]
call initiated by a consumer, a captured telephone number should be
sufficient to create an inquiry if the consumer requests information
about products or services.
In the final rules, the Agencies have crafted three separate
examples from proposed Sec. --.20(d)(1)(iii). Section
--.20(b)(4)(ii)(D) provides an example where a consumer applies for a
product or service, but does not obtain the product or service for
which she applied. Contact information is not mentioned in this example
because the consumer presumably would have supplied it on the
application.
Section --.20(b)(4)(ii)(E) provides an example where a consumer
makes a telephone inquiry about a product or service offered by a
depository institution and provides contact information to the
institution, but does not obtain a product or service from or enter
into a financial transaction with the institution. The Agencies do not
believe that an institution's capture of a consumer's telephone number
during a telephone conversation with the consumer about the
institution's products or services is sufficient to create an inquiry.
In that circumstance, to ensure that an inquiry has been made, the
institution should ask the consumer to provide his or her contact
information, or confirm with the consumer that the consumer has a pre-
existing business relationship with an affiliate.
Section --.20(b)(4)(ii)(F) provides an example where the consumer
makes an e-mail inquiry about a product or service offered by a
depository institution, but does not separately provide contact
information. In that case, the consumer provides the financial
institution with contact information in the form of the consumer's e-
mail address. In addition, e-mail communications, unlike telephone
communications, do not provide institutions with the same opportunity
to ask for the consumer's contact information.
Industry commenters recommended deleting the example in proposed
Sec. --.20(d)(1)(iv) illustrating a call center scenario where a
consumer would not reasonably expect to receive information from an
affiliate. In the final rules, the Agencies have included a positive
example of an inquiry made by a consumer through a call center in Sec.
--.20(b)(4)(ii)(G), while retaining the negative example from the
proposal in Sec. --.20(b)(4)(iii)(A). In addition, the Agencies have
included in Sec. --.20(b)(4)(iii)(B) an example of a consumer call to
ask about retail locations and hours, which does not create a pre-
existing business relationship. This example is substantively similar
to the example from proposed Sec. --.20(d)(2)(iii).
A new example in Sec. --.20(b)(4)(iii)(C) illustrates a case where
a consumer responds to an advertisement that offers a free promotional
item, but the advertisement does not indicate that an affiliate's
products or services will be marketed to consumers who respond to the
advertisement. The example illustrates that the consumer's response
does not create a pre-existing business relationship because the
consumer has not made an inquiry about a product or service, but has
merely responded to an offer for a free promotional item. Similarly, if
a consumer is directed by a company with which the consumer has a pre-