Fair Credit Reporting Affiliate Marketing Regulations, 62910-62990 [07-5349]

Download as PDF 62910 Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations DEPARTMENT OF THE TREASURY Office of the Comptroller of the Currency 12 CFR Part 41 [Docket ID. OCC–2007–0010] RIN 1557–AC88 FEDERAL RESERVE SYSTEM 12 CFR Part 222 [Regulation V; Docket No. R–1203] FEDERAL DEPOSIT INSURANCE CORPORATION 12 CFR Part 334 RIN 3064–AC83 DEPARTMENT OF THE TREASURY Office of Thrift Supervision 12 CFR Part 571 [Docket ID. OTS–2007–0020] RIN 1550–AB90 NATIONAL CREDIT UNION ADMINISTRATION 12 CFR Part 717 Fair Credit Reporting Affiliate Marketing Regulations Office of the Comptroller of the Currency, Treasury (OCC); Board of Governors of the Federal Reserve System (Board); Federal Deposit Insurance Corporation (FDIC); Office of Thrift Supervision, Treasury (OTS); and National Credit Union Administration (NCUA). ACTION: Final rules. AGENCIES: The OCC, Board, FDIC, OTS, and NCUA (Agencies) are publishing final rules to implement the affiliate marketing provisions in section 214 of the Fair and Accurate Credit Transactions Act of 2003, which amends the Fair Credit Reporting Act. The final rules generally prohibit a person from using information received from an affiliate to make a solicitation for marketing purposes to a consumer, unless the consumer is given notice and a reasonable opportunity and a reasonable and simple method to opt out of the making of such solicitations. DATES: Effective Date: These rules are effective January 1, 2008. Mandatory Compliance Date: October 1, 2008. FOR FURTHER INFORMATION CONTACT: OCC: Amy Friend, Assistant Chief rwilkins on PROD1PC63 with RULES_2 SUMMARY: VerDate Aug<31>2005 16:20 Nov 06, 2007 Jkt 214001 Counsel, (202) 874–5200; Michael Bylsma, Director, or Stephen Van Meter, Assistant Director, Community and Consumer Law, (202) 874–5750; or Patrick T. Tierney, Senior Attorney, Legislative and Regulatory Activities Division, (202) 874–5090, Office of the Comptroller of the Currency, 250 E Street, SW., Washington, DC 20219. Board: David A. Stein, Counsel; Ky Tran-Trong, Counsel; or Amy E. Burke, Attorney, Division of Consumer and Community Affairs, (202) 452–3667 or (202) 452–2412; or Kara Handzlik, Attorney, Legal Division, (202) 452– 3852, Board of Governors of the Federal Reserve System, 20th and C Streets, NW., Washington, DC 20551. For users of a Telecommunications Device for the Deaf (TDD) only, contact (202) 263– 4869. FDIC: Ruth R. Amberg, Senior Counsel, (202) 898–3736, or Richard M. Schwartz, Counsel, Legal Division, (202) 898–7424; April Breslaw, Chief, Compliance Section, (202) 898–6609; David P. Lafleur, Policy Analyst, Division of Supervision and Consumer Protection, (202) 898–6569, Federal Deposit Insurance Corporation, 550 17th Street, NW., Washington, DC 20429. OTS: Suzanne McQueen, Consumer Regulations Analyst, Compliance and Consumer Protection Division, (202) 906–6459; or Richard Bennett, Senior Compliance Counsel, (202) 906–7409, Office of Thrift Supervision, 1700 G Street, NW., Washington, DC 20552. NCUA: Linda Dent, Staff Attorney, Office of General Counsel, (703) 518– 6540, National Credit Union Administration, 1775 Duke Street, Alexandria, VA 22314–3428. SUPPLEMENTARY INFORMATION: I. Background The Fair Credit Reporting Act The Fair Credit Reporting Act (FCRA or Act), which was enacted in 1970, sets standards for the collection, communication, and use of information bearing on a consumer’s credit worthiness, credit standing, credit capacity, character, general reputation, personal characteristics, or mode of living. (15 U.S.C. 1681–1681x.) In 1996, the Consumer Credit Reporting Reform Act extensively amended the FCRA. (Pub. L. 104–208, 110 Stat. 3009.) The FCRA, as amended, provides that a person may communicate to an affiliate or a non-affiliated third party information solely as to transactions or experiences between the consumer and the person without becoming a PO 00000 Frm 00002 Fmt 4701 Sfmt 4700 consumer reporting agency.1 In addition, the communication of such transaction or experience information among affiliates will not result in any affiliate becoming a consumer reporting agency. See FCRA §§ 603(d)(2)(A)(i) and (ii). Section 603(d)(2)(A)(iii) of the FCRA provides that a person may communicate ‘‘other’’ information—that is, information that is not transaction or experience information—among its affiliates without becoming a consumer reporting agency if it is clearly and conspicuously disclosed to the consumer that such information may be communicated among affiliates and the consumer is given an opportunity, before the information is communicated, to ‘‘opt out’’ or direct that the information not be communicated among such affiliates, and the consumer has not opted out. The Fair and Accurate Credit Transactions Act of 2003 The President signed into law the Fair and Accurate Credit Transactions Act of 2003 (FACT Act) on December 4, 2003. (Pub. L. 108–159, 117 Stat. 1952.) In general, the FACT Act amends the FCRA to enhance the ability of consumers to combat identity theft, increase the accuracy of consumer reports, restrict the use of medical information in credit eligibility determinations, and allow consumers to exercise greater control regarding the type and number of solicitations they receive. Section 214 of the FACT Act added a new section 624 to the FCRA. This provision gives consumers the right to restrict a person from using certain information obtained from an affiliate to make solicitations to that consumer. Section 624 generally provides that if a person receives certain consumer eligibility information from an affiliate, the person may not use that information to make solicitations to the consumer about its products or services, unless the consumer is given notice and an opportunity and a simple method to opt out of such use of the information, and the consumer does not opt out. The statute also provides that section 624 does not apply, for example, to a person using eligibility information: (1) To make solicitations to a consumer with whom the person has a pre-existing business relationship; (2) to perform services for another affiliate subject to certain conditions; (3) in response to a communication initiated by the 1 The FCRA creates substantial obligations for a person that meets the definition of a ‘‘consumer reporting agency’’ in section 603(f) of the statute. E:\FR\FM\07NOR2.SGM 07NOR2 Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations rwilkins on PROD1PC63 with RULES_2 consumer; or (4) to make a solicitation that has been authorized or requested by the consumer. Unlike the FCRA affiliate sharing opt-out and the Gramm-LeachBliley Act (GLBA) non-affiliate sharing opt-out, which apply indefinitely, section 624 provides that a consumer’s affiliate marketing opt-out election must be effective for a period of at least five years. Upon expiration of the opt-out period, the consumer must be given a renewal notice and an opportunity to renew the opt-out before information received from an affiliate may be used to make solicitations to the consumer. Section 624 governs the use of information by an affiliate, not the sharing of information among affiliates, and thus is distinct from the affiliate sharing opt-out under section 603(d)(2)(A)(iii) of the FCRA. Nevertheless, the affiliate marketing and affiliate sharing opt-outs and the information subject to the two opt-outs overlap to some extent. As noted above, the FCRA allows transaction or experience information to be shared among affiliates without giving the consumer notice and an opportunity to opt out, but provides that ‘‘other’’ information, such as information from credit reports and credit applications, may not be shared among affiliates without giving the consumer notice and an opportunity to opt out. The new affiliate marketing opt-out applies to both transaction or experience information and ‘‘other’’ information. Thus, certain information will be subject to two opt-outs, a sharing optout and a marketing use opt-out. Section 214(b) of the FACT Act requires the Agencies, the Federal Trade Commission (FTC), and the Securities and Exchange Commission (SEC) to prescribe regulations, in consultation and coordination with each other, to implement the FCRA’s affiliate marketing opt-out provisions. In adopting regulations, each Agency must ensure that the affiliate marketing notification methods provide a simple means for consumers to make choices under section 624, consider the affiliate sharing notification practices employed on the date of enactment by persons subject to section 624, and ensure that notices may be coordinated and consolidated with other notices required by law. II. The Interagency Proposal On July 15, 2004, the Agencies published a notice of proposed rulemaking in the Federal Register (69 FR 42502) to implement section 214 of VerDate Aug<31>2005 16:20 Nov 06, 2007 Jkt 214001 the FACT Act.2 The proposal defined the key terms ‘‘pre-existing business relationship’’ and ‘‘solicitation’’ essentially as defined in the statute. The Agencies did not propose to include additional circumstances within the meaning of ‘‘pre-existing business relationship’’ or other types of communications within the meaning of ‘‘solicitation.’’ To address the scope of the affiliate marketing opt-out, the proposal defined ‘‘eligibility information’’ to mean any information the communication of which would be a ‘‘consumer report’’ if the statutory exclusions from the definition of ‘‘consumer report’’ in section 603(d)(2)(A) of the FCRA for transaction or experience information and for ‘‘other’’ information that is subject to the affiliate-sharing opt-out did not apply. The Agencies substituted the term ‘‘eligibility information’’ for the more complicated statutory language regarding the communication of information that would be a consumer report, but for clauses (i), (ii), and (iii) of section 603(d)(2)(A) of the FCRA.3 In addition, the proposal incorporated each of the scope limitations contained in the statute, such as the pre-existing business relationship exception. Section 624 does not state which affiliate must give the consumer the affiliate marketing opt-out notice. The proposal provided that the person communicating information about a consumer to its affiliate would be responsible for satisfying the notice requirement, if applicable. A rule of construction provided flexibility to allow the notice to be given by the person that communicates information to its affiliate, by the person’s agent, or through a joint notice with one or more other affiliates. The Agencies designed this approach to provide flexibility and to facilitate the use of a single coordinated notice, while taking into account existing affiliate sharing notification practices. At the same time, the approach sought to ensure that the 2 The FTC published its proposed affiliate marketing rule in the Federal Register on June 15, 2004 (69 FR 33324). The SEC published its proposed affiliate marketing rule in the Federal Register on July 14, 2004 (69 FR 42301). 3 Under section 603(d)(1) of the FCRA, a ‘‘consumer report’’ means any written, oral, or other communication of any information by a consumer reporting agency bearing on a consumer’s credit worthiness, credit standing, credit capacity, character, general reputation, personal characteristics, or mode of living which is used or expected to be used or collected in whole or in part for the purpose of serving as a factor in establishing the consumer’s eligibility for credit or insurance to be used primarily for personal, family, or household purposes, employment purposes, or any other purpose authorized in section 604 of the FCRA. 15 U.S.C. 1681a(d). PO 00000 Frm 00003 Fmt 4701 Sfmt 4700 62911 notice would be effective because it generally would be provided by or on behalf of an entity from which the consumer would expect to receive important notices, and would not be provided along with solicitations. The proposal also provided guidance on the contents of the opt-out notice, what constitutes a reasonable opportunity to opt out, reasonable and simple methods of opting out, and the delivery of opt-out notices. Finally, the proposal provided guidance on the effect of the limited duration of the optout and the requirement to provide an extension notice upon expiration of the opt-out period. III. Overview of Comments Received Each agency received the following number of comment letters: OCC—30, Board—42, FDIC—29, OTS—20, NCUA—18. Many commenters sent copies of the same letter to more than one Agency. The Agencies received comments from a variety of banks, thrifts, credit unions, credit card companies, mortgage lenders, other nonbank creditors, and industry trade associations. The Agencies also received comments from consumer groups, the National Association of Attorneys General (‘‘NAAG’’), and individual consumers. In addition, the Agencies considered comments submitted to the FTC and the SEC. Most industry commenters objected to several key aspects of the proposal. The most significant areas of concern raised by industry commenters related to which affiliate would be responsible for providing the notice, the scope of certain exceptions to the notice and optout requirement, and the content or the inclusion of definitions for terms such as ‘‘clear and conspicuous’’ and ‘‘preexisting business relationship.’’ Consumer groups and NAAG generally supported the proposal, although these commenters believed that the proposal could be strengthened in certain respects. A more detailed discussion of the comments is contained in the Section-by-Section Analysis below. IV. Section-by-Section Analysis Section l.1 Purpose, Scope, and Effective Dates Section l.1 of the proposal set forth the purpose and scope of each Agency’s regulations. The Agencies received few comments on this section. Some of the Agencies have revised this section in the final rules for clarity and to reflect the fact that the institutions subject to the FCRA regulation will vary in different subparts of the Agencies’ FCRA rules. The coverage provision for E:\FR\FM\07NOR2.SGM 07NOR2 62912 Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations each Agency’s affiliate marketing rule is set forth in Subpart C, § l.20(a). Section l.2 Examples Proposed § ll.2 described the scope and effect of the examples included in the proposed rule. Most commenters supported the proposed use of nonexclusive examples to illustrate the operation of the rules. One commenter, concerned that the use of examples would increase the risk of litigation, urged the Agencies to delete all examples. The Agencies adopted § l.2 as part of the final medical information rules. See 70 FR 70664 (Nov. 22, 2005). The comments received in this rulemaking do not warrant any revisions to § l.2. The Agencies do not believe the use of illustrative examples will materially increase the risk of litigation, but rather will provide useful guidance for compliance purposes, which may alleviate litigation risks for institutions. Therefore, it is unnecessary to republish § l.2 in these final rules. As § l.2 states, examples in a paragraph illustrate only the issue described in the paragraph and do not illustrate any other issue that may arise in the part. Similarly, the examples do not illustrate any issues that may arise under other laws or regulations.4 rwilkins on PROD1PC63 with RULES_2 Section l.3 Definitions Section l.3 of the proposal contained definitions for the following terms: ‘‘Act,’’ ‘‘affiliate’’ (as well as the related terms ‘‘company’’ and ‘‘control’’); ‘‘clear and conspicuous’’; ‘‘consumer’’; ‘‘eligibility information’’; ‘‘person’’; ‘‘pre-existing business relationship’’; ‘‘solicitation’’; and, except for the OCC’s proposal, ‘‘you.’’ The Agencies have previously defined the terms ‘‘Act,’’ ‘‘affiliate,’’ ‘‘company,’’ ‘‘consumer,’’ and ‘‘person,’’ along with a definition of ‘‘common ownership or common corporate control’’ as a substitute for the definition of ‘‘control,’’ as part of the final medical information rules. See 70 FR 70664 (Nov. 22, 2005). Those definitions that elicited comment are discussed below. However, it is unnecessary to re-publish § l.3 in these final rules because the Agencies have not revised these definitions. The Agencies have moved the definitions of ‘‘clear and conspicuous,’’ ‘‘eligibility information,’’ ‘‘pre-existing business relationship,’’ ‘‘solicitation,’’ and ‘‘you’’ or ‘‘bank’’ to Subpart C, § l.20(b). Three of these terms relate 4 NCUA has modified examples in its final rule text where the original example referenced products or services impermissible for federal credit unions. VerDate Aug<31>2005 16:20 Nov 06, 2007 Jkt 214001 solely to the affiliate marketing provisions and, thus, are more appropriately defined in Subpart C. For the reasons discussed below, the Agencies also believe that it is more appropriate to define ‘‘clear and conspicuous’’ for the limited purpose of the affiliate marketing rules. Each of these definitions is discussed in detail below. Affiliate, Common Ownership or Common Corporate Control, and Company Several FCRA provisions apply to information sharing with persons ‘‘related by common ownership or affiliated by corporate control,’’ ‘‘related by common ownership or affiliated by common corporate control,’’ or ‘‘affiliated by common ownership or common corporate control.’’ E.g., FCRA, sections 603(d)(2), 615(b)(2), and 625(b)(2). Each of these provisions was enacted as part of the 1996 amendments to the FCRA. Similarly, section 2 of the FACT Act defines the term ‘‘affiliate’’ to mean ‘‘persons that are related by common ownership or affiliated by corporate control.’’ In contrast, the GLBA defines ‘‘affiliate’’ to mean ‘‘any company that controls, is controlled by, or is under common control with another company.’’ See 15 U.S.C. 6809(6). In the proposal, the Agencies sought to harmonize the various FCRA and FACT Act formulations by defining ‘‘affiliate’’ to mean ‘‘any person that is related by common ownership or common corporate control with another person.’’ Industry commenters generally supported the Agencies’ goal of harmonizing the various FCRA definitions of ‘‘affiliate’’ for consistency. Many of these commenters, however, believed that the most effective way to do this was for the Agencies to incorporate into the FCRA the definition of ‘‘affiliate’’ used in the GLBA privacy regulations. In addition, a few industry commenters urged the Agencies to incorporate into the definition of ‘‘affiliate’’ certain concepts from California’s Financial Information Privacy Act so as to exempt certain classes of corporate affiliates from the restrictions on affiliate sharing or marketing.5 In the final medical information rules, the Agencies defined the term ‘‘affiliate’’ to mean a company that is related by 5 These commenters noted that the California law places no restriction on information sharing among affiliates if they: (1) Are regulated by the same or similar functional regulators; (2) are involved in the same broad line of business, such as banking, insurance, or securities; and (3) share a common brand identity. PO 00000 Frm 00004 Fmt 4701 Sfmt 4700 common ownership or common corporate control with another company. See 70 FR 70,664 (Nov. 22, 2005).6 The Agencies substituted the term ‘‘company’’ for ‘‘person’’ in the definition because they did not believe that certain types of persons, such as individuals, could be related by common ownership or common corporate control. The Agencies do not believe there is a substantive difference between the FACT Act definition of ‘‘affiliate’’ and the definition of ‘‘affiliate’’ in section 509 of the GLBA. The Agencies are not aware of any circumstances in which two entities would be affiliates for purposes of the FCRA but not for purposes of the GLBA privacy rules, or vice versa. Also, even though affiliated entities have had to comply with different FCRA and GLBA formulations of the ‘‘affiliate’’ definition since 1999, commenters did not identify any specific compliance difficulties or uncertainty resulting from the fact that the two statutes use somewhat different wording to describe what constitutes an affiliate. As explained in the supplementary information to the final medical information rules, the Agencies declined to incorporate into the definition of ‘‘affiliate’’ exceptions for entities regulated by the same or similar functional regulators, entities in the same line of business, or entities that share a common brand or identity. See 70 FR 70,665 (Nov. 22, 2005). These exceptions were incorporated into the California Financial Information Privacy Act in August 2003.7 Congress, however, did not incorporate these exceptions from California law into the definition of ‘‘affiliate’’ when it enacted the FACT Act at the end of 2003. Accordingly, the Agencies believe that the approach followed in the final medical information rules best effectuates the intent of Congress. Under the GLBA privacy rules, the definition of ‘‘control’’ determines whether two or more entities meet the definition of ‘‘affiliate.’’ 8 The Agencies included the same definition of ‘‘control’’ in the proposal and received no comments on the proposed definition. The Agencies interpret the phrase ‘‘related by common ownership or common corporate control’’ used in the FACT Act to have the same meaning 6 For purposes of the regulation, an ‘‘affiliate’’ includes an operating subsidiary of a bank or savings association, and a credit union service organization that is controlled by a federal credit union. 7 See Cal. Financial Code § 4053(c). 8 See 12 CFR 40.3(g), 216.3(g), 332.3(g), 573.3(g), and 716(g). E:\FR\FM\07NOR2.SGM 07NOR2 Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations rwilkins on PROD1PC63 with RULES_2 as ‘‘control’’ in the GLBA privacy rules. For example, if an individual owns 25 percent of two companies, the companies would be affiliates under both the GLBA and FCRA definitions. However, the individual would not be considered an affiliate of the companies because the definition of ‘‘affiliate’’ is limited to companies. For purposes of clarity, the final medical information rules defined the term ‘‘control’’ to mean ‘‘common ownership or common corporate control’’ in order to track more closely the terminology used in the FACT Act. See 70 FR 70,664 (Nov. 22, 2005).9 The proposal also defined the term ‘‘company’’ to mean any corporation, limited liability company, business trust, general or limited partnership, association, or similar organization. The proposed definition of ‘‘company’’ excluded some entities that are ‘‘persons’’ under the FCRA, including estates, cooperatives, and governments or governmental subdivisions or agencies, as well as individuals. The Agencies received no comments on the proposed definition of ‘‘company,’’ which was adopted in the final medical information rules. The Agencies adopted definitions of ‘‘affiliate,’’ ‘‘common ownership and common corporate control,’’ and ‘‘company’’ in the final FCRA medical information rules. See 70 FR 70,664 (Nov. 22, 2005). It is unnecessary to republish those definitions in these rules. Consumer Proposed paragraph (e) defined the term ‘‘consumer’’ to mean an individual. This definition is identical to the definition of ‘‘consumer’’ in section 603(c) of the FCRA. Several commenters asked the Agencies to narrow the proposed definition to apply only to individuals who obtain financial products or services primarily for personal, family, or household purposes, in part to achieve consistency with the definition of ‘‘consumer’’ in the GLBA. The FCRA’s definition of ‘‘consumer,’’ however, differs from, and is broader than, the definition of that term in the GLBA. The Agencies believe that the use of distinct definitions of ‘‘consumer’’ in the two statutes reflects differences in the scope and objectives of each statute. Therefore, the Agencies adopted the FCRA’s statutory definition of ‘‘consumer’’ in the final medical information rules. See 70 FR 70,664 9 For purposes of the regulation, NCUA presumes that a federal credit union has a controlling influence over the management or policies of a credit union service organization if it is 67 percent owned by credit unions. VerDate Aug<31>2005 16:20 Nov 06, 2007 Jkt 214001 (Nov. 22, 2005). It is unnecessary to republish the definition in these rules. For purposes of this definition, an individual acting through a legal representative would qualify as a consumer. Person Proposed paragraph (l) defined the term ‘‘person’’ to mean any individual, partnership, corporation, trust, estate, cooperative, association, government or governmental subdivision or agency, or other entity. This definition is identical to the definition of ‘‘person’’ in section 603(b) of the FCRA. One commenter requested clarification of how the proposed definition of ‘‘person’’ would affect other provisions of the affiliate marketing rules. Specifically, this commenter asked how the supplementary information’s discussion of agents might affect the scope provisions of the rule. The supplementary information to the proposal stated that a person may act through an agent, including but not limited to a licensed agent (in the case of an insurance company) or a trustee. The supplementary information also provided that actions taken by an agent on behalf of a person that are within the scope of the agency relationship would be treated as actions of that person. The Agencies included these statements to address comprehensively the status of agents and to eliminate the need to refer specifically to licensed agents in the proposed definition of ‘‘pre-existing business relationship.’’ As discussed below, many commenters believed that licensed agents should be expressly included in the definition of ‘‘preexisting business relationship.’’ The Agencies have revised the final rules in response to those comments. By specifically addressing licensed agents, the final rules do not alter the general principles of principal-agent relationships that apply to all agents, not just licensed agents. The Agencies will treat actions taken by an agent on behalf of a person that are within the scope of the agency relationship as actions of that person, regardless of whether the agent is a licensed agent or not. The Agencies adopted the FCRA’s statutory definition of ‘‘person’’ in the final medical information rules. See 70 FR 70664 (Nov. 22, 2005). Therefore, it is unnecessary to re-publish the definition in these rules. PO 00000 Frm 00005 Fmt 4701 Sfmt 4700 Section l.20 62913 Coverage and definitions Coverage Section l.20(a) of the final rules identifies the persons covered by Subpart C of each Agency’s rule. Section l.20(a) thus describes the scope of each Agency’s rule. Definitions Section l.20(b) of the final rules contains the definitions of six terms for purposes of Subpart C. Clear and Conspicuous Proposed § l.3(c) defined the term ‘‘clear and conspicuous’’ to mean reasonably understandable and designed to call attention to the nature and significance of the information presented. Under this definition, institutions would retain flexibility in determining how best to meet the clear and conspicuous standard. The supplementary information to the proposal provided guidance regarding a number of practices that institutions might wish to consider in making their notices clear and conspicuous. These practices were derived largely from guidance included in the GLBA privacy rules. Industry commenters urged the Agencies not to define ‘‘clear and conspicuous’’ in the final rules. The principal objection these commenters raised was that this definition would significantly increase the risk of litigation and civil liability. Although these commenters recognized that the proposed definition was derived from the GLBA privacy regulations, they noted that compliance with the GLBA privacy regulations is enforced exclusively through administrative action, not through private litigation. These commenters also stated that the Board had withdrawn a similar proposal to define ‘‘clear and conspicuous’’ for purposes of Regulations B, E, M, Z, and DD, in part because of concerns about civil liability. Some industry commenters believed that it was not necessary to define the term in order for consumers to receive clear and conspicuous disclosures based on industry’s experience in providing clear and conspicuous affiliate sharing optout notices. Consumer groups believed that incorporation of the standard and examples from the GLBA privacy regulations was not adequate because they did not believe that the existing standard has proven sufficient to ensure effective privacy notices. In the final rules, the Agencies have relocated the definition of ‘‘clear and conspicuous’’ to § l.20(b)(1) in order to limit its applicability to the affiliate E:\FR\FM\07NOR2.SGM 07NOR2 rwilkins on PROD1PC63 with RULES_2 62914 Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations marketing opt-out notice and renewal notice. Except for certain nonsubstantive changes made for purposes of clarity, the definition of ‘‘clear and conspicuous’’ is the same as in the proposal and is substantively the same as the definition used in the GLBA privacy rules. The Agencies believe that the clear and conspicuous standard for the affiliate marketing opt-out notices should be substantially similar to the standard that applies to GLBA privacy notices because the affiliate marketing opt-out notice may be provided on or with the GLBA privacy notice. In defining ‘‘clear and conspicuous,’’ the Agencies believe it is more appropriate to focus on the affiliate marketing opt-out notices that are the subject of this rulemaking, rather than adopting a generally applicable definition governing all consumer disclosures under the FCRA. This approach gives the Agencies the flexibility to refine or clarify the clear and conspicuous requirement for different disclosures, if necessary. In addition, this approach is consistent with the approach the Board indicated it would take when it withdrew its proposed clear and conspicuous rules. The Board noted that it intended ‘‘to focus on individual disclosures and to consider ways to make specific improvements to the effectiveness of each disclosure.’’ See 69 FR 35541, 35543 (June 25, 2004). The statute directs the Agencies to provide specific guidance regarding how to comply with the clear and conspicuous standard. See 15 U.S.C. 1681s–3(a)(2)(B). For that reason, the Agencies do not agree with commenters that requested the elimination of the definition of ‘‘clear and conspicuous’’ and related guidance. Rather, the Agencies believe it is necessary to define ‘‘clear and conspicuous’’ in the final rules and provide specific guidance for how to satisfy that standard in connection with this notice. Accordingly, the final rules contain two types of specific guidance on satisfying the requirement to provide a clear and conspicuous opt-out notice. First, as in the proposal, the supplementary information to the final rules describes certain techniques that may be used to make notices clear and conspicuous. These techniques are described below. Second, the Agencies have adopted model forms that may, but are not required to, be used to facilitate compliance with the affiliate marketing notice requirements. The requirement for clear and conspicuous notices would be satisfied by the appropriate use of one of the model forms. VerDate Aug<31>2005 16:20 Nov 06, 2007 Jkt 214001 As noted in the supplementary information to the proposal, institutions may wish to consider a number of methods to make their notices clear and conspicuous. The various methods described below for making a notice clear and conspicuous are suggestions that institutions may wish to consider in designing their notices. Use of any of these methods alone or in combination is voluntary. Institutions are not required to use any particular method or combination of methods to make their disclosures clear and conspicuous. Rather, the particular facts and circumstances will determine whether a disclosure is clear and conspicuous. A notice or disclosure may be made reasonably understandable through various methods that include: Using clear and concise sentences, paragraphs, and sections; using short explanatory sentences; using bullet lists; using definite, concrete, everyday words; using active voice; avoiding multiple negatives; avoiding legal and highly technical business terminology; and avoiding explanations that are imprecise and are readily subject to different interpretations. In addition, a notice or disclosure may be designed to call attention to the nature and significance of the information in it through various methods that include: Using a plainlanguage heading; using a typeface and type size that are easy to read; using wide margins and ample line spacing; and using boldface or italics for key words. Further, institutions that provide the notice on a Web page may use text or visual cues to encourage scrolling down the page, if necessary, to view the entire notice and may take steps to ensure that other elements on the Web site (such as text, graphics, hyperlinks, or sound) do not distract attention from the notice. When a notice or disclosure is combined with other information, methods for designing the notice or disclosure to call attention to the nature and significance of the information in it may include using distinctive type sizes, styles, fonts, paragraphs, headings, graphic devices, and appropriate groupings of information. However, there is no need to use distinctive features, such as distinctive type sizes, styles, or fonts, to differentiate an affiliate marketing optout notice from other components of a required disclosure, for example, where a GLBA privacy notice combines several opt-out disclosures in a single notice. Moreover, nothing in the clear and conspicuous standard requires segregation of the affiliate marketing opt-out notice when it is combined with PO 00000 Frm 00006 Fmt 4701 Sfmt 4700 a GLBA privacy notice or other required disclosures. The Agencies recognize that it will not be feasible or appropriate to incorporate all of the methods described above all the time. The Agencies recommend, but do not require, that institutions consider the methods described above in designing their optout notices. The Agencies also encourage the use of consumer or other readability testing to devise notices that are understandable to consumers. Finally, although the Agencies understand the concerns of some industry commenters about the potential for civil liability, the Agencies believe that these concerns are mitigated by the safe harbors afforded by the model forms in Appendix C. The Agencies note that the affiliate sharing opt-out notice under section 603(d)(2)(A)(iii) of the FCRA, which may be enforced through private rights of action, must be included in the GLBA privacy notice. Therefore, the affiliate sharing opt-out notice generally is disclosed in a manner consistent with the clear and conspicuous standard set forth in the GLBA privacy regulations. Commenters did not identify any litigation that has resulted from the requirement to provide a clear and conspicuous affiliate sharing opt-out notice. The Agencies believe that compliance with the examples and use of the model forms, although optional, should minimize the risk of litigation. Concise Proposed § l.21(b) defined the term ‘‘concise’’ to mean a reasonably brief expression or statement. The proposal also provided that a notice required by Subpart C may be concise even if it is combined with other disclosures required or authorized by federal or state law. Such disclosures include, but are not limited to, a GLBA privacy notice, an affiliate-sharing notice under section 603(d)(2)(A)(iii) of the FCRA, and other consumer disclosures. Finally, the proposal clarified that the requirement for a concise notice would be satisfied by the appropriate use of one of the model forms contained in proposed Appendix C to each Agency’s FCRA rule, although use of the model forms is not required. The Agencies received no comments on the proposed definition of ‘‘concise.’’ The final rules renumber the definition of ‘‘concise’’ as § l.20(b)(2). The reference to the model forms has been moved to Appendix C, but otherwise the definition is adopted as proposed. E:\FR\FM\07NOR2.SGM 07NOR2 rwilkins on PROD1PC63 with RULES_2 Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations Eligibility Information Proposed § l.3(j) defined the term ‘‘eligibility information’’ to mean any information the communication of which would be a consumer report if the exclusions from the definition of ‘‘consumer report’’ in section 603(d)(2)(A) of the FCRA did not apply. As proposed, eligibility information would include a person’s own transaction or experience information, such as information about a consumer’s account history with that person, and ‘‘other’’ information under section 603(d)(2)(A)(iii), such as information from consumer reports or applications. Most commenters generally supported the proposed definition of ‘‘eligibility information’’ as an appropriate means of simplifying the statutory terminology without changing the scope of the information covered by the rule. A number of commenters requested that the Agencies clarify that certain types of information do not constitute eligibility information, such as name, address, telephone number, Social Security number, and other identifying information. One commenter requested the exclusion of publicly available information from the definition. Another commenter requested additional clarification regarding the term ‘‘transaction or experience information.’’ A few commenters suggested that the Agencies include examples of what is and is not included within ‘‘eligibility information.’’ Finally, one commenter urged the Agencies to revise the definition to restate much of the statutory definition of ‘‘consumer report’’ to eliminate the need for cross-references. The final rules renumber the definition of ‘‘eligibility information’’ as l.20(b)(3). The Agencies have revised the definition to clarify that the term ‘‘eligibility information’’ does not include aggregate or blind data that does not contain personal identifiers. Examples of personal identifiers include account numbers, names, or addresses, as indicated in the definition, as well as Social Security numbers, driver’s license numbers, telephone numbers, or other types of information that, depending on the circumstances or when used in combination, could identify the individual. The Agencies also believe that further clarification of, or exclusions from, the term ‘‘eligibility information,’’ such as the categorical exclusion of names, addresses, telephone numbers, other identifying information, or publicly available information, would directly implicate the definitions of ‘‘consumer report’’ and ‘‘consumer reporting VerDate Aug<31>2005 16:20 Nov 06, 2007 Jkt 214001 agency’’ in sections 603(d) and (f), respectively, of the FCRA. The Agencies decided not to define the terms ‘‘consumer report’’ and ‘‘consumer reporting agency’’ in this rulemaking and not to interpret the meaning of terms used in those definitions, such as ‘‘transaction or experience’’ information. The Agencies anticipate addressing the definitions of ‘‘consumer report’’ and ‘‘consumer reporting agency’’ in a separate rulemaking after the required FACT Act rules have been completed. The Agencies also note that financial institutions have relied on these statutory definitions for many years. Pre-Existing Business Relationship Proposed § l.3(m) defined the term ‘‘pre-existing business relationship’’ to mean a relationship between a person and a consumer based on the following: (1) A financial contract between the person and the consumer that is in force; (2) The purchase, rental, or lease by the consumer of that person’s goods or services, or a financial transaction (including holding an active account or a policy in force or having another continuing relationship) between the consumer and that person, during the 18-month period immediately preceding the date on which a solicitation covered by Subpart C is sent to the consumer; or (3) An inquiry or application by the consumer regarding a product or service offered by that person during the threemonth period immediately preceding the date on which a solicitation covered by Subpart C is sent to the consumer. The proposed definition generally tracked the statutory definition contained in section 624 of the FCRA, with certain revisions for clarity. Although the statute gave the Agencies the authority to identify by regulation other circumstances that qualify as a pre-existing business relationship, the Agencies did not propose to exercise this authority. In the final rules, the definition of ‘‘pre-existing business relationship’’ has been renumbered as § l.20(b)(4). Industry commenters suggested certain revisions to the proposed definition of ‘‘pre-existing business relationship.’’ Many industry commenters asked the Agencies to include in the definition statutory language relating to ‘‘a person’s licensed agent.’’ A number of these commenters noted that this concept was particularly important to the insurance industry where independent, licensed agents frequently act as the main point of contact between the consumer and the insurance company. PO 00000 Frm 00007 Fmt 4701 Sfmt 4700 62915 In the final rules, the phrase ‘‘or a person’s licensed agent’’ has been added to the definition of ‘‘pre-existing business relationship’’ to track the statutory language. For example, assume that a person is a licensed agent for the affiliated ABC life, auto, and homeowners’ insurance companies. A consumer purchases an ABC auto insurance policy through the licensed agent. The licensed agent may use eligibility information about the consumer obtained in connection with the ABC auto policy it sold to the consumer to market ABC life and homeowner’s insurance policies to the consumer for the duration of the preexisting business relationship without offering the consumer the opportunity to opt out of that use. Regarding the first basis for a preexisting business relationship (a financial contract in force), several industry commenters asked the Agencies to clarify that a financial contract includes any in-force contract that relates to a financial product or service covered by title V of the GLBA. One commenter objected to the requirement that the contract be in force on the date of the solicitation. This commenter believed that the Agencies should interpret the statute to permit the exception to apply if a contract is in force at the time the affiliate uses the information, rather than when the solicitation is sent, noting that there may be a delay between the use and the solicitation. The Agencies have revised the first prong of the definition of ‘‘pre-existing business relationship’’ to reflect the definition’s relocation to Subpart C, but have otherwise adopted it as proposed. Although a comprehensive definition of the term ‘‘financial contract’’ has not been included in the final rules, the Agencies construe the statutory term ‘‘financial contract’’ at least to include a contract that relates to a consumer’s purchase or lease of a financial product or service that a financial holding company could offer under section 4(k) of the Bank Holding Company Act of 1956 (12 U.S.C. 1843(k)). In addition, a financial contract which is in force will, in virtually all instances, qualify as a ‘‘financial transaction,’’ as that term is used in the second prong of the definition of ‘‘pre-existing business relationship.’’ The Agencies do not agree with the suggestion that the financial contract should be in force on the date of use rather than on the date the solicitation is sent. The approach taken in the proposed and final rules is consistent with the approach used in the other two prongs of the statutory definition. E:\FR\FM\07NOR2.SGM 07NOR2 rwilkins on PROD1PC63 with RULES_2 62916 Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations Industry commenters also suggested certain clarifications to the second basis for a pre-existing business relationship—a purchase, rental, or lease by the consumer of the person’s goods or services, or a financial transaction between the consumer and the person during the preceding 18 months. Several industry commenters noted that, notwithstanding the example in the proposal regarding a lapsed insurance policy, it was not clear from what point in time the 18-month period begins to run in the case of many purchase, rental, lease, or financial transactions. These commenters asked the Agencies to clarify that the 18month period begins to run at the time all contractual responsibilities of either party under the purchase, rental, lease, or financial transaction expire. In addition, some commenters indicated that the term ‘‘active account’’ should be clarified to mean any account with outstanding contractual responsibilities on either side of an account relationship, regardless of whether specific transactions do or do not occur on that account. The Agencies have revised the second prong of the definition of ‘‘pre-existing business relationship’’ to reflect the definition’s relocation to Subpart C, but have otherwise adopted it as proposed. The Agencies decline to interpret the term ‘‘active account’’ as requested by some commenters. The Agencies note that section 603(r) of the FCRA defines the term ‘‘account’’ to have the same meaning as in section 903 of the Electronic Fund Transfer Act (EFTA). Under the EFTA, the term ‘‘account’’ means a demand deposit, savings deposit, or other asset account established primarily for personal, family, or household purposes. Some commenters, however, apparently believed that the term ‘‘active account’’ included extensions of credit. Credit extensions presumably would qualify as ‘‘another continuing relationship,’’ as used in the definition of ‘‘pre-existing business relationship.’’ More generally, however, even though a ‘‘financial transaction’’ would include in virtually all cases a financial contract which is in force, as noted above, the Agencies do not believe it is appropriate to state that the 18-month period begins to run when all outstanding contractual responsibilities of both parties expire, regardless of whether specific transactions occur. Such a clarification would not appropriately address circumstances such as charge-offs, bankruptcies, early terminations, or extended periods of credit inactivity that could trigger commencement of the 18 month period. In addition, some VerDate Aug<31>2005 16:20 Nov 06, 2007 Jkt 214001 contract provisions, such as arbitration clauses and choice of law provisions, may continue to have legal effect after all contractual performance has ended. The Agencies do not believe that the continued effectiveness of such provisions should delay commencement of the 18-month period. Nevertheless, the Agencies believe that a few examples may provide useful guidance to facilitate compliance. For example, in the case of a closed-end mortgage or auto loan, the 18-month period generally would begin to run when the consumer pays off the outstanding balance on the loan. In a lease or rental transaction, the 18-month period generally would begin to run when the lease or rental agreement expires or is terminated by mutual agreement. In the case of general purpose credit cards that are issued with an expiration date, the 18-month period generally would begin to run when the consumer pays off the outstanding balance on the card and the card is either cancelled or expires without being renewed. Commenters also made certain suggestions regarding the third basis for a pre-existing business relationship—an inquiry or application by the consumer regarding a product or service offered by the person during the preceding three months. Consumer groups urged the Agencies to clarify that an inquiry must be made of the specific affiliate, rather than a general inquiry about a product or service. Industry commenters expressed concern about certain statements in the supplementary information that explained the meaning of an inquiry. The Agencies do not agree that an inquiry must be made of a specific affiliate. Many affiliated institutions use a central call center to handle consumer inquiries. The clarification urged by consumer groups could preclude the establishment of a pre-existing business relationship based on a consumer’s call to a central call center about a specific product or service offered by an affiliate. In the supplementary information to the proposal, the Agencies noted that certain elements of the definition of ‘‘pre-existing business relationship’’ were substantially similar to the definition of ‘‘established business relationship’’ under the amended Telemarketing Sales Rule (TSR) (16 CFR 310.2(n)). The TSR definition was informed by Congress’s intent that the ‘‘established business relationship’’ exemption to the ‘‘do not call’’ provisions of the Telephone Consumer Protection Act (47 U.S.C. 227 et seq.) should be grounded on the reasonable PO 00000 Frm 00008 Fmt 4701 Sfmt 4700 expectations of the consumer.10 The Agencies observed that Congress’s incorporation of similar language in the definition of ‘‘pre-existing business relationship’’ 11 suggested that it would be appropriate to consider the reasonable expectations of the consumer in determining the scope of this exception. Thus, the Agencies explained that, for purposes of this regulation, an inquiry would include any affirmative request by a consumer for information after which the consumer would reasonably expect to receive information from the affiliate about its products or services.12 Moreover, a consumer would not reasonably expect to receive information from the affiliate if the consumer did not request information or did not provide contact information to the affiliate. Industry commenters objected to the discussion in the supplementary information. Some of these commenters believed that looking to the reasonable expectations of the consumer would narrow the scope of the exception and impose on institutions a subjective standard that depended upon the consumer’s state of mind. These commenters also maintained that the availability of the exception should not depend upon the consumer both requesting information and providing contact information to the affiliate. Some commenters noted that either requesting information or providing contact information should suffice to establish an expectation of receiving solicitations. Other commenters noted that consumers would not provide contact information if they believed that the affiliate would already have the consumer’s contact information or would obtain it from the consumer’s financial institution. Some commenters believed that the consumer should not have to make an affirmative request for information in order to have an inquiry. Commenters also expressed concern that the discussion in the supplementary information would require consumers to use specific words to trigger the exception. The Agencies have revised the third prong of the definition of ‘‘pre-existing business relationship’’ to reflect the definition’s relocation to Subpart C, but have otherwise adopted it as proposed. The Agencies continue to believe that it 10 H.R. Rep. No. 102–317, at 14–15 (1991). See also 68 FR 4,580, 4,591–94 (Jan. 29, 2003). 11 149 Cong. Rec. S13,980 (daily ed. Nov. 5, 2003) (statement of Senator Feinstein) (noting that the ‘‘pre-existing business relationship’’ definition ‘‘is the same definition developed by the Federal Trade Commission in creating a national ‘Do Not Call’ registry for telemarketers’’). 12 See 68 FR at 4,594. E:\FR\FM\07NOR2.SGM 07NOR2 rwilkins on PROD1PC63 with RULES_2 Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations is appropriate to consider what the consumer says in determining whether the consumer has made an inquiry about a product or service. It may not be necessary, however, for the consumer to provide contact information in all cases. As discussed below, the Agencies have revised the examples of inquiries to illustrate different circumstances. Consumer groups and NAAG urged the Agencies not to expand the definition of ‘‘pre-existing business relationship’’ to include any additional types of relationships. Industry commenters suggested a number of additional bases for establishing a preexisting business relationship. Several industry commenters believed that the term ‘‘pre-existing business relationship’’ should be defined to include relationships arising out of the ownership of servicing rights, a participation interest in lending transactions, and similar relationships. These commenters provided no further explanation for why such an expansion was necessary. One commenter urged the Agencies to expand the definition of ‘‘pre-existing business relationship’’ to apply to affiliates that share a common trade name, share the same employees or representatives, operate out of the same physical location or locations, and offer similar products. In addition, a number of industry commenters requested clarification of the term ‘‘pre-existing business relationship’’ as applied to manufacturers that make sales through dealers. These commenters explained that automobile manufacturers do not sell vehicles directly to consumers, but through franchised dealers. Vehicle financing may be arranged through a manufacturer’s captive finance company or independent sources of financing. These commenters noted that manufacturers often provide consumers with information about warranty coverage, recall notices, and other product information. According to these commenters, manufacturers also send solicitations to consumers about their products and services, drawing in part on transaction or experience information from the captive finance company. These commenters asked the Agencies to clarify that the relationship between a manufacturer and a consumer qualifies as a pre-existing business relationship based on the purchase, rental, or lease of the manufacturer’s goods, or, alternatively, to exercise their authority to add this relationship as an additional basis for a pre-existing business relationship. One commenter asked the Agencies to clarify that a preexisting business relationship could be established even if the person provides VerDate Aug<31>2005 16:20 Nov 06, 2007 Jkt 214001 a product or service to the consumer without charging a fee. The Agencies do not believe it is necessary to add any additional bases for a pre-existing business relationship. The Agencies acknowledge that a preexisting business relationship exists where a person owns the servicing rights to a consumer’s loan and such person collects payments from, or otherwise deals directly with, the consumer. In the Agencies’ view, however, that situation qualifies as a financial transaction and thus falls within the second prong of the definition of ‘‘pre-existing business relationship.’’ The Agencies have included an example, discussed below, to illustrate how the ownership of servicing rights can create a pre-existing business relationship. A pre-existing business relationship does not arise, however, solely from a participation interest in a lending transaction because such an interest does not result in a financial contract or a financial transaction between the consumer and the participating party. The Agencies decline to add a specific provision for franchised dealers. The statute contains no special provision addressing franchised dealers, as it does for licensed agents. Moreover, a franchised dealer and a manufacturer generally are not affiliates and thus are subject to the GLBA privacy rules relating to information sharing with non-affiliated third parties. The Agencies also find no basis for including within the meaning of ‘‘preexisting business relationship’’ any affiliate that shares a common trade name or representatives, or that operates from the same location or offers similar products. Finally, the Agencies decline to add a provision that would create a pre-existing business relationship when a consumer obtains a product or service without charge from a person. Such a provision would be overly broad, is not necessary given the breadth of the statutory definition of ‘‘pre-existing business relationship,’’ and could result in circumvention of the notice requirement. Proposed § l.20(d)(1) provided four examples of the pre-existing business relationship exception. In the final rules, these examples have been renumbered as § l.20(b)(4)(ii) and (iii), and revised to illustrate the definition of ‘‘pre-existing business relationship,’’ rather than the corresponding exception. The two examples relating to the first and second prongs of the definition of ‘‘pre-existing business relationship’’ have been revised in § l.20(b)(4)(ii)(A) and (B) to focus on a depository PO 00000 Frm 00009 Fmt 4701 Sfmt 4700 62917 institution as the person with the preexisting business relationship, but are otherwise substantively similar to the proposal. One commenter recommended expanding the example now contained in § l.20(b)(4)(ii)(A) to refer to the licensed agent that wrote the policy or services the relationship. The Agencies believe that adding the term ‘‘licensed agent’’ to the definition is sufficient and see no reason to further complicate this example to illustrate how the definition applies to licensed agents. Section l.20(b)(4)(ii)(C) is new and illustrates when a pre-existing business relationship is created in the context of a mortgage loan. This example specifically addresses circumstances where either the loan or ownership of the servicing rights to the loan is sold to a third party. As this example illustrates, sale of the entire loan by the original lender terminates the financial transaction between the consumer and that lender and creates a new financial transaction between the consumer and the purchaser of the loan. However, the original lender’s sale of a fractional interest in the loan to an investor does not create a new financial transaction between the consumer and the investor. When the original lender sells a fractional interest in the consumer’s loan to an investor but also retains an ownership interest in the loan, however, the original lender continues to have a pre-existing business relationship with the consumer because the consumer obtained a loan from the lender and the lender continues to own an interest in the loan. In addition, the ownership of servicing rights coupled with direct dealings with the consumer results in a financial transaction between the consumer and the owner of the servicing rights, thereby creating a preexisting business relationship between the consumer and the owner of the servicing rights. The Agencies note that a financial institution that owns servicing rights generally has a customer relationship with the consumer and an obligation to provide a GLBA privacy notice to the consumer. The example in proposed § l.20(d)(1)(iii) regarding applications and inquiries elicited comment. Some industry commenters urged the Agencies to revise this example so that it does not depend upon the consumer’s expectations or the consumer providing contact information. These commenters noted, for example, that the contact information would be self-evident if the consumer makes an e-mail request or provides a return address on an envelope. These commenters also believed that in the case of a telephone E:\FR\FM\07NOR2.SGM 07NOR2 rwilkins on PROD1PC63 with RULES_2 62918 Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations call initiated by a consumer, a captured telephone number should be sufficient to create an inquiry if the consumer requests information about products or services. In the final rules, the Agencies have crafted three separate examples from proposed § l.20(d)(1)(iii). Section l.20(b)(4)(ii)(D) provides an example where a consumer applies for a product or service, but does not obtain the product or service for which she applied. Contact information is not mentioned in this example because the consumer presumably would have supplied it on the application. Section l.20(b)(4)(ii)(E) provides an example where a consumer makes a telephone inquiry about a product or service offered by a depository institution and provides contact information to the institution, but does not obtain a product or service from or enter into a financial transaction with the institution. The Agencies do not believe that an institution’s capture of a consumer’s telephone number during a telephone conversation with the consumer about the institution’s products or services is sufficient to create an inquiry. In that circumstance, to ensure that an inquiry has been made, the institution should ask the consumer to provide his or her contact information, or confirm with the consumer that the consumer has a preexisting business relationship with an affiliate. Section l.20(b)(4)(ii)(F) provides an example where the consumer makes an e-mail inquiry about a product or service offered by a depository institution, but does not separately provide contact information. In that case, the consumer provides the financial institution with contact information in the form of the consumer’s e-mail address. In addition, e-mail communications, unlike telephone communications, do not provide institutions with the same opportunity to ask for the consumer’s contact information. Industry commenters recommended deleting the example in proposed § l.20(d)(1)(iv) illustrating a call center scenario where a consumer would not reasonably expect to receive information from an affiliate. In the final rules, the Agencies have included a positive example of an inquiry made by a consumer through a call center in § l.20(b)(4)(ii)(G), while retaining the negative example from the proposal in § l.20(b)(4)(iii)(A). In addition, the Agencies have included in § l.20(b)(4)(iii)(B) an example of a consumer call to ask about retail locations and hours, which does not VerDate Aug<31>2005 16:20 Nov 06, 2007 Jkt 214001 create a pre-existing business relationship. This example is substantively similar to the example from proposed § l.20(d)(2)(iii). A new example in § l.20(b)(4)(iii)(C) illustrates a case where a consumer responds to an advertisement that offers a free promotional item, but the advertisement does not indicate that an affiliate’s products or services will be marketed to consumers who respond to the advertisement. The example illustrates that the consumer’s response does not create a pre-existing business relationship because the consumer has not made an inquiry about a product or service, but has merely responded to an offer for a free promotional item. Similarly, if a consumer is directed by a company with which the consumer has a pre-existing business relationship to contact the company’s affiliate to receive a promotional item but the company does not mention the affiliate’s products or services, the consumer’s contact with the affiliate about the promotional item does not create a pre-existing business relationship between the consumer and the affiliate. Solicitation Proposed § l.3(n) defined the term ‘‘solicitation’’ to mean marketing initiated by a person to a particular consumer that is based on eligibility information communicated to that person by its affiliate and is intended to encourage the consumer to purchase a product or service. The proposed definition further clarified that a communication, such as a telemarketing solicitation, direct mail, or e-mail, would be a solicitation if it is directed to a specific consumer based on eligibility information. The proposed definition did not, however, include communications that were directed at the general public without regard to eligibility information, even if those communications were intended to encourage consumers to purchase products and services from the person initiating the communications. Congress gave the Agencies the authority to determine by regulation that other communications do not constitute a solicitation. The Agencies did not propose to exercise this authority. The Agencies solicited comment on whether, and to what extent, various tools used in Internet marketing, such as pop-up ads, may constitute solicitations as opposed to communications directed at the general public, and whether further guidance was needed to address Internet marketing. PO 00000 Frm 00010 Fmt 4701 Sfmt 4700 Most commenters believed that the proposed definition tracked the statutory definition contained in section 624 of the FCRA. A number of industry commenters, however, believed that the proposed definition misstated the types of marketing that would not qualify as a solicitation. Specifically, the first sentence of proposed § l.3(n)(2) provided that ‘‘[a] solicitation does not include communications that are directed at the general public and distributed without the use of eligibility information communicated by an affiliate.’’ These commenters believed that a solicitation should not include either marketing directed at the general public or marketing distributed without the use of eligibility information communicated by an affiliate. Several industry commenters also requested that the Agencies include the phrase ‘‘of a product or service’’ in the introductory language for consistency with the statutory definition. Some industry commenters sought clarification that certain types of communications would not constitute solicitations, for example, marketing announcements delivered via pre-recorded call center messages, automated teller machine screens, or Internet sites, or product information provided at or through educational seminars, customer appreciation events, or newsletters. NAAG urged the Agencies to clarify the portion of the definition that refers to ‘‘a particular consumer.’’ NAAG believed that mass mailings of the same or similar marketing materials to a large group of consumers could fall within the definition of ‘‘solicitation,’’ so long as the marketing is based on eligibility information received from an affiliate. NAAG expressed concern that some might construe the term ‘‘particular’’ to narrow the meaning of a ‘‘solicitation.’’ With regard to Internet marketing, industry commenters urged the Agencies not to address such practices in this rulemaking. These commenters believed that the definition of ‘‘solicitation’’ should provide specific guidance that ‘‘pop-up’’ ads and other forms of Internet marketing generally were directed to the general public and not based on eligibility information received from an affiliate, or that such marketing would fall within an exception. NAAG believed that such advertisements should be treated as solicitations if they were based on any eligibility information received from an affiliate. Consumer groups believed that if an affiliate’s pop-up ads and other Internet marketing were the result of specific actions by the consumer or information collected based upon a consumer’s experience on the Internet, E:\FR\FM\07NOR2.SGM 07NOR2 rwilkins on PROD1PC63 with RULES_2 Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations then such marketing should be considered solicitations. These commenters also believed that pop-up ads and other Internet marketing targeted to all customers of a company should be treated as solicitations if based on the consumer’s experience on the Internet. Section l.20(b)(5) of the final rules contains the definition of ‘‘solicitation.’’ The definition has been revised to track the statutory language more closely. The phrase ‘‘of a product or service’’ has been added to the definition, as requested by some commenters. To ensure consistency with the definition of ‘‘pre-existing business relationship,’’ the phrase ‘‘or obtain’’ has been retained so that the definition of ‘‘solicitation’’ will include marketing for the rental or lease of goods or services, financial transactions, and financial contracts. The Agencies have also deleted as unnecessary the reference to communications ‘‘distributed without the use of eligibility information communicated by an affiliate.’’ Marketing that is undertaken without the use of eligibility information received from an affiliate is not covered by the affiliate marketing rules. Moreover, there is no restriction on using eligibility information received from an affiliate in marketing directed at the general public, such as radio, television, or billboard advertisements. The phrase ‘‘to a particular consumer’’ has been retained because it is part of the statutory definition. The Agencies do not believe that the phrase ‘‘to a particular consumer’’ excludes largescale marketing campaigns from the definition of ‘‘solicitation’’ because, within such campaigns, eligibility information received from an affiliate may be used to target individual consumers. The definition of ‘‘solicitation’’ does not distinguish between different mediums. A determination of whether a marketing communication constitutes a solicitation depends upon the facts and circumstances. The Agencies have decided not to make those determinations in this rulemaking. Thus, the Agencies are not adopting special rules or guidance regarding Internet-based marketing; whether Internet-based marketing is a solicitation in a particular case will be determined according to the same criteria that apply to other means of marketing. The Agencies also decline to exclude categorically from the definition of ‘‘solicitation’’ marketing messages on voice response units, ATM screens, or other forms of media. Marketing delivered via such media may be solicitations if such marketing is VerDate Aug<31>2005 16:20 Nov 06, 2007 Jkt 214001 targeted to a particular consumer based on eligibility information received from an affiliate. For example, a marketing message on an ATM screen would be a solicitation if it is targeted to a particular consumer based on eligibility information received from an affiliate, but would not be a solicitation if it is delivered to all consumers that use the ATM. Similarly, the Agencies decline to exclude educational seminars, customer appreciation events, focus group invitations, and similar forms of communication from the definition of ‘‘solicitation.’’ The Agencies believe that such activities must be evaluated according to the facts and circumstances and some of those activities may be coupled with, or a prelude to, a solicitation. For example, an invitation to a financial educational seminar where the invitees are selected based on eligibility information received from an affiliate may be a solicitation if the seminar is used to solicit the consumer to purchase investment products or services. You or Bank Section l.20(b)(6) of each Agency’s rule defines either ‘‘you’’ or ‘‘bank’’ to include persons covered by Subpart C of the Agency’s rule, as described in § l.20(a). Section l.21 Affiliate Marketing Optout and Exceptions Initial Notice and Opt-out Requirement The Agencies proposed to establish certain rules relating to the requirement to provide the consumer with notice and a reasonable opportunity and a simple method to opt out of a person’s use of eligibility information that it obtained from an affiliate for the purpose of making or sending solicitations to the consumer. The Agencies noted that the statute is ambiguous because it does not specify which affiliate must provide the opt-out notice to the consumer. The Agencies addressed this ambiguity by proposing to place certain responsibilities on the communicating affiliate and other responsibilities on the receiving affiliate. Proposed § l.20(a) set forth the duties of a communicating affiliate. That section required the communicating affiliate to provide a notice to the consumer before a receiving affiliate could use eligibility information to make or send solicitations to the consumer. Under the proposal, the optout notice would state that eligibility information may be communicated to and used by the receiving affiliate to PO 00000 Frm 00011 Fmt 4701 Sfmt 4700 62919 make or send solicitations to the consumer regarding the affiliate’s products and services, and would give the consumer a reasonable opportunity and a simple method to opt out. Proposed § l.20(a) also contained two rules of construction relating to the communicating affiliate’s duty to provide the notice. The first rule of construction would have allowed the notice to be provided either in the name of a person with which the consumer currently does or previously has done business or in one or more common corporate names shared by members of an affiliated group of companies that includes the common corporate name used by that person. The rule of construction also would have provided alternatives regarding the manner in which the notice could be given, such as by allowing the communicating affiliate to provide the notice either directly to the consumer, through an agent, or through a joint notice with one or more of its affiliates. The second rule of construction would have clarified that, to avoid duplicate notices, it would not be necessary for each affiliate that communicates the same eligibility information to provide an opt-out notice to the consumer, so long as the notice provided by the affiliate that initially communicated the information was broad enough to cover use of that information by each affiliate that received and used it to make solicitations. The proposal included examples to illustrate how each of these rules of construction would work. Proposed § l.20(b) set forth the general duties of a receiving affiliate. That section would have prohibited the receiving affiliate from using eligibility information it received from an affiliate to make solicitations to the consumer unless, prior to such use, the consumer was provided an opt-out notice that applied to that affiliate’s use of eligibility information to make solicitations and a reasonable opportunity and simple method to opt out, and the consumer did not opt out of that use. Most industry commenters maintained that the final rules should not require any specific entity to provide the opt-out notice, but should only require that the consumer be provided an opt-out notice covering an affiliate’s use of eligibility information before a solicitation is made to the consumer. These commenters believed the final rules should provide flexibility and allow either the receiving affiliate, the communicating affiliate, or any other affiliate to provide the opt-out notice. These commenters maintained that the statute is not ambiguous and E:\FR\FM\07NOR2.SGM 07NOR2 rwilkins on PROD1PC63 with RULES_2 62920 Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations does not impose any obligations on a specific entity, such as the communicating affiliate, to provide the opt-out notice. Some of these commenters acknowledged, however, that the communicating affiliate would, as a practical matter, most likely give the opt-out notice. A number of industry commenters expressed concern that the proposed rules would create a basis for civil liability against the communicating affiliate under section 624 because that section is covered by the FCRA’s private right of action provisions in sections 616 and 617. Some commenters noted that, to avoid exposure to civil liability, a communicating affiliate would have to require receiving affiliates to commit to not using the information to make solicitations, give an opt-out notice whenever they share eligibility information with affiliates, or never share eligibility information with affiliates. These commenters maintained that, in many cases, none of these solutions would be practical, for example, where a receiving affiliate negligently failed to comply with a commitment not to make solicitations unless notice has been given to the consumer. Several industry commenters noted that the language in section 624(a)(1)(A) that ‘‘information may be communicated’’ could be included in an opt-out notice provided by the receiving affiliate. These commenters also believed that the statutory requirement that the Agencies consider existing affiliate sharing notification practices and permit coordinated and consolidated notices did not imply that the communicating affiliate should be responsible for providing the opt-out notice. Industry commenters made several suggestions for revising the language of the proposal. Some suggested revising proposed § l.20(a) to omit any reference to the communicating affiliate and to incorporate the passive voice used in the statute. Others suggested various ways of merging proposed § l.20(b) into proposed § l.20(a) to focus exclusively on the responsibilities of the receiving affiliate. One commenter identified certain drafting problems it believed arose from the fact that the proposal focused alternately on the communicating affiliate and the receiving affiliate and that those two entities may be regulated by different regulatory agencies. A few industry commenters acknowledged that the Agencies had raised legitimate concerns in the supplementary information to the proposal about how meaningful a notice VerDate Aug<31>2005 16:20 Nov 06, 2007 Jkt 214001 could be when provided by a receiving affiliate that the consumer may not recognize. These commenters believed that this concern could be addressed through other means. One commenter, for example, suggested the following introductory language in paragraph (a)(2): ‘‘The notice required by this paragraph (a) may be provided either in the name of the bank receiving the information (provided that such bank also identifies the affiliate which provided such information), in the name of the affiliate which provided such information, or in one or more common corporate names shared by such bank and the affiliate which provided the information, and may be provided in the following manner * * * ’’ Another industry commenter expressed support for the rules of construction with revisions to allow the use of brand names and trade names, as well as the actual ‘‘corporate’’ name, and to allow an agent or affiliate to send a common notice that uses more than one common name in a non-deceptive manner. Consumer group commenters supported making the communicating affiliate responsible for providing the notice and opportunity to opt out. These commenters believed that allowing the receiving affiliate to send the opt-out notice would invite consumer confusion as to whether or not the opt-out notice itself is a solicitation. These commenters also believed that the Agencies should require the names of the receiving affiliates to be clearly disclosed to the consumer. Consumer groups also believed that the proposed rules of construction struck a reasonable balance by allowing commonly named affiliates to share a notice while making clear that a notice from an affiliate with whom the consumer is not familiar will not be effective. They also suggested that the company with the pre-existing business relationship should be clearly marked on the opt-out notice. NAAG believed that a receiving affiliate should not be permitted to give the opt-out notice solely on its own behalf because a receiving affiliate is unlikely to be an entity from which the consumer would expect to receive important communications. NAAG also requested that the Agencies revise certain portions of the proposed rules of construction, for example, by deleting from proposed § l.20(a)(2)(i) the phrase ‘‘or previously has done business’’ based on concerns that it would render the notice partially ineffective because, even without this phrase, the notice would not be required for 18 months after a customer relationship ends. NAAG also requested that the Agencies revise proposed §§ l.20(a)(2)(B)(2) and PO 00000 Frm 00012 Fmt 4701 Sfmt 4700 (a)(2)(C) to clarify that the common name used must be one that includes the name used by the person providing the opt-out notice. In the proposal, the Agencies did not require the opt-out notice to be provided in writing. The Agencies noted, however, that they contemplated that the opt-out notice would be provided to the consumer in writing or, if the consumer agrees, electronically. The proposal solicited comment on whether there were circumstances in which it would be necessary and appropriate to allow oral notice and opt out and how an oral notice could satisfy the clear and conspicuous standard in the statute. Industry commenters believed that the final rules should permit oral notices. These commenters identified circumstances in which a relationship is established by telephone as an example of when oral notice would be appropriate. Some industry commenters also noted that an oral notice should be permitted because the affiliate sharing opt-out notice under section 603(d)(2)(A)(iii) may be given orally, as well as in writing or electronically. Several industry commenters noted that the FTC in the Telemarketing Sales Rule and the OCC in regulations relating to debt cancellation contracts and debt suspension agreements have permitted clear and conspicuous oral notices. These commenters did not believe that allowing oral notice in these circumstances had created any enforcement difficulties for the FTC or OCC. Other industry commenters noted that institutions could demonstrate compliance through the use of scripts or by monitoring or recording calls. Consumer groups believed that a written opt-out notice should be required in all cases. These commenters believed that, with an oral notice, it is impossible to ensure that a consumer receives the appropriate notice or information on the right to opt out. They believed that allowing oral notices would create enforcement barriers for regulators. Consumer groups also believed that institutions have strong economic incentives to prevent consumers from opting out and would engage in misrepresentations or otherwise use language in their scripts that is designed to discourage consumers from opting out. NAAG believed that oral notices would not meet the statutory requirement for a clear, conspicuous, and concise notice, that consumers would be less likely to comprehend oral notices, and enforcement would be more difficult if oral opt-out notices were allowed. Section l.21(a) of the final rules contains the revised provisions E:\FR\FM\07NOR2.SGM 07NOR2 rwilkins on PROD1PC63 with RULES_2 Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations regarding the initial notice and opt out requirement. Although the language of this section has been revised and simplified, the substance of this provision is substantially similar to the proposal. Section l.21(a)(1) sets forth the general rule. This section contains the three conditions that must be met before a person may use eligibility information about a consumer that it receives from an affiliate to make a solicitation for marketing purposes to the consumer. First, it must be clearly and conspicuously disclosed to the consumer in writing or, if the consumer agrees, electronically, in a concise notice that the person may use shared eligibility information to make solicitations to the consumer. Second, the consumer must be provided a reasonable opportunity and a reasonable and simple method to opt out of the use of that eligibility information to make solicitations to the consumer. Third, the consumer must not have opted out. Section l.21(a)(2) of the final rules provides an example of the general rule. The Agencies have concluded that the opt-out notice may not be provided orally, but must be provided in writing or, if the consumer agrees, electronically. The statute requires the Agencies to consider the affiliate sharing notification practices employed on the date of enactment and to ensure that notices and disclosures may be coordinated and consolidated in promulgating regulations. The affiliate sharing notice under section 603(d)(2)(A)(iii) of the FCRA generally must be included in the GLBA privacy notice, which must be provided in writing, or if the consumer agrees, electronically. Requiring the affiliate marketing opt-out notice to be provided in writing, or if the consumer agrees, electronically, is thus consistent with existing affiliate sharing notification practices and promotes coordination and consolidation of the three privacyrelated opt-out notices. The Agencies are not persuaded that there are any circumstances where it would be necessary to provide an oral opt-out notice. A number of key exceptions to the initial notice and opt-out requirement, such as the pre-existing business relationship exception, consumer-initiated communication exception, and consumer authorization or request exception, may be triggered by an oral communication with the consumer. It also could be more difficult for the Agencies to monitor and enforce compliance with the final rules if oral opt-out notices were allowed. Accordingly, the final rules require the opt-out notice to be provided in writing VerDate Aug<31>2005 16:20 Nov 06, 2007 Jkt 214001 or, if the consumer agrees, electronically. Section l.21(a)(3) identifies those affiliates who may provide the initial opt-out notice. This section provides that the initial opt-out notice must be provided either by an affiliate that has or has previously had a pre-existing business relationship with the consumer, or as part of a joint notice from two or more members of an affiliated group of companies, provided that at least one of the affiliates on the joint notice has or has previously had a pre-existing business relationship with the consumer. The final rules follow the general approach taken in the proposal to ensure that the notice is provided by an entity known to the consumer, while eliminating potentially ambiguous and confusing terms like ‘‘communicating affiliate’’ and ‘‘receiving affiliate.’’ The Agencies also have eliminated as unnecessary the rules of construction. Joint notices are now addressed directly in § l.21(a)(3). The Agencies also have concluded that the provisions from the proposal relating to notice provided by an agent are unnecessary. General agency principles, however, continue to apply. An affiliate that has or has previously had a pre-existing business relationship with the consumer may direct its agent to provide the opt-out notice on its behalf. The Agencies have concluded that the statute’s silence with regard to which affiliates may provide the opt-out notice makes the statute ambiguous on this point, despite industry comments to the contrary. The Agencies also continue to believe that consumers are more likely to pay attention to a notice provided by a person known to the consumer. The Agencies remain concerned that a notice provided by an entity unknown to the consumer may not provide meaningful or effective notice, and that consumers may ignore or discard notices provided by unknown entities. Industry comments on the proposal did little to address those concerns. For practical reasons, the Agencies believe that affiliate marketing opt-out notices typically would be provided by an affiliate that has or has previously had a pre-existing business relationship with the consumer, or as part of a joint notice, whether or not required by the rule. The Agencies appreciate industry concerns about civil liability and have revised the final rules to address those concerns. Specifically, in contrast to the proposal, the final rules do not impose duties on any affiliate other than the affiliate that intends to use shared eligibility information to make solicitations to the consumer. Although PO 00000 Frm 00013 Fmt 4701 Sfmt 4700 62921 an opt-out notice must be provided by an affiliate that has or has previously had a pre-existing business relationship with the consumer (or as part of a joint notice), that affiliate has no duty to provide such a notice. Instead, the final rule provides that absent such a notice, an affiliate must not use shared eligibility information to make solicitations to the consumer. Industry concerns about civil liability also may be mitigated to some extent by the Supreme Court’s recent decision in Safeco Ins. Co. of America v. Burr, 127 S. Ct. 2201 (June 4, 2007). Finally, many institutions currently require consumers to provide their Social Security numbers when exercising their existing GLBA and FCRA opt-out rights. The Agencies believe that institutions likely would follow their existing practice with regard to affiliate marketing opt-outs. To combat identity theft and prevent ‘‘phishing,’’ however, the Agencies, along with many institutions, have been educating consumers not to provide their Social Security numbers to unknown entities. Furthermore, as participants in the President’s Identity Theft Task Force, the Agencies have made a commitment to examine and recommend ways to limit the private sector’s use of Social Security numbers. The approach recommended by industry commenters would allow an unknown entity not only to provide an affiliate marketing opt-out notice to the consumer, but also to require the consumer to reveal his or her Social Security number to that unknown entity in order to exercise the opt-out right. Such an approach would send conflicting messages to consumers about providing Social Security numbers to unknown entities. This approach also would be inconsistent with the Agencies’ current efforts to develop a comprehensive record on the uses of the Social Security number in the private sector and evaluate their necessity, as recommended by the President’s Identity Theft Task Force.13 Making Solicitations The proposal repeatedly referred to ‘‘making or sending’’ solicitations. Several commenters suggested revising the regulations to eliminate all references to ‘‘sending’’ solicitations. These commenters believed that the statute only concerns the use of eligibility information to ‘‘make’’ solicitations and does not address ‘‘sending’’ solicitations. Commenters expressed concern that by referring to 13 See Combating Identity Theft: A Strategic Plan at 26–27 (April 2007) (available at www.idtheft.gov). E:\FR\FM\07NOR2.SGM 07NOR2 rwilkins on PROD1PC63 with RULES_2 62922 Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations ‘‘sending’’ solicitations, the proposal would apply the notice and opt-out requirements to servicers that send solicitations on behalf of another entity. The Agencies have revised the final rules to eliminate all combined references to ‘‘making or sending’’ solicitations. The general rule in section 624(a)(1), along with the duration provisions in section 624(a)(3) and the pre-existing business relationship exception in section 624(a)(4)(A), refer to ‘‘making’’ or ‘‘to make’’ a solicitation. Other provisions of the statute, such as the consumer choice provision in section 624(a)(2)(A), the service provider exception in section 624(a)(4)(C), the non-retroactivity provision in section 624(a)(5), and the definition of ‘‘pre-existing business relationship’’ in section 624(d)(1), refer to ‘‘sending’’ or ‘‘to send’’ a solicitation. The verb ‘‘to send,’’ as used in the statute, refers to a ministerial act that a service provider, such as a mail house, performs for the person making the solicitation, (see 15 U.S.C. 1681s– 3(a)(4)(C)), or indicates the point in time after which solicitations are no longer permitted. See 15 U.S.C. 1681s– 3(d)(1)(B) and (C). The Agencies conclude that ‘‘making’’ and ‘‘sending’’ solicitations are different activities and that the focus of the statute is primarily on the ‘‘making’’ of solicitations. For example, a service provider may send a solicitation on behalf of another entity, but it is the entity on whose behalf the solicitation is sent that is making the solicitation and thus is subject to the general prohibition on making a solicitation, unless the consumer is given notice and an opportunity to opt out. Accordingly, the Agencies have revised the final rules to refer to ‘‘making’’ a solicitation, except where the statute specifically refers to ‘‘sending’’ solicitations. The statute, however, does not describe what a person must do in order ‘‘to make’’ a solicitation. Similarly, the legislative history does not contain guidance as to the meaning of ‘‘making’’ a solicitation. Nevertheless, the Agencies believe it is important to provide clear guidance regarding what activities result in making a solicitation. One commenter suggested that the test for making a solicitation should turn on whether an affiliate having a pre-existing business relationship with the consumer retains the discretion to determine whether or not to send the solicitation. This commenter provided an example where a financial institution obtains a list of an affiliate’s customers from a common shared database, applies its own criteria to this list, and then requests the affiliate with an existing VerDate Aug<31>2005 16:20 Nov 06, 2007 Jkt 214001 business relationship to solicit the affiliate’s own customers to purchase the financial institution’s products or services. (Thus, the financial institution would be using eligibility information to select a list of its affiliate’s customers to receive the financial institution’s marketing materials.) This commenter believed that section 624 should not apply so long as the affiliate with the existing business relationship has discretion to determine whether or not to send the solicitations. This commenter also maintained that the applicability of section 624’s notice and opt-out requirement should depend on who markets the product and not on what the product is or whose product it is. Nothing in the statute indicates that the discretion of the affiliate providing the eligibility information to determine whether or not to send a solicitation on behalf of a person who has received eligibility information from that affiliate is the test for what constitutes making a solicitation. Rather, the statute focuses on whether the person receiving eligibility information from an affiliate uses that information to market its products or services to consumers. A ‘‘discretion to send’’ test would also inappropriately link the terms ‘‘making’’ and ‘‘sending’’ in a manner that would promote confusion and undercut arguments made by commenters urging the Agencies to disassociate the two terms. Finally, a ‘‘discretion to send’’ test could foster circumvention of the notice and opt-out requirement, restrict the ability of consumers to prohibit solicitations in a manner not contemplated by the statute, and make it difficult for the Agencies to administer and enforce the statute. Section l.21(b) of the final rules clarifies what constitutes ‘‘making’’ a solicitation for purposes of Subpart C. Section l.21(b)(1) provides that a person makes a solicitation for marketing purposes to a consumer if: (a) The person receives eligibility information from an affiliate; (b) the person uses that eligibility information to do one of the following—identify the consumer or type of consumer to receive a solicitation, establish the criteria used to select the consumer to receive a solicitation, or decide which of its products or services to market to the consumer or tailor its solicitation to that consumer; and (c) as a result of the person’s use of the eligibility information, the consumer is provided a solicitation about the person’s products or services. The Agencies recognize that several common industry practices may complicate application of the rule PO 00000 Frm 00014 Fmt 4701 Sfmt 4700 outlined in § l.21(b)(1). First, affiliated groups often use a common database as the repository for eligibility information obtained by various affiliates, and information in that database may be accessible to multiple affiliates. Second, affiliated companies often use service providers to perform marketing activities, and some of those service providers may provide services for a number of different affiliates. Third, an affiliate may use its own eligibility information to market the products or services of another affiliate. Sections l.21(b)(2)–(5) address these issues. Section l.21(b)(2) clarifies that a person may receive eligibility information from an affiliate in various ways, including when the affiliate places that information into a common database that the person may access. Of course, receipt of eligibility information from an affiliate is only one element of the rule outlined in § l.21(b)(1). In the case of a common database, use of the eligibility information will be the key element in determining whether a person has made a solicitation. Section l.21(b)(3) provides that a person receives or uses an affiliate’s eligibility information if a service provider acting on behalf of the person receives or uses that information in the manner described in §§ l.21(b)(1)(i) or (b)(1)(ii), except as provided in § l.21(b)(5), which is discussed below. Section l.21(b)(3) also provides that all relevant facts and circumstances will determine whether a service provider is acting on behalf of a person when it receives or uses an affiliate’s eligibility information in connection with marketing that person’s products or services. Section l.21(b)(4) addresses constructive sharing. In the supplementary information to the proposal, the Agencies solicited comment on whether the notice and opt-out requirements of these rules should apply to circumstances that involve a ‘‘constructive sharing’’ of eligibility information to conduct marketing, given the policy objectives of section 214 of the FACT Act. By way of example, in a ‘‘constructive sharing’’ scenario, a consumer has a relationship with a financial institution, and the financial institution is affiliated with an insurance company. The insurance company develops specific eligibility criteria, such as consumers having combined deposit balances in excess of $50,000 or average monthly demand account deposits in excess of $10,000, without the use of eligibility information received from the financial institution. The insurance company provides its criteria to the financial E:\FR\FM\07NOR2.SGM 07NOR2 Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations rwilkins on PROD1PC63 with RULES_2 institution and asks the institution to identify financial institution consumers that meet the eligibility criteria and send insurance company marketing materials to those consumers. The financial institution sends the marketing materials to those consumers who meet the insurance company’s eligibility criteria. A consumer who meets the eligibility criteria contacts the insurance company after receiving the insurance company marketing materials in the manner specified in those materials. The consumer’s response provides the insurance company with discernible eligibility information, such as through a response form that is coded to identify the consumer as an individual who meets the specific eligibility criteria.14 Industry commenters urged the Agencies not to apply the notice and opt-out requirement to ‘‘constructive sharing’’ situations. The principal arguments made by these commenters in support of their position were as follows. First, in a constructive sharing scenario, there is no sharing of eligibility information among affiliates. Rather, the consumer provides information to an affiliate when responding. Second, section 624 applies when a person uses eligibility information furnished by its affiliate to make a solicitation for its own products or services to the consumer. In constructive sharing, however, the person does not use eligibility information and does not make a solicitation as defined in the statute. Third, the affiliate that sends the marketing material has a pre-existing business relationship with the consumer and is thus exempt from the notice and opt-out requirements. Fourth, if the consumer responds to the marketing materials, for example, by returning a response card to an affiliate, one or more of the exceptions to the notice and opt-out requirement would apply, such as the consumer-initiated communication exception, the preexisting business relationship exception, or both. Consumer groups believed that constructive sharing contravenes the intent of Congress and amounts to a loophole that should be fixed. Similarly, NAAG believed that the letter and spirit of section 624 required subjecting constructive sharing to the notice and opt-out requirements and that to find 14 The supplementary information to the proposal noted that the notice and opt-out requirement would not apply if, for example, an insurance company asked its affiliated financial institution to include insurance company marketing material in periodic statements sent to consumers by the financial institution without regard to eligibility information. VerDate Aug<31>2005 16:20 Nov 06, 2007 Jkt 214001 otherwise would create a significant and unwarranted exception. After considering the constructive sharing issue, the Agencies conclude that the statute only covers situations where a person uses eligibility information that it received from an affiliate to make a solicitation to the consumer about its products or services. In a ‘‘constructive sharing’’ scenario like that described above, a pre-existing business relationship is established between the consumer and the insurance company when the consumer contacts the insurance company to inquire about or apply for insurance products as a result of the consumer’s receipt of the insurance marketing materials. This pre-existing business relationship is established before the insurance company uses any shared eligibility information to make solicitations to the consumer. Because the insurance company does not use shared eligibility information to make solicitations to the consumer before it establishes a pre-existing business relationship with the consumer, the statute does not apply. The Agencies acknowledge the concerns expressed by consumer groups and NAAG regarding the decision not to apply the notice and opt-out requirements to constructive sharing situations. The statute’s affiliate marketing provisions, however, only limit the use of eligibility information received from an affiliate to make solicitations to a consumer. A separate provision of the FCRA, section 603(d)(2)(A)(iii), regulates the sharing of eligibility information among affiliates and prohibits the sharing of nontransaction or experience information, such as credit scores from a consumer report or income from an application, among affiliates, unless the consumer is given notice and an opportunity to opt out of such sharing. The FCRA does not restrict the sharing of transaction or experience information among affiliates unless that information is medical information. Section 603(d)(2)(A)(iii) operates independent of the affiliate marketing rules. Thus, the existence of a pre-existing business relationship between a consumer and an affiliate that seeks to use shared eligibility information, such as credit scores or income, to market to that consumer (or the applicability of another exception to these affiliate marketing rules) does not relieve the entity sharing the credit score or income information of the requirement to comply with the affiliate sharing notice and opt-out provisions of section 603(d)(2)(A)(iii) of the FCRA before it shares that non-transaction or PO 00000 Frm 00015 Fmt 4701 Sfmt 4700 62923 experience information with its affiliate.15 Section l.21(b)(4) describes two situations where a person is deemed not to have made a solicitation subject to Subpart C. Both situations assume that the person has not used eligibility information received from an affiliate in the manner described in § l.21(b)(1)(ii). First, a person does not make a solicitation subject to Subpart C if that person’s affiliate uses its own eligibility information that it obtained in connection with a pre-existing business relationship it has or had with the consumer to market the person’s products or services to the consumer. Second, if, in the situation just described, the person’s affiliate directs its service provider to use the affiliate’s own eligibility information to market the person’s products or services to the consumer, and the person does not communicate directly with the service provider regarding that use of the eligibility information, then the person has not made a solicitation subject to Subpart C. The core concept underlying the second prong of this provision is that the affiliate that obtained the eligibility information in connection with a preexisting business relationship with the consumer controls the actions of the service provider using that information. Therefore, the service provider’s use of the eligibility information should not be attributed to the person whose products or services will be marketed to consumers. In such circumstances, the service provider is acting on behalf of the affiliate that obtained the eligibility information in connection with a preexisting business relationship with the consumer, and not on behalf of the person whose products or services will be marketed to that affiliate’s consumers. The Agencies also recognize that there may be situations where the person whose products or services are being marketed does communicate with the affiliate’s service provider. This may be the case, for example, where the service provider performs services for various affiliates relying on information maintained in and accessed from a common database. In certain circumstances, the person whose products or services are being marketed may communicate with the affiliate’s service provider, yet the service provider is still acting on behalf of the affiliate when it uses the affiliate’s 15 A sharing of information occurs if a reference code included in marketing materials reveals one affiliate’s information about a consumer to another affiliate upon receipt of a consumer’s response. E:\FR\FM\07NOR2.SGM 07NOR2 rwilkins on PROD1PC63 with RULES_2 62924 Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations eligibility information in connection with marketing the person’s products or services. Section l.21(b)(5) describes the conditions under which a service provider would be deemed to be acting on behalf of the affiliate with the preexisting business relationship, rather than the person whose products or services are being marketed, notwithstanding direct communications between the person and the service provider. Section l.21(b)(5) builds upon the concept of control of a service provider and thus is a natural outgrowth of § l.21(b)(4). Under the conditions set out in § l.21(b)(5), the service provider is acting on behalf of an affiliate that obtained the eligibility information in connection with a pre-existing business relationship with the consumer because, among other things, the affiliate controls the actions of the service provider in connection with the service provider’s receipt and use of the eligibility information. This provision is designed to minimize uncertainty that may arise from application of the facts and circumstances test in § l.21(b)(3) to cases that involve direct communications between a service provider and a person whose products and services will be marketed to consumers. Section l.21(b)(5) provides that a person does not make a solicitation subject to Subpart C if a service provider (including an affiliated or third-party service provider that maintains or accesses a common database that the person may access) receives eligibility information from the person’s affiliate that the person’s affiliate obtained in connection with a pre-existing business relationship it has or had with the consumer and uses that eligibility information to market the person’s products or services to the consumer, so long as the following five conditions are met. First, the person’s affiliate controls access to and use of its eligibility information by the service provider (including the right to establish specific terms and conditions under which the service provider may use such information to market the person’s products or services). This requirement must be set forth in a written agreement between the person’s affiliate and the service provider. The person’s affiliate may demonstrate control by, for example, establishing and implementing reasonable policies and procedures applicable to the service provider’s access to and use of its eligibility information. Second, the person’s affiliate establishes specific terms and VerDate Aug<31>2005 16:20 Nov 06, 2007 Jkt 214001 conditions under which the service provider may access and use that eligibility information to market the person’s products or services (or those of affiliates generally) to the consumer, and periodically evaluates the service provider’s compliance with those terms and conditions. These terms and conditions may include the identity of the affiliated companies whose products or services may be marketed to the consumer by the service provider, the types of products or services of affiliated companies that may be marketed, and the number of times the consumer may receive marketing materials. The specific terms and conditions established by the person’s affiliate must be set forth in writing, but need not be set forth in a written agreement between the person’s affiliate and the service provider. If a periodic evaluation by the person’s affiliate reveals that the service provider is not complying with those terms and conditions, the Agencies expect the person’s affiliate to take appropriate corrective action. Third, the person’s affiliate requires the service provider to implement reasonable policies and procedures designed to ensure that the service provider uses the affiliate’s eligibility information in accordance with the terms and conditions established by the affiliate relating to the marketing of the person’s products or services. This requirement must be set forth in a written agreement between the person’s affiliate and the service provider. Fourth, the person’s affiliate is identified on or with the marketing materials provided to the consumer. This requirement will be construed flexibly. For example, the person’s affiliate may be identified directly on the marketing materials, on an introductory cover letter, on other documents included with the marketing materials, such as a periodic statement, or on the envelope which contains the marketing materials. Fifth, the person does not directly use the affiliate’s eligibility information in the manner described in § l.21(b)(1)(ii). These five conditions together ensure that the service provider is acting on behalf of the affiliate that obtained the eligibility information in connection with a pre-existing business relationship with the consumer because that affiliate controls the service provider’s receipt and use of that affiliate’s eligibility information. Section l.21(b)(6) provides six illustrative examples of the rules relating to making solicitations as set forth in §§ l.21(b)(1)–(5). PO 00000 Frm 00016 Fmt 4701 Sfmt 4700 Exceptions Proposed § l.20(c) contained exceptions to the requirements of Subpart C and incorporated each of the statutory exceptions to the affiliate marketing notice and opt-out requirements that are set forth in section 624(a)(4) of the FCRA. The Agencies have revised the preface to the exceptions for clarity to provide that the provisions of Subpart C do not apply to ‘‘you’’ or ‘‘the bank’’ if a person uses eligibility information that it receives from an affiliate in certain circumstances. In addition, each of the exceptions has been moved to § l.21(c) in the final rules and is discussed below. Pre-Existing Business Relationship Exception Proposed § l.20(c)(1) provided that the provisions of Subpart C would not apply to an affiliate using eligibility information to make a solicitation to a consumer with whom the affiliate has a pre-existing business relationship. As noted above, a pre-existing business relationship exists when: (1) There is a financial contract in force between the affiliate and the consumer; (2) the consumer and the affiliate have engaged in a financial transaction (including holding an active account or a policy in force or having another continuing relationship) during the 18 months immediately preceding the date of the solicitation; (3) the consumer has purchased, rented, or leased the affiliate’s goods or services during the 18 months immediately preceding the date of the solicitation; or (4) the consumer has inquired about or applied for a product or service offered by the affiliate during the 3-month period immediately preceding the date of the solicitation. Proposed § l.20(d)(1) provided examples of the pre-existing business relationship exception. As explained above, the Agencies have revised the examples from proposed § l.20(d)(1) in the final rules and included them as examples of the definition of ‘‘pre-existing business relationship’’ rather than as examples of the pre-existing business relationship exception. Section l.21(c)(1) of the final rules revises the pre-existing business relationship exception to delete the word ‘‘send’’ and to eliminate as unnecessary the cross-reference to the location of the definition of ‘‘preexisting business relationship.’’ As discussed above, commenters made a number of suggestions regarding the definition of ‘‘pre-existing business relationship.’’ The Agencies have E:\FR\FM\07NOR2.SGM 07NOR2 Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations rwilkins on PROD1PC63 with RULES_2 addressed those comments elsewhere. Most commenters supported the proposed text of the pre-existing business relationship exception, which generally tracks the statutory language. Some commenters, however, apparently believed that the pre-existing business relationship exception is broader than it actually is. For example, assume that an insurance company has a pre-existing business relationship with a consumer and shares eligibility information about the consumer with its affiliates by putting that information into a common database that is accessible by all affiliates. The insurance company’s depository institution affiliate accesses the database, reviews the data on the insurance company’s consumers and, based on its review, decides to market to some of the insurance company’s consumers. Rather than sending the solicitations itself, the depository institution asks the insurance company with the pre-existing business relationship to send solicitations on its behalf to the insurance company’s consumers. As noted above, one commenter believed that in this circumstance the pre-existing business relationship exception would apply so long as the insurance company retained the discretion to decide whether or not to send the solicitations on behalf of the depository institution. However, the Agencies conclude that this situation does not fall within the pre-existing business relationship exception. Instead, the depository institution makes the solicitation because it used eligibility information received from an affiliate to select the consumer to receive a solicitation about its products or services and, as a result, the consumer is provided a solicitation. To eliminate any confusion and clarify the scope of the exception, the Agencies have added an example in § l.21(d)(1) of the final rules to illustrate a situation where the pre-existing business relationship exception would apply. Employee Benefit Plan Exception Proposed § l.20(c)(2) provided that the provisions of Subpart C would not apply to an affiliate using the information to facilitate communications to an individual for whose benefit the affiliate provides employee benefit or other services under a contract with an employer related to and arising out of a current employment relationship or an individual’s status as a participant or beneficiary of an employee benefit plan. One commenter believed that the exception should be revised to permit communications ‘‘to an affiliate about VerDate Aug<31>2005 16:20 Nov 06, 2007 Jkt 214001 an individual for whose benefit an entity provides employee benefit or other services pursuant to a contract with an employer related to and arising out of the current employment relationship or status of the individual as a participant or beneficiary of an employee benefit plan.’’ This commenter also suggested deleting the phrase ‘‘you receive from an affiliate’’ in the introduction to proposed § l.20(c). This commenter believed that this exception should permit an employer or plan sponsor to share information with its affiliates in order to offer other financial services, such as brokerage accounts or IRAs, to its employees. This commenter further requested clarification on whether the exception applies only if related to products offered as an employee benefit. Section l.21(c)(2) of the final rules adopts the employee benefit exception as proposed. The Agencies decline to adopt the changes suggested by the one commenter. First, the suggestion to make the exception applicable to communications ‘‘to an affiliate about an individual for whose benefit an entity provides employee benefit or other services’’ differs from the language of the statute. The language of the proposed and final rules focuses on facilitating communications ‘‘to an individual for whose benefit the person provides employee benefit or other services,’’ which tracks the statutory language better than the alternative language proposed by the commenter. Second, the only person to whom section 624 might apply is a person that receives eligibility information from an affiliate. Specifically, the statutory preface to the exceptions provides that ‘‘[t]his section shall not apply to a person’’ using information to do certain things. The language of the statute thus makes clear that the exceptions in section 624(a)(4) of the FCRA were meant to apply to persons that otherwise would be subject to section 624. In the case of the employee benefit exception, the person using the information is also ‘‘the person provid[ing] employee benefit or other services pursuant to a contract with an employer.’’ Therefore, the Agencies conclude that this exception, like the other provisions of Subpart C, should apply only to a person that uses eligibility information it receives from an affiliate to make solicitations to consumers about its products or services. Service Provider Exception Proposed § l.20(c)(3) provided that the provisions of Subpart C would not apply to an affiliate using the PO 00000 Frm 00017 Fmt 4701 Sfmt 4700 62925 information to perform services for another affiliate, unless the services involve making or sending solicitations on its own behalf or on behalf of an affiliate and the service provider or such affiliate is not permitted to make or send such solicitations as a result of the consumer’s election to opt out. Thus, under the proposal, when the notice has been provided to a consumer and the consumer has opted out, an affiliate subject to the consumer’s opt-out election may not circumvent the opt-out by instructing the person with the consumer relationship or another affiliate to send solicitations to the consumer on its behalf. Several industry commenters urged the Agencies to revise the proposed exception to conform to the statutory language. Specifically, with respect to the exclusion from the service provider exception, these commenters recommended that the Agencies delete the references to solicitations on behalf of the service provider. Some of these commenters maintained that the references to solicitations on behalf of the service provider itself would impose additional burdens and costs on companies that use a single affiliate to provide various administrative services to other affiliates and would make it more difficult to provide general educational materials to consumers. Some of these commenters also asked the Agencies to clarify that the limitation in the service provider exception has no applicability to any other exception. Section l.21(c)(3) of the final rules revises the service provider exception to delete as surplusage the references to solicitations by a service provider on its own behalf. The Agencies note that the general rule in § l.21(a)(1) prohibits a service provider from using eligibility information it received from an affiliate to make solicitations to the consumer about its own products or services unless the consumer is given notice and an opportunity to opt out or unless one of the other exceptions applies. The service provider exception simply allows a service provider to do what the affiliate on whose behalf it is acting may do, such as using shared eligibility information to make solicitations to consumers to whom the affiliate is permitted to make such solicitations. The final rules also delete the word ‘‘make’’ from the exception to the service provider exception because, as discussed above, ‘‘making’’ and ‘‘sending’’ solicitations are distinct activities and this provision of the statute uses the verb ‘‘to send.’’ The Agencies note that, although the statute contains separate service provider and E:\FR\FM\07NOR2.SGM 07NOR2 62926 Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations rwilkins on PROD1PC63 with RULES_2 pre-existing business relationship exceptions, nothing in those exceptions prevents an affiliate that has a preexisting business relationship with the consumer from relying upon the service provider exception, where appropriate. Section l.21(d)(2) of the final rules provides examples of the service provider exception. Consumer-Initiated Communication Exception Proposed § l.20(c)(4) provided that the provisions of Subpart C would not apply to an affiliate using the information to make solicitations in response to a communication initiated by the consumer. The proposed rule further clarified that this exception may be triggered by an oral, electronic, or written communication initiated by the consumer. The supplementary information noted that to be covered by the proposed exception, the use of eligibility information must be responsive to the communication initiated by the consumer. The supplementary information also explained that the time period during which solicitations remain responsive to the consumer’s communication would depend on the facts and circumstances. As illustrated in the example in proposed § l.20(d)(2)(iii), if a consumer were to call an affiliate to ask about retail locations and hours, the affiliate could not use eligibility information to make solicitations to the consumer about specific products because those solicitations would not be responsive to the consumer’s communication. Conversely, the example in proposed § l.20(d)(2)(i) illustrated that if the consumer calls an affiliate to ask about its products or services and provides contact information, solicitations related to those products or services would be responsive to the communication and thus permitted under the exception. Finally, as illustrated by the example in proposed § l.20(d)(2)(ii), the Agencies also contemplated that a consumer would not initiate a communication if an affiliate made the initial call and left a message for the consumer to call back, and the consumer responded. Commenters generally supported the text of the proposed consumer-initiated communication exception. Several commenters, however, urged the Agencies to either delete the phrase ‘‘orally, electronically, or in writing’’ from the regulation or modify the language to read ‘‘whether orally, electronically, or in writing.’’ These commenters maintained that other means of communication may be used by consumers in the future and should VerDate Aug<31>2005 16:20 Nov 06, 2007 Jkt 214001 not be precluded by the regulations. Another commenter welcomed the reference to oral communications and requested that the Agencies clarify that electronic communications refers to both e-mail and facsimile transmissions. Many industry commenters objected to the statement in the supplementary information that to qualify for this exception, the use of eligibility information ‘‘must be responsive’’ to the communication initiated by the consumer. These commenters believed that the concept of ‘‘responsiveness’’ creates a vague, subjective, and narrow standard that could subject institutions to compliance risk. These commenters noted that the Agencies did not and could not provide a clear definition of what would be ‘‘responsive.’’ Some of these commenters noted that consumers may not be familiar with the various types of products or services available to them and the different affiliates that offer those products or services and may rely on the institution to inform them about available options. For this reason, most of these commenters maintained that the exception should not limit an affiliate from responding with solicitations about any product or service. Some of these commenters believed that it would be difficult to monitor compliance with or to develop scripts for a ‘‘responsiveness’’ standard by customer service representatives. One commenter noted that the Senate bill used more restrictive language in this exception than the final bill passed by Congress. Some commenters also objected to the statement that the time period during which solicitations remain responsive would depend on the facts and circumstances. NAAG supported the statement in the supplementary information that, to qualify for this exception, the use of eligibility information ‘‘must be responsive’’ to the communication initiated by the consumer. NAAG believed this clarification was so important that it should be incorporated into the rule itself. NAAG also suggested imposing a specific time limit to allow solicitations to be made for no more than 30 days after the consumerinitiated communication under this exception. Industry commenters also objected to some of the examples. In particular, industry commenters objected to the example in proposed § l.20(d)(2)(i) on two grounds. First, these commenters believed that the consumer should not have to supply contact information in order to trigger the exception. These commenters noted that such a requirement would seem to preclude solicitations over the phone during the PO 00000 Frm 00018 Fmt 4701 Sfmt 4700 same call by presuming that a solicitation would be made by mail or e-mail. Some of these commenters also believed that consumers would expect an affiliated company, especially a company with a common brand, to have their contact information already and would not want to provide it again. Second, as noted above, some commenters maintained that the affiliate should be able to respond by making solicitations about any product or service, not just those mentioned by the consumer. Many industry commenters objected to the example in proposed § l.20(d)(2)(ii) about the consumer responding to a call back message. These commenters believed that such a call back should qualify as a consumerinitiated communication, noting that the consumer has the option of not returning the call. Moreover, these commenters noted that the customer service representative receiving the call would not know what prompted the consumer’s call. Several commenters acknowledged that there may be concerns about calls made under false pretenses to prompt consumers to return the call but suggested that those concerns should be addressed by other means, such as enforcement of the laws dealing with unfair or deceptive acts or practices. Finally, some industry commenters expressed concerns about the example in proposed § l.20(d)(2)(iii) regarding the consumer who calls to ask for retail locations and hours. These commenters noted that it is impossible to know what will transpire on a particular telephone call. One commenter noted, for example, that if a consumer called to ask for directions to an office, the customer service representative might ask why the consumer needed to go to that office. This, in turn, could prompt the consumer to mention a product or service that the consumer hoped to obtain and lead to a discussion of specific products or services that might be appropriate for the consumer. Section l.21(c)(4) of the final rules revises the consumer-initiated communications exception to delete the reference to oral, electronic, or written communications. The Agencies believe that any form of communication may come within the exception as long as the consumer initiates the communication, whether in-person or by mail, e-mail, telephone, facsimile, or through other means. New forms of communication that may develop in the future could also come within the exception. Section l.21(c)(4) of the final rules also provides that the communications E:\FR\FM\07NOR2.SGM 07NOR2 rwilkins on PROD1PC63 with RULES_2 Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations covered by the exception are consumerinitiated communications about a person’s products or services. For the exception to apply, the statute requires that a person use eligibility information ‘‘in response to’’ a communication initiated by a consumer. The Agencies believe this statutory language contemplates that the consumerinitiated communications will relate to a person’s products or services and that the solicitations covered by the exception will be those made in response to that communication. The Agencies also believe the exceptions should be construed narrowly to avoid undermining the general rule requiring notice and opt out. Thus, consistent with the purposes of the statute, the Agencies do not believe that a consumer-initiated communication that is unrelated to a product or service should trigger the exception. A rule that allowed any consumer-initiated communication, no matter how unrelated to a product or service, to trigger the exception would not to give meaning to the phrase ‘‘in response to’’ and could produce incongruous results. For example, if a consumer calls an affiliate solely to obtain retail hours and directions or solely to opt out, the exception is not triggered because the communication does not relate to the affiliate’s products or services and making a solicitation about products or services to the consumer in those circumstances would not be a reasonable response to that communication. The Agencies recognize, however, that if the conversation shifts to a discussion of products or services that the consumer may need, solicitations may be responsive depending upon the facts and circumstances. Likewise, if a consumer who has opted out of an affiliate’s use of eligibility information to make solicitations calls the affiliate for information about a particular product or service, for example, life insurance, solicitations regarding life insurance could be made in response to that call, but solicitations regarding other products or services would not be responsive. Finally, the Agencies do not believe it is appropriate to adopt a specific time limit for making solicitations following a consumerinitiated communication about products or services because solicitations will likely be made quickly and any time limit would be arbitrary. In the final rules, the Agencies have renumbered the example in proposed § l.20(d)(2)(i) as § l.21(d)(3)(i), and revised it to delete the references to a telephone call as the specific form of communication and the reference to VerDate Aug<31>2005 16:20 Nov 06, 2007 Jkt 214001 providing contact information. As discussed above and illustrated in the examples in §§ l.20(b)(4)(ii)(E) and (F), the need to provide contact information may vary depending on the form of communication used by the consumer. The new example in § l.21(d)(3)(ii) responds to commenters’ concerns by illustrating a circumstance involving a consumer-initiated communication in which a consumer does not know exactly what products or services he or she wants, but initiates a communication to obtain information about investing for a child’s college education. The Agencies have renumbered the call-back example in proposed § l.20(d)(2)(iii) as § l.21(d)(3)(iii) and revised it. The revised example provides that where the financial institution makes an initial marketing call without using eligibility information received from an affiliate and leaves a message that invites the consumer to apply for the credit card by calling a toll-free number, the consumer’s response qualifies as a consumer-initiated communication about a product or service. The revised example balances commenters’ concerns about tracking which calls are call backs and the Agencies’ concerns that consumers may be induced into triggering the consumer-initiated communication exception as a result of inaccurate, incomplete, or deceptive telephone messages. Moreover, the revised example is similar to a provision in the Board’s Regulation Z commentary, 12 CFR part 226, supplement I, § 226.5a(a)(3)-2. For the reasons discussed above, the Agencies have renumbered the retail hours example in proposed § l.20(d)(2)(iv) as § l.21(d)(3)(iv), but otherwise adopted it as proposed. In addition, the new example in § l.21(d)(3)(v) responds to commenters’ concerns by illustrating a case where a consumer calls to ask about retail locations and hours and the call center representative, after eliciting information about the reason why the consumer wants to visit a retail location, offers to provide information about products of interest to the consumer by telephone and mail, thus demonstrating how the conversation may develop to the point where making solicitations would be responsive to the consumer’s call. Consumer Authorization or Request Exception Proposed § l.20(c)(5) clarified that the provisions of Subpart C would not apply to an affiliate using the information to make solicitations PO 00000 Frm 00019 Fmt 4701 Sfmt 4700 62927 affirmatively authorized or requested by the consumer. The proposal further provided that this exception may be triggered by an oral, electronic, or written authorization or request by the consumer. However, a pre-selected check box or boilerplate language in a disclosure or contract would not constitute an affirmative authorization or request under the proposal. The proposal noted that the consumer authorization or request exception could be triggered, for example, if a consumer obtains a mortgage from a mortgage lender and authorizes or requests to receive solicitations about homeowner’s insurance from an insurance affiliate of the mortgage lender. The consumer could provide the authorization or make the request either through the person with whom the consumer has a business relationship or directly to the affiliate that will make the solicitation. Proposed § l.20(d)(3) provided an example of the affirmative authorization or request exception. Most industry commenters argued that the proposed exception did not track the language of the statute because the Agencies included the word ‘‘affirmative’’ in the proposed exception. These commenters believed that including the word ‘‘affirmative’’ in the proposed rules narrowed the exception in a manner not intended by Congress. Several of these commenters noted that the Agencies had declined to specify what constitutes consumer consent under the GLBA privacy rules and indicated that they were not aware of any policy considerations or compliance issues that would warrant a departure from the Agencies’ prior position. Some industry commenters believed that a pre-selected check box should be sufficient to evidence a consumer’s authorization or request for solicitations. In other words, a consumer’s decision not to deselect a pre-selected check box should constitute a knowing act of the consumer to authorize or request solicitations. Other industry commenters believed that preprinted language in a disclosure or contract should be sufficient to evidence a consumer’s authorization or request for solicitations. One commenter cited case law and FTC informal staff opinion letters relating to a consumer’s written instructions to obtain a consumer report pursuant to section 604(a)(2) of the FCRA as support for allowing boilerplate language to constitute authorization or request. A few industry commenters requested that the Agencies clarify that a consumer’s authorization or request does not have to refer to a specific E:\FR\FM\07NOR2.SGM 07NOR2 rwilkins on PROD1PC63 with RULES_2 62928 Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations product or service or to a specific provider of products or services in order for the exception to apply. As discussed above, industry commenters had differing views regarding the reference to oral, written, or electronic means of triggering the exception. NAAG suggested imposing a specific time limit to allow solicitations to be made for no more than 30 days after the consumer’s authorization or request under this exception. Section l.21(c)(5) of the final rules revises the consumer authorization or request exception to delete the word ‘‘affirmative’’ as surplusage. The deletion of the word ‘‘affirmative’’ does not change the meaning of the exception however. The consumer still must take affirmative steps to ‘‘authorize’’ or ‘‘request’’ solicitations. The Agencies construe this exception, like the other exceptions, narrowly and in a manner that does not undermine the general notice and opt-out requirement. For that reason, the Agencies believe that affiliated companies cannot avoid use of the statute’s notice and opt-out provisions by including preprinted boilerplate language in the disclosures or contracts they provide to consumers, such as language stating that by applying to open an account, the consumer authorizes or requests to receive solicitations from affiliates. Such an interpretation would permit the exception to swallow the rule, a result that cannot be squared with the intent of Congress to give consumers notice and an opportunity to opt out of solicitations. The comparison made by some commenters to the GLBA privacy rules is misplaced. The GLBA and the privacy rules create an exception to permit the disclosure of nonpublic personal information ‘‘with the consent or at the direction of the consumer.’’ Section 624 of the FCRA creates an exception to permit the use of shared eligibility information ‘‘in response to solicitations authorized or requested by the consumer.’’ The Agencies interpret the ‘‘authorized or requested’’ language in the FCRA exception to require the consumer to take affirmative steps in order to trigger the exception. The Agencies have made conforming changes to the example in proposed § l.20(d)(3), which has been renumbered as § l.21(d)(4)(i) in the final rules. In addition, the Agencies have added three additional examples. The example in § l.21(d)(4)(ii) illustrates how a consumer can authorize or request solicitations by checking a blank check box. The examples in §§ l.21(d)(4)(iii) and (iv) VerDate Aug<31>2005 16:20 Nov 06, 2007 Jkt 214001 illustrate that preprinted boilerplate language and a pre-selected check box would not meet the authorization or request exception. The Agencies do not believe it is appropriate to set a fixed time period for an authorization or request. As noted in the proposal, the duration of the authorization or request depends on what is reasonable under the facts and circumstances. In addition, an authorization to make solicitations to the consumer terminates if the consumer revokes the authorization. For the same reasons discussed above, the Agencies have deleted the reference to oral, electronic, or written communications from this exception to track the language of the statute. Further, the Agencies do not believe it is necessary to clarify the elements of an authorization or request. The statute clearly refers to ‘‘solicitations authorized or requested by the consumer.’’ The facts and circumstances will determine what solicitations have been authorized or requested by the consumer. Compliance With Applicable Laws Exception Proposed § l.20(c)(6) clarified that the provisions of Subpart C would not apply to an affiliate if compliance with the requirements of section 624 by the affiliate would prevent that affiliate from complying with any provision of state insurance laws pertaining to unfair discrimination in a state where the affiliate is lawfully doing business. See FCRA, section 624(a)(4). The Agencies received no comments on this provision. Section l.21(c)(6) of the final rules adopts the state insurance law compliance exception as proposed. One commenter requested the creation of an additional exception to permit the sharing of eligibility information among affiliates that are aligned under one line of business within an organization and that share common management, branding, and regulatory oversight (i.e., banking, securities, and insurance companies). This commenter was focused on private banking enterprises. As discussed above, the Agencies find no statutory basis for creating such an exception to the notice and opt-out requirement. Relation to Affiliate-Sharing Notice and Opt-Out Proposed § l.20(f) clarified the relationship between the affiliate sharing notice and opt-out under section 603(d)(2)(A)(iii) of the FCRA and the affiliate marketing notice and opt out in new section 624 of the FCRA. Specifically, the proposal provided that PO 00000 Frm 00020 Fmt 4701 Sfmt 4700 nothing in the affiliate marketing rules limits the responsibility of a company to comply with the notice and opt-out provisions of section 603(d)(2)(A)(iii) of the FCRA before it shares information other than transaction or experience information among affiliates to avoid becoming a consumer reporting agency. One commenter urged the Agencies to delete this provision as unnecessary. In the alternative, this commenter requested that the Agencies clarify that section 603(d)(2)(A)(iii) applies to the sharing of information that would otherwise meet the definition of a ‘‘consumer report,’’ and that the sharing affiliate does not automatically become a consumer reporting agency, but risks becoming a consumer reporting agency. This provision has been renumbered as § l.21(e) in the final rules. Section l.21(e) has been revised to delete the clause that referred to becoming a consumer reporting agency and to substitute in its place the neutral phrase ‘‘where applicable.’’ Section l.22 Opt-Out Scope and Duration of Scope of the Opt-Out The Agencies addressed issues relating to the scope of the opt-out in various sections of the proposal. In the supplementary information to the proposal, the Agencies stated that the opt-out would be tied to the consumer, rather than to the information. Some industry commenters supported the approach of tying the opt-out to the consumer, rather than to the information. Other industry commenters, however, believed it was inappropriate to tie the opt-out to the consumer and requested that institutions have the flexibility to implement the consumer’s opt-out at the account level, rather than at the consumer level. These commenters believed that an account-by-account approach would be consistent with the menu of opt-out choices provided in this rule and the GLBA privacy rules. These commenters also noted that an account-based approach would provide the consumer with a new notice and opportunity to opt out when a former customer decides to re-establish a new relationship with the institution. Proposed § l.21(c) provided that the notice could be designed to allow a consumer to choose from a menu of alternatives when opting out, such as by selecting certain types of affiliates, certain types of information, or certain modes of delivery from which to opt out, so long as one of the alternatives gave the consumer the opportunity to opt out with respect to all affiliates, all E:\FR\FM\07NOR2.SGM 07NOR2 rwilkins on PROD1PC63 with RULES_2 Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations eligibility information, and all methods of delivering solicitations. Several industry commenters objected to the requirement that the institution provide a single universal opt-out option that would allow consumers to opt out completely of all solicitations. In addition, one commenter found the reference to all types of eligibility information confusing, while another commenter noted that some institutions may want to implement the opt-out on an account-by-account basis. Section l.25(d) of the proposal provided that if a consumer’s relationship with an institution terminated for any reason when a consumer’s opt-out election was in force, the opt-out would continue to apply indefinitely, unless revoked by the consumer. Most industry commenters objected to having the optout period continue to apply indefinitely upon termination of the consumer’s relationship with the institution. These commenters believed that this approach was not supported by the statute, would prove costly and difficult to administer, and would require the indefinite tracking of optouts. These commenters also believed that the five-year opt-out period would provide sufficient protection to consumers that terminate their relationship. One commenter noted that the proposed rule would impose particular hardships on mortgage lenders because those lenders often have consumer relationships of very short duration on account of selling the loans they originate into the secondary market. Consumer groups supported the proposed treatment of opt-outs for terminated consumer relationships. Upon further examination, the Agencies believe that the scope of the opt-out should be addressed comprehensively in a single section of the final rules. The Agencies also conclude that tying the opt-out to the consumer could have had unintended consequences. For example, if the optout were tied to the consumer, an institution would have to track the consumer indefinitely, even if the consumer’s relationship with the institution terminated and a new relationship were subsequently established with that institution years later. The Agencies do not believe that institutions should be required to track consumers indefinitely following termination. In addition, an opt-out tied to the consumer could apply to the use of all eligibility information, not just to eligibility information about the consumer, received from an affiliate and used to make solicitations to the consumer. It is not clear from the statute VerDate Aug<31>2005 16:20 Nov 06, 2007 Jkt 214001 or the legislative history that Congress intended the opt-out provisions of section 624 to apply to eligibility information about consumers other than the consumer to whom a solicitation is made. Finally, the Agencies do not believe it is necessary to make the optout effective in perpetuity upon termination of the relationship. Section l.22(a) of the final rules brings together these different scope considerations to address comprehensively the scope of the optout. Under the revised approach, the scope of the opt-out is derived from language of section 624(a)(2)(A) of the FCRA and generally depends upon the content of the opt-out notice. Section l.22(a)(1) provides that, except as otherwise provided in that section, a consumer’s election to opt out prohibits any affiliate covered by the opt-out notice from using the eligibility information received from another affiliate as described in the notice to make solicitations for marketing purposes to the consumer. Section l.22(a)(2)(i) clarifies that, in the context of a continuing relationship, an opt-out notice may apply to eligibility information obtained in connection with a single continuing relationship, multiple continuing relationships, continuing relationships established subsequent to delivery of the opt-out notice, or any other transaction with the consumer. Section l.22(a)(2)(ii) provides examples of continuing relationships. These examples are substantially similar to the examples used in the GLBA privacy rules with added references to relationships between the consumer and an affiliate. Section l.22(a)(3)(i) limits the scope of an opt-out notice that is not connected with a continuing relationship. This section provides that if there is no continuing relationship between the consumer and a person or its affiliate, and if the person or its affiliate provides an opt-out notice to a consumer that relates to eligibility information obtained in connection with a transaction with the consumer, such as an isolated transaction or a credit application that is denied, the opt-out notice only applies to eligibility information obtained in connection with that transaction. The notice cannot apply to eligibility information that may be obtained in connection with subsequent transactions or a continuing relationship that may be subsequently established by the consumer with the person or its affiliate. Section l.22(a)(3)(ii) provides examples of isolated transactions. PO 00000 Frm 00021 Fmt 4701 Sfmt 4700 62929 Section l.22(a)(4) provides that a consumer may be given the opportunity to choose from a menu of alternatives when electing to prohibit solicitations. An opt-out notice may give the consumer the opportunity to elect to prohibit solicitations from certain types of affiliates covered by the opt-out notice but not other types of affiliates covered by the notice, solicitations based on certain types of eligibility information but not other types of eligibility information, or solicitations by certain methods of delivery but not other methods of delivery, so long as one of the alternatives is the opportunity to prohibit all solicitations from all of the affiliates that are covered by the notice. The Agencies continue to believe that the language of section 624(a)(2)(A) of the FCRA requires the opt-out notice to contain a single optout option for all solicitations within the scope of the notice. The Agencies recognize that consumers could receive a number of different opt-out notices, even from the same affiliate. The Agencies will monitor industry notice practices and evaluate whether further action is needed. Section l.22(a)(5) contains a special rule for notice following termination of a continuing relationship. This rule provides that a consumer must be given a new opt-out notice if, after all continuing relationships with a person or its affiliate have been terminated, the consumer subsequently establishes a new continuing relationship with that person or the same or a different affiliate and the consumer’s eligibility information is to be used to make a solicitation. This special rule affords the consumer and the company a fresh start following termination of all continuing relationships by requiring a new opt-out notice if a new continuing relationship is subsequently established. The new opt-out notice must apply, at a minimum, to eligibility information obtained in connection with the new continuing relationship. The new optout notice may apply more broadly to information obtained in connection with a terminated relationship and give the consumer the opportunity to opt out with respect to eligibility information obtained in connection with both the terminated and the new continuing relationships. Further, the consumer’s failure to opt out does not override a prior opt-out election by the consumer applicable to eligibility information obtained in connection with a terminated relationship that is still in effect, regardless of whether the new opt-out notice applies to eligibility information obtained in connection E:\FR\FM\07NOR2.SGM 07NOR2 62930 Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations rwilkins on PROD1PC63 with RULES_2 with the terminated relationship. The final rules also contain an example of this special rule. The Agencies note, however, that where a consumer was not given an opt-out notice in connection with the initial continuing relationship because eligibility information obtained in connection with that continuing relationship was not shared with affiliates for use in making solicitations, an opt-out notice provided in connection with a new continuing relationship would have to apply to any eligibility information obtained in connection with the terminated relationship that is to be shared with affiliates for use in making future solicitations. Duration and Timing of Opt-Out Proposed § l.25 addressed the duration and effect of the consumer’s opt-out election. Proposed § l.25(a) provided that the consumer’s election to opt out would be effective for the optout period, which is a period of at least five years beginning as soon as reasonably practicable after the consumer’s opt-out election is received. The supplementary information noted that if a consumer elected to opt out every year, a new opt-out period of at least five years would begin upon receipt of each successive opt-out election. Some industry commenters believed that the proposal was inconsistent with the statute because it provided that the opt-out period would begin as soon as reasonably practicable after the consumer’s opt-out election is received. These commenters believed that the optout period should begin on the date the consumer’s opt-out is received and that the final rules also should allow institutions a reasonable period of time to implement a consumer’s initial or renewal opt-out election before it becomes effective. Consumer groups believed that the requirement to honor an opt-out ‘‘beginning as soon as reasonably practicable’’ was too vague. These commenters believed that a consumer’s opt-out should be honored within a specific length of time not to exceed 30 days after the consumer responds to the opt-out notice. A few industry commenters urged the Agencies to allow consumers to revoke an opt-out election orally. Other industry commenters requested that the final rules include a clear statement that an opt-out period may be shortened to a period of less than five years by the consumer’s revocation of an opt-out election. Consumer groups approved of the Agencies’ statement that if a consumer opts out again during the fiveyear opt-out period, then a new five- VerDate Aug<31>2005 16:20 Nov 06, 2007 Jkt 214001 year period begins. Consumer groups also supported allowing institutions to make the opt-out period effective in perpetuity so long as this is clearly disclosed to the consumer in the original notice. The general provision regarding the duration of the opt-out has been renumbered as § l.22(b) in the final rules, consistent with the Agencies’ decision to address all scope issues in the same section. The Agencies have revised the duration provision to clarify that the opt-out period expires if the consumer revokes the opt-out in writing, or if the consumer agrees, electronically. The requirement for a written or electronic revocation is retained and is consistent with the approach taken in the GLBA privacy rules. The Agencies do not believe it is necessary or appropriate to permit oral revocation. The Agencies note that many of the exceptions to the notice and opt-out requirements may be triggered by oral communications, as discussed above, which would enable the use of shared eligibility information to make solicitations pending receipt of a written or electronic revocation. Also, as noted in the proposal, nothing prohibits setting an opt-out period longer than five years, including an opt-out period that does not expire unless revoked by the consumer. The Agencies do not agree that the opt-out period should begin on the date the consumer’s election to opt out is received. Commenters generally recognized that institutions cannot instantaneously implement a consumer’s opt-out election but need time to do so. The Agencies interpret the statutory language to mean that the consumer’s opt-out election must be honored for a period of at least five years from the date such election is implemented. The Agencies believe that Congress did not intend for the opt-out period to be shortened to a period of less than the five years specified in the statute to reflect the time between the date the consumer’s opt-out election is received and the date the consumer’s opt-out election is implemented. The Agencies also believe it is neither necessary nor desirable to set a mandatory deadline for implementing the consumer’s opt-out election. A general standard is preferable because the time it will reasonably take to implement a consumer’s opt-out election may vary. Consistent with the special rule for a notice following termination of a continuing relationship, the duration of the opt-out is not affected by the termination of a continuing relationship. When a consumer opts out PO 00000 Frm 00022 Fmt 4701 Sfmt 4700 in the course of a continuing relationship and that relationship is terminated during the opt-out period, the opt-out remains in effect for the rest of the opt-out period. If the consumer subsequently establishes a new continuing relationship while the optout period remains in effect, the opt-out period may not be shortened with respect to information obtained in connection with the terminated relationship by sending a new opt-out notice to the consumer when the new continuing relationship is established, even if the consumer does not opt out upon receipt of the new opt-out notice. A person may track the eligibility information obtained in connection with the terminated relationship and provide a renewal notice to the consumer, or may choose not to use eligibility information obtained in connection with the terminated relationship to make solicitations to the consumer. Proposed § l.25(c) clarified that a consumer may opt out at any time. As explained in the supplementary information to the proposal, even if the consumer did not opt out in response to the initial opt-out notice or if the consumer’s election to opt out was not prompted by an opt-out notice, a consumer may still opt out. Regardless of when the consumer opts out, the optout must be effective for a period of at least five years. The Agencies received few comments on this provision. Consumer groups urged the Agencies to reinforce the continuing nature of the right to opt out by requiring institutions to give the optout notice annually along with the annual GLBA privacy notice. These commenters acknowledged that the FCRA does not specifically state that the notice is required annually, but noted that the statute also does not say that the consumer has only one opportunity to opt out. The Agencies have renumbered the provision giving the consumer the right to opt out at any time as § l.22(c) in the final rules, but otherwise adopted the provision as proposed. The Agencies find no statutory basis for requiring the provision of an annual opt-out notice to consumers along with the GLBA privacy notice. Section l.23 Contents of Opt-Out Notice; Consolidated and Equivalent Notices Contents in General Section l.21 of the proposal addressed the contents of the opt-out notice. Proposed § l.21(a) would have required that the opt-out notice be clear, E:\FR\FM\07NOR2.SGM 07NOR2 rwilkins on PROD1PC63 with RULES_2 Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations conspicuous, and concise, and accurately disclose: (1) That the consumer may elect to limit a person’s affiliate from using eligibility information about the consumer that it obtains from that person to make or send solicitations to the consumer; (2) if applicable, that the consumer’s election will apply for a specified period of time and that the consumer will be allowed to extend the election once that period expires; and (3) a reasonable and simple method for the consumer to opt out. Some commenters expressed concern about requiring the notice to specify the applicable time period and the consumer’s right to extend the election once the opt-out expires. One commenter believed this would require institutions to determine in advance the length of the opt-out period. Another commenter urged the Agencies to clarify that institutions could subsequently increase the duration of the opt-out or make it permanent without providing another notice to the consumer. The Agencies have renumbered the provisions addressing the contents of the opt-out notice as § l.23(a) in the final rules and revised them. Section l.23(a)(1) of the final rules requires additional information in opt-out notices. Section l.23(a)(1)(i) provides that all opt-out notices must identify, by name, the affiliate(s) that is providing the notice. A group of affiliates may jointly provide the notice. If the notice is provided jointly by multiple affiliates and each affiliate shares a common name, such as ‘‘ABC,’’ then the notice may indicate that it is being provided by multiple companies with the ABC name or multiple companies in the ABC group or family of companies. Acceptable ways of identifying the multiple affiliates providing the notice include stating that the notice is provided by ‘‘all of the ABC companies,’’ ‘‘the ABC banking, credit card, insurance, and securities companies,’’ or by listing the name of each affiliate providing the notice. A representation that the notice is provided by ‘‘the ABC banking, credit card, insurance, and securities companies’’ applies to all companies in those categories, not just some of those companies. But if the affiliates providing the notice do not all share a common name, then the notice must either separately identify each affiliate by name or identify each of the common names used by those affiliates. For example, if the affiliates providing the notice do business under both the ABC name and the XYZ name, then the notice could list each affiliate by name or indicate that the notice is being provided by ‘‘all of the ABC and XYZ companies’’ or by ‘‘the ABC bank and VerDate Aug<31>2005 16:20 Nov 06, 2007 Jkt 214001 credit card companies and the XYZ insurance companies.’’ Section l.23(a)(1)(ii) provides that an opt-out notice must contain a list of the affiliates or types of affiliates covered by the notice. The notice may apply to multiple affiliates and to companies that become affiliates after the notice is provided to the consumer. The rules for identifying the affiliates covered by the notice are substantially similar to the rules for identifying the affiliates providing the notice in § l.23(a)(1)(i), as described in the previous paragraph. Sections l.23(a)(1)(iii)–(vii) respectively require the opt-out notice to include the following: A general description of the types of eligibility information that may be used to make solicitations to the consumer; a statement that the consumer may elect to limit the use of eligibility information to make solicitations to the consumer; a statement that the consumer’s election will apply for the specified period of time stated in the notice and, if applicable, that the consumer will be allowed to renew the election once that period expires; if the notice is provided to consumers who may have previously opted out, such as if a notice is provided to consumers annually, a statement that the consumer who has chosen to limit marketing offers does not need to act again until the consumer receives a renewal notice; and a reasonable and simple method for the consumer to opt out. The statement described in § l.23(a)(1)(vi) regarding consumers who may have previously opted out does not apply to the model privacy form that the Agencies are developing in a separate rulemaking. Appropriate use of the model forms in Appendix C will satisfy these content requirements. The Agencies continue to believe that the opt-out notice must specify the length of the opt-out period, if one is provided. However, an institution that subsequently chooses to increase the duration of the opt-out period that it previously disclosed or honor the optout in perpetuity has no obligation to provide a revised notice to the consumer. In that case, the result is the same as if the institution established a five-year opt-out period and then did not send a renewal notice at the end of that period. A person receiving eligibility information from an affiliate would be prohibited from using that information to make solicitations to a consumer unless a renewal notice is first provided to the consumer and the consumer does not renew the opt-out. So long as no solicitations are made using eligibility information received from an affiliate, there would be no violation of the statute or regulation for PO 00000 Frm 00023 Fmt 4701 Sfmt 4700 62931 failing to send a renewal notice in this situation. Joint Notice Proposed § l.24(c) permitted a person subject to this rule to provide a joint opt-out notice with one or more of its affiliates that are identified in the notice, so long as the notice was accurate with respect to each affiliate jointly issuing the notice. Under the proposal, a joint notice would not have to list each affiliate participating in the joint notice by its name, but could state that it applies to ‘‘all institutions with the ABC name’’ or ‘‘all affiliates in the ABC family of companies.’’ One commenter believed that individually listing each company could result in long and confusing notices. This commenter suggested revising the rule to permit the generic identification of the types of affiliates by whom eligibility information may be used to make solicitations and to allow the notice to apply to entities that become affiliates after the notice is sent. In the final rules, the separate joint notice provision has been eliminated. Instead, the final rules incorporate the joint notice option into the provisions that address which affiliates may provide the opt-out notice and the contents of the notice. Joint Relationships The proposal addressed joint relationships in the section dealing with delivery of opt-out notices. Proposed § l.24(d) set out rules that would apply when two or more consumers jointly obtain a product or service from a person subject to the rule (referred to in the proposed regulation as ‘‘joint consumers’’), such as a joint checking account. It also provided several examples. Under the proposal, a person subject to this rule could provide a single opt-out notice to joint accountholders. The notice would have had to indicate whether the person would consider an opt-out by a joint accountholder as an opt-out by all of the associated accountholders, or whether each accountholder would have to opt out separately. The person could not require all accountholders to opt out before honoring an opt-out direction by one of the joint accountholders. Because section 624 of the FCRA deals with the use of information for marketing by affiliates, rather than the sharing of information among affiliates, comment was requested on whether information about a joint account should be allowed to be used for making solicitations to a joint consumer who has not opted out. Some commenters supported the flexible approach proposed by the E:\FR\FM\07NOR2.SGM 07NOR2 62932 Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations rwilkins on PROD1PC63 with RULES_2 Agencies for dealing with joint accounts and notice to joint accountholders. One commenter suggested providing additional flexibility to enable consumers to opt out in certain circumstances, such as when eligibility information from a joint account is involved, but not in others, such as when eligibility information from an individual account is involved. Another commenter, however, believed that the provisions regarding joint relationships may not be appropriate for the affiliate marketing rule because section 624 relates to the use of information for marketing to a particular consumer, not to the sharing of information among affiliates. Consumer groups urged the Agencies to prohibit the use of eligibility information about a joint account for making solicitations to a consumer who has not opted out if the other joint consumer on the account has opted out. The Agencies have renumbered the provision addressing joint relationships as § l.23(a)(2) in the final rules. The Agencies have deleted the example of joint relationships from the final rules because it addressed, in part, the sharing of information, rather than the use of information. The Agencies have made other revisions to enhance the readability of this provision. The revised provision is substantively similar to the joint relationships provision of the GLBA privacy rules, except to the extent those rules refer to the sharing of information among affiliates. The Agencies believe that different issues may arise with regard to providing a single opt-out notice to joint consumers in the context of this rule, which focuses on the use of information, compared to issues that may arise with regard to providing such a notice in the context of other privacy rules that focus on the sharing of information. For example, a consumer may opt out with respect to affiliate marketing in connection with an individually-held account, but not opt out with respect to affiliate marketing in connection with a joint relationship. In that case, it could be challenging to identify which consumer information may and may not be used by affiliates to make solicitations to the consumer. Nevertheless, the final rules permit persons providing opt-out notices to consumers to provide a single opt-out notice to joint consumers. Alternative Contents Proposed § l.21(d) provided that, where an institution elects to give consumers a broader right to opt out of marketing than is required by this VerDate Aug<31>2005 16:20 Nov 06, 2007 Jkt 214001 subpart, the institution would have the ability to modify the contents of the optout notice to reflect accurately the scope of the opt-out right it provides to consumers. This section also noted that proposed Appendix C provided a model form that may be helpful for institutions that wish to allow consumers to opt out of all marketing from the institution and its affiliates, but use of the model form is not required. Commenters generally favored the flexibility afforded by this provision. The Agencies have renumbered the provision addressing alternative contents as § l.23(a)(3) in the final rules, but otherwise adopted it as proposed. Model Notices Section l.23(a)(4) states that model notices are provided in Appendix C. The Agencies have provided these model notices to facilitate compliance with the rule. However, the final rules do not require use of the model notices. Consolidated and Equivalent Notices Proposed § l.27 provided that an optout notice required by Subpart C could be coordinated and consolidated with any other notice or disclosure required to be issued under any other provision of law, including but not limited to the notice described in section 603(d)(2)(A)(iii) of the FCRA and the notice required by title V of the GLBA. In addition, a notice or other disclosure that was equivalent to the notice required by this subpart, and that was provided to a consumer together with disclosures required by any other provision of law, would satisfy the requirements of Subpart C. The proposal specifically requested comment on the consolidation of the affiliate marketing notice with the GLBA privacy notice and the affiliate sharing opt-out notice under section 603(d)(2)(A)(iii) of the FCRA. Commenters generally supported the proposed provision. Several commenters believed it was probable that most institutions would want to provide the affiliate marketing opt-out notice with their existing GLBA privacy notice to reduce compliance costs and minimize consumer confusion. One commenter believed that institutions would be less likely to include the optout notice as part of their annual GLBA privacy notice because section 214 does not have an annual notice requirement. The Agencies have moved the provisions addressing consolidated and equivalent notices to the section addressing the contents of the notice and renumbered those provisions as §§ l.23(b) and (c) respectively in the final rules. Otherwise, those provisions PO 00000 Frm 00024 Fmt 4701 Sfmt 4700 have been adopted as proposed with one exception. The provision on equivalent notices clarifies that an equivalent notice satisfies the requirements of § l.23—not the entire subpart—because the subpart addresses many issues besides the content of the notice, such as delivery and renewal of opt-outs. The Agencies believe that these provisions are related to the contents of the notice and should therefore be included in this section. The Agencies encourage consolidation of the affiliate marketing opt-out notice with the GLBA privacy notice, including the affiliate sharing opt-out notice under section 603(d)(2)(A)(iii) of the FCRA, so that consumers receive a single notice they can use to review and exercise all privacy opt-outs. Consolidation of these notices, however, presents special issues. For example, the affiliate marketing opt-out may be limited to a period of at least five years, subject to renewal, whereas the GLBA privacy and FCRA section 603(d)(2)(A)(iii) opt-out notices are not time-limited. This difference, if applicable, must be made clear to the consumer. Thus, if a consolidated notice is used and the affiliate marketing opt-out is limited in duration, the notice must inform consumers that if they previously opted out, they do not need to opt out again until they receive a renewal notice when the opt-out expires or is about to expire. In addition, as discussed more fully below, the Agencies have developed a model privacy form that includes the affiliate marketing opt-out. The Agencies expect that once published in final form, use of the model privacy form will satisfy the requirement to provide an affiliate marketing opt-out notice. Section l.24 Reasonable Opportunity To Opt Out Section l.22(a) of the proposal provided that before a receiving affiliate could use eligibility information to make or send solicitations to the consumer, the communicating affiliate would have to provide the consumer with a reasonable opportunity to opt out following delivery of the opt-out notice. Given the variety of circumstances in which institutions must provide a reasonable opportunity to opt out, the proposal construed the requirement for a reasonable opportunity to opt out as a general test that would avoid setting a mandatory waiting period in all cases. The proposed rules would not have required institutions subject to the rule to disclose how long a consumer would have to respond to the opt-out notice before eligibility information E:\FR\FM\07NOR2.SGM 07NOR2 rwilkins on PROD1PC63 with RULES_2 Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations communicated to affiliates could be used to make or send solicitations to the consumer, although institutions would have the flexibility to include such disclosures in their notices. In this respect, the proposed rules were consistent with the GLBA privacy rules. Industry commenters generally supported the Agencies’ approach of treating the requirement for a reasonable opportunity to opt out as a general test that would avoid setting a mandatory waiting period. NAAG, on the other hand, believed that the Agencies should set a mandatory waiting period of at least 45 days from the date of mailing or other transmission of the notice because consumers may be ill, away from home, or otherwise unable to respond to correspondence promptly. Industry commenters generally supported the Agencies’ decision not to require the disclosure of how long a consumer would have to respond to the opt-out notice before eligibility information could be used to make or send solicitations to the consumer. Consumer groups believed that consumers should be told how long they have to respond to the notice before eligibility information could be used by affiliates to make or send solicitations and that they may exercise their right to opt out at any time. The Agencies have renumbered the section addressing a reasonable opportunity to opt out as § l.24 in the final rules, and revised it. Section l.24(a) of the final rules retains the approach of construing the requirement for a reasonable opportunity to opt out as a general test that avoids setting a mandatory waiting period in all cases. Given the variety of circumstances in which a reasonable opportunity to opt out must be provided, the Agencies believe that the appropriate time to permit solicitations may vary depending upon the circumstances. A general standard provides flexibility to allow a person to use eligibility information it receives from an affiliate to make solicitations at an appropriate point in time that may vary depending upon the circumstances, while assuring that the consumer is given a realistic opportunity to prevent such use of this information. In the final rules, the Agencies have retained the approach of not requiring affiliate marketing opt-out notices to disclose how long a consumer has to respond before eligibility information may be used to make solicitations to the consumer or that consumers may exercise their right to opt out at any time. However, an institution may, at its option, add this information to its opt-out notice. VerDate Aug<31>2005 16:20 Nov 06, 2007 Jkt 214001 Section l.22(b) of the proposal provided examples to illustrate what would constitute a reasonable opportunity to opt out. The proposed examples would have provided a generally applicable safe harbor for optout periods of 30 days. As explained in the supplementary information to the proposal, although 30 days would be a safe harbor, a person subject to this requirement could decide, at its option, to give consumers more than 30 days in which to decide whether or not to opt out. A shorter waiting period could be adequate in certain situations depending on the circumstances. Proposed § l.22(b)(1) contained an example of a reasonable opportunity to opt out when the notice was provided by mail. Proposed § l.22(b)(2) contained an example of a reasonable opportunity to opt out when the notice was provided by electronic means. The proposed examples were consistent with examples used in the GLBA privacy rules. Proposed § l.22(b)(3) contained an example of a reasonable opportunity to opt out where, in a transaction conducted electronically, the consumer was required to decide, as a necessary part of proceeding with the transaction, whether or not to opt out before completing the transaction, so long as the institution provided a simple process at the Internet Web site that the consumer could use at that time to opt out. In this example, the opt-out notice would automatically be provided to the consumer, such as through a nonbypassable link to an intermediate Web page, or ‘‘speedbump.’’ The consumer would be given a choice of either opting out or not opting out at that time through a simple process conducted at the Web site. For example, the consumer could be required to check a box right at the Internet Web site in order to opt out or decline to opt out before continuing with the transaction. However, this example would not cover a situation where the consumer was required to send a separate e-mail or visit a different Internet Web site in order to opt out. Proposed § l.22(b)(4) illustrated that including the affiliate marketing opt-out notice in a notice under the GLBA would satisfy the reasonable opportunity standard. In such cases, the consumer would be allowed to exercise the opt-out in the same manner and would be given the same amount of time to exercise the opt-out as is provided for any other opt-out provided in the GLBA privacy notice. Proposed § l.22(b)(5) illustrated how an ‘‘opt-in’’ could meet the requirement to provide a reasonable opportunity to PO 00000 Frm 00025 Fmt 4701 Sfmt 4700 62933 opt out. Specifically, if an institution has a policy of not allowing its affiliates to use eligibility information to market to consumers without the consumer’s affirmative consent, providing the consumer with an opportunity to ‘‘opt in’’ or affirmatively consent to such use would constitute a reasonable opportunity to opt out. The supplementary information clarified that the consumer’s affirmative consent must be documented and that a preselected check box would not evidence the consumer’s affirmative consent. Some industry commenters supported the proposed 30-day safe harbor and the examples illustrating the safe harbor. Other industry commenters, however, expressed concern that the 30-day safe harbor would become the mandatory minimum waiting period in virtually all cases, particularly because of the risk of civil liability. For this reason, some industry commenters objected to the use of examples altogether and urged that the Agencies delete the proposed examples. Other industry commenters asked the Agencies to include only the examples from the GLBA. Consumer groups believed that the safe harbor should be 45 days, rather than 30 days. These commenters believed that 45 days was necessary in part to account for the time consumed in mail deliveries and in part to avoid penalizing consumers who are away from home for vacation or illness. Regarding the specific examples, a few commenters objected to the example in proposed § l.22(b)(2), stating that the acknowledgement of receipt requirement would be inconsistent with the Electronic Signatures in Global and National Commerce Act (E-Sign Act). One of these commenters believed this requirement amounted to an opt in for electronic notices. Several commenters believed that the example in proposed § l.22(b)(3) for requesting the consumer to opt out as a necessary step in proceeding with an electronic transaction should not be limited to electronic transactions, but should be expanded to apply to all transaction methods. A number of commenters believed that the example in proposed § l.22(b)(5) should either be deleted or, alternatively, should not refer to ‘‘affirmative’’ consent. These commenters noted that the example in proposed § l.22(b)(4) allowed a person to satisfy the reasonable opportunity standard by permitting the consumer to exercise the opt-out in the same manner and giving the consumer the same amount of time to exercise the opt-out as provided in the GLBA privacy notice E:\FR\FM\07NOR2.SGM 07NOR2 rwilkins on PROD1PC63 with RULES_2 62934 Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations and that the GLBA rules did not require ‘‘affirmative’’ consent. The Agencies have renumbered the examples of a reasonable opportunity to opt out as § l.24(b) in the final rules, and revised them as discussed below. The Agencies believe the examples are helpful in illustrating what constitutes a reasonable opportunity to opt out. The generally applicable 30-day safe harbor is retained in the final rules. The Agencies believe that providing a generally applicable safe harbor of 30 days is helpful because it affords certainty to entities that choose to follow the 30-day waiting period. Although 30 days is a safe harbor in all cases, a person providing an opt-out notice may decide, at its option, to give consumers more than 30 days in which to decide whether or not to opt out. A shorter waiting period could be adequate in certain situations, depending on the circumstances, in accordance with the general test for a reasonable opportunity to opt out. The use of examples and a 30-day safe harbor is consistent with the approach followed in the GLBA privacy rules. However, the Agencies believe that the examples in these rules should differ to some extent from the examples in the GLBA privacy rules because the affiliate marketing opt-out requires a one-time, not an annual, notice. Further, the affiliate marketing notice may, but need not, be included in the GLBA privacy notice. In the final rules, the Agencies have retained the example of a reasonable opportunity to opt out by mail with revisions for clarity. Commenters had no specific objections to this example. The Agencies have revised the example of a reasonable opportunity to opt out by electronic means and divided it into two subparts in the final rules to illustrate the different means of delivering an electronic notice. The example illustrates that for notices provided electronically, such as by posting the notice at an Internet Web site at which the consumer has obtained a product or service, a reasonable opportunity to opt out would include giving the consumer 30 days after the consumer acknowledges receipt of the electronic notice to opt out by any reasonable means. The acknowledgement of receipt aspect of this example is consistent with an example in the GLBA privacy regulations. The example also illustrates that for notices provided by e-mail to a consumer who had agreed to receive disclosures by e-mail from the person sending the notice, a reasonable opportunity to opt out would include giving the consumer 30 days after the e- VerDate Aug<31>2005 16:20 Nov 06, 2007 Jkt 214001 mail is sent to elect to opt out by any reasonable means. The Agencies do not believe that consumer acknowledgement is necessary where the consumer has agreed to receive disclosures by e-mail. The Agencies have determined that the electronic delivery of affiliate marketing opt-out notices does not require consumer consent in accordance with the E-Sign Act because neither section 624 of the FCRA nor these final rules require that the notice be provided in writing. Thus, the Agencies do not believe that the acknowledgement of receipt trigger is beyond the scope of their interpretive authority. Persons that provide affiliate marketing opt-out notices under this Subpart C electronically may do so pursuant to the agreement of the consumer, as specified in these rules, or in accordance with the requirements of the E-Sign Act. The Agencies believe that the example of a consumer who is required to opt out as a necessary part of proceeding with the transaction should not be limited to electronic transactions. However, rather than revising the electronic transactions example, the Agencies have retained the electronic transactions example in § l.24(b)(3) and added a new example for in-person transactions in § l.24(b)(4). Together, these examples illustrate that an abbreviated opt-out period is appropriate when the consumer is given a ‘‘yes’’ or ‘‘no’’ choice and is not permitted to proceed with the transaction unless the consumer makes a choice. For in-person transactions, consumers could be provided a form with a question that requires the consumer to write a ‘‘yes’’ or ‘‘no’’ to indicate their opt-out preference or a form that contains two blank check boxes: One that allows consumers to indicate that they want to opt out and one that allows consumers to indicate that they do not want to opt out. In the final rules, the Agencies have retained the example of including the opt-out notice in a privacy notice in § l.24(b)(5) as consistent with the statutory requirement that the Agencies consider methods for coordinating and combining notices. The Agencies have deleted the example of providing an opt-in as a form of opting out as unnecessary and confusing. Section l.25 Reasonable and Simple Methods of Opting Out Section l.23 of the proposal set forth reasonable and simple methods of opting out. This section generally tracked the examples of reasonable optout means from § l.7(a)(2)(ii) of the GLBA privacy regulations with certain PO 00000 Frm 00026 Fmt 4701 Sfmt 4700 revisions to give effect to Congress’s mandate that methods of opting out be simple. For instance, proposed § l.23(a)(2) referred to including a selfaddressed envelope with the reply form and opt-out notice. The Agencies also contemplated that a toll-free telephone number would be adequately designed and staffed to enable consumers to opt out in a single phone call. Proposed § l.23(b) set forth methods of opting out that are not reasonable and simple, such as requiring the consumer to write a letter to the institution or to call or write to obtain an opt-out form rather than including it with the notice. This section generally tracked the examples of unreasonable opt-out means from § l.7(a)(2)(iii) of the GLBA privacy rules. In addition, the proposal contained an example of a consumer who agrees to receive the opt-out notice in electronic form only, such as by electronic mail or by using a process at a Web site. Such a consumer should not be required to opt out solely by telephone or paper mail. Many industry commenters asked the Agencies to clarify that the examples are not the only ways to comply with the rules. These commenters believed that, as drafted, the proposal could be interpreted as exclusive rules, rather than as examples. These commenters asked the Agencies to make clear in the final rules that the methods set out in the rules are examples and do not exclude other reasonable and simple methods of opting out. A few industry commenters believed that the final rules should not include any examples of methods of opting out because of the potential for civil liability. Many industry commenters also urged the Agencies to use the same examples used in the GLBA privacy rules. These commenters did not believe that Congress would allow coordinated and consolidated notices, but require different methods of opting out. For instance, these commenters recommended deleting the reference to a self-addressed envelope because there is no such reference in the GLBA privacy rules. One commenter noted that its experience with self-addressed envelopes was negative because consumers often used the envelopes for other purposes resulting in misdirected communications. Industry commenters also objected to requiring institutions to provide an electronic opt-out mechanism to a consumer who agrees to receive an opt-out notice in electronic form. These commenters believed this example was unjustified and inconsistent with the GLBA privacy rules. Commenters also indicated that some institutions may not have the E:\FR\FM\07NOR2.SGM 07NOR2 rwilkins on PROD1PC63 with RULES_2 Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations technical capabilities to accept electronic opt-outs. Several commenters recommended that the Agencies clarify that an institution is not obligated to honor opt-outs submitted through means other than those designated by the institution. Consumer groups generally believed that the proposal appropriately tracked the examples in the GLBA privacy regulations with revisions to give effect to Congress’s mandate that methods of opting out be simple. These commenters believed, however, that the proposal was inadequate because it provided examples instead of requiring the use of certain methods. These commenters believed that the final rule should require self-addressed envelopes and require that toll-free numbers be adequately designed and staffed to enable consumers to opt out in a single phone call. According to these commenters, inadequate and poorly trained staff has been a shortcoming of the GLBA opt-out procedures. These commenters also recommended that consumers be given the opportunity to opt out by a simple check box on payment coupons. Finally, these commenters asked the Agencies to clarify that the federal standard is a floor and that if the notice is combined with other choices made available under other federal and state laws, the most consumer-friendly means for opting out should apply. The Agencies have renumbered the section addressing reasonable and simple methods of opting out as § l.25 in the final rules, and revised it as discussed below. The Agencies have restructured this section to include a general rule and examples in separate paragraphs (a) and (b) respectively. This revision clarifies that the specific methods identified in the rule are examples, not an exhaustive list of permissible methods. The Agencies believe that including examples in § l.25(b) is helpful. However, the Agencies decline to adopt the GLBA examples without change. Section 624 of the FCRA requires the Agencies to ensure that the consumer is given reasonable and simple methods of opting out. The GLBA did not require simple methods of opting out. The Agencies believe that the methods of opting out can, in some instances, be simpler than some of the reasonable methods illustrated in the GLBA privacy rules. To effectuate the statutory mandate that consumers have simple methods of opting out, the Agencies have modified, for purposes of this rulemaking, some of the examples of reasonable methods of opting out that VerDate Aug<31>2005 16:20 Nov 06, 2007 Jkt 214001 were used in the GLBA privacy regulations. Most of the examples in the final rules are substantially similar to those in § l.23(a) and (b) of the proposal with revisions for clarity. The example in § l.25(b)(1)(ii) has been revised to reflect the Agencies’ understanding that the reply form and self-addressed envelope would be included together with the opt-out notice. As in the proposal, the Agencies contemplate that a toll-free telephone number that consumers may call to opt out, as illustrated by the example in § l.25(b)(1)(iv), would be adequately designed and staffed to enable consumers to opt out in a single phone call. In setting up a toll-free telephone number that consumers may use to exercise their opt-out rights, institutions should minimize extraneous messages directed to consumers who are in the process of opting out. One new example in § l.25(b)(1)(v) illustrates that reasonable and simple methods include allowing consumers to exercise all of their opt-out rights described in a consolidated opt-out notice that includes the GLBA privacy, FCRA affiliate sharing, and FCRA affiliate marketing opt-outs, by a single method, such as by calling a single tollfree telephone number. This example furthers the statutory directive to the Agencies to ensure that notices and disclosures may be coordinated and consolidated. The final rules also clarify the example renumbered as § l.25(b)(2)(iii) to illustrate that it is not reasonable or simple to require a consumer who receives the opt-out notice in electronic form, such as through posting at an Internet Web site, to opt out solely by paper mail or by visiting a different Web site without providing a link to that site. Section .25(c) has been added to clarify that each consumer may be required to opt out through a specific means, as long as that means is reasonable and simple for that consumer. This new section corresponds to a provision in the GLBA privacy rules, § l.7(a)(2)(iv). Section l.26 Notices Delivery of Opt-Out General Rule and Examples Section l.24 of the proposal addressed the delivery of opt-out notices. Proposed § l.24(a) provided that an institution would have to deliver an opt-out notice so that each consumer could reasonably be expected to receive actual notice. This standard would not have required actual notice. The supplementary information to the PO 00000 Frm 00027 Fmt 4701 Sfmt 4700 62935 proposal also clarified that, for opt-out notices delivered electronically, the notices could be delivered either in accordance with the electronic disclosure provisions in Subpart C or in accordance with the E-Sign Act. For example, the institution could e-mail its notice to a consumer who agreed to the electronic delivery of information or provide the notice on its Internet Web site for a consumer who obtained a product or service electronically from that Web site. Commenters generally supported the reasonable expectation of actual notice standard. Proposed § l.24(b) provided examples to illustrate what would constitute delivery of an opt-out notice. Commenters expressed concern about the electronic notice example in proposed paragraph (b)(1)(iii). Consumer groups objected to this example by pointing to a growing trend in which companies require consumers to agree to electronic notices if they conduct business on an Internet Web site. These commenters believed that there was nothing to ensure that the notice would be clearly accessible to consumers on the Web site. These commenters believed that, at a minimum, the Agencies should require the notice to be sent to the consumer’s e-mail address, rather than posted to an Internet Web site, where the consumer has expressly opted in to the electronic delivery of notices. Some industry commenters objected to the acknowledgement of receipt requirement in this example as inconsistent with the E-Sign Act. One of these commenters urged the Agencies to explicitly incorporate the E-Sign Act into the requirements for delivering optout notices. The Agencies have renumbered the general rule regarding delivery of optout notices as § l.26(a) in the final rules and divided the examples into positive and negative examples in §§ l.26(b) and (c) respectively. In the final rules, the Agencies have retained the reasonable expectation of actual notice standard, which does not require the institution to determine if the consumer actually received the opt-out notice. For example, mailing a printed copy of the opt-out notice to the last known mailing address of a consumer satisfies the requirement to deliver the opt-out notice so that there is a reasonable expectation that the consumer has received actual notice. The Agencies have revised some of the examples of a reasonable expectation of actual notice for electronic notices. The new example in § l.26(b)(3) illustrates that the reasonable expectation of actual notice E:\FR\FM\07NOR2.SGM 07NOR2 62936 Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations rwilkins on PROD1PC63 with RULES_2 standard would be satisfied by providing notice by e-mail to a consumer who has agreed to receive disclosures by e-mail from the person providing the notice. The Agencies reiterate that an acknowledgement of receipt is not necessary for a notice provided by e-mail to such a consumer. Conversely, the example in § l.26(c)(2) illustrates that the reasonable expectation of actual notice standard would not be satisfied by providing notice by e-mail to a consumer who has not agreed to receive disclosures by email from the person providing the notice. The revised example in § l.26(b)(4) illustrates that for a consumer who obtains a product or service electronically, the reasonable expectation standard would be satisfied by posting the notice on the Internet Web site at which the consumer obtains such product or services and requiring the consumer to acknowledge receipt of the notice. Conversely, the new example in § l.26(c)(3) illustrates that the reasonable expectation standard would not be satisfied by posting the notice on the Internet Web site without requiring the consumer to acknowledge receipt of the notice. As discussed above, the Agencies have determined that the electronic delivery of opt-out notices does not require consumer consent in accordance with the E-Sign Act because neither section 624 of the FCRA nor the final rules require that the notice be provided in writing. Thus, requiring an acknowledgement of receipt is within the scope of the Agencies’ interpretive authority. This example is also consistent with an example in the GLBA privacy rules and seems appropriate where the notice is posted at an Internet Web site. The Agencies decline to require the delivery of electronic notices by e-mail. Concerns about the security of e-mail, especially phishing, make it inappropriate to require e-mail as the only permissible form of electronic delivery for opt-out notices. Section l.27 Renewal of Opt-Out Proposed §l.26 described the procedures for extension of an opt-out. Proposed §l.26(a) provided that a receiving affiliate could not make or send solicitations to the consumer after the expiration of the opt-out period based on eligibility information it receives or has received from an affiliate, unless the person responsible for providing the initial opt-out notice, or its successor, has given the consumer an extension notice and a reasonable opportunity to extend the opt-out, and the consumer does not extend the opt- VerDate Aug<31>2005 16:20 Nov 06, 2007 Jkt 214001 out. Thus, if an extension notice was not provided to the consumer, the opt-out period would continue indefinitely. Proposed §l.26(b) provided that each opt-out extension would have to be effective for a period of at least five years. Proposed §l.26(c) addressed the contents of a clear, conspicuous, and concise extension notice and provided flexibility to comply in either of two ways. Under one approach, the notice would disclose the same items required to be disclosed in the initial opt-out notice, along with a statement explaining that the consumer’s prior opt-out has expired or is about to expire, as applicable, and that if the consumer wishes to keep the consumer’s opt-out election in force, the consumer must opt out again. Under a second approach, the extension notice would provide: (1) That the consumer previously elected to limit an affiliate from using eligibility information about the consumer that it obtains from the communicating affiliate to make or send solicitations to the consumer; (2) that the consumer’s election has expired or is about to expire, as applicable; (3) that the consumer may elect to extend the consumer’s previous election; and (4) a reasonable and simple method for the consumer to opt out. The supplementary information to the proposal clarified that institutions would not need to provide extension notices if they treated the consumer’s opt-out election as valid in perpetuity, unless revoked by the consumer. Proposed §l.26(d) addressed the timing of the extension notice and provided that an extension notice could be given to the consumer either a reasonable period of time before the expiration of the opt-out period, or any time after the expiration of the opt-out period but before solicitations that would have been prohibited by the expired opt-out are made to the consumer. The Agencies did not propose to set a fixed time for what would constitute a reasonable period of time before the expiration of the opt-out period to send an extension notice because a reasonable period of time may depend upon the amount of time afforded to the consumer for a reasonable opportunity to opt out, the amount of time necessary to process opt-outs, and other factors. Proposed §l.26(e) made clear that sending an extension notice to the consumer before the expiration of the opt-out period does not shorten the five-year opt-out period. A few industry commenters objected to the fact that the contents of the extension notice would differ from the contents of the initial notice by PO 00000 Frm 00028 Fmt 4701 Sfmt 4700 requiring that the extension notice inform the consumer that the consumer’s prior opt-out has expired or is about to expire, as applicable, and that the consumer must opt out again to keep the opt-out election in force. These commenters argued that the added disclosure requirement would be costly and provide little benefit to consumers. One commenter maintained that the added disclosure requirement would make it difficult, if not impossible, to combine the extension notice with the GLBA privacy notice. Commenters also maintained that the language of the statute, particularly section 624(a)(1), contemplates that the same notice would satisfy the requirements for the initial and extension notices. Consumer groups and NAAG recommended that the Agencies define a ‘‘reasonable opportunity’’ to extend the opt-out as a period of at least 45 days before shared eligibility information is used to make solicitations to the consumer. The Agencies have renumbered the provisions addressing the extension or renewal of opt-outs as §l.27 in the final rules and revised them. For purposes of clarity, the final rules refer to a ‘‘renewal’’ notice, rather than an ‘‘extension’’ notice. Sectionl.27(a) contains the general rule, which provides that after the optout period expires, a person may not make solicitations based on eligibility information received from an affiliate to a consumer who previously opted out unless the consumer has been given a compliant renewal notice and a reasonable opportunity to opt out, and the consumer does not renew the optout. This section also clarifies that a person can make solicitations to a consumer after expiration of the opt-out period if one of the exceptions in §l.21(c) applies. The Agencies decline to set a fixed minimum time period for a reasonable opportunity to renew the opt-out as unnecessary and inconsistent with the approach taken elsewhere in this rule and in the GLBA privacy rules. The provision regarding the duration of the renewed opt-out elicited no comment, and it has been retained in §l.27(a)(2) of the final rules. Sectionl.27(a)(3) identifies the affiliates who may provide the renewal notice. A renewal notice must be provided either by the affiliate that provided the previous opt-out notice or its successor, or as part of a joint renewal notice from two or more members of an affiliated group of companies, or their successors, that jointly provided the previous opt-out notice. This rule balances the Agencies’ goal of ensuring that the notice is E:\FR\FM\07NOR2.SGM 07NOR2 rwilkins on PROD1PC63 with RULES_2 Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations provided by an entity known to the consumer with a recognition that flexibility is required to account for changes in the corporate structure that may result from mergers and acquisitions, corporate name changes, and other events. The Agencies recognize that the content of the extension or renewal notice differs from the content of the initial notice. Nothing in the statute, however, requires identical content in the initial and renewal notices. Moreover, the statute requires the Agencies to provide specific guidance to ensure that opt-out notices are clear, conspicuous, and concise. It is unreasonable to expect consumers, upon receipt of a renewal notice, to remember that they previously opted out five years ago (or longer) or, even if they do remember, to know that they must opt out again in order to renew their opt-out decision. Therefore, to ensure that the renewal notice is meaningful, the Agencies conclude that the renewal notice must remind the consumer that he or she previously opted out, inform the consumer that the opt-out has expired or is about to expire, and advise the consumer that he or she must opt out again to renew the opt-out and continue to limit solicitations from affiliates. Under the final rules, the renewal notice can state that ‘‘the consumer’s election has expired or is about to expire.’’ The Agencies have deleted the words ‘‘as applicable’’ so that the notice does not have to be tailored to differentiate consumers for whom the election ‘‘has expired’’ from those for whom the election ‘‘is about to expire.’’ The Agencies are not persuaded that the additional content of the renewal notice will have any impact on the ability to combine the opt-out notice with the GLBA privacy notice. Even if the language of the renewal notice were identical to the initial notice, it still could be difficult to avoid honoring a consumer’s opt-out in perpetuity if the affiliate marketing opt-out notice is incorporated into the GLBA privacy notice. Privacy notices typically state that if a consumer has previously opted out, it is not necessary for the consumer to opt out again. This statement would be accurate with respect to the affiliate marketing opt-out only if the consumer’s opt-out is honored in perpetuity. It would not be accurate, however, if the affiliate marketing optout is effective only for a limited period of time, subject to renewal by the consumer at intervals of five years or longer. Thus, if the affiliate marketing opt-out notice was consolidated with GLBA privacy notices and were VerDate Aug<31>2005 16:20 Nov 06, 2007 Jkt 214001 effective for a limited period of time, the privacy notices would have to be modified to make clear that statements that the consumer does not have to opt out again do not apply to the affiliate marketing renewal notice. Therefore, the Agencies do not believe that requiring a renewal notice to contain information not included in an initial notice will significantly affect the ability to incorporate the affiliate marketing optout notices into GLBA privacy notices because consolidation of the notices is most likely to occur when the affiliate marketing opt-out will be honored in perpetuity. Entities that prefer not to provide renewal notices may do so by honoring the consumer’s opt-out in perpetuity. The contents of the renewal notice are adopted in §l.27(b) with revisions that incorporate the changes to §l.23, as discussed above. Sectionl.27(b) of the final rules also omits the alternative contents set forth in the proposal, which the Agencies now believe would be unnecessarily duplicative. Proposed §l.26(d) addressed the timing of the extension or renewal notice and elicited no comment. The Agencies have renumbered this provision as §l.27(d) in the final rules, and adopted it with technical revisions. As explained in the supplementary information to the proposal, providing the renewal notice a reasonable period of time before the expiration of the optout period would enable institutions to begin marketing to consumers who do not renew their opt-out upon expiration of the opt-out period. But giving a renewal notice too far in advance of the expiration of the opt-out period may confuse consumers. The Agencies will deem a renewal notice provided on or with the last annual privacy notice required by the GLBA privacy provisions sent to the consumer before the expiration of the opt-out period to be reasonable in all cases. Proposed §l.26(e) regarding the effect of an extension or renewal notice on the existing opt-out period elicited no comment. The Agencies have renumbered this provision as §l.27(d) in the final rules, and adopted it with technical changes. Section l.28 Effective Date, Compliance Date, and Prospective Application Effective Date and Compliance Date Consistent with the requirements of section 624 of the FCRA, the proposal indicated that the final rules would become effective six months after the date on which they would be issued in final form. The Agencies requested PO 00000 Frm 00029 Fmt 4701 Sfmt 4700 62937 comment on whether there was any need to delay the mandatory compliance date beyond the effective date specifically to permit institutions to incorporate the affiliate marketing opt-out notice into their next annual GLBA privacy notice. Most industry commenters believed that the Agencies should delay the mandatory compliance date until some time after the effective date of the final rules. These commenters suggested various periods for delaying the mandatory compliance date ranging from three months to more than 24 months. Common recommendations were for a delayed mandatory compliance date of six, 12, or 18 months. Some of these commenters suggested a two-part mandatory compliance date consisting of a delayed mandatory compliance date of either three or six months for new accounts or for general application and a special mandatory compliance date for institutions that intend to consolidate their affiliate marketing opt-out notice with their GLBA privacy notice. Under this special mandatory compliance date, institutions would have to comply at the time they provide their next GLBA privacy notice following the effective date of the final rules or a date certain, whichever is earlier. Industry commenters believed that a delayed mandatory compliance date was necessary in order to make significant changes to business practices and procedures, to implement necessary operational and systems changes, and to design and provide opt-out notices. Industry commenters also noted that many institutions would like to send the affiliate marketing opt-out notice with their initial or annual GLBA privacy notices, both to minimize costs and to avoid consumer confusion. These commenters noted that many large institutions provide GLBA privacy notices on a rolling basis and that a delayed mandatory compliance date was necessary to enable institutions to introduce the affiliate marketing opt-out notice into this cycle. One large institution estimated that its first-year compliance costs would increase by a minimum of $660,000 if it was not able to consolidate the affiliate marketing opt-out notice with its GLBA privacy notice. A few industry commenters believed that Congress knew that an effective date is not necessarily the same as a mandatory compliance date because banking regulations commonly have effective dates and mandatory compliance dates that differ. Consumer groups and NAAG believed that the effective date of the final rules E:\FR\FM\07NOR2.SGM 07NOR2 62938 Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations rwilkins on PROD1PC63 with RULES_2 should be the mandatory compliance date. These commenters believed that institutions have had time to prepare for compliance since the FACT Act became law in December 2003. Consumer groups believed that if institutions need more time to comply, affiliates should cease using eligibility information to make solicitations until the notice and opportunity to opt out is provided. The final rules will become effective January 1, 2008. Consistent with the statute’s directive that the Agencies ensure that notices may be consolidated and coordinated, the mandatory compliance date is delayed to give institutions a reasonable amount of time to include the affiliate marketing opt-out notice with their initial and annual privacy notices. Accordingly, compliance with Subpart C is required not later than October 1, 2008. The Agencies believe that delaying the mandatory compliance date for approximately one year will give all institutions adequate time to develop and distribute opt-out notices and give most institutions sufficient time to develop and distribute consolidated notices if they choose to do so. Prospective Application Proposed §l.20(e) provided that the provisions of Subpart C would not apply to eligibility information that was received by a receiving affiliate prior to the date on which compliance with these regulations would be required. Some industry commenters supported this provision. Other industry commenters, however, believed that the proposed rule did not track the statutory language or reflect the intent of Congress. These commenters believed that the final rules should grandfather all information received by any financial institution or affiliate in a holding company prior to the mandatory compliance date, and not grandfather only that information received prior to the mandatory compliance date by a person that intends to use the information to make solicitations to the consumer. Some of these commenters recommended, in the alternative, that the Agencies clarify that any information placed into a common database by an affiliate should be deemed to have been provided to an affiliated person if the Agencies opt to retain the prospective application provision as proposed. These commenters argued that without such a clarification, affiliated companies would have to undertake the costly deconstruction of existing databases to ensure compliance. In the final rules, the provision addressing prospective application has VerDate Aug<31>2005 16:20 Nov 06, 2007 Jkt 214001 been renumbered as §l.28(c), and revised. The Agencies continue to believe that the better interpretation of the non-retroactivity provision is that it is tied to receipt of eligibility information by a person that intends to use the information to make solicitations to the consumer. The final rules clarify, however, that a person is deemed to receive eligibility information from its affiliate when the affiliate places that information in a common database where it is accessible by the person, even if the person has not accessed or used that information as of the compliance date. For example, assume that an affiliate obtains eligibility information about a consumer as a result of having a pre-existing business relationship with that consumer. The affiliate places that information into a common database that is accessible to other affiliates before the mandatory compliance date. The final rules do not apply to that information and other affiliates may use that information for marketing to the consumer. On the other hand, if the affiliate obtains eligibility information about the consumer before the mandatory compliance date, but does not either place that information into a common database that is accessible to other affiliates or otherwise provide that information to another affiliate before the mandatory compliance date, the final rules will apply to that eligibility information. Further, if the database is updated with new eligibility information after the mandatory compliance date, the final rules will apply to the new or updated eligibility information. Appendix C Appendix A of the proposal contained model forms to illustrate by way of example how institutions could comply with the notice and opt-out requirements of section 624 and the proposed regulations. Appendix A included three proposed model forms. Model Form A–1 was a proposed form of an initial opt-out notice. Model Form A–2 was a proposed form of an extension notice. Model Form A–3 was a proposed form that institutions may use if they offer consumers a broader right to opt out of marketing than is required by law. The proposed model forms were designed to convey the necessary information to consumers as simply as possible. The Agencies tested the proposed model forms using two widely available readability tests, the Flesch reading ease test and the Flesch-Kincaid grade level test, each of which generates PO 00000 Frm 00030 Fmt 4701 Sfmt 4700 a readability score.16 Proposed Model Form A–1 had a Flesch reading ease score of 53.7 and a Flesch-Kincaid grade level score of 9.9. Proposed Model Form A–2 had a Flesch reading ease score of 57.5 and a Flesch-Kincaid grade level score of 9.6. Proposed Model Form A– 3 had a Flesch reading ease score of 69.9 and a Flesch-Kincaid grade level score of 6.7. Commenters generally supported the proposed model forms. As noted above, some commenters had concerns about the content of the initial and renewal notices. Some industry commenters expressed concern about requiring the notice to specify the applicable time period and the consumer’s right to renew the election once the opt-out expires. Industry commenters also suggested revising the language of the notice to refer either to ‘‘financial’’ information or ‘‘credit eligibility’’ information for clarity. One commenter suggested deleting the examples of the types of information shared with affiliates. Another commenter suggested rephrasing the model forms in the passive voice. One commenter encouraged the Agencies to clarify that use of the model forms provides a safe harbor. Another commenter believed that the optional third paragraph of Model Form A–1 should be revised, or an alternate paragraph added, to provide guidance on how to clearly disclose to consumers that the opt-out may not limit the sharing of contact information and other information that does not meet the definition of ‘‘consumer report.’’ Consumer groups and NAAG commended the Agencies for reporting the Flesch reading ease score and Flesch-Kincaid grade-level score for each of the model forms. These commenters urged the Agencies to modify the proposed rule to require that any person that does not use the model forms must provide a notice that achieves readability scores at least as good as the scores for the model forms. Consumer groups also suggested adding a sentence about providing the form annually to mitigate consumer confusion. These commenters also urged the Agencies to adopt a shortform notice. The Agencies have revised and expanded the number of model forms to reflect changes made to the final rules. In addition, for ease of reference, the model forms have been renumbered as 16 The Flesch reading ease test generates a score between zero and 100, where the higher score correlates with improved readability. The FleschKincaid grade level test generates a numerical assessment of the grade-level at which the text is written. E:\FR\FM\07NOR2.SGM 07NOR2 rwilkins on PROD1PC63 with RULES_2 Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations Appendix C to correspond with Subpart C to which they pertain. The Agencies believe that model forms are helpful for entities that give notices and beneficial for consumers. The model forms are provided as stand-alone documents. However, some persons may choose to combine the opt-out notice with other consumer disclosures, such as the GLBA privacy notice. Creating a consolidated model form is beyond the scope of this rulemaking, but, as discussed above, institutions can combine the affiliate marketing opt-out notice with other disclosures, including the GLBA privacy notice. On March 31, 2006, the Board, FDIC, FTC, NCUA, OCC, and SEC released a report entitled Evolution of a Prototype Financial Privacy Notice prepared by Kleimann Communication Group, Inc., summarizing research that led to the development of a prototype short-form GLBA privacy notice. That prototype included an affiliate marketing opt-out notice. The prototype assumed that the notice would be provided by the affiliate that is sharing eligibility information. The Agencies believe that providing model forms in this rule for stand-alone opt-out notices that may be used in a more diverse set of circumstances than a model privacy form is appropriate and consistent with efforts to develop a model privacy form. On March 29, 2007, the Agencies, the FTC, SEC, and Commodity Futures Trading Commission published for public comment in the Federal Register (72 FR 14,940) a model privacy form that includes the affiliate marketing optout. Once such a notice is published in final form, use of the model privacy form will satisfy the requirement to provide an initial affiliate marketing opt-out notice. The final rules include five model forms. Model Form C–1 is the model for an initial notice provided by a single affiliate. Model Form C–2 is the model for an initial notice provided as a joint notice from two or more affiliates. Model Form C–3 is the model for a renewal notice provided by a single affiliate. Model Form C–4 is the model for a renewal notice provided as a joint notice from two or more affiliates. Model Form C–5 is a model for a voluntary ‘‘no marketing’’ opt-out. The Agencies tested each of the model forms using two widely-available readability tests, the Flesch reading ease test and the Flesch-Kincaid grade level test. In conducting these tests, the Agencies eliminated parenthetical text wherever possible, included the optional clauses, and substituted the names of fictional entities, for example, ABC Bank or the ABC group of VerDate Aug<31>2005 16:20 Nov 06, 2007 Jkt 214001 companies, as the names of the relevant entities to ensure that the test results were not skewed by the inclusion of descriptive text that would not be included in actual opt-out notices. The results of these tests are summarized for each of the model forms in Table 1 below. Although the Agencies encourage the use of these tests as well as other types of consumer testing in designing opt-out notices, the Agencies decline to adopt a prescriptive approach that requires notices to achieve certain scores under the Flesch reading ease or FleschKincaid grade level tests. Some variation in readability scores is inevitable and may be caused by minor differences in the language of the notice, such as the name of the entity providing the notice or the types of information that may be used for marketing. 62939 opt out again until a renewal notice is sent. V. Regulatory Analysis Paperwork Reduction Act In accordance with the requirements of the Paperwork Reduction Act (PRA) of 1995 (44 U.S.C. 3506; 5 CFR part 1320 Appendix A.1), the Agencies have reviewed the final rules and determined that they contain collections of information subject to the PRA. The Board made this determination under authority delegated to the Board by the Office of Management and Budget (OMB). The collections of information required by these rules are found in 12 CFR 41.21–41.27, 12 CFR 222.21– 222.27, 12 CFR 334.21–334.27, 12 CFR 571.21–571.27, and 12 CFR 717.21– 717.27. The Agencies may not conduct or sponsor, and the respondent is not required to respond to, an information TABLE 1 collection unless it displays a currently valid OMB control number. This FleschFlesch collection is mandatory (15 U.S.C. 1693 Kincaid reading grade level et seq.). The respondents/recordkeepers ease score score are financial institutions that share certain information for marketing Model Form C–1 50.2 11.5 Model Form C–2 51.7 11.5 purposes, and certain consumers of Model Form C–3 54.6 9.7 their services. The final rules impose disclosure Model Form C–4 54.2 9.8 Model Form C–5 81.3 3.8 requirements on certain affiliated companies subject to each Agency’s As noted in the proposal, use of the jurisdiction. Specifically, the FACT Act model forms is not mandatory. and the final rules provide that when a However, appropriate use of the model company communicates certain forms provides a safe harbor. There is information about the consumer flexibility to use or not use the model (‘‘eligibility information’’) to an affiliate, forms, or to modify the forms, so long the affiliate may not use that as the requirements of the regulation are information to make solicitations for met. For example, although several of marketing purposes to the consumer the model forms use five years as the unless the consumer is given a notice duration of the opt-out period, an optand an opportunity to opt-out of that out period of longer than five years may use of the information and the consumer be used and the longer time period does not opt-out. In the proposal, the Agencies substituted in the opt-out notices. estimated that the average amount of Alternatively, the consumer’s opt-out may be treated as effective in perpetuity time for a person to prepare an initial notice as required under the proposal and, if so, the opt-out notice should and distribute the notice to consumers omit any reference to the limited would be approximately 18 hours. The duration of the opt-out period or the Agencies recognized that the amount of right to renew the opt-out. The Agencies have revised the model time needed for any particular person forms so that the disclosure regarding subject to the proposed requirements the duration of the opt-out may state may be higher or lower, but believed that the opt-out applies either for a fixed that this average figure was a reasonable number of years or ‘‘at least 5 years.’’ estimate. To minimize the compliance This revision permits institutions that costs and burdens for persons, use a longer opt-out period or that particularly small entities, the proposed subsequently extend their opt-out rule contained model disclosures and period to rely on the model language. opt-out notices that may be used to The model form also contains a satisfy the statutory requirements. The reference to the consumer’s right to proposed rule gave covered persons revoke an opt-out. In addition, language flexibility to satisfy the notice and opthas been added to the model forms to out requirement by sending the clarify that, with an opt-out of limited consumer a free-standing opt-out notice duration, a consumer does not have to or by adding the opt-out notice to the PO 00000 Frm 00031 Fmt 4701 Sfmt 4700 E:\FR\FM\07NOR2.SGM 07NOR2 62940 Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations rwilkins on PROD1PC63 with RULES_2 privacy notices already provided to consumers in accordance with the provisions of Title V of the GLBA. For covered persons that choose to prepare a free-standing opt-out notice, the time necessary to prepare a free-standing optout notice would be minimal, because those persons could simply copy the model disclosure, making minor adjustments as indicated by the model disclosure. Similarly, for covered persons that choose to incorporate the opt-out notice into their GLBA privacy notices, the time necessary to integrate the model opt-out notice into their privacy notices would be minimal. The Agencies estimated that the average consumer would take approximately five minutes to respond to the notice and opt-out. The Agencies did not estimate the burden for preparing and distributing extension notices by covered persons that choose to limit the duration of the opt-out time period because the minimum effective time period for the opt-out is five years. The Agencies proposed to estimate the burden for this requirement when they conduct a subsequent review of the information collection. Information Collection The Agencies, other than the Board and NCUA, are seeking OMB approval to extend for three years, with revision, the information collections in connection with this final rule. The Board, under its delegated authority from OMB, has approved the implementation of this information collection. The NCUA is seeking OMB approval for this new collection of information. OCC: Title: Fair Credit Reporting Affiliate Marketing (12 CFR part 41). OMB Number: 1557–0230 Frequency of Response: On occasion. Affected Public: National banks, Federal branches and agencies of foreign banks, and their respective operating subsidiaries that are not functionally regulated within the meaning of section 5(c)(5) of the Bank Holding Company Act of 1956, as amended (12 U.S.C. 1844(c)(5). Number of Respondents: 770 National banks and 916,895 Consumers. Estimated Time per Response: 18 hours, Prepare and distribute notice to consumers, and employee training; 5 minutes, Consumer response to opt-out notice. Total Estimated Annual Burden: 90,265 hours. Board: Title: Information Collection Requirements in Connection with Regulation V (Fair Credit Reporting Act) VerDate Aug<31>2005 17:18 Nov 06, 2007 Jkt 214001 (Affiliate Marketing Disclosures/ Consumer Opt-Out Notices). OMB Number: 7100–0308.17 Frequency of Response: On occasion. Affected Public: State member banks, branches and agencies of foreign banks (other than federal branches, Federal agencies, and insured State branches of foreign banks), commercial lending companies owned or controlled by foreign banks, Edge and agreement corporations, and bank holding companies and affiliates of such holding companies (other than depository institutions and consumer reporting agencies). Number of Respondents: 2,619 Financial institutions and 638,380 Consumers. Estimated Time per Response: 18 hours, Prepare and distribute notice to consumers, and employee training; 5 minutes, Consumer response to opt-out notice. Total Estimated Annual Burden: 100,423 hours. FDIC: Title: Affiliate Marketing Disclosures/ Consumer Opt-Out Notices. OMB Number: 3064–0149. Frequency of Response: On occasion. Affected Public: Insured state nonmember banks. Number of Respondents: 978 Financial institutions and 198,450 Consumers. Estimated Time per Response: 18 hours, Prepare and distribute notice to consumers, and employee training; 5 minutes, Consumer response to opt-out notice. Total Estimated Annual Burden: 34,142 hours. OTS: Title: Fair Credit Reporting Affiliate Marketing Regulations. OMB Number: 1550–0112. Frequency of Response: On occasion. Affected Public: Savings associations and Federal savings association operating subsidiaries that are not functionally regulated within the meaning of section 5(c)(5) of the Bank Holding Company Act of 1956, as amended (12 U.S.C. 1844(c)(5)). Number of Respondents: 609 Financial institutions and 216,783 Consumers. Estimated Time per Response: 18 hours, Prepare and distribute notice to consumers, and employee training; 5 minutes, Consumer response to opt-out notice. 17 The information collections (ICs) in this rule will be incorporated with the Board’s Disclosure Requirements Associated with Regulation V (OMB No. 7100–0308). The burden estimates provided in this rule pertain only to the ICs associated with this final rulemaking. The current OMB inventory for Regulation V is available at: https://www.reginfo.gov/ public/do/PRAMain. PO 00000 Frm 00032 Fmt 4701 Sfmt 4700 Total Estimated Annual Burden: 28,955 hours. NCUA: Title: Information Collection Requirements in Connection with Fair Credit Reporting Act Regulations. OMB Number: 3133–New. Frequency of Response: On occasion. Affected Public: Federal credit unions with CUSO affiliates. Number of Respondents: 1,065 Financial institutions and 1,023,693 Consumers. Estimated Time per Response: 18 hours, Prepare and distribute notice to consumers, and employee training; 5 minutes, Consumer response to opt-out notice. Total Estimated Annual Burden: 104,137 hours. The Agencies received one comment, from a trade association, in response to the PRA section of the proposal. The commenter raised concerns that the Agencies’ PRA cost estimates conveyed a misleading impression of the cost of complying with the affiliate marketing opt-out rule. The commenter’s principal objection was that the cost estimates assume that the major cost is that of sending the disclosures, rather than processing any opt-out requests and ensuring that solicitations are not sent to consumers who have opted-out (or have not yet had a reasonable opportunity to opt-out). The commenter was concerned that the cost estimates did not reflect the costs associated with building compliance systems, such as costs attributed to significant database programming, coordination across business entities, legal and managerial review, employee training, and business process changes. The commenter stated that the PRA analysis did not take into account the significant clerical effort needed to comply with the proposed rule. The commenter also stated that companies that currently provide GLBA privacy and Fair Credit Reporting Act (FCRA) affiliate sharing opt-out notices would still incur significant costs because (1) unlike under the GLBA optout right, the new affiliate marketing opt-out right applies to affiliates, and (2) unlike under the FCRA affiliate sharing opt-out, the new affiliate marketing optout right applies to transaction or experience information. The commenter objected to the Agencies’ use of average figures which take into account the fact that some companies may not need to provide affiliate marketing opt-out notices to consumers, rather than focusing exclusively on the costs to companies that must provide the notice. Finally, the commenter stated that E:\FR\FM\07NOR2.SGM 07NOR2 rwilkins on PROD1PC63 with RULES_2 Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations compliance with the proposed rule would be particularly difficult because software modifications and employee training would be required to ensure that both bank and affiliate employees have access to consumer’s transaction or experience information in order to service their accounts, but are prevented from using that information to solicit business from consumers that have exercised their opt-out rights. In response, the Agencies continue to believe that 18 hours is a reasonable estimate of the average amount of time to prepare and distribute an initial notice to consumers and for employee training; and five minutes is a reasonable estimate of the average consumer response time. The Agencies continue to believe that institutions should be able to modify existing database systems and employee training programs, used to comply with the GLBA and FCRA notice and opt-out requirements, to meet the requirements held in this final rule. As required by the PRA, the Agencies’ annual burden estimates take into account the burden associated with the reporting, recordkeeping, and third-party disclosure requirements of the final rules (see 44 U.S.C. 3502(2); 5 CFR 1320.3(b)). The Agencies also believe that the availability of model disclosures and opt-out notices may significantly reduce the cost of compliance. In addition, the final rules give persons flexibility to provide a joint opt-out notice on behalf of multiple affiliates and to define the scope and the duration of the opt-out. This flexibility may reduce the cost of compliance by allowing covered persons to make choices that are most appropriate for their business. Moreover, since the notice is only required to be given once for a minimum period of at least five years, the Agencies’ estimates assume a higher burden will be incurred during the first year of the OMB clearance period with a lesser burden incurred during the subsequent two years. The Agencies have a continuing interest in the public’s opinions of our collections of information. At any time, comments regarding the burden estimate, or any other aspect of this collection of information, including suggestions for reducing the burden, may be sent to the following: OCC: Communications Division, Office of the Comptroller of the Currency, Public Information Room, Mailstop 1–5, Attention: 1557–0230, 250 E Street, SW., Washington, DC 20219. In addition, comments may be sent by fax to (202) 874–4448, or by electronic mail to regs.comments@occ.treas.gov. You can VerDate Aug<31>2005 16:20 Nov 06, 2007 Jkt 214001 inspect and photocopy comments at the OCC’s Public Information Room, 250 E Street, SW., Washington, DC 20219. For security reasons, the OCC requires that visitors make an appointment to inspect comments. You may do so by calling (202) 874–5043. Upon arrival, visitors will be required to present valid government-issued photo identification and submit to security screening in order to inspect and photocopy comments. Board: You may submit comments, which should refer to ‘‘Information Collection Requirements in Connection with Regulation V (Fair Credit Reporting Act) (Affiliate Marketing Disclosures/ Consumer Opt-Out Notices), 7100– 0308’’ by any of the following methods: • Agency Web Site: https:// www.federalreserve.gov. Follow the instructions for submitting comments on the https://www.federalreserve.gov/ generalinfo/foia/ProposedRegs.cfm. • Federal eRulemaking Portal: https:// www.regulations.gov. Follow the instructions for submitting comments. • E-mail: regs.comments@federalreserve.gov. Include docket number in the subject line of the message. • Fax: 202–452–3819 or 202–452– 3102. • Mail: Jennifer J. Johnson, Secretary, Board of Governors of the Federal Reserve System, 20th Street and Constitution Avenue, NW., Washington, DC 20551. All public comments are available from the Board’s Web site at www.federalreserve.gov/generalinfo/ foia/ProposedRegs.cfm as submitted, unless modified for technical reasons. Accordingly, your comments will not be edited to remove any identifying or contact information. Public comments may also be viewed electronically or in paper in Room MP–500 of the Board’s Martin Building (20th and C Streets, NW.) between 9 a.m. and 5 p.m. on weekdays. FDIC: You may submit comments, which should refer to ‘‘Affiliate Marketing Disclosures/Consumer OptOut Notices, 3064–0149,’’ by any of the following methods: • https://www.FDIC.gov/regulations/ laws/federal/notices.html. • E-mail: comments@FDIC.gov. Include ‘‘Affiliate Marketing Disclosures/Consumer Opt-Out Notices, 3064–0149,’’ in the subject line of the message. • Mail: Steven F. Hanft (202–898– 3907), Clearance Officer, Attn: Comments, Room MB–2088, Federal Deposit Insurance Corporation, 550 17th Street, NW., Washington, DC 20429. PO 00000 Frm 00033 Fmt 4701 Sfmt 4700 62941 • Hand Delivery: Comments may be hand delivered to the guard station at the rear of the 550 17th Street Building (located on F Street) on business days between 7 a.m. and 5 p.m. Public Inspection: All comments received will be posted without change to https://www.fdic.gov/regulations/laws/ federal/notices.html including any personal information provided. Comments may be inspected at the FDIC Public Information Center, Room E– 1002, 3501 Fairfax Drive, Arlington, VA 22226, between 9 a.m. and 5 p.m. on business days. OTS: You may submit comments, identified by ‘‘1550–0112 (Fair Credit Reporting Affiliate Marketing Regulations),’’ by any of the following methods: • Federal eRulemaking Portal: https:// www.regulations.gov. Follow the instructions for submitting comments. • E-mail address: infocollection.comments@ots.treas.gov. Please include ‘‘1550–0112 (Fair Credit Reporting Affiliate Marketing Regulations),’’ in the subject line of the message and include your name and telephone number in the message. • Fax: (202) 906–6518. • Mail: Information Collection Comments, Chief Counsel’s Office, Office of Thrift Supervision, 1700 G Street, NW, Washington, DC 20552, Attention: ‘‘1550–0112 (Fair Credit Reporting Affiliate Marketing Regulations).’’ • Hand Delivery/Courier: Guard’s Desk, East Lobby Entrance, 1700 G Street, NW, from 9 a.m. to 4 p.m. on business days, Attention: Information Collection Comments, Chief Counsel’s Office, Attention: ‘‘1550–0112 (Fair Credit Reporting Affiliate Marketing Regulations).’’ Instructions: All submissions received must include the agency name and OMB Control Number for this information collection. All comments received will be posted without change to the OTS Internet Site at https://www.ots.treas.gov/ pagehtml.cfm?catNumber=67&an=1, including any personal information provided. Docket: For access to the docket to read background documents or comments received, go to https:// www.ots.treas.gov/ pagehtml.cfm?catNumber=67&an=1. In addition, you may inspect comments at the Public Reading Room, 1700 G Street, NW., by appointment. To make an appointment for access, call (202) 906–5922, send an e-mail to public.info@ots.treas.gov, or send a facsimile transmission to (202) 906– 7755. (Prior notice identifying the materials you will be requesting will E:\FR\FM\07NOR2.SGM 07NOR2 62942 Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations rwilkins on PROD1PC63 with RULES_2 assist us in serving you.) We schedule appointments on business days between 10 a.m. and 4 p.m. In most cases, appointments will be available the next business day following the date we receive a request. NCUA: You may submit comments by any of the following methods (please send comments by one method only): • Federal eRulemaking Portal: https:// www.regulations.gov. Follow the instructions for submitting comments. • NCUA Web Site: https:// www.ncua.gov/ RegulationsOpinionsLaws/ proposedregs/proposedregs.html. Follow the instructions for submitting comments. • E-mail: Address to regcomments@ncua.gov. Include ‘‘[Your name] Comments on Information Collection Requirements in Connection with Fair Credit,’’ in the e-mail subject line. • Fax: (703) 518–6319. Use the subject line described above for e-mail. • Mail: Address to Neil McNamara, Deputy Chief Information Officer, National Credit Union Administration, 1775 Duke Street, Alexandria, VA 22314–3428. • Hand Delivery/Courier: Same as mail address. Additionally, you should send a copy of your comments to [Agency] Desk Officer, [OMB No.], by mail to U.S. Office of Management and Budget, 725 17th Street, NW., #10235, Washington, DC 20503, or by fax to (202) 395–6974. Regulatory Flexibility Act OCC: OCC prepared an initial regulatory flexibility analysis as required by the Regulatory Flexibility Act (RFA) (5 U.S.C. 601 et seq.) in connection with the July 15, 2004 proposed rule. OCC received one comment on its regulatory flexibility analysis. Under Section 605(b) of the RFA, 5 U.S.C. 605(b), the regulatory flexibility analysis otherwise required under Section 604 of the RFA is not required if an agency certifies, along with a statement providing the factual basis for such certification, that the rule will not have a significant economic impact on a substantial number of small entities. For purposes of the RFA and OCCregulated entities, a ‘‘small entity’’ is a national bank with assets of $165 million or less (small national bank). Based on its analysis and for the reasons stated below, OCC certifies that this final rule will not have a significant economic impact on a substantial number of small entities. OCC’s final rule will not impact a substantial number of small entities because OCC VerDate Aug<31>2005 16:20 Nov 06, 2007 Jkt 214001 estimates that the final rule will affect no more than 12 out of 948 small national banks (approximately 1%) with assets of $165 million or less. 1. Statement of the Need for, and Objectives of, the Final Rule The FACT Act amends the FCRA and was enacted, in part, for the purpose of allowing consumers to limit the use of eligibility information received from an affiliate to make solicitations to the consumer. Section 214 of the FACT Act generally prohibits a person from using certain information received from an affiliate to make a solicitation for marketing purposes to a consumer, unless the consumer is given notice and an opportunity and simple method to opt out of the making of such solicitations. Section 214 requires the OCC, together with the other Agencies, the FTC, and the SEC, to consult and coordinate with each other and to prescribe regulations implementing section 214 that, to the extent possible, are consistent and comparable. OCC is adopting the final rule to implement section 214 of the FACT Act. The SUPPLEMENTARY INFORMATION contains information on the objectives of the final rule. 2. Summary of Issues Raised by Comments in Response to the Initial Regulatory Flexibility Analysis OCC conducted an initial regulatory flexibility analysis in connection with the proposed rule as required by section 3(a) of the RFA (5 U.S.C. 603(a)). One commenter, the Mortgage Bankers Association (MBA), believed that the Agencies had underestimated compliance costs. The issues raised by the MBA are described in the Paperwork Reduction Act section of the SUPPLEMENTARY INFORMATION. The MBA’s concerns applied equally to small entities and larger entities. The MBA did not raise any issues unique to small entities. 3. Description and Estimate of Small Entities Affected by the Final Rule The final rule applies to national banks, Federal branches and agencies of foreign banks, and any of their operating subsidiaries that are not functionally regulated within the meaning of section 5(c)(5) of the Bank Holding Company Act of 1956, as amended (12 U.S.C. 1844(c)(5)) (national banks). However, the rule’s requirements only affect those entities with affiliates that choose to structure their marketing activities in a manner that triggers the rule’s requirements. OCC estimates that its final rule could apply to as many as 1,806 national PO 00000 Frm 00034 Fmt 4701 Sfmt 4700 banks. The OCC also estimates that 1,036 of these national banks do not have affiliates and, therefore, will not affected by the requirements of the final rule. Of the estimated 770 national banks that would be subject to the final rule’s requirements, approximately 12 of these institutions are small national banks with assets of $165 million or less. In addition, small entities that have affiliates may choose not to engage in activities that would require compliance with the final rule. For example, small entities may choose not to share eligibility information with their affiliates for the purpose of making solicitations. Alternatively, small entities and their affiliates may structure their marketing activities in a way that does not trigger the requirement to comply with the final rule, such as by relying upon the exceptions to the notice requirement contained in the final rule. 4. Recordkeeping, Reporting, and Other Compliance Requirements The final rule requires all national banks, including small national banks, to provide opt-out notices and renewal notices to consumers in certain circumstances, as discussed in the SUPPLEMENTARY INFORMATION section above, and to implement consumers’ opt-out elections. The final rule contains no requirement to report information to the Agencies. Small entities that have affiliates, share eligibility information with those affiliates, and use that information to make solicitations for marketing purposes may be subject to the rule. Small entities that do not have affiliates, do not share eligibility information with their affiliates for marketing purposes, use shared eligibility information for purposes of making solicitations only in accordance with one of the exceptions set forth in the final rule, or structure their marketing activities to eliminate the need to provide an opt-out notice would not be subject to the final rule. The professional skills necessary for preparation of the opt-out notice include compliance and/or privacy specialists and computer programmers. 5. Steps Taken To Minimize the Economic Impact on Small Entities OCC and the other Agencies have attempted to minimize the economic impact on small entities by adopting consistent rules and by allowing joint notices on behalf of multiple affiliates. In addition, OCC and the other Agencies have provided model forms that small institutions may, but are not required to, use to minimize the cost of compliance. E:\FR\FM\07NOR2.SGM 07NOR2 Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations Board: The Board prepared an initial regulatory flexibility analysis as required by the Regulatory Flexibility Act (RFA) (5 U.S.C. 601 et seq.) in connection with the July 15, 2004 proposed rule. The Board received one comment on its regulatory flexibility analysis. Under Section 605(b) of the RFA, 5 U.S.C. 605(b), the regulatory flexibility analysis otherwise required under Section 604 of the RFA is not required if an agency certifies, along with a statement providing the factual basis for such certification, that the rule will not have a significant economic impact on a substantial number of small entities. Based on its analysis and for the reasons stated below, the Board certifies that this final rule will not have a significant economic impact on a substantial number of small entities. 1. Statement of the Need for, and Objectives of, the Final Rule The FACT Act amends the FCRA and was enacted, in part, for the purpose of allowing consumers to limit the use of eligibility information received from an affiliate to make solicitations to the consumer. Section 214 of the FACT Act generally prohibits a person from using certain information received from an affiliate to make a solicitation for marketing purposes to a consumer, unless the consumer is given notice and an opportunity and simple method to opt out of the making of such solicitations. Section 214 requires the Board, together with the other Agencies, the FTC, and the SEC, to issue regulations implementing the section in consultation and coordination with each other. The Board received no comments on the reasons for the proposed rule. The Board is adopting the final rule to implement § 214 of the FACT Act. The SUPPLEMENTARY INFORMATION above contains information on the objectives of the final rule. rwilkins on PROD1PC63 with RULES_2 2. Summary of Issues Raised by Comments in Response to the Initial Regulatory Flexibility Analysis 16:20 Nov 06, 2007 Jkt 214001 The final rule applies to all banks that are members of the Federal Reserve System (other than national banks) and their respective operating subsidiaries, branches and Agencies of foreign banks (other than Federal branches, Federal Agencies, and insured State branches of foreign banks), commercial lending companies owned or controlled by foreign banks, and organizations operating under section 25 or 25A of the Federal Reserve Act (12 U.S.C. 601 et seq., and 611 et seq.). The Board’s rule will apply to the following institutions (numbers approximate): State member banks (881), operating subsidiaries that are not functionally regulated with in the meaning of section 5(c)(5) of the Bank Holding Company Act of 1956, as amended (877), U.S. branches and agencies of foreign banks (219), commercial lending companies owned or controlled by foreign banks (3), and Edge and agreement corporations (64), for a total of approximately 2,044 institutions. The Board estimates that more than 1,448 of these institutions could be considered small entities with assets of $165 million or less. All small entities covered by the Board’s rule potentially could be subject to the final rule. However, small entities that do not have affiliates would not be subject to the final rule. In addition, small entities that have affiliates may choose not to engage in activities that would require compliance with the final rule. For example, small entities may choose not to share eligibility information with their affiliates for the purpose of making solicitations. Alternatively, small entities and their affiliates may structure their marketing activities in a way that does not trigger the requirement to comply with the final rule, such as by relying upon the exceptions to the notice requirement contained in the final rule. 4. Recordkeeping, Reporting, and Other Compliance Requirements In accordance with Section 3(a) of the RFA, the Board conducted an initial regulatory flexibility analysis in connection with the proposed rule. One commenter, the Mortgage Bankers Association (MBA), believed that the Board and the other Agencies had underestimated the costs of compliance. The issues raised by the MBA are described in the Paperwork Reduction Act section above. The MBA’s concerns applied equally to small entities and larger entities. The MBA did not raise any issues unique to small entities. VerDate Aug<31>2005 3. Description and Estimate of Small Entities Affected by the Final Rule The final rule requires small entities to provide opt-out notices and renewal notices to consumers in certain circumstances, as discussed in the SUPPLEMENTARY INFORMATION above. The final rule also requires small entities to implement consumers’ opt-out elections. The final rule contains no requirement to report information to the Agencies. Small entities that have affiliates and that share eligibility information with those affiliates for purposes of making solicitations may be subject to the rule. Small entities that do not have affiliates, PO 00000 Frm 00035 Fmt 4701 Sfmt 4700 62943 do not share eligibility information with their affiliates for marketing purposes, use shared eligibility information for purposes of making solicitations only in accordance with one of the exceptions set forth in the final rule, or structure their marketing activities to eliminate the need to provide an opt-out notice would not be subject to the final rule. The professional skills necessary for preparation of the opt-out notice include compliance and/or privacy specialists and computer programmers. 5. Steps Taken To Minimize the Economic Impact on Small Entities The Board and the other Agencies have attempted to minimize the economic impact on small entities by adopting consistent rules and by allowing joint notices on behalf of multiple affiliates. In addition, the Board and the other Agencies have provided model forms that small institutions may, but are not required to, use to minimize the cost of compliance. FDIC: The FDIC prepared an initial regulatory flexibility analysis as required by the Regulatory Flexibility Act (RFA) (5 U.S.C. 601 et seq.) in connection with the July 15, 2004 proposed rule. The FDIC received one comment on its regulatory flexibility analysis. Under Section 605(b) of the RFA, 5 U.S.C. 605(b), the regulatory flexibility analysis otherwise required under Section 604 of the RFA is not required if an agency certifies, along with a statement providing the factual basis for such certification, that the rule will not have a significant economic impact on a substantial number of small entities. Based on its analysis and for the reasons stated below, the FDIC certifies that this final rule will not have a significant economic impact on a substantial number of small entities. 1. Statement of the Need for, and Objectives of, the Final Rule The FACT Act amends the FCRA and was enacted, in part, for the purpose of allowing consumers to limit the use of eligibility information received from an affiliate to make solicitations to the consumer. Section 214 of the FACT Act generally prohibits a person from using certain information received from an affiliate to make a solicitation for marketing purposes to a consumer, unless the consumer is given notice and an opportunity and simple method to opt out of the making of such solicitations. Section 214 requires the FDIC, together with the other Agencies, the FTC, and the SEC, to issue regulations implementing the section in consultation and coordination with each E:\FR\FM\07NOR2.SGM 07NOR2 62944 Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations other. The FDIC received no comments on the reasons for the proposed rule. The FDIC is adopting the final rule to implement § 214 of the FACT Act. The SUPPLEMENTARY INFORMATION above contains information on the objectives of the final rule. 2. Summary of Issues Raised by Comments in Response to the Initial Regulatory Flexibility Analysis In accordance with Section 3(a) of the RFA, the FDIC conducted an initial regulatory flexibility analysis in connection with the proposed rule. One commenter, the Mortgage Bankers Association (MBA), believed that the FDIC and the other Agencies had underestimated the costs of compliance. The issues raised by the MBA are described in the Paperwork Reduction Act section above. The MBA’s concerns applied equally to small entities and larger entities. The MBA did not raise any issues unique to small entities. rwilkins on PROD1PC63 with RULES_2 3. Description and Estimate of Small Entities Affected by the Final Rule The final rule applies to insured state nonmember banks, insured state licensed branches of foreign banks, and subsidiaries of such entities (except brokers, dealers, persons providing insurance, investment companies, and investment advisers). The FDIC’s rule will apply to a total of approximately 978 institutions. The FDIC estimates that more than 542 of these institutions could be considered small entities with assets of $165 million or less. All small entities covered by the FDIC’s rule potentially could be subject to the final rule. However, small entities that do not have affiliates would not be subject to the final rule. In addition, small entities that have affiliates may choose not to engage in activities that would require compliance with the final rule. For example, small entities may choose not to share eligibility information with their affiliates for the purpose of making solicitations. Alternatively, small entities and their affiliates may structure their marketing activities in a way that does not trigger the requirement to comply with the final rule, such as by relying upon the exceptions to the notice requirement contained in the final rule. 4. Recordkeeping, Reporting, and Other Compliance Requirements The final rule requires small entities to provide opt-out notices and renewal notices to consumers in certain circumstances, as discussed in the SUPPLEMENTARY INFORMATION above. The final rule also requires small entities to implement consumers’ opt-out VerDate Aug<31>2005 16:20 Nov 06, 2007 Jkt 214001 elections. The final rule contains no requirement to report information to the Agencies. Small entities that have affiliates and that share eligibility information with those affiliates for purposes of making solicitations may be subject to the rule. Small entities that do not have affiliates, do not share eligibility information with their affiliates for marketing purposes, use shared eligibility information for purposes of making solicitations only in accordance with one of the exceptions set forth in the final rule, or structure their marketing activities to eliminate the need to provide an opt-out notice would not be subject to the final rule. The professional skills necessary for preparation of the opt-out notice include compliance and/or privacy specialists and computer programmers. 5. Steps Taken To Minimize the Economic Impact on Small Entities The FDIC and the other Agencies have attempted to minimize the economic impact on small entities by adopting consistent rules and by allowing joint notices on behalf of multiple affiliates. In addition, the FDIC and the other Agencies have provided model forms that small institutions may, but are not required to, use to minimize the cost of compliance. OTS: OTS prepared an initial regulatory flexibility analysis under the Regulatory Flexibility Act (RFA) (5 U.S.C. 601 et seq.) in connection with the July 15, 2004 proposed rule. OTS received one comment on its regulatory flexibility analysis. Under Section 605(b) of the RFA, 5 U.S.C. 605(b), the regulatory flexibility analysis otherwise required under Section 604 of the RFA is not required if an agency certifies, along with a statement providing the factual basis for such certification, that the rule will not have a significant economic impact on a substantial number of small entities. Based on its analysis and for the reasons stated below, OTS certifies that this final rule will not have a significant economic impact on a substantial number of small entities. 1. Statement of the Need for, and Objectives of, the Final Rule The FACT Act amends the FCRA and was enacted, in part, for the purpose of allowing consumers to limit the use of eligibility information received from an affiliate to make solicitations to the consumer. Section 214 of the FACT Act generally prohibits a person from using certain information received from an affiliate to make a solicitation for marketing purposes to a consumer, unless the consumer is given notice and PO 00000 Frm 00036 Fmt 4701 Sfmt 4700 an opportunity and simple method to opt out of the making of such solicitations. Section 214 requires OTS, together with the other Agencies, the FTC, and the SEC, to consult and coordinate with each other and to prescribe regulations implementing the section that, to the extent possible, are consistent and comparable. OTS is adopting the final rule to implement section 214 of the FACT Act. The SUPPLEMENTARY INFORMATION contains information on the objectives of the final rule. 2. Summary of Issues Raised by Comments in Response to the Initial Regulatory Flexibility Analysis OTS conducted an initial regulatory flexibility analysis in connection with the proposed rule under section 3(a) of the RFA (5 U.S.C. 603(a)). One commenter, the Mortgage Bankers Association (MBA), believed that the Agencies had underestimated compliance costs. The issues raised by the MBA are described in the Paperwork Reduction Act section of the SUPPLEMENTARY INFORMATION. The MBA’s concerns applied equally to small entities and larger entities. The MBA did not raise any issues unique to small entities. 3. Description and Estimate of Small Entities Affected by the Final Rule The final rule applies to all savings associations and federal savings associations operating subsidiaries that are not functionally regulated within the meaning of section 5(c)(5) of the Bank Holding Company Act of 1956, as amended (12 U.S.C. 1844(c)(5). However, the rule’s requirements only affect those entities with affiliates and that choose to structure their marketing activities in a manner that triggers the rule’s requirements. OTS’s estimates that its final rule could apply to as many as 609 savings associations, since that is the number of savings associations with affiliates. OTS estimates that 230 of these savings associations are small entities with assets of $165 million or less. In addition, small entities that have affiliates may choose not to engage in activities that would require compliance with the final rule. For example, small entities may choose not to share eligibility information with their affiliates for the purpose of making solicitations. Alternatively, small entities and their affiliates may structure their marketing activities in a way that does not trigger the requirement to comply with the final rule, such as by relying upon the exceptions to the E:\FR\FM\07NOR2.SGM 07NOR2 Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations notice requirement contained in the final rule. unions. The rule will apply to all federal credit unions regardless of asset size. 4. Recordkeeping, Reporting, and Other Compliance Requirements OCC and OTS Executive Order 12866 Determination The final rule requires all entities, including small savings associations, to provide opt-out notices and renewal notices to consumers in certain circumstances, as discussed in the SUPPLEMENTARY INFORMATION, and to implement consumers’ opt-out elections. The final rule contains no requirement to report information to the Agencies. Small entities that have affiliates, share eligibility information with those affiliates, and use that information to make solicitations for marketing purposes may be subject to the rule. Small entities that do not have affiliates, do not share eligibility information with their affiliates for marketing purposes, use shared eligibility information for purposes of making solicitations only in accordance with one of the exceptions set forth in the final rule, or structure their marketing activities to eliminate the need to provide an opt-out notice would not be subject to the final rule. The professional skills necessary for preparation of the opt-out notice include compliance and/or privacy specialists and computer programmers. The OCC and OTS each has determined that its portion of the rule is not a significant regulatory action under Executive Order 12866. rwilkins on PROD1PC63 with RULES_2 5. Steps Taken To Minimize the Economic Impact on Small Entities OTS and the other Agencies have attempted to minimize the economic impact on small entities by adopting consistent rules and by allowing joint notices on behalf of multiple affiliates. In addition, OTS and the other Agencies have provided model forms that small institutions may, but are not required to, use to minimize the cost of compliance. NCUA: The Regulatory Flexibility Act (RFA) requires NCUA to prepare an analysis to describe any significant economic impact a proposed regulation may have on a substantial number of small entities. 5 U.S.C. 601–612. NCUA considers credit unions having less than ten million dollars in assets to be small for purposes of RFA. NCUA Interpretive Ruling and Policy Statement (IRPS) 87– 2 as amended by IRPS 03–2. In connection with the July 15, 2004 proposed rule, NCUA certified that the proposed rule would not have a significant economic impact on a substantial number of small credit unions and therefore, a regulatory flexibility analysis was not required. Upon further review, the NCUA now certifies that the final rule also will not have a significant economic impact on a substantial number of small credit VerDate Aug<31>2005 16:20 Nov 06, 2007 Jkt 214001 OCC Executive Order 13132 Determination The OCC has determined that this rule does not have any Federalism implications, as required by Executive Order 13132. NCUA Executive Order 13132 Determination Executive Order 13132 encourages independent regulatory agencies to consider the impact of their actions on state and local interests. In adherence to fundamental federalism principles, the NCUA, an independent regulatory agency as defined in 44 U.S.C. 3502(5), voluntarily complies with the executive order. The final rule applies only to federally chartered credit unions and would not have substantial direct effects on the states, on the connection between the national government and the states, or on the distribution of power and responsibilities among the various levels of government. The NCUA has determined that this rule does not constitute a policy that has federalism implications for purposes of the executive order. OCC and OTS Unfunded Mandates Reform Act of 1995 Determination Section 202 of the Unfunded Mandates Reform Act of 1995, Public Law 104–4 (Unfunded Mandates Act) requires that an agency prepare a budgetary impact statement before promulgating a rule that includes a Federal mandate that may result in expenditure by State, local, and tribal governments, in the aggregate, or by the private sector, of $100 million or more in any one year. If a budgetary impact statement is required, section 205 of the Unfunded Mandates Act also requires an agency to identify and consider a reasonable number of regulatory alternatives before promulgating a rule. The OCC and OTS each has determined that this rule will not result in expenditures by State, local, and tribal governments, or by the private sector, of $100 million or more. Accordingly, neither the OCC nor the OTS has prepared a budgetary impact statement or specifically addressed the regulatory alternatives considered. PO 00000 Frm 00037 Fmt 4701 Sfmt 4700 62945 NCUA: The Treasury and General Government Appropriations Act, 1999— Assessment of Federal Regulations and Policies on Families The NCUA has determined that this rule would not affect family well-being within the meaning of section 654 of the Treasury and General Government Appropriations Act, 1999, Pub. L. 105– 277, 112 Stat. 2681 (1998). NCUA: Small Business Regulatory Enforcement Fairness Act of 1996 (SBREFA) An SBREFA (Pub. L. 104–121) reporting requirement is triggered in instances where NCUA issues a final rule as defined by section 551 of the Administrative Procedure Act, 5 U.S.C. 551. NCUA is submitting this final rule to the Office of Management and Budget (OMB) for a determination that this rule is not a major rule for purposes of SBREFA. List of Subjects 12 CFR Part 41 Banks, Banking, Consumer protection, National banks, Reporting and recordkeeping requirements. 12 CFR Part 222 Banks, Banking, Consumer protection, Fair Credit Reporting Act, Holding companies, Privacy, Reporting and recordkeeping requirements, State member banks. 12 CFR Part 334 Administrative practice and procedure, Bank deposit insurance, Banks, Banking, Reporting and recordkeeping requirements, Safety and soundness. 12 CFR Part 571 Consumer protection, Credit, Fair Credit Reporting Act, Privacy, Reporting and recordkeeping requirements, Savings associations. 12 CFR Part 717 Consumer protection, Credit unions, Fair credit reporting, Privacy, Reporting and recordkeeping requirements. Office of the Comptroller of the Currency 12 CFR Chapter I. Authority and Issuance For the reasons set forth in the preamble, the OCC amends part 41 of chapter I of title 12 of the Code of Federal Regulations as follows: I E:\FR\FM\07NOR2.SGM 07NOR2 62946 Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations PART 41—FAIR CREDIT REPORTING 1. The authority citation for part 41 is revised to read as follows: I Authority: 12 U.S.C. 1 et seq., 24 (Seventh), 93a, 481, 484, and 1818; 15 U.S.C. 1681a, 1681b, 1681c, 1681m, 1681s, 1681s–3, 1681t, 1681w, 6801, and 6805; Sec. 214, Pub. L. 108–159, 117 Stat. 1952. 2. A new Subpart C is added to part 41 to read as follows: I Subpart C—Affiliate Marketing Sec. 41.20 Scope and definitions. 41.21 Affiliate marketing opt-out and exceptions. 41.22 Scope and duration of opt-out. 41.23 Contents of opt-out notice; consolidated and equivalent notices. 41.24 Reasonable opportunity to opt out. 41.25 Reasonable and simple methods of opting out. 41.26 Delivery of opt-out notices. 41.27 Renewal of opt-out. 41.28 Effective date, compliance date, and prospective application. Subpart C—Affiliate Marketing rwilkins on PROD1PC63 with RULES_2 § 41.20 Scope and definitions. (a) Scope. This subpart applies to national banks, Federal branches and agencies of foreign banks, and any of their operating subsidiaries that are not functionally regulated within the meaning of section 5(c)(5) of the Bank Holding Company Act of 1956, as amended (12 U.S.C. 1844(c)(5)). These entities are referred to in this subpart as ‘‘banks.’’ (b) Definitions. For purposes of this subpart: (1) Clear and conspicuous. The term ‘‘clear and conspicuous’’ means reasonably understandable and designed to call attention to the nature and significance of the information presented. (2) Concise. (i) In general. The term ‘‘concise’’ means a reasonably brief expression or statement. (ii) Combination with other required disclosures. A notice required by this subpart may be concise even if it is combined with other disclosures required or authorized by federal or state law. (3) Eligibility information. The term ‘‘eligibility information’’ means any information the communication of which would be a consumer report if the exclusions from the definition of ‘‘consumer report’’ in section 603(d)(2)(A) of the Act did not apply. Eligibility information does not include aggregate or blind data that does not contain personal identifiers such as account numbers, names, or addresses. (4) Pre-existing business relationship. (i) In general. The term ‘‘pre-existing VerDate Aug<31>2005 16:20 Nov 06, 2007 Jkt 214001 business relationship’’ means a relationship between a person, or a person’s licensed agent, and a consumer based on— (A) A financial contract between the person and the consumer which is in force on the date on which the consumer is sent a solicitation covered by this subpart; (B) The purchase, rental, or lease by the consumer of the person’s goods or services, or a financial transaction (including holding an active account or a policy in force or having another continuing relationship) between the consumer and the person, during the 18month period immediately preceding the date on which the consumer is sent a solicitation covered by this subpart; or (C) An inquiry or application by the consumer regarding a product or service offered by that person during the threemonth period immediately preceding the date on which the consumer is sent a solicitation covered by this subpart. (ii) Examples of pre-existing business relationships. (A) If a consumer has a time deposit account, such as a certificate of deposit, at a depository institution that is currently in force, the depository institution has a pre-existing business relationship with the consumer and can use eligibility information it receives from its affiliates to make solicitations to the consumer about its products or services. (B) If a consumer obtained a certificate of deposit from a depository institution, but did not renew the certificate at maturity, the depository institution has a pre-existing business relationship with the consumer and can use eligibility information it receives from its affiliates to make solicitations to the consumer about its products or services for 18 months after the date of maturity of the certificate of deposit. (C) If a consumer obtains a mortgage, the mortgage lender has a pre-existing business relationship with the consumer. If the mortgage lender sells the consumer’s entire loan to an investor, the mortgage lender has a preexisting business relationship with the consumer and can use eligibility information it receives from its affiliates to make solicitations to the consumer about its products or services for 18 months after the date it sells the loan, and the investor has a pre-existing business relationship with the consumer upon purchasing the loan. If, however, the mortgage lender sells a fractional interest in the consumer’s loan to an investor but also retains an ownership interest in the loan, the mortgage lender continues to have a pre-existing business relationship with the consumer, but the investor does not PO 00000 Frm 00038 Fmt 4701 Sfmt 4700 have a pre-existing business relationship with the consumer. If the mortgage lender retains ownership of the loan, but sells ownership of the servicing rights to the consumer’s loan, the mortgage lender continues to have a pre-existing business relationship with the consumer. The purchaser of the servicing rights also has a pre-existing business relationship with the consumer as of the date it purchases ownership of the servicing rights, but only if it collects payments from or otherwise deals directly with the consumer on a continuing basis. (D) If a consumer applies to a depository institution for a product or service that it offers, but does not obtain a product or service from or enter into a financial contract or transaction with the institution, the depository institution has a pre-existing business relationship with the consumer and can therefore use eligibility information it receives from an affiliate to make solicitations to the consumer about its products or services for three months after the date of the application. (E) If a consumer makes a telephone inquiry to a depository institution about its products or services and provides contact information to the institution, but does not obtain a product or service from or enter into a financial contract or transaction with the institution, the depository institution has a pre-existing business relationship with the consumer and can therefore use eligibility information it receives from an affiliate to make solicitations to the consumer about its products or services for three months after the date of the inquiry. (F) If a consumer makes an inquiry to a depository institution by e-mail about its products or services, but does not obtain a product or service from or enter into a financial contract or transaction with the institution, the depository institution has a pre-existing business relationship with the consumer and can therefore use eligibility information it receives from an affiliate to make solicitations to the consumer about its products or services for three months after the date of the inquiry. (G) If a consumer has an existing relationship with a depository institution that is part of a group of affiliated companies, makes a telephone call to the centralized call center for the group of affiliated companies to inquire about products or services offered by the insurance affiliate, and provides contact information to the call center, the call constitutes an inquiry to the insurance affiliate that offers those products or services. The insurance affiliate has a pre-existing business relationship with the consumer and can therefore use E:\FR\FM\07NOR2.SGM 07NOR2 rwilkins on PROD1PC63 with RULES_2 Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations eligibility information it receives from its affiliated depository institution to make solicitations to the consumer about its products or services for three months after the date of the inquiry. (iii) Examples where no pre-existing business relationship is created. (A) If a consumer makes a telephone call to a centralized call center for a group of affiliated companies to inquire about the consumer’s existing account at a depository institution, the call does not constitute an inquiry to any affiliate other than the depository institution that holds the consumer’s account and does not establish a pre-existing business relationship between the consumer and any affiliate of the account-holding depository institution. (B) If a consumer who has a deposit account with a depository institution makes a telephone call to an affiliate of the institution to ask about the affiliate’s retail locations and hours, but does not make an inquiry about the affiliate’s products or services, the call does not constitute an inquiry and does not establish a pre-existing business relationship between the consumer and the affiliate. Also, the affiliate’s capture of the consumer’s telephone number does not constitute an inquiry and does not establish a pre-existing business relationship between the consumer and the affiliate. (C) If a consumer makes a telephone call to a depository institution in response to an advertisement that offers a free promotional item to consumers who call a toll-free number, but the advertisement does not indicate that the depository institution’s products or services will be marketed to consumers who call in response, the call does not create a pre-existing business relationship between the consumer and the depository institution because the consumer has not made an inquiry about a product or service offered by the institution, but has merely responded to an offer for a free promotional item. (5) Solicitation. (i) In general. The term ‘‘solicitation’’ means the marketing of a product or service initiated by a person to a particular consumer that is— (A) Based on eligibility information communicated to that person by its affiliate as described in this subpart; and (B) Intended to encourage the consumer to purchase or obtain such product or service. (ii) Exclusion of marketing directed at the general public. A solicitation does not include marketing communications that are directed at the general public. For example, television, general circulation magazine, and billboard advertisements do not constitute VerDate Aug<31>2005 16:20 Nov 06, 2007 Jkt 214001 solicitations, even if those communications are intended to encourage consumers to purchase products and services from the person initiating the communications. (iii) Examples of solicitations. A solicitation would include, for example, a telemarketing call, direct mail, e-mail, or other form of marketing communication directed to a particular consumer that is based on eligibility information received from an affiliate. § 41.21 Affiliate marketing opt-out and exceptions. (a) Initial notice and opt-out requirement. (1) In general. A bank may not use eligibility information about a consumer that it receives from an affiliate to make a solicitation for marketing purposes to the consumer, unless— (i) It is clearly and conspicuously disclosed to the consumer in writing or, if the consumer agrees, electronically, in a concise notice that the bank may use eligibility information about that consumer received from an affiliate to make solicitations for marketing purposes to the consumer; (ii) The consumer is provided a reasonable opportunity and a reasonable and simple method to ‘‘opt out,’’ or prohibit the bank from using eligibility information to make solicitations for marketing purposes to the consumer; and (iii) The consumer has not opted out. (2) Example. A consumer has a homeowner’s insurance policy with an insurance company. The insurance company furnishes eligibility information about the consumer to its affiliated depository institution. Based on that eligibility information, the depository institution wants to make a solicitation to the consumer about its home equity loan products. The depository institution does not have a pre-existing business relationship with the consumer and none of the other exceptions apply. The depository institution is prohibited from using eligibility information received from its insurance affiliate to make solicitations to the consumer about its home equity loan products unless the consumer is given a notice and opportunity to opt out and the consumer does not opt out. (3) Affiliates who may provide the notice. The notice required by this paragraph must be provided: (i) By an affiliate that has or has previously had a pre-existing business relationship with the consumer; or (ii) As part of a joint notice from two or more members of an affiliated group of companies, provided that at least one of the affiliates on the joint notice has PO 00000 Frm 00039 Fmt 4701 Sfmt 4700 62947 or has previously had a pre-existing business relationship with the consumer. (b) Making solicitations. (1) In general. For purposes of this subpart, a bank makes a solicitation for marketing purposes if— (i) The bank receives eligibility information from an affiliate; (ii) The bank uses that eligibility information to do one or more of the following: (A) Identify the consumer or type of consumer to receive a solicitation; (B) Establish criteria used to select the consumer to receive a solicitation; or (C) Decide which of the bank’s products or services to market to the consumer or tailor the bank’s solicitation to that consumer; and (iii) As a result of the bank’s use of the eligibility information, the consumer is provided a solicitation. (2) Receiving eligibility information from an affiliate, including through a common database. A bank may receive eligibility information from an affiliate in various ways, including when the affiliate places that information into a common database that the bank may access. (3) Receipt or use of eligibility information by a bank’s service provider. Except as provided in paragraph (b)(5) of this section, a bank receives or uses an affiliate’s eligibility information if a service provider acting on the bank’s behalf (whether an affiliate or a nonaffiliated third party) receives or uses that information in the manner described in paragraphs (b)(1)(i) or (b)(1)(ii) of this section. All relevant facts and circumstances will determine whether a person is acting as a bank’s service provider when it receives or uses an affiliate’s eligibility information in connection with marketing the bank’s products and services. (4) Use by an affiliate of its own eligibility information. Unless a bank has used eligibility information that it receives from an affiliate in the manner described in paragraph (b)(1)(ii) of this section, the bank does not make a solicitation subject to this subpart if the bank’s affiliate: (i) Uses its own eligibility information that it obtained in connection with a pre-existing business relationship it has or had with the consumer to market the bank’s products or services to the consumer; or (ii) Directs its service provider to use the affiliate’s own eligibility information that it obtained in connection with a pre-existing business relationship it has or had with the consumer to market the bank’s products or services to the consumer, and the bank does not E:\FR\FM\07NOR2.SGM 07NOR2 rwilkins on PROD1PC63 with RULES_2 62948 Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations communicate directly with the service provider regarding that use. (5) Use of eligibility information by a service provider. (i) In general. A bank does not make a solicitation subject to Subpart C of this part if a service provider (including an affiliated or third-party service provider that maintains or accesses a common database that the bank may access) receives eligibility information from the bank’s affiliate that the bank’s affiliate obtained in connection with a preexisting business relationship it has or had with the consumer and uses that eligibility information to market the bank’s products or services to the consumer, so long as— (A) The bank’s affiliate controls access to and use of its eligibility information by the service provider (including the right to establish the specific terms and conditions under which the service provider may use such information to market the bank’s products or services); (B) The bank’s affiliate establishes specific terms and conditions under which the service provider may access and use the affiliate’s eligibility information to market the bank’s products and services (or those of affiliates generally) to the consumer, such as the identity of the affiliated companies whose products or services may be marketed to the consumer by the service provider, the types of products or services of affiliated companies that may be marketed, and the number of times the consumer may receive marketing materials, and periodically evaluates the service provider’s compliance with those terms and conditions; (C) The bank’s affiliate requires the service provider to implement reasonable policies and procedures designed to ensure that the service provider uses the affiliate’s eligibility information in accordance with the terms and conditions established by the bank’s affiliate relating to the marketing of the bank’s products or services; (D) The bank’s affiliate is identified on or with the marketing materials provided to the consumer; and (E) The bank does not directly use its affiliate’s eligibility information in the manner described in paragraph (b)(1)(ii) of this section. (ii) Writing requirements. (A) The requirements of paragraphs (b)(5)(i)(A) and (C) of this section must be set forth in a written agreement between the bank’s affiliate and the service provider; and (B) The specific terms and conditions established by the bank’s affiliate as provided in paragraph (b)(5)(i)(B) of this section must be set forth in writing. VerDate Aug<31>2005 16:20 Nov 06, 2007 Jkt 214001 (6) Examples of making solicitations. (i) A consumer has a deposit account with a depository institution, which is affiliated with an insurance company. The insurance company receives eligibility information about the consumer from the depository institution. The insurance company uses that eligibility information to identify the consumer to receive a solicitation about insurance products, and, as a result, the insurance company provides a solicitation to the consumer about its insurance products. Pursuant to paragraph (b)(1) of this section, the insurance company has made a solicitation to the consumer. (ii) The same facts as in the example in paragraph (b)(6)(i) of this section, except that after using the eligibility information to identify the consumer to receive a solicitation about insurance products, the insurance company asks the depository institution to send the solicitation to the consumer and the depository institution does so. Pursuant to paragraph (b)(1) of this section, the insurance company has made a solicitation to the consumer because it used eligibility information about the consumer that it received from an affiliate to identify the consumer to receive a solicitation about its products or services, and, as a result, a solicitation was provided to the consumer about the insurance company’s products. (iii) The same facts as in the example in paragraph (b)(6)(i) of this section, except that eligibility information about consumers that have deposit accounts with the depository institution is placed into a common database that all members of the affiliated group of companies may independently access and use. Without using the depository institution’s eligibility information, the insurance company develops selection criteria and provides those criteria, marketing materials, and related instructions to the depository institution. The depository institution reviews eligibility information about its own consumers using the selection criteria provided by the insurance company to determine which consumers should receive the insurance company’s marketing materials and sends marketing materials about the insurance company’s products to those consumers. Even though the insurance company has received eligibility information through the common database as provided in paragraph (b)(2) of this section, it did not use that information to identify consumers or establish selection criteria; instead, the depository institution used its own eligibility information. Therefore, PO 00000 Frm 00040 Fmt 4701 Sfmt 4700 pursuant to paragraph (b)(4)(i) of this section, the insurance company has not made a solicitation to the consumer. (iv) The same facts as in the example in paragraph (b)(6)(iii) of this section, except that the depository institution provides the insurance company’s criteria to the depository institution’s service provider and directs the service provider to use the depository institution’s eligibility information to identify depository institution consumers who meet the criteria and to send the insurance company’s marketing materials to those consumers. The insurance company does not communicate directly with the service provider regarding the use of the depository institution’s information to market its products to the depository institution’s consumers. Pursuant to paragraph (b)(4)(ii) of this section, the insurance company has not made a solicitation to the consumer. (v) An affiliated group of companies includes a depository institution, an insurance company, and a service provider. Each affiliate in the group places information about its consumers into a common database. The service provider has access to all information in the common database. The depository institution controls access to and use of its eligibility information by the service provider. This control is set forth in a written agreement between the depository institution and the service provider. The written agreement also requires the service provider to establish reasonable policies and procedures designed to ensure that the service provider uses the depository institution’s eligibility information in accordance with specific terms and conditions established by the depository institution relating to the marketing of the products and services of all affiliates, including the insurance company. In a separate written communication, the depository institution specifies the terms and conditions under which the service provider may use the depository institution’s eligibility information to market the insurance company’s products and services to the depository institution’s consumers. The specific terms and conditions are: A list of affiliated companies (including the insurance company) whose products or services may be marketed to the depository institution’s consumers by the service provider; the specific products or types of products that may be marketed to the depository institution’s consumers by the service provider; the categories of eligibility information that may be used by the service provider in marketing products E:\FR\FM\07NOR2.SGM 07NOR2 rwilkins on PROD1PC63 with RULES_2 Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations or services to the depository institution’s consumers; the types or categories of the depository institution’s consumers to whom the service provider may market products or services of depository institution affiliates; the number and/or types of marketing communications that the service provider may send to the depository institution’s consumers; and the length of time during which the service provider may market the products or services of the depository institution’s affiliates to its consumers. The depository institution periodically evaluates the service provider’s compliance with these terms and conditions. The insurance company asks the service provider to market insurance products to certain consumers who have deposit accounts with the depository institution. Without using the depository institution’s eligibility information, the insurance company develops selection criteria and provides those criteria, marketing materials, and related instructions to the service provider. The service provider uses the depository institution’s eligibility information from the common database to identify the depository institution’s consumers to whom insurance products will be marketed. When the insurance company’s marketing materials are provided to the identified consumers, the name of the depository institution is displayed on the insurance marketing materials, an introductory letter that accompanies the marketing materials, an account statement that accompanies the marketing materials, or the envelope containing the marketing materials. The requirements of paragraph (b)(5) of this section have been satisfied, and the insurance company has not made a solicitation to the consumer. (vi) The same facts as in the example in paragraph (b)(6)(v) of this section, except that the terms and conditions permit the service provider to use the depository institution’s eligibility information to market the products and services of other affiliates to the depository institution’s consumers whenever the service provider deems it appropriate to do so. The service provider uses the depository institution’s eligibility information in accordance with the discretion afforded to it by the terms and conditions. Because the terms and conditions are not specific, the requirements of paragraph (b)(5) of this section have not been satisfied. (c) Exceptions. The provisions of this subpart do not apply to a bank if it uses eligibility information that it receives from an affiliate: VerDate Aug<31>2005 16:20 Nov 06, 2007 Jkt 214001 (1) To make a solicitation for marketing purposes to a consumer with whom the bank has a pre-existing business relationship; (2) To facilitate communications to an individual for whose benefit the bank provides employee benefit or other services pursuant to a contract with an employer related to and arising out of the current employment relationship or status of the individual as a participant or beneficiary of an employee benefit plan; (3) To perform services on behalf of an affiliate, except that this subparagraph shall not be construed as permitting the bank to send solicitations on behalf of an affiliate if the affiliate would not be permitted to send the solicitation as a result of the election of the consumer to opt out under this subpart; (4) In response to a communication about the bank’s products or services initiated by the consumer; (5) In response to an authorization or request by the consumer to receive solicitations; or (6) If the bank’s compliance with this subpart would prevent it from complying with any provision of State insurance laws pertaining to unfair discrimination in any State in which the bank is lawfully doing business. (d) Examples of exceptions. (1) Example of the pre-existing business relationship exception. A consumer has a deposit account with a depository institution. The consumer also has a relationship with the depository institution’s securities affiliate for management of the consumer’s securities portfolio. The depository institution receives eligibility information about the consumer from its securities affiliate and uses that information to make a solicitation to the consumer about the depository institution’s wealth management services. The depository institution may make this solicitation even if the consumer has not been given a notice and opportunity to opt out because the depository institution has a pre-existing business relationship with the consumer. (2) Examples of service provider exception. (i) A consumer has an insurance policy issued by an insurance company. The insurance company furnishes eligibility information about the consumer to its affiliated depository institution. Based on that eligibility information, the depository institution wants to make a solicitation to the consumer about its deposit products. The depository institution does not have a pre-existing business relationship with the consumer and none of the other PO 00000 Frm 00041 Fmt 4701 Sfmt 4700 62949 exceptions in paragraph (c) of this section apply. The consumer has been given an opt-out notice and has elected to opt out of receiving such solicitations. The depository institution asks a service provider to send the solicitation to the consumer on its behalf. The service provider may not send the solicitation on behalf of the depository institution because, as a result of the consumer’s opt-out election, the depository institution is not permitted to make the solicitation. (ii) The same facts as in paragraph (d)(2)(i) of this section, except the consumer has been given an opt-out notice, but has not elected to opt out. The depository institution asks a service provider to send the solicitation to the consumer on its behalf. The service provider may send the solicitation on behalf of the depository institution because, as a result of the consumer’s not opting out, the depository institution is permitted to make the solicitation. (3) Examples of consumer-initiated communications. (i) A consumer who has a deposit account with a depository institution initiates a communication with the depository institution’s credit card affiliate to request information about a credit card. The credit card affiliate may use eligibility information about the consumer it obtains from the depository institution or any other affiliate to make solicitations regarding credit card products in response to the consumer-initiated communication. (ii) A consumer who has a deposit account with a depository institution contacts the institution to request information about how to save and invest for a child’s college education without specifying the type of product in which the consumer may be interested. Information about a range of different products or services offered by the depository institution and one or more affiliates of the institution may be responsive to that communication. Such products or services may include the following: Mutual funds offered by the institution’s mutual fund affiliate; section 529 plans offered by the institution, its mutual fund affiliate, or another securities affiliate; or trust services offered by a different financial institution in the affiliated group. Any affiliate offering investment products or services that would be responsive to the consumer’s request for information about saving and investing for a child’s college education may use eligibility information to make solicitations to the consumer in response to this communication. (iii) A credit card issuer makes a marketing call to the consumer without E:\FR\FM\07NOR2.SGM 07NOR2 rwilkins on PROD1PC63 with RULES_2 62950 Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations using eligibility information received from an affiliate. The issuer leaves a voice-mail message that invites the consumer to call a toll-free number to apply for the issuer’s credit card. If the consumer calls the toll-free number to inquire about the credit card, the call is a consumer-initiated communication about a product or service and the credit card issuer may now use eligibility information it receives from its affiliates to make solicitations to the consumer. (iv) A consumer calls a depository institution to ask about retail locations and hours, but does not request information about products or services. The institution may not use eligibility information it receives from an affiliate to make solicitations to the consumer about its products or services because the consumer-initiated communication does not relate to the depository institution’s products or services. Thus, the use of eligibility information received from an affiliate would not be responsive to the communication and the exception does not apply. (v) A consumer calls a depository institution to ask about retail locations and hours. The customer service representative asks the consumer if there is a particular product or service about which the consumer is seeking information. The consumer responds that the consumer wants to stop in and find out about certificates of deposit. The customer service representative offers to provide that information by telephone and mail additional information and application materials to the consumer. The consumer agrees and provides or confirms contact information for receipt of the materials to be mailed. The depository institution may use eligibility information it receives from an affiliate to make solicitations to the consumer about certificates of deposit because such solicitations would respond to the consumer-initiated communication about products or services. (4) Examples of consumer authorization or request for solicitations. (i) A consumer who obtains a mortgage from a mortgage lender authorizes or requests information about homeowner’s insurance offered by the mortgage lender’s insurance affiliate. Such authorization or request, whether given to the mortgage lender or to the insurance affiliate, would permit the insurance affiliate to use eligibility information about the consumer it obtains from the mortgage lender or any other affiliate to make solicitations to the consumer about homeowner’s insurance. VerDate Aug<31>2005 16:20 Nov 06, 2007 Jkt 214001 (ii) A consumer completes an online application to apply for a credit card from a credit card issuer. The issuer’s online application contains a blank check box that the consumer may check to authorize or request information from the credit card issuer’s affiliates. The consumer checks the box. The consumer has authorized or requested solicitations from the card issuer’s affiliates. (iii) A consumer completes an online application to apply for a credit card from a credit card issuer. The issuer’s online application contains a preselected check box indicating that the consumer authorizes or requests information from the issuer’s affiliates. The consumer does not deselect the check box. The consumer has not authorized or requested solicitations from the card issuer’s affiliates. (iv) The terms and conditions of a credit card account agreement contain preprinted boilerplate language stating that by applying to open an account the consumer authorizes or requests to receive solicitations from the credit card issuer’s affiliates. The consumer has not authorized or requested solicitations from the card issuer’s affiliates. (e) Relation to affiliate-sharing notice and opt-out. Nothing in this subpart limits the responsibility of a person to comply with the notice and opt-out provisions of section 603(d)(2)(A)(iii) of the Act where applicable. § 41.22 Scope and duration of opt-out. (a) Scope of opt-out. (1) In general. Except as otherwise provided in this section, the consumer’s election to opt out prohibits any affiliate covered by the opt-out notice from using eligibility information received from another affiliate as described in the notice to make solicitations to the consumer. (2) Continuing relationship. (i) In general. If the consumer establishes a continuing relationship with a bank or its affiliate, an opt-out notice may apply to eligibility information obtained in connection with— (A) A single continuing relationship or multiple continuing relationships that the consumer establishes with the bank or its affiliates, including continuing relationships established subsequent to delivery of the opt-out notice, so long as the notice adequately describes the continuing relationships covered by the opt-out; or (B) Any other transaction between the consumer and the bank or its affiliates as described in the notice. (ii) Examples of continuing relationships. A consumer has a continuing relationship with a bank or its affiliate if the consumer— PO 00000 Frm 00042 Fmt 4701 Sfmt 4700 (A) Opens a deposit or investment account with the bank or its affiliate; (B) Obtains a loan for which the bank or its affiliate owns the servicing rights; (C) Purchases an insurance product from the bank or its affiliate; (D) Holds an investment product through the bank or its affiliate, such as when the bank acts or its affiliate acts as a custodian for securities or for assets in an individual retirement arrangement; (E) Enters into an agreement or understanding with the bank or its affiliate whereby the bank or its affiliate undertakes to arrange or broker a home mortgage loan for the consumer; (F) Enters into a lease of personal property with the bank or its affiliate; or (G) Obtains financial, investment, or economic advisory services from the bank or its affiliate for a fee. (3) No continuing relationship. (i) In general. If there is no continuing relationship between a consumer and a bank or its affiliate, and the bank or its affiliate obtains eligibility information about the consumer in connection with a transaction with the consumer, such as an isolated transaction or a credit application that is denied, an opt-out notice provided to the consumer only applies to eligibility information obtained in connection with that transaction. (ii) Examples of isolated transactions. An isolated transaction occurs if— (A) The consumer uses a bank’s or its affiliate’s ATM to withdraw cash from an account at another financial institution; or (B) A bank or its affiliate sells the consumer a cashier’s check or money order, airline tickets, travel insurance, or traveler’s checks in isolated transactions. (4) Menu of alternatives. A consumer may be given the opportunity to choose from a menu of alternatives when electing to prohibit solicitations, such as by electing to prohibit solicitations from certain types of affiliates covered by the opt-out notice but not other types of affiliates covered by the notice, electing to prohibit solicitations based on certain types of eligibility information but not other types of eligibility information, or electing to prohibit solicitations by certain methods of delivery but not other methods of delivery. However, one of the alternatives must allow the consumer to prohibit all solicitations from all of the affiliates that are covered by the notice. (5) Special rule for a notice following termination of all continuing relationships. (i) In general. A consumer must be given a new opt-out notice if, after all continuing relationships with a E:\FR\FM\07NOR2.SGM 07NOR2 Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations bank or its affiliate(s) are terminated, the consumer subsequently establishes another continuing relationship with the bank or its affiliate(s) and the consumer’s eligibility information is to be used to make a solicitation. The new opt-out notice must apply, at a minimum, to eligibility information obtained in connection with the new continuing relationship. Consistent with paragraph (b) of this section, the consumer’s decision not to opt out after receiving the new opt-out notice would not override a prior opt-out election by the consumer that applies to eligibility information obtained in connection with a terminated relationship, regardless of whether the new opt-out notice applies to eligibility information obtained in connection with the terminated relationship. (ii) Example. A consumer has a checking account with a depository institution that is part of an affiliated group. The consumer closes the checking account. One year after closing the checking account, the consumer opens a savings account with the same depository institution. The consumer must be given a new notice and opportunity to opt out before the depository institution’s affiliates may make solicitations to the consumer using eligibility information obtained by the depository institution in connection with the new savings account relationship, regardless of whether the consumer opted out in connection with the checking account. (b) Duration of opt-out. The election of a consumer to opt out must be effective for a period of at least five years (the ‘‘opt-out period’’) beginning when the consumer’s opt-out election is received and implemented, unless the consumer subsequently revokes the optout in writing or, if the consumer agrees, electronically. An opt-out period of more than five years may be established, including an opt-out period that does not expire unless revoked by the consumer. (c) Time of opt-out. A consumer may opt out at any time. rwilkins on PROD1PC63 with RULES_2 § 41.23 Contents of opt-out notice; consolidated and equivalent notices. (a) Contents of opt-out notice. (1) In general. A notice must be clear, conspicuous, and concise, and must accurately disclose: (i) The name of the affiliate(s) providing the notice. If the notice is provided jointly by multiple affiliates and each affiliate shares a common name, such as ‘‘ABC,’’ then the notice may indicate that it is being provided by multiple companies with the ABC name or multiple companies in the ABC group VerDate Aug<31>2005 16:20 Nov 06, 2007 Jkt 214001 or family of companies, for example, by stating that the notice is provided by ‘‘all of the ABC companies,’’ ‘‘the ABC banking, credit card, insurance, and securities companies,’’ or by listing the name of each affiliate providing the notice. But if the affiliates providing the joint notice do not all share a common name, then the notice must either separately identify each affiliate by name or identify each of the common names used by those affiliates, for example, by stating that the notice is provided by ‘‘all of the ABC and XYZ companies’’ or by ‘‘the ABC banking and credit card companies and the XYZ insurance companies’’; (ii) A list of the affiliates or types of affiliates whose use of eligibility information is covered by the notice, which may include companies that become affiliates after the notice is provided to the consumer. If each affiliate covered by the notice shares a common name, such as ‘‘ABC,’’ then the notice may indicate that it applies to multiple companies with the ABC name or multiple companies in the ABC group or family of companies, for example, by stating that the notice is provided by ‘‘all of the ABC companies,’’ ‘‘the ABC banking, credit card, insurance, and securities companies,’’ or by listing the name of each affiliate providing the notice. But if the affiliates covered by the notice do not all share a common name, then the notice must either separately identify each covered affiliate by name or identify each of the common names used by those affiliates, for example, by stating that the notice applies to ‘‘all of the ABC and XYZ companies’’ or to ‘‘the ABC banking and credit card companies and the XYZ insurance companies’’; (iii) A general description of the types of eligibility information that may be used to make solicitations to the consumer; (iv) That the consumer may elect to limit the use of eligibility information to make solicitations to the consumer; (v) That the consumer’s election will apply for the specified period of time stated in the notice and, if applicable, that the consumer will be allowed to renew the election once that period expires; (vi) If the notice is provided to consumers who may have previously opted out, such as if a notice is provided to consumers annually, that the consumer who has chosen to limit solicitations does not need to act again until the consumer receives a renewal notice; and (vii) A reasonable and simple method for the consumer to opt out. PO 00000 Frm 00043 Fmt 4701 Sfmt 4700 62951 (2) Joint relationships. (i) If two or more consumers jointly obtain a product or service, a single opt-out notice may be provided to the joint consumers. Any of the joint consumers may exercise the right to opt out. (ii) The opt-out notice must explain how an opt-out direction by a joint consumer will be treated. An opt-out direction by a joint consumer may be treated as applying to all of the associated joint consumers, or each joint consumer may be permitted to opt-out separately. If each joint consumer is permitted to opt out separately, one of the joint consumers must be permitted to opt out on behalf of all of the joint consumers and the joint consumers must be permitted to exercise their separate rights to opt out in a single response. (iii) It is impermissible to require all joint consumers to opt out before implementing any opt-out direction. (3) Alternative contents. If the consumer is afforded a broader right to opt out of receiving marketing than is required by this subpart, the requirements of this section may be satisfied by providing the consumer with a clear, conspicuous, and concise notice that accurately discloses the consumer’s opt-out rights. (4) Model notices. Model notices are provided in Appendix C of this part. (b) Coordinated and consolidated notices. A notice required by this subpart may be coordinated and consolidated with any other notice or disclosure required to be issued under any other provision of law by the entity providing the notice, including but not limited to the notice described in section 603(d)(2)(A)(iii) of the Act and the Gramm-Leach-Bliley Act privacy notice. (c) Equivalent notices. A notice or other disclosure that is equivalent to the notice required by this subpart, and that is provided to a consumer together with disclosures required by any other provision of law, satisfies the requirements of this section. § 41.24 Reasonable opportunity to opt out. (a) In general. A bank must not use eligibility information about a consumer that it receives from an affiliate to make a solicitation to the consumer about the bank’s products or services, unless the consumer is provided a reasonable opportunity to opt out, as required by § 41.21(a)(1)(ii) of this part. (b) Examples of a reasonable opportunity to opt out. The consumer is given a reasonable opportunity to opt out if: (1) By mail. The opt-out notice is mailed to the consumer. The consumer E:\FR\FM\07NOR2.SGM 07NOR2 rwilkins on PROD1PC63 with RULES_2 62952 Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations is given 30 days from the date the notice is mailed to elect to opt out by any reasonable means. (2) By electronic means. (i) The optout notice is provided electronically to the consumer, such as by posting the notice at an Internet Web site at which the consumer has obtained a product or service. The consumer acknowledges receipt of the electronic notice. The consumer is given 30 days after the date the consumer acknowledges receipt to elect to opt out by any reasonable means. (ii) The opt-out notice is provided to the consumer by e-mail where the consumer has agreed to receive disclosures by e-mail from the person sending the notice. The consumer is given 30 days after the e-mail is sent to elect to opt out by any reasonable means. (3) At the time of an electronic transaction. The opt-out notice is provided to the consumer at the time of an electronic transaction, such as a transaction conducted on an Internet Web site. The consumer is required to decide, as a necessary part of proceeding with the transaction, whether to opt out before completing the transaction. There is a simple process that the consumer may use to opt out at that time using the same mechanism through which the transaction is conducted. (4) At the time of an in-person transaction. The opt-out notice is provided to the consumer in writing at the time of an in-person transaction. The consumer is required to decide, as a necessary part of proceeding with the transaction, whether to opt out before completing the transaction, and is not permitted to complete the transaction without making a choice. There is a simple process that the consumer may use during the course of the in-person transaction to opt out, such as completing a form that requires consumers to write a ‘‘yes’’ or ‘‘no’’ to indicate their opt-out preference or that requires the consumer to check one of two blank check boxes—one that allows consumers to indicate that they want to opt out and one that allows consumers to indicate that they do not want to opt out. (5) By including in a privacy notice. The opt-out notice is included in a Gramm-Leach-Bliley Act privacy notice. The consumer is allowed to exercise the opt-out within a reasonable period of time and in the same manner as the optout under that privacy notice. VerDate Aug<31>2005 16:20 Nov 06, 2007 Jkt 214001 § 41.25 Reasonable and simple methods of opting out. (a) In general. A bank must not use eligibility information about a consumer that it receives from an affiliate to make a solicitation to the consumer about its products or services, unless the consumer is provided a reasonable and simple method to opt out, as required by § 41.21(a)(1)(ii) of this part. (b) Examples. (1) Reasonable and simple opt-out methods. Reasonable and simple methods for exercising the optout right include— (i) Designating a check-off box in a prominent position on the opt-out form; (ii) Including a reply form and a selfaddressed envelope together with the opt-out notice; (iii) Providing an electronic means to opt out, such as a form that can be electronically mailed or processed at an Internet Web site, if the consumer agrees to the electronic delivery of information; (iv) Providing a toll-free telephone number that consumers may call to opt out; or (v) Allowing consumers to exercise all of their opt-out rights described in a consolidated opt-out notice that includes the privacy opt-out under the Gramm-Leach-Bliley Act, 15 U.S.C. 6801 et seq., the affiliate sharing opt-out under the Act, and the affiliate marketing opt-out under the Act, by a single method, such as by calling a single toll-free telephone number. (2) Opt-out methods that are not reasonable and simple. Reasonable and simple methods for exercising an optout right do not include— (i) Requiring the consumer to write his or her own letter; (ii) Requiring the consumer to call or write to obtain a form for opting out, rather than including the form with the opt-out notice; (iii) Requiring the consumer who receives the opt-out notice in electronic form only, such as through posting at an Internet Web site, to opt out solely by paper mail or by visiting a different Web site without providing a link to that site. (c) Specific opt-out means. Each consumer may be required to opt out through a specific means, as long as that means is reasonable and simple for that consumer. § 41.26 Delivery of opt-out notices. (a) In general. The opt-out notice must be provided so that each consumer can reasonably be expected to receive actual notice. For opt-out notices provided electronically, the notice may be provided in compliance with either the electronic disclosure provisions in this subpart or the provisions in section 101 of the Electronic Signatures in Global PO 00000 Frm 00044 Fmt 4701 Sfmt 4700 and National Commerce Act, 15 U.S.C. 7001 et seq. (b) Examples of reasonable expectation of actual notice. A consumer may reasonably be expected to receive actual notice if the affiliate providing the notice: (1) Hand-delivers a printed copy of the notice to the consumer; (2) Mails a printed copy of the notice to the last known mailing address of the consumer; (3) Provides a notice by e-mail to a consumer who has agreed to receive electronic disclosures by e-mail from the affiliate providing the notice; or (4) Posts the notice on the Internet Web site at which the consumer obtained a product or service electronically and requires the consumer to acknowledge receipt of the notice. (c) Examples of no reasonable expectation of actual notice. A consumer may not reasonably be expected to receive actual notice if the affiliate providing the notice: (1) Only posts the notice on a sign in a branch or office or generally publishes the notice in a newspaper; (2) Sends the notice via e-mail to a consumer who has not agreed to receive electronic disclosures by e-mail from the affiliate providing the notice; or (3) Posts the notice on an Internet Web site without requiring the consumer to acknowledge receipt of the notice. § 41.27 Renewal of opt-out. (a) Renewal notice and opt-out requirement. (1) In general. After the opt-out period expires, a bank may not make solicitations based on eligibility information it receives from an affiliate to a consumer who previously opted out, unless: (i) The consumer has been given a renewal notice that complies with the requirements of this section and §§ 41.24 through 41.26 of this part, and a reasonable opportunity and a reasonable and simple method to renew the opt-out, and the consumer does not renew the opt-out; or (ii) An exception in § 41.21(c) of this part applies. (2) Renewal period. Each opt-out renewal must be effective for a period of at least five years as provided in § 41.22(b) of this part. (3) Affiliates who may provide the notice. The notice required by this paragraph must be provided: (i) By the affiliate that provided the previous opt-out notice, or its successor; or (ii) As part of a joint renewal notice from two or more members of an affiliated group of companies, or their E:\FR\FM\07NOR2.SGM 07NOR2 rwilkins on PROD1PC63 with RULES_2 Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations successors, that jointly provided the previous opt-out notice. (b) Contents of renewal notice. The renewal notice must be clear, conspicuous, and concise, and must accurately disclose: (1) The name of the affiliate(s) providing the notice. If the notice is provided jointly by multiple affiliates and each affiliate shares a common name, such as ‘‘ABC,’’ then the notice may indicate that it is being provided by multiple companies with the ABC name or multiple companies in the ABC group or family of companies, for example, by stating that the notice is provided by ‘‘all of the ABC companies,’’ ‘‘the ABC banking, credit card, insurance, and securities companies,’’ or by listing the name of each affiliate providing the notice. But if the affiliates providing the joint notice do not all share a common name, then the notice must either separately identify each affiliate by name or identify each of the common names used by those affiliates, for example, by stating that the notice is provided by ‘‘all of the ABC and XYZ companies’’ or by ‘‘the ABC banking and credit card companies and the XYZ insurance companies’’; (2) A list of the affiliates or types of affiliates whose use of eligibility information is covered by the notice, which may include companies that become affiliates after the notice is provided to the consumer. If each affiliate covered by the notice shares a common name, such as ‘‘ABC,’’ then the notice may indicate that it applies to multiple companies with the ABC name or multiple companies in the ABC group or family of companies, for example, by stating that the notice is provided by ‘‘all of the ABC companies,’’ ‘‘the ABC banking, credit card, insurance, and securities companies,’’ or by listing the name of each affiliate providing the notice. But if the affiliates covered by the notice do not all share a common name, then the notice must either separately identify each covered affiliate by name or identify each of the common names used by those affiliates, for example, by stating that the notice applies to ‘‘all of the ABC and XYZ companies’’ or to ‘‘the ABC banking and credit card companies and the XYZ insurance companies’’; (3) A general description of the types of eligibility information that may be used to make solicitations to the consumer; (4) That the consumer previously elected to limit the use of certain information to make solicitations to the consumer; (5) That the consumer’s election has expired or is about to expire; VerDate Aug<31>2005 16:20 Nov 06, 2007 Jkt 214001 (6) That the consumer may elect to renew the consumer’s previous election; (7) If applicable, that the consumer’s election to renew will apply for the specified period of time stated in the notice and that the consumer will be allowed to renew the election once that period expires; and (8) A reasonable and simple method for the consumer to opt out. (c) Timing of the renewal notice. (1) In general. A renewal notice may be provided to the consumer either— (i) A reasonable period of time before the expiration of the opt-out period; or (ii) Any time after the expiration of the opt-out period but before solicitations that would have been prohibited by the expired opt-out are made to the consumer. (2) Combination with annual privacy notice. If a bank provides an annual privacy notice under the Gramm-LeachBliley Act, 15 U.S.C. 6801 et seq., providing a renewal notice with the last annual privacy notice provided to the consumer before expiration of the optout period is a reasonable period of time before expiration of the opt-out in all cases. (d) No effect on opt-out period. An opt-out period may not be shortened by sending a renewal notice to the consumer before expiration of the optout period, even if the consumer does not renew the opt out. § 41.28 Effective date, compliance date, and prospective application. (a) Effective date. This subpart is effective January 1, 2008. (b) Mandatory compliance date. Compliance with this subpart is required not later than October 1, 2008. (c) Prospective application. The provisions of this subpart shall not prohibit a bank from using eligibility information that it receives from an affiliate to make solicitations to a consumer if the bank receives such information prior to October 1, 2008. For purposes of this section, a bank is deemed to receive eligibility information when such information is placed into a common database and is accessible by the bank. 3. Appendixes A and B to part 41 are added and reserved, and a new Appendix C to part 41 is added to read as follows: Appendix C To Part 41—Model Forms for Opt-Out Notices a. Although use of the model forms is not required, use of the model forms in this Appendix (as applicable) complies with the requirement in section 624 of the Act for clear, conspicuous, and concise notices. b. Certain changes may be made to the language or format of the model forms PO 00000 Frm 00045 Fmt 4701 Sfmt 4700 62953 without losing the protection from liability afforded by use of the model forms. These changes may not be so extensive as to affect the substance, clarity, or meaningful sequence of the language in the model forms. Persons making such extensive revisions will lose the safe harbor that this Appendix provides. Acceptable changes include, for example: 1. Rearranging the order of the references to ‘‘your income,’’ ‘‘your account history,’’ and ‘‘your credit score.’’ 2. Substituting other types of information for ‘‘income,’’ ‘‘account history,’’ or ‘‘credit score’’ for accuracy, such as ‘‘payment history,’’ ‘‘credit history,’’ ‘‘payoff status,’’ or ‘‘claims history.’’ 3. Substituting a clearer and more accurate description of the affiliates providing or covered by the notice for phrases such as ‘‘the [ABC] group of companies,’’ including without limitation a statement that the entity providing the notice recently purchased the consumer’s account. 4. Substituting other types of affiliates covered by the notice for ‘‘credit card,’’ ‘‘insurance,’’ or ‘‘securities’’ affiliates. 5. Omitting items that are not accurate or applicable. For example, if a person does not limit the duration of the opt-out period, the notice may omit information about the renewal notice. 6. Adding a statement informing consumers how much time they have to opt out before shared eligibility information may be used to make solicitations to them. 7. Adding a statement that the consumer may exercise the right to opt out at any time. 8. Adding the following statement, if accurate: ‘‘If you previously opted out, you do not need to do so again.’’ 9. Providing a place on the form for the consumer to fill in identifying information, such as his or her name and address: C–1 Model Form for Initial Opt-out Notice (Single-Affiliate Notice) C–2 Model Form for Initial Opt-out Notice (Joint Notice) C–3 Model Form for Renewal Notice (SingleAffiliate Notice) C–4 Model Form for Renewal Notice (Joint Notice) C–5 Model Form for Voluntary ‘‘No Marketing’’ Notice C–1—Model Form for Initial Opt-out Notice (Single-Affiliate Notice)—[Your Choice To Limit Marketing]/[Marketing Opt–out] • [Name of Affiliate] is providing this notice. • [Optional: Federal law gives you the right to limit some but not all marketing from our affiliates. Federal law also requires us to give you this notice to tell you about your choice to limit marketing from our affiliates.] • You may limit our affiliates in the [ABC] group of companies, such as our [credit card, insurance, and securities] affiliates, from marketing their products or services to you based on your personal information that we collect and share with them. This information includes your [income], your [account history with us], and your [credit score]. • Your choice to limit marketing offers from our affiliates will apply [until you tell E:\FR\FM\07NOR2.SGM 07NOR2 62954 Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations rwilkins on PROD1PC63 with RULES_2 us to change your choice]/[for x years from when you tell us your choice]/[for at least 5 years from when you tell us your choice]. [Include if the opt-out period expires.] Once that period expires, you will receive a renewal notice that will allow you to continue to limit marketing offers from our affiliates for [another x years]/[at least another 5 years]. • [Include, if applicable, in a subsequent notice, including an annual notice, for consumers who may have previously opted out.] If you have already made a choice to limit marketing offers from our affiliates, you do not need to act again until you receive the renewal notice. To limit marketing offers, contact us [include all that apply]: • By telephone: 1–877–###–#### • On the Web: www.---.com • By mail: Check the box and complete the form below, and send the form to: [Company name] [Company address] lDo not allow your affiliates to use my personal information to market to me. C–2—Model Form for Initial Opt-out Notice (Joint Notice)—[Your Choice To Limit Marketing]/[Marketing Opt-out] • The [ABC group of companies] is providing this notice. • [Optional: Federal law gives you the right to limit some but not all marketing from the [ABC] companies. Federal law also requires us to give you this notice to tell you about your choice to limit marketing from the [ABC] companies.] • You may limit the [ABC] companies, such as the [ABC credit card, insurance, and securities] affiliates, from marketing their products or services to you based on your personal information that they receive from other [ABC] companies. This information includes your [income], your [account history], and your [credit score]. • Your choice to limit marketing offers from the [ABC] companies will apply [until you tell us to change your choice]/[for x years from when you tell us your choice]/[for at least 5 years from when you tell us your choice]. [Include if the opt-out period expires.] Once that period expires, you will receive a renewal notice that will allow you to continue to limit marketing offers from the [ABC] companies for [another x years]/[at least another 5 years]. • [Include, if applicable, in a subsequent notice, including an annual notice, for consumers who may have previously opted out.] If you have already made a choice to limit marketing offers from the [ABC] companies, you do not need to act again until you receive the renewal notice. To limit marketing offers, contact us [include all that apply]: • By telephone: 1–877–###–#### • On the Web: www.---.com • By mail: Check the box and complete the form below, and send the form to: [Company name] [Company address] lDo not allow any company [in the ABC group of companies] to use my personal information to market to me. VerDate Aug<31>2005 16:20 Nov 06, 2007 Jkt 214001 C–3—Model Form for Renewal Notice (Single-Affiliate Notice)—[Renewing Your Choice to Limit Marketing]/[Renewing Your Marketing Opt-out] • [Name of Affiliate] is providing this notice. • [Optional: Federal law gives you the right to limit some but not all marketing from our affiliates. Federal law also requires us to give you this notice to tell you about your choice to limit marketing from our affiliates.] • You previously chose to limit our affiliates in the [ABC] group of companies, such as our [credit card, insurance, and securities] affiliates, from marketing their products or services to you based on your personal information that we share with them. This information includes your [income], your [account history with us], and your [credit score]. • Your choice has expired or is about to expire. To renew your choice to limit marketing for [x] more years, contact us [include all that apply]: • By telephone: 1–877–###–#### • On the Web: www.---.com • By mail: Check the box and complete the form below, and send the form to: [Company name] [Company address] lRenew my choice to limit marketing for [x] more years. C–4—Model Form for Renewal Notice (Joint Notice)—[Renewing Your Choice To Limit Marketing]/[Renewing Your Marketing Optout] • The [ABC group of companies] is providing this notice. • [Optional: Federal law gives you the right to limit some but not all marketing from the [ABC] companies. Federal law also requires us to give you this notice to tell you about your choice to limit marketing from the [ABC] companies.] • You previously chose to limit the [ABC] companies, such as the [ABC credit card, insurance, and securities] affiliates, from marketing their products or services to you based on your personal information that they receive from other ABC companies. This information includes your [income], your [account history], and your [credit score]. • Your choice has expired or is about to expire. To renew your choice to limit marketing for [x] more years, contact us [include all that apply]: • By telephone: 1–877–###–#### • On the Web: www.---.com • By mail: Check the box and complete the form below, and send the form to: [Company name] [Company address] lRenew my choice to limit marketing for [x] more years. C–5—Model Form for Voluntary ‘‘No Marketing’’ Notice—Your Choice to Stop Marketing • [Name of Affiliate] is providing this notice. • You may choose to stop all marketing from us and our affiliates. PO 00000 Frm 00046 Fmt 4701 Sfmt 4700 To stop all marketing, contact us [include all that apply]: • By telephone: 1–877–###–-#### • On the Web: www.---.com • By mail: Check the box and complete the form below, and send the form to: [Company name] [Company address] lDo not market to me. Board of Governors of the Federal Reserve System 12 CFR Chapter II. Authority and Issuance For the reasons set forth in the joint preamble, part 222 of title 12, chapter II, of the Code of Federal Regulations is amended as follows: I PART 222—FAIR CREDIT REPORTING (REGULATION V) 1. The authority citation for part 222 is revised to read as follows: I Authority: 15 U.S.C. 1681a, 1681b, 1681c, 1681m, 1681s, 1681s-2, 1681s-3, 1681t, and 1681w; Secs. 3 and 214, Pub. L. 108–159, 117 Stat. 1952. Subpart A—General Provisions 2. Section 222.1 is amended by adding a new paragraph (a) and revising paragraph (b)(2)(i) to read as follows: I § 222.1 dates. Purpose, scope, and effective (a) Purpose. The purpose of this part is to implement the Fair Credit Reporting Act. This part generally applies to persons that obtain and use information about consumers to determine the consumer’s eligibility for products, services, or employment, share such information among affiliates, and furnish information to consumer reporting agencies. (b) * * * (2) Institutions covered. (i) Except as otherwise provided in this part, the regulations in this part apply to banks that are members of the Federal Reserve System (other than national banks) and their respective operating subsidiaries that are not functionally regulated within the meaning of section 5(c)(5) of the Bank Holding Company Act, as amended (12 U.S.C. 1844(c)(5)), branches and Agencies of foreign banks (other than Federal branches, Federal Agencies, and insured State branches of foreign banks), commercial lending companies owned or controlled by foreign banks, organizations operating under section 25 or 25A of the Federal Reserve Act (12 U.S.C. 601 et seq., and 611 et seq.), and bank holding companies and affiliates of such holding companies, but do not apply to affiliates E:\FR\FM\07NOR2.SGM 07NOR2 Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations of bank holding companies that are depository institutions regulated by another federal banking agency or to consumer reporting agencies. * * * * * I 3. A new Subpart C is added to part 222 to read as follows: Subpart C—Affiliate Marketing Sec. 222.20 Coverage and definitions. 222.21 Affiliate marketing opt-out and exceptions. 222.22 Scope and duration of opt-out. 222.23 Contents of opt-out notice; consolidated and equivalent notices. 222.24 Reasonable opportunity to opt out. 222.25 Reasonable and simple methods of opting out. 222.26 Delivery of opt-out notices. 222.27 Renewal of opt-out. 222.28 Effective date, compliance date, and prospective application. Subpart C—Affiliate Marketing rwilkins on PROD1PC63 with RULES_2 § 222.20 Coverage and definitions. (a) Coverage. Subpart C of this part applies to member banks of the Federal Reserve System (other than national banks) and their respective operating subsidiaries that are not functionally regulated within the meaning of section 5(c)(5) of the Bank Holding Company Act, as amended (12 U.S.C. 1844(c)(5)), branches and Agencies of foreign banks (other than Federal branches, Federal Agencies, and insured State branches of foreign banks), commercial lending companies owned or controlled by foreign banks, and organizations operating under section 25 or 25A of the Federal Reserve Act (12 U.S.C. 601 et seq., and 611 et seq.). (b) Definitions. For purposes of this subpart: (1) Clear and conspicuous. The term ‘‘clear and conspicuous’’ means reasonably understandable and designed to call attention to the nature and significance of the information presented. (2) Concise. (i) In general. The term ‘‘concise’’ means a reasonably brief expression or statement. (ii) Combination with other required disclosures. A notice required by this subpart may be concise even if it is combined with other disclosures required or authorized by federal or state law. (3) Eligibility information. The term ‘‘eligibility information’’ means any information the communication of which would be a consumer report if the exclusions from the definition of ‘‘consumer report’’ in section 603(d)(2)(A) of the Act did not apply. Eligibility information does not include aggregate or blind data that does not VerDate Aug<31>2005 16:20 Nov 06, 2007 Jkt 214001 contain personal identifiers such as account numbers, names, or addresses. (4) Pre-existing business relationship. (i) In general. The term ‘‘pre-existing business relationship’’ means a relationship between a person, or a person’s licensed agent, and a consumer based on— (A) A financial contract between the person and the consumer which is in force on the date on which the consumer is sent a solicitation covered by this subpart; (B) The purchase, rental, or lease by the consumer of the person’s goods or services, or a financial transaction (including holding an active account or a policy in force or having another continuing relationship) between the consumer and the person, during the 18month period immediately preceding the date on which the consumer is sent a solicitation covered by this subpart; or (C) An inquiry or application by the consumer regarding a product or service offered by that person during the threemonth period immediately preceding the date on which the consumer is sent a solicitation covered by this subpart. (ii) Examples of pre-existing business relationships. (A) If a consumer has a time deposit account, such as a certificate of deposit, at a depository institution that is currently in force, the depository institution has a pre-existing business relationship with the consumer and can use eligibility information it receives from its affiliates to make solicitations to the consumer about its products or services. (B) If a consumer obtained a certificate of deposit from a depository institution, but did not renew the certificate at maturity, the depository institution has a pre-existing business relationship with the consumer and can use eligibility information it receives from its affiliates to make solicitations to the consumer about its products or services for 18 months after the date of maturity of the certificate of deposit. (C) If a consumer obtains a mortgage, the mortgage lender has a pre-existing business relationship with the consumer. If the mortgage lender sells the consumer’s entire loan to an investor, the mortgage lender has a preexisting business relationship with the consumer and can use eligibility information it receives from its affiliates to make solicitations to the consumer about its products or services for 18 months after the date it sells the loan, and the investor has a pre-existing business relationship with the consumer upon purchasing the loan. If, however, the mortgage lender sells a fractional interest in the consumer’s loan to an investor but also retains an ownership PO 00000 Frm 00047 Fmt 4701 Sfmt 4700 62955 interest in the loan, the mortgage lender continues to have a pre-existing business relationship with the consumer, but the investor does not have a pre-existing business relationship with the consumer. If the mortgage lender retains ownership of the loan, but sells ownership of the servicing rights to the consumer’s loan, the mortgage lender continues to have a pre-existing business relationship with the consumer. The purchaser of the servicing rights also has a pre-existing business relationship with the consumer as of the date it purchases ownership of the servicing rights, but only if it collects payments from or otherwise deals directly with the consumer on a continuing basis. (D) If a consumer applies to a depository institution for a product or service that it offers, but does not obtain a product or service from or enter into a financial contract or transaction with the institution, the depository institution has a pre-existing business relationship with the consumer and can therefore use eligibility information it receives from an affiliate to make solicitations to the consumer about its products or services for three months after the date of the application. (E) If a consumer makes a telephone inquiry to a depository institution about its products or services and provides contact information to the institution, but does not obtain a product or service from or enter into a financial contract or transaction with the institution, the depository institution has a pre-existing business relationship with the consumer and can therefore use eligibility information it receives from an affiliate to make solicitations to the consumer about its products or services for three months after the date of the inquiry. (F) If a consumer makes an inquiry to a depository institution by e-mail about its products or services, but does not obtain a product or service from or enter into a financial contract or transaction with the institution, the depository institution has a pre-existing business relationship with the consumer and can therefore use eligibility information it receives from an affiliate to make solicitations to the consumer about its products or services for three months after the date of the inquiry. (G) If a consumer has an existing relationship with a depository institution that is part of a group of affiliated companies, makes a telephone call to the centralized call center for the group of affiliated companies to inquire about products or services offered by the insurance affiliate, and provides contact information to the call center, the call constitutes an inquiry to the insurance E:\FR\FM\07NOR2.SGM 07NOR2 rwilkins on PROD1PC63 with RULES_2 62956 Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations affiliate that offers those products or services. The insurance affiliate has a pre-existing business relationship with the consumer and can therefore use eligibility information it receives from its affiliated depository institution to make solicitations to the consumer about its products or services for three months after the date of the inquiry. (iii) Examples where no pre-existing business relationship is created. (A) If a consumer makes a telephone call to a centralized call center for a group of affiliated companies to inquire about the consumer’s existing account at a depository institution, the call does not constitute an inquiry to any affiliate other than the depository institution that holds the consumer’s account and does not establish a pre-existing business relationship between the consumer and any affiliate of the account-holding depository institution. (B) If a consumer who has a deposit account with a depository institution makes a telephone call to an affiliate of the institution to ask about the affiliate’s retail locations and hours, but does not make an inquiry about the affiliate’s products or services, the call does not constitute an inquiry and does not establish a pre-existing business relationship between the consumer and the affiliate. Also, the affiliate’s capture of the consumer’s telephone number does not constitute an inquiry and does not establish a pre-existing business relationship between the consumer and the affiliate. (C) If a consumer makes a telephone call to a depository institution in response to an advertisement that offers a free promotional item to consumers who call a toll-free number, but the advertisement does not indicate that the depository institution’s products or services will be marketed to consumers who call in response, the call does not create a pre-existing business relationship between the consumer and the depository institution because the consumer has not made an inquiry about a product or service offered by the institution, but has merely responded to an offer for a free promotional item. (5) Solicitation. (i) In general. The term ‘‘solicitation’’ means the marketing of a product or service initiated by a person to a particular consumer that is— (A) Based on eligibility information communicated to that person by its affiliate as described in this subpart; and (B) Intended to encourage the consumer to purchase or obtain such product or service. (ii) Exclusion of marketing directed at the general public. A solicitation does not include marketing communications VerDate Aug<31>2005 16:20 Nov 06, 2007 Jkt 214001 that are directed at the general public. For example, television, general circulation magazine, and billboard advertisements do not constitute solicitations, even if those communications are intended to encourage consumers to purchase products and services from the person initiating the communications. (iii) Examples of solicitations. A solicitation would include, for example, a telemarketing call, direct mail, e-mail, or other form of marketing communication directed to a particular consumer that is based on eligibility information received from an affiliate. (6) You means a person described in paragraph (a) of this section. § 222.21 Affiliate marketing opt-out and exceptions. (a) Initial notice and opt-out requirement. (1) In general. You may not use eligibility information about a consumer that you receive from an affiliate to make a solicitation for marketing purposes to the consumer, unless— (i) It is clearly and conspicuously disclosed to the consumer in writing or, if the consumer agrees, electronically, in a concise notice that you may use eligibility information about that consumer received from an affiliate to make solicitations for marketing purposes to the consumer; (ii) The consumer is provided a reasonable opportunity and a reasonable and simple method to ‘‘opt out,’’ or prohibit you from using eligibility information to make solicitations for marketing purposes to the consumer; and (iii) The consumer has not opted out. (2) Example. A consumer has a homeowner’s insurance policy with an insurance company. The insurance company furnishes eligibility information about the consumer to its affiliated depository institution. Based on that eligibility information, the depository institution wants to make a solicitation to the consumer about its home equity loan products. The depository institution does not have a pre-existing business relationship with the consumer and none of the other exceptions apply. The depository institution is prohibited from using eligibility information received from its insurance affiliate to make solicitations to the consumer about its home equity loan products unless the consumer is given a notice and opportunity to opt out and the consumer does not opt out. (3) Affiliates who may provide the notice. The notice required by this paragraph must be provided: PO 00000 Frm 00048 Fmt 4701 Sfmt 4700 (i) By an affiliate that has or has previously had a pre-existing business relationship with the consumer; or (ii) As part of a joint notice from two or more members of an affiliated group of companies, provided that at least one of the affiliates on the joint notice has or has previously had a pre-existing business relationship with the consumer. (b) Making solicitations. (1) In general. For purposes of this subpart, you make a solicitation for marketing purposes if— (i) You receive eligibility information from an affiliate; (ii) You use that eligibility information to do one or more of the following: (A) Identify the consumer or type of consumer to receive a solicitation; (B) Establish criteria used to select the consumer to receive a solicitation; or (C) Decide which of your products or services to market to the consumer or tailor your solicitation to that consumer; and (iii) As a result of your use of the eligibility information, the consumer is provided a solicitation. (2) Receiving eligibility information from an affiliate, including through a common database. You may receive eligibility information from an affiliate in various ways, including when the affiliate places that information into a common database that you may access. (3) Receipt or use of eligibility information by your service provider. Except as provided in paragraph (b)(5) of this section, you receive or use an affiliate’s eligibility information if a service provider acting on your behalf (whether an affiliate or a nonaffiliated third party) receives or uses that information in the manner described in paragraphs (b)(1)(i) or (b)(1)(ii) of this section. All relevant facts and circumstances will determine whether a person is acting as your service provider when it receives or uses an affiliate’s eligibility information in connection with marketing your products and services. (4) Use by an affiliate of its own eligibility information. Unless you have used eligibility information that you receive from an affiliate in the manner described in paragraph (b)(1)(ii) of this section, you do not make a solicitation subject to this subpart if your affiliate: (i) Uses its own eligibility information that it obtained in connection with a pre-existing business relationship it has or had with the consumer to market your products or services to the consumer; or (ii) Directs its service provider to use the affiliate’s own eligibility information E:\FR\FM\07NOR2.SGM 07NOR2 rwilkins on PROD1PC63 with RULES_2 Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations that it obtained in connection with a pre-existing business relationship it has or had with the consumer to market your products or services to the consumer, and you do not communicate directly with the service provider regarding that use. (5) Use of eligibility information by a service provider. (i) In general. You do not make a solicitation subject to Subpart C of this part if a service provider (including an affiliated or third-party service provider that maintains or accesses a common database that you may access) receives eligibility information from your affiliate that your affiliate obtained in connection with a pre-existing business relationship it has or had with the consumer and uses that eligibility information to market your products or services to the consumer, so long as— (A) Your affiliate controls access to and use of its eligibility information by the service provider (including the right to establish the specific terms and conditions under which the service provider may use such information to market your products or services); (B) Your affiliate establishes specific terms and conditions under which the service provider may access and use the affiliate’s eligibility information to market your products and services (or those of affiliates generally) to the consumer, such as the identity of the affiliated companies whose products or services may be marketed to the consumer by the service provider, the types of products or services of affiliated companies that may be marketed, and the number of times the consumer may receive marketing materials, and periodically evaluates the service provider’s compliance with those terms and conditions; (C) Your affiliate requires the service provider to implement reasonable policies and procedures designed to ensure that the service provider uses the affiliate’s eligibility information in accordance with the terms and conditions established by the affiliate relating to the marketing of your products or services; (D) Your affiliate is identified on or with the marketing materials provided to the consumer; and (E) You do not directly use your affiliate’s eligibility information in the manner described in paragraph (b)(1)(ii) of this section. (ii) Writing requirements. (A) The requirements of paragraphs (b)(5)(i)(A) and (C) of this section must be set forth in a written agreement between your affiliate and the service provider; and (B) The specific terms and conditions established by your affiliate as provided VerDate Aug<31>2005 16:20 Nov 06, 2007 Jkt 214001 in paragraph (b)(5)(i)(B) of this section must be set forth in writing. (6) Examples of making solicitations. (i) A consumer has a deposit account with a depository institution, which is affiliated with an insurance company. The insurance company receives eligibility information about the consumer from the depository institution. The insurance company uses that eligibility information to identify the consumer to receive a solicitation about insurance products, and, as a result, the insurance company provides a solicitation to the consumer about its insurance products. Pursuant to paragraph (b)(1) of this section, the insurance company has made a solicitation to the consumer. (ii) The same facts as in the example in paragraph (b)(6)(i) of this section, except that after using the eligibility information to identify the consumer to receive a solicitation about insurance products, the insurance company asks the depository institution to send the solicitation to the consumer and the depository institution does so. Pursuant to paragraph (b)(1) of this section, the insurance company has made a solicitation to the consumer because it used eligibility information about the consumer that it received from an affiliate to identify the consumer to receive a solicitation about its products or services, and, as a result, a solicitation was provided to the consumer about the insurance company’s products. (iii) The same facts as in the example in paragraph (b)(6)(i) of this section, except that eligibility information about consumers that have deposit accounts with the depository institution is placed into a common database that all members of the affiliated group of companies may independently access and use. Without using the depository institution’s eligibility information, the insurance company develops selection criteria and provides those criteria, marketing materials, and related instructions to the depository institution. The depository institution reviews eligibility information about its own consumers using the selection criteria provided by the insurance company to determine which consumers should receive the insurance company’s marketing materials and sends marketing materials about the insurance company’s products to those consumers. Even though the insurance company has received eligibility information through the common database as provided in paragraph (b)(2) of this section, it did not use that information to identify consumers or establish selection criteria; instead, the PO 00000 Frm 00049 Fmt 4701 Sfmt 4700 62957 depository institution used its own eligibility information. Therefore, pursuant to paragraph (b)(4)(i) of this section, the insurance company has not made a solicitation to the consumer. (iv) The same facts as in the example in paragraph (b)(6)(iii) of this section, except that the depository institution provides the insurance company’s criteria to the depository institution’s service provider and directs the service provider to use the depository institution’s eligibility information to identify depository institution consumers who meet the criteria and to send the insurance company’s marketing materials to those consumers. The insurance company does not communicate directly with the service provider regarding the use of the depository institution’s information to market its products to the depository institution’s consumers. Pursuant to paragraph (b)(4)(ii) of this section, the insurance company has not made a solicitation to the consumer. (v) An affiliated group of companies includes a depository institution, an insurance company, and a service provider. Each affiliate in the group places information about its consumers into a common database. The service provider has access to all information in the common database. The depository institution controls access to and use of its eligibility information by the service provider. This control is set forth in a written agreement between the depository institution and the service provider. The written agreement also requires the service provider to establish reasonable policies and procedures designed to ensure that the service provider uses the depository institution’s eligibility information in accordance with specific terms and conditions established by the depository institution relating to the marketing of the products and services of all affiliates, including the insurance company. In a separate written communication, the depository institution specifies the terms and conditions under which the service provider may use the depository institution’s eligibility information to market the insurance company’s products and services to the depository institution’s consumers. The specific terms and conditions are: A list of affiliated companies (including the insurance company) whose products or services may be marketed to the depository institution’s consumers by the service provider; the specific products or types of products that may be marketed to the depository institution’s consumers by the service provider; the categories of eligibility E:\FR\FM\07NOR2.SGM 07NOR2 rwilkins on PROD1PC63 with RULES_2 62958 Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations information that may be used by the service provider in marketing products or services to the depository institution’s consumers; the types or categories of the depository institution’s consumers to whom the service provider may market products or services of depository institution affiliates; the number and/or types of marketing communications that the service provider may send to the depository institution’s consumers; and the length of time during which the service provider may market the products or services of the depository institution’s affiliates to its consumers. The depository institution periodically evaluates the service provider’s compliance with these terms and conditions. The insurance company asks the service provider to market insurance products to certain consumers who have deposit accounts with the depository institution. Without using the depository institution’s eligibility information, the insurance company develops selection criteria and provides those criteria, marketing materials, and related instructions to the service provider. The service provider uses the depository institution’s eligibility information from the common database to identify the depository institution’s consumers to whom insurance products will be marketed. When the insurance company’s marketing materials are provided to the identified consumers, the name of the depository institution is displayed on the insurance marketing materials, an introductory letter that accompanies the marketing materials, an account statement that accompanies the marketing materials, or the envelope containing the marketing materials. The requirements of paragraph (b)(5) of this section have been satisfied, and the insurance company has not made a solicitation to the consumer. (vi) The same facts as in the example in paragraph (b)(6)(v) of this section, except that the terms and conditions permit the service provider to use the depository institution’s eligibility information to market the products and services of other affiliates to the depository institution’s consumers whenever the service provider deems it appropriate to do so. The service provider uses the depository institution’s eligibility information in accordance with the discretion afforded to it by the terms and conditions. Because the terms and conditions are not specific, the requirements of paragraph (b)(5) of this section have not been satisfied. (c) Exceptions. The provisions of this subpart do not apply to you if you use VerDate Aug<31>2005 16:20 Nov 06, 2007 Jkt 214001 eligibility information that you receive from an affiliate: (1) To make a solicitation for marketing purposes to a consumer with whom you have a pre-existing business relationship; (2) To facilitate communications to an individual for whose benefit you provide employee benefit or other services pursuant to a contract with an employer related to and arising out of the current employment relationship or status of the individual as a participant or beneficiary of an employee benefit plan; (3) To perform services on behalf of an affiliate, except that this subparagraph shall not be construed as permitting you to send solicitations on behalf of an affiliate if the affiliate would not be permitted to send the solicitation as a result of the election of the consumer to opt out under this subpart; (4) In response to a communication about your products or services initiated by the consumer; (5) In response to an authorization or request by the consumer to receive solicitations; or (6) If your compliance with this subpart would prevent you from complying with any provision of State insurance laws pertaining to unfair discrimination in any State in which you are lawfully doing business. (d) Examples of exceptions. (1) Example of the pre-existing business relationship exception. A consumer has a deposit account with a depository institution. The consumer also has a relationship with the depository institution’s securities affiliate for management of the consumer’s securities portfolio. The depository institution receives eligibility information about the consumer from its securities affiliate and uses that information to make a solicitation to the consumer about the depository institution’s wealth management services. The depository institution may make this solicitation even if the consumer has not been given a notice and opportunity to opt out because the depository institution has a pre-existing business relationship with the consumer. (2) Examples of service provider exception. (i) A consumer has an insurance policy issued by an insurance company. The insurance company furnishes eligibility information about the consumer to its affiliated depository institution. Based on that eligibility information, the depository institution wants to make a solicitation to the consumer about its deposit products. The depository institution does not have PO 00000 Frm 00050 Fmt 4701 Sfmt 4700 a pre-existing business relationship with the consumer and none of the other exceptions in paragraph (c) of this section apply. The consumer has been given an opt-out notice and has elected to opt out of receiving such solicitations. The depository institution asks a service provider to send the solicitation to the consumer on its behalf. The service provider may not send the solicitation on behalf of the depository institution because, as a result of the consumer’s opt-out election, the depository institution is not permitted to make the solicitation. (ii) The same facts as in paragraph (d)(2)(i) of this section, except the consumer has been given an opt-out notice, but has not elected to opt out. The depository institution asks a service provider to send the solicitation to the consumer on its behalf. The service provider may send the solicitation on behalf of the depository institution because, as a result of the consumer’s not opting out, the depository institution is permitted to make the solicitation. (3) Examples of consumer-initiated communications. (i) A consumer who has a deposit account with a depository institution initiates a communication with the depository institution’s credit card affiliate to request information about a credit card. The credit card affiliate may use eligibility information about the consumer it obtains from the depository institution or any other affiliate to make solicitations regarding credit card products in response to the consumer-initiated communication. (ii) A consumer who has a deposit account with a depository institution contacts the institution to request information about how to save and invest for a child’s college education without specifying the type of product in which the consumer may be interested. Information about a range of different products or services offered by the depository institution and one or more affiliates of the institution may be responsive to that communication. Such products or services may include the following: Mutual funds offered by the institution’s mutual fund affiliate; section 529 plans offered by the institution, its mutual fund affiliate, or another securities affiliate; or trust services offered by a different financial institution in the affiliated group. Any affiliate offering investment products or services that would be responsive to the consumer’s request for information about saving and investing for a child’s college education may use eligibility information to make solicitations to the consumer in response to this communication. E:\FR\FM\07NOR2.SGM 07NOR2 rwilkins on PROD1PC63 with RULES_2 Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations (iii) A credit card issuer makes a marketing call to the consumer without using eligibility information received from an affiliate. The issuer leaves a voice-mail message that invites the consumer to call a toll-free number to apply for the issuer’s credit card. If the consumer calls the toll-free number to inquire about the credit card, the call is a consumer-initiated communication about a product or service and the credit card issuer may now use eligibility information it receives from its affiliates to make solicitations to the consumer. (iv) A consumer calls a depository institution to ask about retail locations and hours, but does not request information about products or services. The institution may not use eligibility information it receives from an affiliate to make solicitations to the consumer about its products or services because the consumer-initiated communication does not relate to the depository institution’s products or services. Thus, the use of eligibility information received from an affiliate would not be responsive to the communication and the exception does not apply. (v) A consumer calls a depository institution to ask about retail locations and hours. The customer service representative asks the consumer if there is a particular product or service about which the consumer is seeking information. The consumer responds that the consumer wants to stop in and find out about certificates of deposit. The customer service representative offers to provide that information by telephone and mail additional information and application materials to the consumer. The consumer agrees and provides or confirms contact information for receipt of the materials to be mailed. The depository institution may use eligibility information it receives from an affiliate to make solicitations to the consumer about certificates of deposit because such solicitations would respond to the consumer-initiated communication about products or services. (4) Examples of consumer authorization or request for solicitations. (i) A consumer who obtains a mortgage from a mortgage lender authorizes or requests information about homeowner’s insurance offered by the mortgage lender’s insurance affiliate. Such authorization or request, whether given to the mortgage lender or to the insurance affiliate, would permit the insurance affiliate to use eligibility information about the consumer it obtains from the mortgage lender or any other affiliate to make solicitations to VerDate Aug<31>2005 16:20 Nov 06, 2007 Jkt 214001 the consumer about homeowner’s insurance. (ii) A consumer completes an online application to apply for a credit card from a credit card issuer. The issuer’s online application contains a blank check box that the consumer may check to authorize or request information from the credit card issuer’s affiliates. The consumer checks the box. The consumer has authorized or requested solicitations from the card issuer’s affiliates. (iii) A consumer completes an online application to apply for a credit card from a credit card issuer. The issuer’s online application contains a preselected check box indicating that the consumer authorizes or requests information from the issuer’s affiliates. The consumer does not deselect the check box. The consumer has not authorized or requested solicitations from the card issuer’s affiliates. (iv) The terms and conditions of a credit card account agreement contain preprinted boilerplate language stating that by applying to open an account the consumer authorizes or requests to receive solicitations from the credit card issuer’s affiliates. The consumer has not authorized or requested solicitations from the card issuer’s affiliates. (e) Relation to affiliate-sharing notice and opt-out. Nothing in this subpart limits the responsibility of a person to comply with the notice and opt-out provisions of section 603(d)(2)(A)(iii) of the Act where applicable. § 222.22 Scope and duration of opt-out. (a) Scope of opt-out. (1) In general. Except as otherwise provided in this section, the consumer’s election to opt out prohibits any affiliate covered by the opt-out notice from using eligibility information received from another affiliate as described in the notice to make solicitations to the consumer. (2) Continuing relationship. (i) In general. If the consumer establishes a continuing relationship with you or your affiliate, an opt-out notice may apply to eligibility information obtained in connection with— (A) A single continuing relationship or multiple continuing relationships that the consumer establishes with you or your affiliates, including continuing relationships established subsequent to delivery of the opt-out notice, so long as the notice adequately describes the continuing relationships covered by the opt-out; or (B) Any other transaction between the consumer and you or your affiliates as described in the notice. (ii) Examples of continuing relationships. A consumer has a PO 00000 Frm 00051 Fmt 4701 Sfmt 4700 62959 continuing relationship with you or your affiliate if the consumer— (A) Opens a deposit or investment account with you or your affiliate; (B) Obtains a loan for which you or your affiliate owns the servicing rights; (C) Purchases an insurance product from you or your affiliate; (D) Holds an investment product through you or your affiliate, such as when you act or your affiliate acts as a custodian for securities or for assets in an individual retirement arrangement; (E) Enters into an agreement or understanding with you or your affiliate whereby you or your affiliate undertakes to arrange or broker a home mortgage loan for the consumer; (F) Enters into a lease of personal property with you or your affiliate; or (G) Obtains financial, investment, or economic advisory services from you or your affiliate for a fee. (3) No continuing relationship. (i) In general. If there is no continuing relationship between a consumer and you or your affiliate, and you or your affiliate obtain eligibility information about a consumer in connection with a transaction with the consumer, such as an isolated transaction or a credit application that is denied, an opt-out notice provided to the consumer only applies to eligibility information obtained in connection with that transaction. (ii) Examples of isolated transactions. An isolated transaction occurs if– (A) The consumer uses your or your affiliate’s ATM to withdraw cash from an account at another financial institution; or (B) You or your affiliate sells the consumer a cashier’s check or money order, airline tickets, travel insurance, or traveler’s checks in isolated transactions. (4) Menu of alternatives. A consumer may be given the opportunity to choose from a menu of alternatives when electing to prohibit solicitations, such as by electing to prohibit solicitations from certain types of affiliates covered by the opt-out notice but not other types of affiliates covered by the notice, electing to prohibit solicitations based on certain types of eligibility information but not other types of eligibility information, or electing to prohibit solicitations by certain methods of delivery but not other methods of delivery. However, one of the alternatives must allow the consumer to prohibit all solicitations from all of the affiliates that are covered by the notice. (5) Special rule for a notice following termination of all continuing relationships. (i) In general. A consumer must be given a new opt-out notice if, E:\FR\FM\07NOR2.SGM 07NOR2 62960 Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations after all continuing relationships with you or your affiliate(s) are terminated, the consumer subsequently establishes another continuing relationship with you or your affiliate(s) and the consumer’s eligibility information is to be used to make a solicitation. The new opt-out notice must apply, at a minimum, to eligibility information obtained in connection with the new continuing relationship. Consistent with paragraph (b) of this section, the consumer’s decision not to opt out after receiving the new opt-out notice would not override a prior opt-out election by the consumer that applies to eligibility information obtained in connection with a terminated relationship, regardless of whether the new opt-out notice applies to eligibility information obtained in connection with the terminated relationship. (ii) Example. A consumer has a checking account with a depository institution that is part of an affiliated group. The consumer closes the checking account. One year after closing the checking account, the consumer opens a savings account with the same depository institution. The consumer must be given a new notice and opportunity to opt out before the depository institution’s affiliates may make solicitations to the consumer using eligibility information obtained by the depository institution in connection with the new savings account relationship, regardless of whether the consumer opted out in connection with the checking account. (b) Duration of opt-out. The election of a consumer to opt out must be effective for a period of at least five years (the ‘‘opt-out period’’) beginning when the consumer’s opt-out election is received and implemented, unless the consumer subsequently revokes the optout in writing or, if the consumer agrees, electronically. An opt-out period of more than five years may be established, including an opt-out period that does not expire unless revoked by the consumer. (c) Time of opt-out. A consumer may opt out at any time. rwilkins on PROD1PC63 with RULES_2 § 222.23 Contents of opt-out notice; consolidated and equivalent notices. (a) Contents of opt-out notice. (1) In general. A notice must be clear, conspicuous, and concise, and must accurately disclose: (i) The name of the affiliate(s) providing the notice. If the notice is provided jointly by multiple affiliates and each affiliate shares a common name, such as ‘‘ABC,’’ then the notice may indicate that it is being provided by multiple companies with the ABC name VerDate Aug<31>2005 16:20 Nov 06, 2007 Jkt 214001 or multiple companies in the ABC group or family of companies, for example, by stating that the notice is provided by ‘‘all of the ABC companies,’’ ‘‘the ABC banking, credit card, insurance, and securities companies,’’ or by listing the name of each affiliate providing the notice. But if the affiliates providing the joint notice do not all share a common name, then the notice must either separately identify each affiliate by name or identify each of the common names used by those affiliates, for example, by stating that the notice is provided by ‘‘all of the ABC and XYZ companies’’ or by ‘‘the ABC banking and credit card companies and the XYZ insurance companies’’; (ii) A list of the affiliates or types of affiliates whose use of eligibility information is covered by the notice, which may include companies that become affiliates after the notice is provided to the consumer. If each affiliate covered by the notice shares a common name, such as ‘‘ABC,’’ then the notice may indicate that it applies to multiple companies with the ABC name or multiple companies in the ABC group or family of companies, for example, by stating that the notice is provided by ‘‘all of the ABC companies,’’ ‘‘the ABC banking, credit card, insurance, and securities companies,’’ or by listing the name of each affiliate providing the notice. But if the affiliates covered by the notice do not all share a common name, then the notice must either separately identify each covered affiliate by name or identify each of the common names used by those affiliates, for example, by stating that the notice applies to ‘‘all of the ABC and XYZ companies’’ or to ‘‘the ABC banking and credit card companies and the XYZ insurance companies’’; (iii) A general description of the types of eligibility information that may be used to make solicitations to the consumer; (iv) That the consumer may elect to limit the use of eligibility information to make solicitations to the consumer; (v) That the consumer’s election will apply for the specified period of time stated in the notice and, if applicable, that the consumer will be allowed to renew the election once that period expires; (vi) If the notice is provided to consumers who may have previously opted out, such as if a notice is provided to consumers annually, that the consumer who has chosen to limit solicitations does not need to act again until the consumer receives a renewal notice; and (vii) A reasonable and simple method for the consumer to opt out. PO 00000 Frm 00052 Fmt 4701 Sfmt 4700 (2) Joint relationships. (i) If two or more consumers jointly obtain a product or service, a single opt-out notice may be provided to the joint consumers. Any of the joint consumers may exercise the right to opt out. (ii) The opt-out notice must explain how an opt-out direction by a joint consumer will be treated. An opt-out direction by a joint consumer may be treated as applying to all of the associated joint consumers, or each joint consumer may be permitted to opt out separately. If each joint consumer is permitted to opt out separately, one of the joint consumers must be permitted to opt out on behalf of all of the joint consumers and the joint consumers must be permitted to exercise their separate rights to opt out in a single response. (iii) It is impermissible to require all joint consumers to opt out before implementing any opt-out direction. (3) Alternative contents. If the consumer is afforded a broader right to opt out of receiving marketing than is required by this subpart, the requirements of this section may be satisfied by providing the consumer with a clear, conspicuous, and concise notice that accurately discloses the consumer’s opt-out rights. (4) Model notices. Model notices are provided in Appendix C of this part. (b) Coordinated and consolidated notices. A notice required by this subpart may be coordinated and consolidated with any other notice or disclosure required to be issued under any other provision of law by the entity providing the notice, including but not limited to the notice described in section 603(d)(2)(A)(iii) of the Act and the Gramm-Leach-Bliley Act privacy notice. (c) Equivalent notices. A notice or other disclosure that is equivalent to the notice required by this subpart, and that is provided to a consumer together with disclosures required by any other provision of law, satisfies the requirements of this section. § 222.24 out. Reasonable opportunity to opt (a) In general. You must not use eligibility information about a consumer that you receive from an affiliate to make a solicitation to the consumer about your products or services, unless the consumer is provided a reasonable opportunity to opt out, as required by § 222.21(a)(1)(ii) of this part. (b) Examples of a reasonable opportunity to opt out. The consumer is given a reasonable opportunity to opt out if: E:\FR\FM\07NOR2.SGM 07NOR2 rwilkins on PROD1PC63 with RULES_2 Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations (1) By mail. The opt-out notice is mailed to the consumer. The consumer is given 30 days from the date the notice is mailed to elect to opt out by any reasonable means. (2) By electronic means. (i) The optout notice is provided electronically to the consumer, such as by posting the notice at an Internet Web site at which the consumer has obtained a product or service. The consumer acknowledges receipt of the electronic notice. The consumer is given 30 days after the date the consumer acknowledges receipt to elect to opt out by any reasonable means. (ii) The opt-out notice is provided to the consumer by e-mail where the consumer has agreed to receive disclosures by e-mail from the person sending the notice. The consumer is given 30 days after the e-mail is sent to elect to opt out by any reasonable means. (3) At the time of an electronic transaction. The opt-out notice is provided to the consumer at the time of an electronic transaction, such as a transaction conducted on an Internet Web site. The consumer is required to decide, as a necessary part of proceeding with the transaction, whether to opt out before completing the transaction. There is a simple process that the consumer may use to opt out at that time using the same mechanism through which the transaction is conducted. (4) At the time of an in-person transaction. The opt-out notice is provided to the consumer in writing at the time of an in-person transaction. The consumer is required to decide, as a necessary part of proceeding with the transaction, whether to opt out before completing the transaction, and is not permitted to complete the transaction without making a choice. There is a simple process that the consumer may use during the course of the in-person transaction to opt out, such as completing a form that requires consumers to write a ‘‘yes’’ or ‘‘no’’ to indicate their opt-out preference or that requires the consumer to check one of two blank check boxes—one that allows consumers to indicate that they want to opt out and one that allows consumers to indicate that they do not want to opt out. (5) By including in a privacy notice. The opt-out notice is included in a Gramm-Leach-Bliley Act privacy notice. The consumer is allowed to exercise the opt-out within a reasonable period of time and in the same manner as the optout under that privacy notice. VerDate Aug<31>2005 16:20 Nov 06, 2007 Jkt 214001 § 222.25 Reasonable and simple methods of opting out. (a) In general. You must not use eligibility information about a consumer that you receive from an affiliate to make a solicitation to the consumer about your products or services, unless the consumer is provided a reasonable and simple method to opt out, as required by § 222.21(a)(1)(ii) of this part. (b) Examples. (1) Reasonable and simple opt-out methods. Reasonable and simple methods for exercising the optout right include— (i) Designating a check-off box in a prominent position on the opt-out form; (ii) Including a reply form and a selfaddressed envelope together with the opt-out notice; (iii) Providing an electronic means to opt out, such as a form that can be electronically mailed or processed at an Internet Web site, if the consumer agrees to the electronic delivery of information; (iv) Providing a toll-free telephone number that consumers may call to opt out; or (v) Allowing consumers to exercise all of their opt-out rights described in a consolidated opt-out notice that includes the privacy opt-out under the Gramm-Leach-Bliley Act, 15 U.S.C. 6801 et seq., the affiliate sharing opt-out under the Act, and the affiliate marketing opt-out under the Act, by a single method, such as by calling a single toll-free telephone number. (2) Opt-out methods that are not reasonable and simple. Reasonable and simple methods for exercising an optout right do not include— (i) Requiring the consumer to write his or her own letter; (ii) Requiring the consumer to call or write to obtain a form for opting out, rather than including the form with the opt-out notice; (iii) Requiring the consumer who receives the opt-out notice in electronic form only, such as through posting at an Internet Web site, to opt out solely by paper mail or by visiting a different Web site without providing a link to that site. (c) Specific opt-out means. Each consumer may be required to opt out through a specific means, as long as that means is reasonable and simple for that consumer. § 222.26 Delivery of opt-out notices. (a) In general. The opt-out notice must be provided so that each consumer can reasonably be expected to receive actual notice. For opt-out notices provided electronically, the notice may be provided in compliance with either the electronic disclosure provisions in this subpart or the provisions in section 101 of the Electronic Signatures in Global PO 00000 Frm 00053 Fmt 4701 Sfmt 4700 62961 and National Commerce Act, 15 U.S.C. 7001 et seq. (b) Examples of reasonable expectation of actual notice. A consumer may reasonably be expected to receive actual notice if the affiliate providing the notice: (1) Hand-delivers a printed copy of the notice to the consumer; (2) Mails a printed copy of the notice to the last known mailing address of the consumer; (3) Provides a notice by e-mail to a consumer who has agreed to receive electronic disclosures by e-mail from the affiliate providing the notice; or (4) Posts the notice on the Internet Web site at which the consumer obtained a product or service electronically and requires the consumer to acknowledge receipt of the notice. (c) Examples of no reasonable expectation of actual notice. A consumer may not reasonably be expected to receive actual notice if the affiliate providing the notice: (1) Only posts the notice on a sign in a branch or office or generally publishes the notice in a newspaper; (2) Sends the notice via e-mail to a consumer who has not agreed to receive electronic disclosures by e-mail from the affiliate providing the notice; or (3) Posts the notice on an Internet Web site without requiring the consumer to acknowledge receipt of the notice. § 222.27 Renewal of opt-out. (a) Renewal notice and opt-out requirement. (1) In general. After the opt-out period expires, you may not make solicitations based on eligibility information you receive from an affiliate to a consumer who previously opted out, unless: (i) The consumer has been given a renewal notice that complies with the requirements of this section and §§ 222.24 through 222.26 of this part, and a reasonable opportunity and a reasonable and simple method to renew the opt-out, and the consumer does not renew the opt-out; or (ii) An exception in § 222.21(c) of this part applies. (2) Renewal period. Each opt-out renewal must be effective for a period of at least five years as provided in § 222.22(b) of this part. (3) Affiliates who may provide the notice. The notice required by this paragraph must be provided: (i) By the affiliate that provided the previous opt-out notice, or its successor; or (ii) As part of a joint renewal notice from two or more members of an E:\FR\FM\07NOR2.SGM 07NOR2 rwilkins on PROD1PC63 with RULES_2 62962 Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations affiliated group of companies, or their successors, that jointly provided the previous opt-out notice. (b) Contents of renewal notice. The renewal notice must be clear, conspicuous, and concise, and must accurately disclose: (1) The name of the affiliate(s) providing the notice. If the notice is provided jointly by multiple affiliates and each affiliate shares a common name, such as ‘‘ABC,’’ then the notice may indicate that it is being provided by multiple companies with the ABC name or multiple companies in the ABC group or family of companies, for example, by stating that the notice is provided by ‘‘all of the ABC companies,’’ ‘‘the ABC banking, credit card, insurance, and securities companies,’’ or by listing the name of each affiliate providing the notice. But if the affiliates providing the joint notice do not all share a common name, then the notice must either separately identify each affiliate by name or identify each of the common names used by those affiliates, for example, by stating that the notice is provided by ‘‘all of the ABC and XYZ companies’’ or by ‘‘the ABC banking and credit card companies and the XYZ insurance companies’’; (2) A list of the affiliates or types of affiliates whose use of eligibility information is covered by the notice, which may include companies that become affiliates after the notice is provided to the consumer. If each affiliate covered by the notice shares a common name, such as ‘‘ABC,’’ then the notice may indicate that it applies to multiple companies with the ABC name or multiple companies in the ABC group or family of companies, for example, by stating that the notice is provided by ‘‘all of the ABC companies,’’ ‘‘the ABC banking, credit card, insurance, and securities companies,’’ or by listing the name of each affiliate providing the notice. But if the affiliates covered by the notice do not all share a common name, then the notice must either separately identify each covered affiliate by name or identify each of the common names used by those affiliates, for example, by stating that the notice applies to ‘‘all of the ABC and XYZ companies’’ or to ‘‘the ABC banking and credit card companies and the XYZ insurance companies’’; (3) A general description of the types of eligibility information that may be used to make solicitations to the consumer; (4) That the consumer previously elected to limit the use of certain information to make solicitations to the consumer; VerDate Aug<31>2005 16:20 Nov 06, 2007 Jkt 214001 (5) That the consumer’s election has expired or is about to expire; (6) That the consumer may elect to renew the consumer’s previous election; (7) If applicable, that the consumer’s election to renew will apply for the specified period of time stated in the notice and that the consumer will be allowed to renew the election once that period expires; and (8) A reasonable and simple method for the consumer to opt out. (c) Timing of the renewal notice. (1) In general. A renewal notice may be provided to the consumer either— (i) A reasonable period of time before the expiration of the opt-out period; or (ii) Any time after the expiration of the opt-out period but before solicitations that would have been prohibited by the expired opt-out are made to the consumer. (2) Combination with annual privacy notice. If you provide an annual privacy notice under the Gramm-Leach-Bliley Act, 15 U.S.C. 6801 et seq., providing a renewal notice with the last annual privacy notice provided to the consumer before expiration of the opt-out period is a reasonable period of time before expiration of the opt-out in all cases. (d) No effect on opt-out period. An opt-out period may not be shortened by sending a renewal notice to the consumer before expiration of the optout period, even if the consumer does not renew the opt out. § 222.28 Effective date, compliance date, and prospective application. (a) Effective date. This subpart is effective January 1, 2008. (b) Mandatory compliance date. Compliance with this subpart is required not later than October 1, 2008. (c) Prospective application. The provisions of this subpart shall not prohibit you from using eligibility information that you receive from an affiliate to make solicitations to a consumer if you receive such information prior to October 1, 2008. For purposes of this section, you are deemed to receive eligibility information when such information is placed into a common database and is accessible by you. I 4. A new Appendix C to part 222 is added to read as follows: Appendix C to Part 222—Model Forms for Opt-Out Notices a. Although use of the model forms is not required, use of the model forms in this Appendix (as applicable) complies with the requirement in section 624 of the Act for clear, conspicuous, and concise notices. b. Certain changes may be made to the language or format of the model forms PO 00000 Frm 00054 Fmt 4701 Sfmt 4700 without losing the protection from liability afforded by use of the model forms. These changes may not be so extensive as to affect the substance, clarity, or meaningful sequence of the language in the model forms. Persons making such extensive revisions will lose the safe harbor that this Appendix provides. Acceptable changes include, for example: 1. Rearranging the order of the references to ‘‘your income,’’ ‘‘your account history,’’ and ‘‘your credit score.’’ 2. Substituting other types of information for ‘‘income,’’ ‘‘account history,’’ or ‘‘credit score’’ for accuracy, such as ‘‘payment history,’’ ‘‘credit history,’’ ‘‘payoff status,’’ or ‘‘claims history.’’ 3. Substituting a clearer and more accurate description of the affiliates providing or covered by the notice for phrases such as ‘‘the [ABC] group of companies,’’ including without limitation a statement that the entity providing the notice recently purchased the consumer’s account. 4. Substituting other types of affiliates covered by the notice for ‘‘credit card,’’ ‘‘insurance,’’ or ‘‘securities’’ affiliates. 5. Omitting items that are not accurate or applicable. For example, if a person does not limit the duration of the opt-out period, the notice may omit information about the renewal notice. 6. Adding a statement informing consumers how much time they have to opt out before shared eligibility information may be used to make solicitations to them. 7. Adding a statement that the consumer may exercise the right to opt out at any time. 8. Adding the following statement, if accurate: ‘‘If you previously opted out, you do not need to do so again.’’ 9. Providing a place on the form for the consumer to fill in identifying information, such as his or her name and address C–1 Model Form for Initial Opt-out Notice (Single-Affiliate Notice) C–2 Model Form for Initial Opt-out Notice (Joint Notice) C–3 Model Form for Renewal Notice (Single-Affiliate Notice) C–4 Model Form for Renewal Notice (Joint Notice) C–5 Model Form for Voluntary ‘‘No Marketing’’ Notice C–1—Model Form for Initial Opt-out Notice (Single-Affiliate Notice)—[Your Choice To Limit Marketing]/[Marketing Opt-out] • [Name of Affiliate] is providing this notice. • [Optional: Federal law gives you the right to limit some but not all marketing from our affiliates. Federal law also requires us to give you this notice to tell you about your choice to limit marketing from our affiliates.] • You may limit our affiliates in the [ABC] group of companies, such as our [credit card, insurance, and securities] affiliates, from marketing their products or services to you based on your personal information that we collect and share with them. This information includes your [income], your [account history with us], and your [credit score]. • Your choice to limit marketing offers from our affiliates will apply [until you tell E:\FR\FM\07NOR2.SGM 07NOR2 Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations rwilkins on PROD1PC63 with RULES_2 us to change your choice]/[for x years from when you tell us your choice]/[for at least 5 years from when you tell us your choice]. [Include if the opt-out period expires.] Once that period expires, you will receive a renewal notice that will allow you to continue to limit marketing offers from our affiliates for [another x years]/[at least another 5 years]. • [Include, if applicable, in a subsequent notice, including an annual notice, for consumers who may have previously opted out.] If you have already made a choice to limit marketing offers from our affiliates, you do not need to act again until you receive the renewal notice. To limit marketing offers, contact us [include all that apply]: • By telephone: 1–877–###–#### • On the Web: www.---.com • By mail: Check the box and complete the form below, and send the form to: [Company name] [Company address] lDo not allow your affiliates to use my personal information to market to me. C–2—Model Form for Initial Opt-out Notice (Joint Notice)—[Your Choice To Limit Marketing]/[Marketing Opt-out] • The [ABC group of companies] is providing this notice. • [Optional: Federal law gives you the right to limit some but not all marketing from the [ABC] companies. Federal law also requires us to give you this notice to tell you about your choice to limit marketing from the [ABC] companies.] • You may limit the [ABC] companies, such as the [ABC credit card, insurance, and securities] affiliates, from marketing their products or services to you based on your personal information that they receive from other [ABC] companies. This information includes your [income], your [account history], and your [credit score]. • Your choice to limit marketing offers from the [ABC] companies will apply [until you tell us to change your choice]/[for x years from when you tell us your choice]/[for at least 5 years from when you tell us your choice]. [Include if the opt-out period expires.] Once that period expires, you will receive a renewal notice that will allow you to continue to limit marketing offers from the [ABC] companies for [another x years]/[at least another 5 years]. • [Include, if applicable, in a subsequent notice, including an annual notice, for consumers who may have previously opted out.] If you have already made a choice to limit marketing offers from the [ABC] companies, you do not need to act again until you receive the renewal notice. To limit marketing offers, contact us [include all that apply]: • By telephone: 1–877–###–#### • On the Web: www.---.com • By mail: Check the box and complete the form below, and send the form to: [Company name] [Company address] lDo not allow any company [in the ABC group of companies] to use my personal information to market to me. VerDate Aug<31>2005 17:18 Nov 06, 2007 Jkt 214001 C–3—Model Form for Renewal Notice (Single-Affiliate Notice)—[Renewing Your Choice To Limit Marketing]/[Renewing Your Marketing Opt-Out] • [Name of Affiliate] is providing this notice. • [Optional: Federal law gives you the right to limit some but not all marketing from our affiliates. Federal law also requires us to give you this notice to tell you about your choice to limit marketing from our affiliates.] • You previously chose to limit our affiliates in the [ABC] group of companies, such as our [credit card, insurance, and securities] affiliates, from marketing their products or services to you based on your personal information that we share with them. This information includes your [income], your [account history with us], and your [credit score]. • Your choice has expired or is about to expire. To renew your choice to limit marketing for [x] more years, contact us [include all that apply]: • By telephone: 1–877–###–#### • On the Web: www.---.com • By mail: Check the box and complete the form below, and send the form to: [Company name] [Company address] lRenew my choice to limit marketing for [x] more years. C–4—Model Form for Renewal Notice (Joint Notice)—[Renewing Your Choice To Limit Marketing]/[Renewing Your Marketing OptOut] • The [ABC group of companies] is providing this notice. • [Optional: Federal law gives you the right to limit some but not all marketing from the [ABC] companies. Federal law also requires us to give you this notice to tell you about your choice to limit marketing from the [ABC] companies.] • You previously chose to limit the [ABC] companies, such as the [ABC credit card, insurance, and securities] affiliates, from marketing their products or services to you based on your personal information that they receive from other ABC companies. This information includes your [income], your [account history], and your [credit score]. • Your choice has expired or is about to expire. To renew your choice to limit marketing for [x] more years, contact us [include all that apply]: • By telephone: 1–877–###–#### • On the Web: www.---.com • By mail: Check the box and complete the form below, and send the form to: [Company name] [Company address] lRenew my choice to limit marketing for [x] more years. C–5—Model Form for Voluntary ‘‘No Marketing’’ Notice—Your Choice To Stop Marketing • [Name of Affiliate] is providing this notice. • You may choose to stop all marketing from us and our affiliates. PO 00000 Frm 00055 Fmt 4701 Sfmt 4700 62963 To stop all marketing, contact us [include all that apply]: • By telephone: 1–877–###–#### • On the Web: www.---.com • By mail: Check the box and complete the form below, and send the form to: [Company name] [Company address] lDo not market to me. Federal Deposit Insurance Corporation 12 CFR Chapter III. Authority and Issuance For the reasons set forth in the joint preamble, part 334 of title 12, chapter III, of the Code of Federal Regulations is amended as follows: I PART 334—FAIR CREDIT REPORTING 1. The authority citation for part 334 is revised to read as follows: I Authority: 12 U.S.C. 1818 and 1819 (Tenth); 15 U.S.C. 1681b, 1681c, 1681m, 1681s, 1681w, 6801 and 6805. Subpart A—General Provisions 2. A new § 334.1 is added to part 334 to read as follows: I § 334.1 Purpose and scope. (a) Purpose. The purpose of this part is to implement the Fair Credit Reporting Act. This part generally applies to persons that obtain and use information about consumers to determine the consumer’s eligibility for products, services, or employment, share such information among affiliates, and furnish information to consumer reporting agencies. (b) Scope. Except as otherwise provided in this part, the regulations in this part apply to insured state nonmember banks, insured state licensed branches of foreign banks, and subsidiaries of such entities (except brokers, dealers, persons providing insurance, investment companies, and investment advisers). 3. A new Subpart C is added to part 334 to read as follows: I Subpart C—Affiliate Marketing Sec. 334.20 Coverage and definitions. 334.21 Affiliate marketing opt-out and exceptions. 334.22 Scope and duration of opt-out. 334.23 Contents of opt-out notice; consolidated and equivalent notices. 334.24 Reasonable opportunity to opt out. 334.25 Reasonable and simple methods of opting out. 334.26 Delivery of opt-out notices. 334.27 Renewal of opt-out. 334.28 Effective date, compliance date, and prospective application. E:\FR\FM\07NOR2.SGM 07NOR2 62964 Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations Subpart C—Affiliate Marketing rwilkins on PROD1PC63 with RULES_2 § 334.20 Coverage and definitions. (a) Coverage. Subpart C of this part applies to insured state nonmember banks, insured state licensed branches of foreign banks, and subsidiaries of such entities (except brokers, dealers, persons providing insurance, investment companies, and investment advisers). (b) Definitions. For purposes of this subpart: (1) Clear and conspicuous. The term ‘‘clear and conspicuous’’ means reasonably understandable and designed to call attention to the nature and significance of the information presented. (2) Concise. (i) In general. The term ‘‘concise’’ means a reasonably brief expression or statement. (ii) Combination with other required disclosures. A notice required by this subpart may be concise even if it is combined with other disclosures required or authorized by federal or state law. (3) Eligibility information. The term ‘‘eligibility information’’ means any information the communication of which would be a consumer report if the exclusions from the definition of ‘‘consumer report’’ in section 603(d)(2)(A) of the Act did not apply. Eligibility information does not include aggregate or blind data that does not contain personal identifiers such as account numbers, names, or addresses. (4) Pre-existing business relationship. (i) In general. The term ‘‘pre-existing business relationship’’ means a relationship between a person, or a person’s licensed agent, and a consumer based on— (A) A financial contract between the person and the consumer which is in force on the date on which the consumer is sent a solicitation covered by this subpart; (B) The purchase, rental, or lease by the consumer of the person’s goods or services, or a financial transaction (including holding an active account or a policy in force or having another continuing relationship) between the consumer and the person, during the 18month period immediately preceding the date on which the consumer is sent a solicitation covered by this subpart; or (C) An inquiry or application by the consumer regarding a product or service offered by that person during the threemonth period immediately preceding the date on which the consumer is sent a solicitation covered by this subpart. (ii) Examples of pre-existing business relationships. (A) If a consumer has a time deposit account, such as a VerDate Aug<31>2005 16:20 Nov 06, 2007 Jkt 214001 certificate of deposit, at a depository institution that is currently in force, the depository institution has a pre-existing business relationship with the consumer and can use eligibility information it receives from its affiliates to make solicitations to the consumer about its products or services. (B) If a consumer obtained a certificate of deposit from a depository institution, but did not renew the certificate at maturity, the depository institution has a pre-existing business relationship with the consumer and can use eligibility information it receives from its affiliates to make solicitations to the consumer about its products or services for 18 months after the date of maturity of the certificate of deposit. (C) If a consumer obtains a mortgage, the mortgage lender has a pre-existing business relationship with the consumer. If the mortgage lender sells the consumer’s entire loan to an investor, the mortgage lender has a preexisting business relationship with the consumer and can use eligibility information it receives from its affiliates to make solicitations to the consumer about its products or services for 18 months after the date it sells the loan, and the investor has a pre-existing business relationship with the consumer upon purchasing the loan. If, however, the mortgage lender sells a fractional interest in the consumer’s loan to an investor but also retains an ownership interest in the loan, the mortgage lender continues to have a pre-existing business relationship with the consumer, but the investor does not have a pre-existing business relationship with the consumer. If the mortgage lender retains ownership of the loan, but sells ownership of the servicing rights to the consumer’s loan, the mortgage lender continues to have a pre-existing business relationship with the consumer. The purchaser of the servicing rights also has a pre-existing business relationship with the consumer as of the date it purchases ownership of the servicing rights, but only if it collects payments from or otherwise deals directly with the consumer on a continuing basis. (D) If a consumer applies to a depository institution for a product or service that it offers, but does not obtain a product or service from or enter into a financial contract or transaction with the institution, the depository institution has a pre-existing business relationship with the consumer and can therefore use eligibility information it receives from an affiliate to make solicitations to the consumer about its products or services for three months after the date of the application. PO 00000 Frm 00056 Fmt 4701 Sfmt 4700 (E) If a consumer makes a telephone inquiry to a depository institution about its products or services and provides contact information to the institution, but does not obtain a product or service from or enter into a financial contract or transaction with the institution, the depository institution has a pre-existing business relationship with the consumer and can therefore use eligibility information it receives from an affiliate to make solicitations to the consumer about its products or services for three months after the date of the inquiry. (F) If a consumer makes an inquiry to a depository institution by e-mail about its products or services, but does not obtain a product or service from or enter into a financial contract or transaction with the institution, the depository institution has a pre-existing business relationship with the consumer and can therefore use eligibility information it receives from an affiliate to make solicitations to the consumer about its products or services for three months after the date of the inquiry. (G) If a consumer has an existing relationship with a depository institution that is part of a group of affiliated companies, makes a telephone call to the centralized call center for the group of affiliated companies to inquire about products or services offered by the insurance affiliate, and provides contact information to the call center, the call constitutes an inquiry to the insurance affiliate that offers those products or services. The insurance affiliate has a pre-existing business relationship with the consumer and can therefore use eligibility information it receives from its affiliated depository institution to make solicitations to the consumer about its products or services for three months after the date of the inquiry. (iii) Examples where no pre-existing business relationship is created. (A) If a consumer makes a telephone call to a centralized call center for a group of affiliated companies to inquire about the consumer’s existing account at a depository institution, the call does not constitute an inquiry to any affiliate other than the depository institution that holds the consumer’s account and does not establish a pre-existing business relationship between the consumer and any affiliate of the account-holding depository institution. (B) If a consumer who has a deposit account with a depository institution makes a telephone call to an affiliate of the institution to ask about the affiliate’s retail locations and hours, but does not make an inquiry about the affiliate’s products or services, the call does not constitute an inquiry and does not establish a pre-existing business E:\FR\FM\07NOR2.SGM 07NOR2 Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations relationship between the consumer and the affiliate. Also, the affiliate’s capture of the consumer’s telephone number does not constitute an inquiry and does not establish a pre-existing business relationship between the consumer and the affiliate. (C) If a consumer makes a telephone call to a depository institution in response to an advertisement that offers a free promotional item to consumers who call a toll-free number, but the advertisement does not indicate that the depository institution’s products or services will be marketed to consumers who call in response, the call does not create a pre-existing business relationship between the consumer and the depository institution because the consumer has not made an inquiry about a product or service offered by the institution, but has merely responded to an offer for a free promotional item. (5) Solicitation. (i) In general. The term ‘‘solicitation’’ means the marketing of a product or service initiated by a person to a particular consumer that is— (A) Based on eligibility information communicated to that person by its affiliate as described in this subpart; and (B) Intended to encourage the consumer to purchase or obtain such product or service. (ii) Exclusion of marketing directed at the general public. A solicitation does not include marketing communications that are directed at the general public. For example, television, general circulation magazine, and billboard advertisements do not constitute solicitations, even if those communications are intended to encourage consumers to purchase products and services from the person initiating the communications. (iii) Examples of solicitations. A solicitation would include, for example, a telemarketing call, direct mail, e-mail, or other form of marketing communication directed to a particular consumer that is based on eligibility information received from an affiliate. (6) You means a person described in paragraph (a) of this section. rwilkins on PROD1PC63 with RULES_2 § 334.21 Affiliate marketing opt-out and exceptions. (a) Initial notice and opt-out requirement. (1) In general. You may not use eligibility information about a consumer that you receive from an affiliate to make a solicitation for marketing purposes to the consumer, unless— (i) It is clearly and conspicuously disclosed to the consumer in writing or, if the consumer agrees, electronically, in a concise notice that you may use VerDate Aug<31>2005 16:20 Nov 06, 2007 Jkt 214001 eligibility information about that consumer received from an affiliate to make solicitations for marketing purposes to the consumer; (ii) The consumer is provided a reasonable opportunity and a reasonable and simple method to ‘‘opt out,’’ or prohibit you from using eligibility information to make solicitations for marketing purposes to the consumer; and (iii) The consumer has not opted out. (2) Example. A consumer has a homeowner’s insurance policy with an insurance company. The insurance company furnishes eligibility information about the consumer to its affiliated depository institution. Based on that eligibility information, the depository institution wants to make a solicitation to the consumer about its home equity loan products. The depository institution does not have a pre-existing business relationship with the consumer and none of the other exceptions apply. The depository institution is prohibited from using eligibility information received from its insurance affiliate to make solicitations to the consumer about its home equity loan products unless the consumer is given a notice and opportunity to opt out and the consumer does not opt out. (3) Affiliates who may provide the notice. The notice required by this paragraph must be provided: (i) By an affiliate that has or has previously had a pre-existing business relationship with the consumer; or (ii) As part of a joint notice from two or more members of an affiliated group of companies, provided that at least one of the affiliates on the joint notice has or has previously had a pre-existing business relationship with the consumer. (b) Making solicitations. (1) In general. For purposes of this subpart, you make a solicitation for marketing purposes if— (i) You receive eligibility information from an affiliate; (ii) You use that eligibility information to do one or more of the following: (A) Identify the consumer or type of consumer to receive a solicitation; (B) Establish criteria used to select the consumer to receive a solicitation; or (C) Decide which of your products or services to market to the consumer or tailor your solicitation to that consumer; and (iii) As a result of your use of the eligibility information, the consumer is provided a solicitation. (2) Receiving eligibility information from an affiliate, including through a common database. You may receive PO 00000 Frm 00057 Fmt 4701 Sfmt 4700 62965 eligibility information from an affiliate in various ways, including when the affiliate places that information into a common database that you may access. (3) Receipt or use of eligibility information by your service provider. Except as provided in paragraph (b)(5) of this section, you receive or use an affiliate’s eligibility information if a service provider acting on your behalf (whether an affiliate or a nonaffiliated third party) receives or uses that information in the manner described in paragraphs (b)(1)(i) or (b)(1)(ii) of this section. All relevant facts and circumstances will determine whether a person is acting as your service provider when it receives or uses an affiliate’s eligibility information in connection with marketing your products and services. (4) Use by an affiliate of its own eligibility information. Unless you have used eligibility information that you receive from an affiliate in the manner described in paragraph (b)(1)(ii) of this section, you do not make a solicitation subject to this subpart if your affiliate: (i) Uses its own eligibility information that it obtained in connection with a pre-existing business relationship it has or had with the consumer to market your products or services to the consumer; or (ii) Directs its service provider to use the affiliate’s own eligibility information that it obtained in connection with a pre-existing business relationship it has or had with the consumer to market your products or services to the consumer, and you do not communicate directly with the service provider regarding that use. (5) Use of eligibility information by a service provider. (i) In general. You do not make a solicitation subject to Subpart C of this part if a service provider (including an affiliated or third-party service provider that maintains or accesses a common database that you may access) receives eligibility information from your affiliate that your affiliate obtained in connection with a pre-existing business relationship it has or had with the consumer and uses that eligibility information to market your products or services to the consumer, so long as— (A) Your affiliate controls access to and use of its eligibility information by the service provider (including the right to establish the specific terms and conditions under which the service provider may use such information to market your products or services); (B) Your affiliate establishes specific terms and conditions under which the service provider may access and use the affiliate’s eligibility information to E:\FR\FM\07NOR2.SGM 07NOR2 rwilkins on PROD1PC63 with RULES_2 62966 Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations market your products and services (or those of affiliates generally) to the consumer, such as the identity of the affiliated companies whose products or services may be marketed to the consumer by the service provider, the types of products or services of affiliated companies that may be marketed, and the number of times the consumer may receive marketing materials, and periodically evaluates the service provider’s compliance with those terms and conditions; (C) Your affiliate requires the service provider to implement reasonable policies and procedures designed to ensure that the service provider uses the affiliate’s eligibility information in accordance with the terms and conditions established by the affiliate relating to the marketing of your products or services; (D) Your affiliate is identified on or with the marketing materials provided to the consumer; and (E) You do not directly use your affiliate’s eligibility information in the manner described in paragraph (b)(1)(ii) of this section. (ii) Writing requirements. (A) The requirements of paragraphs (b)(5)(i)(A) and (C) of this section must be set forth in a written agreement between your affiliate and the service provider; and (B) The specific terms and conditions established by your affiliate as provided in paragraph (b)(5)(i)(B) of this section must be set forth in writing. (6) Examples of making solicitations. (i) A consumer has a deposit account with a depository institution, which is affiliated with an insurance company. The insurance company receives eligibility information about the consumer from the depository institution. The insurance company uses that eligibility information to identify the consumer to receive a solicitation about insurance products, and, as a result, the insurance company provides a solicitation to the consumer about its insurance products. Pursuant to paragraph (b)(1) of this section, the insurance company has made a solicitation to the consumer. (ii) The same facts as in the example in paragraph (b)(6)(i) of this section, except that after using the eligibility information to identify the consumer to receive a solicitation about insurance products, the insurance company asks the depository institution to send the solicitation to the consumer and the depository institution does so. Pursuant to paragraph (b)(1) of this section, the insurance company has made a solicitation to the consumer because it used eligibility information about the consumer that it received from an VerDate Aug<31>2005 16:20 Nov 06, 2007 Jkt 214001 affiliate to identify the consumer to receive a solicitation about its products or services, and, as a result, a solicitation was provided to the consumer about the insurance company’s products. (iii) The same facts as in the example in paragraph (b)(6)(i) of this section, except that eligibility information about consumers that have deposit accounts with the depository institution is placed into a common database that all members of the affiliated group of companies may independently access and use. Without using the depository institution’s eligibility information, the insurance company develops selection criteria and provides those criteria, marketing materials, and related instructions to the depository institution. The depository institution reviews eligibility information about its own consumers using the selection criteria provided by the insurance company to determine which consumers should receive the insurance company’s marketing materials and sends marketing materials about the insurance company’s products to those consumers. Even though the insurance company has received eligibility information through the common database as provided in paragraph (b)(2) of this section, it did not use that information to identify consumers or establish selection criteria; instead, the depository institution used its own eligibility information. Therefore, pursuant to paragraph (b)(4)(i) of this section, the insurance company has not made a solicitation to the consumer. (iv) The same facts as in the example in paragraph (b)(6)(iii) of this section, except that the depository institution provides the insurance company’s criteria to the depository institution’s service provider and directs the service provider to use the depository institution’s eligibility information to identify depository institution consumers who meet the criteria and to send the insurance company’s marketing materials to those consumers. The insurance company does not communicate directly with the service provider regarding the use of the depository institution’s information to market its products to the depository institution’s consumers. Pursuant to paragraph (b)(4)(ii) of this section, the insurance company has not made a solicitation to the consumer. (v) An affiliated group of companies includes a depository institution, an insurance company, and a service provider. Each affiliate in the group places information about its consumers into a common database. The service provider has access to all information in PO 00000 Frm 00058 Fmt 4701 Sfmt 4700 the common database. The depository institution controls access to and use of its eligibility information by the service provider. This control is set forth in a written agreement between the depository institution and the service provider. The written agreement also requires the service provider to establish reasonable policies and procedures designed to ensure that the service provider uses the depository institution’s eligibility information in accordance with specific terms and conditions established by the depository institution relating to the marketing of the products and services of all affiliates, including the insurance company. In a separate written communication, the depository institution specifies the terms and conditions under which the service provider may use the depository institution’s eligibility information to market the insurance company’s products and services to the depository institution’s consumers. The specific terms and conditions are: a list of affiliated companies (including the insurance company) whose products or services may be marketed to the depository institution’s consumers by the service provider; the specific products or types of products that may be marketed to the depository institution’s consumers by the service provider; the categories of eligibility information that may be used by the service provider in marketing products or services to the depository institution’s consumers; the types or categories of the depository institution’s consumers to whom the service provider may market products or services of depository institution affiliates; the number and/or types of marketing communications that the service provider may send to the depository institution’s consumers; and the length of time during which the service provider may market the products or services of the depository institution’s affiliates to its consumers. The depository institution periodically evaluates the service provider’s compliance with these terms and conditions. The insurance company asks the service provider to market insurance products to certain consumers who have deposit accounts with the depository institution. Without using the depository institution’s eligibility information, the insurance company develops selection criteria and provides those criteria, marketing materials, and related instructions to the service provider. The service provider uses the depository institution’s eligibility information from the common database E:\FR\FM\07NOR2.SGM 07NOR2 rwilkins on PROD1PC63 with RULES_2 Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations to identify the depository institution’s consumers to whom insurance products will be marketed. When the insurance company’s marketing materials are provided to the identified consumers, the name of the depository institution is displayed on the insurance marketing materials, an introductory letter that accompanies the marketing materials, an account statement that accompanies the marketing materials, or the envelope containing the marketing materials. The requirements of paragraph (b)(5) of this section have been satisfied, and the insurance company has not made a solicitation to the consumer. (vi) The same facts as in the example in paragraph (b)(6)(v) of this section, except that the terms and conditions permit the service provider to use the depository institution’s eligibility information to market the products and services of other affiliates to the depository institution’s consumers whenever the service provider deems it appropriate to do so. The service provider uses the depository institution’s eligibility information in accordance with the discretion afforded to it by the terms and conditions. Because the terms and conditions are not specific, the requirements of paragraph (b)(5) of this section have not been satisfied. (c) Exceptions. The provisions of this subpart do not apply to you if you use eligibility information that you receive from an affiliate: (1) To make a solicitation for marketing purposes to a consumer with whom you have a pre-existing business relationship; (2) To facilitate communications to an individual for whose benefit you provide employee benefit or other services pursuant to a contract with an employer related to and arising out of the current employment relationship or status of the individual as a participant or beneficiary of an employee benefit plan; (3) To perform services on behalf of an affiliate, except that this subparagraph shall not be construed as permitting you to send solicitations on behalf of an affiliate if the affiliate would not be permitted to send the solicitation as a result of the election of the consumer to opt out under this subpart; (4) In response to a communication about your products or services initiated by the consumer; (5) In response to an authorization or request by the consumer to receive solicitations; or (6) If your compliance with this subpart would prevent you from complying with any provision of State VerDate Aug<31>2005 16:20 Nov 06, 2007 Jkt 214001 insurance laws pertaining to unfair discrimination in any State in which you are lawfully doing business. (d) Examples of exceptions. (1) Example of the pre-existing business relationship exception. A consumer has a deposit account with a depository institution. The consumer also has a relationship with the depository institution’s securities affiliate for management of the consumer’s securities portfolio. The depository institution receives eligibility information about the consumer from its securities affiliate and uses that information to make a solicitation to the consumer about the depository institution’s wealth management services. The depository institution may make this solicitation even if the consumer has not been given a notice and opportunity to opt out because the depository institution has a pre-existing business relationship with the consumer. (2) Examples of service provider exception. (i) A consumer has an insurance policy issued by an insurance company. The insurance company furnishes eligibility information about the consumer to its affiliated depository institution. Based on that eligibility information, the depository institution wants to make a solicitation to the consumer about its deposit products. The depository institution does not have a pre-existing business relationship with the consumer and none of the other exceptions in paragraph (c) of this section apply. The consumer has been given an opt-out notice and has elected to opt out of receiving such solicitations. The depository institution asks a service provider to send the solicitation to the consumer on its behalf. The service provider may not send the solicitation on behalf of the depository institution because, as a result of the consumer’s opt-out election, the depository institution is not permitted to make the solicitation. (ii) The same facts as in paragraph (d)(2)(i) of this section, except the consumer has been given an opt-out notice, but has not elected to opt out. The depository institution asks a service provider to send the solicitation to the consumer on its behalf. The service provider may send the solicitation on behalf of the depository institution because, as a result of the consumer’s not opting out, the depository institution is permitted to make the solicitation. (3) Examples of consumer-initiated communications. (i) A consumer who has a deposit account with a depository institution initiates a communication with the depository institution’s credit PO 00000 Frm 00059 Fmt 4701 Sfmt 4700 62967 card affiliate to request information about a credit card. The credit card affiliate may use eligibility information about the consumer it obtains from the depository institution or any other affiliate to make solicitations regarding credit card products in response to the consumer-initiated communication. (ii) A consumer who has a deposit account with a depository institution contacts the institution to request information about how to save and invest for a child’s college education without specifying the type of product in which the consumer may be interested. Information about a range of different products or services offered by the depository institution and one or more affiliates of the institution may be responsive to that communication. Such products or services may include the following: Mutual funds offered by the institution’s mutual fund affiliate; section 529 plans offered by the institution, its mutual fund affiliate, or another securities affiliate; or trust services offered by a different financial institution in the affiliated group. Any affiliate offering investment products or services that would be responsive to the consumer’s request for information about saving and investing for a child’s college education may use eligibility information to make solicitations to the consumer in response to this communication. (iii) A credit card issuer makes a marketing call to the consumer without using eligibility information received from an affiliate. The issuer leaves a voice-mail message that invites the consumer to call a toll-free number to apply for the issuer’s credit card. If the consumer calls the toll-free number to inquire about the credit card, the call is a consumer-initiated communication about a product or service and the credit card issuer may now use eligibility information it receives from its affiliates to make solicitations to the consumer. (iv) A consumer calls a depository institution to ask about retail locations and hours, but does not request information about products or services. The institution may not use eligibility information it receives from an affiliate to make solicitations to the consumer about its products or services because the consumer-initiated communication does not relate to the depository institution’s products or services. Thus, the use of eligibility information received from an affiliate would not be responsive to the communication and the exception does not apply. (v) A consumer calls a depository institution to ask about retail locations and hours. The customer service representative asks the consumer if E:\FR\FM\07NOR2.SGM 07NOR2 rwilkins on PROD1PC63 with RULES_2 62968 Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations there is a particular product or service about which the consumer is seeking information. The consumer responds that the consumer wants to stop in and find out about certificates of deposit. The customer service representative offers to provide that information by telephone and mail additional information and application materials to the consumer. The consumer agrees and provides or confirms contact information for receipt of the materials to be mailed. The depository institution may use eligibility information it receives from an affiliate to make solicitations to the consumer about certificates of deposit because such solicitations would respond to the consumer-initiated communication about products or services. (4) Examples of consumer authorization or request for solicitations. (i) A consumer who obtains a mortgage from a mortgage lender authorizes or requests information about homeowner’s insurance offered by the mortgage lender’s insurance affiliate. Such authorization or request, whether given to the mortgage lender or to the insurance affiliate, would permit the insurance affiliate to use eligibility information about the consumer it obtains from the mortgage lender or any other affiliate to make solicitations to the consumer about homeowner’s insurance. (ii) A consumer completes an online application to apply for a credit card from a credit card issuer. The issuer’s online application contains a blank check box that the consumer may check to authorize or request information from the credit card issuer’s affiliates. The consumer checks the box. The consumer has authorized or requested solicitations from the card issuer’s affiliates. (iii) A consumer completes an online application to apply for a credit card from a credit card issuer. The issuer’s online application contains a preselected check box indicating that the consumer authorizes or requests information from the issuer’s affiliates. The consumer does not deselect the check box. The consumer has not authorized or requested solicitations from the card issuer’s affiliates. (iv) The terms and conditions of a credit card account agreement contain preprinted boilerplate language stating that by applying to open an account the consumer authorizes or requests to receive solicitations from the credit card issuer’s affiliates. The consumer has not authorized or requested solicitations from the card issuer’s affiliates. (e) Relation to affiliate-sharing notice and opt-out. Nothing in this subpart VerDate Aug<31>2005 16:20 Nov 06, 2007 Jkt 214001 limits the responsibility of a person to comply with the notice and opt-out provisions of section 603(d)(2)(A)(iii) of the Act where applicable. § 334.22 Scope and duration of opt-out. (a) Scope of opt-out. (1) In general. Except as otherwise provided in this section, the consumer’s election to opt out prohibits any affiliate covered by the opt-out notice from using eligibility information received from another affiliate as described in the notice to make solicitations to the consumer. (2) Continuing relationship. (i) In general. If the consumer establishes a continuing relationship with you or your affiliate, an opt-out notice may apply to eligibility information obtained in connection with— (A) A single continuing relationship or multiple continuing relationships that the consumer establishes with you or your affiliates, including continuing relationships established subsequent to delivery of the opt-out notice, so long as the notice adequately describes the continuing relationships covered by the opt-out; or (B) Any other transaction between the consumer and you or your affiliates as described in the notice. (ii) Examples of continuing relationships. A consumer has a continuing relationship with you or your affiliate if the consumer— (A) Opens a deposit or investment account with you or your affiliate; (B) Obtains a loan for which you or your affiliate owns the servicing rights; (C) Purchases an insurance product from you or your affiliate; (D) Holds an investment product through you or your affiliate, such as when you act or your affiliate acts as a custodian for securities or for assets in an individual retirement arrangement; (E) Enters into an agreement or understanding with you or your affiliate whereby you or your affiliate undertakes to arrange or broker a home mortgage loan for the consumer; (F) Enters into a lease of personal property with you or your affiliate; or (G) Obtains financial, investment, or economic advisory services from you or your affiliate for a fee. (3) No continuing relationship. (i) In general. If there is no continuing relationship between a consumer and you or your affiliate, and you or your affiliate obtain eligibility information about a consumer in connection with a transaction with the consumer, such as an isolated transaction or a credit application that is denied, an opt-out notice provided to the consumer only applies to eligibility information obtained in connection with that transaction. PO 00000 Frm 00060 Fmt 4701 Sfmt 4700 (ii) Examples of isolated transactions. An isolated transaction occurs if— (A) The consumer uses your or your affiliate’s ATM to withdraw cash from an account at another financial institution; or (B) You or your affiliate sells the consumer a cashier’s check or money order, airline tickets, travel insurance, or traveler’s checks in isolated transactions. (4) Menu of alternatives. A consumer may be given the opportunity to choose from a menu of alternatives when electing to prohibit solicitations, such as by electing to prohibit solicitations from certain types of affiliates covered by the opt-out notice but not other types of affiliates covered by the notice, electing to prohibit solicitations based on certain types of eligibility information but not other types of eligibility information, or electing to prohibit solicitations by certain methods of delivery but not other methods of delivery. However, one of the alternatives must allow the consumer to prohibit all solicitations from all of the affiliates that are covered by the notice. (5) Special rule for a notice following termination of all continuing relationships. (i) In general. A consumer must be given a new opt-out notice if, after all continuing relationships with you or your affiliate(s) are terminated, the consumer subsequently establishes another continuing relationship with you or your affiliate(s) and the consumer’s eligibility information is to be used to make a solicitation. The new opt-out notice must apply, at a minimum, to eligibility information obtained in connection with the new continuing relationship. Consistent with paragraph (b) of this section, the consumer’s decision not to opt out after receiving the new opt-out notice would not override a prior opt-out election by the consumer that applies to eligibility information obtained in connection with a terminated relationship, regardless of whether the new opt-out notice applies to eligibility information obtained in connection with the terminated relationship. (ii) Example. A consumer has a checking account with a depository institution that is part of an affiliated group. The consumer closes the checking account. One year after closing the checking account, the consumer opens a savings account with the same depository institution. The consumer must be given a new notice and opportunity to opt out before the depository institution’s affiliates may make solicitations to the consumer using eligibility information obtained by the depository institution in connection E:\FR\FM\07NOR2.SGM 07NOR2 Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations with the new savings account relationship, regardless of whether the consumer opted out in connection with the checking account. (b) Duration of opt-out. The election of a consumer to opt out must be effective for a period of at least five years (the ‘‘opt-out period’’) beginning when the consumer’s opt-out election is received and implemented, unless the consumer subsequently revokes the optout in writing or, if the consumer agrees, electronically. An opt-out period of more than five years may be established, including an opt-out period that does not expire unless revoked by the consumer. (c) Time of opt-out. A consumer may opt out at any time. rwilkins on PROD1PC63 with RULES_2 § 334.23 Contents of opt-out notice; consolidated and equivalent notices. (a) Contents of opt-out notice. (1) In general. A notice must be clear, conspicuous, and concise, and must accurately disclose: (i) The name of the affiliate(s) providing the notice. If the notice is provided jointly by multiple affiliates and each affiliate shares a common name, such as ‘‘ABC,’’ then the notice may indicate that it is being provided by multiple companies with the ABC name or multiple companies in the ABC group or family of companies, for example, by stating that the notice is provided by ‘‘all of the ABC companies,’’ ‘‘the ABC banking, credit card, insurance, and securities companies,’’ or by listing the name of each affiliate providing the notice. But if the affiliates providing the joint notice do not all share a common name, then the notice must either separately identify each affiliate by name or identify each of the common names used by those affiliates, for example, by stating that the notice is provided by ‘‘all of the ABC and XYZ companies’’ or by ‘‘the ABC banking and credit card companies and the XYZ insurance companies’’; (ii) A list of the affiliates or types of affiliates whose use of eligibility information is covered by the notice, which may include companies that become affiliates after the notice is provided to the consumer. If each affiliate covered by the notice shares a common name, such as ‘‘ABC,’’ then the notice may indicate that it applies to multiple companies with the ABC name or multiple companies in the ABC group or family of companies, for example, by stating that the notice is provided by ‘‘all of the ABC companies,’’ ‘‘the ABC banking, credit card, insurance, and securities companies,’’ or by listing the name of each affiliate providing the notice. But if the affiliates covered by VerDate Aug<31>2005 16:20 Nov 06, 2007 Jkt 214001 the notice do not all share a common name, then the notice must either separately identify each covered affiliate by name or identify each of the common names used by those affiliates, for example, by stating that the notice applies to ‘‘all of the ABC and XYZ companies’’ or to ‘‘the ABC banking and credit card companies and the XYZ insurance companies’’; (iii) A general description of the types of eligibility information that may be used to make solicitations to the consumer; (iv) That the consumer may elect to limit the use of eligibility information to make solicitations to the consumer; (v) That the consumer’s election will apply for the specified period of time stated in the notice and, if applicable, that the consumer will be allowed to renew the election once that period expires; (vi) If the notice is provided to consumers who may have previously opted out, such as if a notice is provided to consumers annually, that the consumer who has chosen to limit solicitations does not need to act again until the consumer receives a renewal notice; and (vii) A reasonable and simple method for the consumer to opt out. (2) Joint relationships. (i) If two or more consumers jointly obtain a product or service, a single opt-out notice may be provided to the joint consumers. Any of the joint consumers may exercise the right to opt out. (ii) The opt-out notice must explain how an opt-out direction by a joint consumer will be treated. An opt-out direction by a joint consumer may be treated as applying to all of the associated joint consumers, or each joint consumer may be permitted to opt-out separately. If each joint consumer is permitted to opt out separately, one of the joint consumers must be permitted to opt out on behalf of all of the joint consumers and the joint consumers must be permitted to exercise their separate rights to opt out in a single response. (iii) It is impermissible to require all joint consumers to opt out before implementing any opt-out direction. (3) Alternative contents. If the consumer is afforded a broader right to opt out of receiving marketing than is required by this subpart, the requirements of this section may be satisfied by providing the consumer with a clear, conspicuous, and concise notice that accurately discloses the consumer’s opt-out rights. (4) Model notices. Model notices are provided in Appendix C of this part. PO 00000 Frm 00061 Fmt 4701 Sfmt 4700 62969 (b) Coordinated and consolidated notices. A notice required by this subpart may be coordinated and consolidated with any other notice or disclosure required to be issued under any other provision of law by the entity providing the notice, including but not limited to the notice described in section 603(d)(2)(A)(iii) of the Act and the Gramm-Leach-Bliley Act privacy notice. (c) Equivalent notices. A notice or other disclosure that is equivalent to the notice required by this subpart, and that is provided to a consumer together with disclosures required by any other provision of law, satisfies the requirements of this section. § 334.24 out. Reasonable opportunity to opt (a) In general. You must not use eligibility information about a consumer that you receive from an affiliate to make a solicitation to the consumer about your products or services, unless the consumer is provided a reasonable opportunity to opt out, as required by § 334.21(a)(1)(ii) of this part. (b) Examples of a reasonable opportunity to opt out. The consumer is given a reasonable opportunity to opt out if: (1) By mail. The opt-out notice is mailed to the consumer. The consumer is given 30 days from the date the notice is mailed to elect to opt out by any reasonable means. (2) By electronic means. (i) The optout notice is provided electronically to the consumer, such as by posting the notice at an Internet Web site at which the consumer has obtained a product or service. The consumer acknowledges receipt of the electronic notice. The consumer is given 30 days after the date the consumer acknowledges receipt to elect to opt out by any reasonable means. (ii) The opt-out notice is provided to the consumer by e-mail where the consumer has agreed to receive disclosures by e-mail from the person sending the notice. The consumer is given 30 days after the e-mail is sent to elect to opt out by any reasonable means. (3) At the time of an electronic transaction. The opt-out notice is provided to the consumer at the time of an electronic transaction, such as a transaction conducted on an Internet Web site. The consumer is required to decide, as a necessary part of proceeding with the transaction, whether to opt out before completing the transaction. There is a simple process that the consumer may use to opt out at that time using the same E:\FR\FM\07NOR2.SGM 07NOR2 62970 Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations mechanism through which the transaction is conducted. (4) At the time of an in-person transaction. The opt-out notice is provided to the consumer in writing at the time of an in-person transaction. The consumer is required to decide, as a necessary part of proceeding with the transaction, whether to opt out before completing the transaction, and is not permitted to complete the transaction without making a choice. There is a simple process that the consumer may use during the course of the in-person transaction to opt out, such as completing a form that requires consumers to write a ‘‘yes’’ or ‘‘no’’ to indicate their opt-out preference or that requires the consumer to check one of two blank check boxes—one that allows consumers to indicate that they want to opt out and one that allows consumers to indicate that they do not want to opt out. (5) By including in a privacy notice. The opt-out notice is included in a Gramm-Leach-Bliley Act privacy notice. The consumer is allowed to exercise the opt-out within a reasonable period of time and in the same manner as the optout under that privacy notice. rwilkins on PROD1PC63 with RULES_2 § 334.25 Reasonable and simple methods of opting out. (a) In general. You must not use eligibility information about a consumer that you receive from an affiliate to make a solicitation to the consumer about your products or services, unless the consumer is provided a reasonable and simple method to opt out, as required by § 334.21(a)(1)(ii) of this part. (b) Examples. (1) Reasonable and simple opt-out methods. Reasonable and simple methods for exercising the optout right include— (i) Designating a check-off box in a prominent position on the opt-out form; (ii) Including a reply form and a selfaddressed envelope together with the opt-out notice; (iii) Providing an electronic means to opt out, such as a form that can be electronically mailed or processed at an Internet Web site, if the consumer agrees to the electronic delivery of information; (iv) Providing a toll-free telephone number that consumers may call to opt out; or (v) Allowing consumers to exercise all of their opt-out rights described in a consolidated opt-out notice that includes the privacy opt-out under the Gramm-Leach-Bliley Act, 15 U.S.C. 6801 et seq., the affiliate sharing opt-out under the Act, and the affiliate marketing opt-out under the Act, by a single method, such as by calling a single toll-free telephone number. VerDate Aug<31>2005 16:20 Nov 06, 2007 Jkt 214001 (2) Opt-out methods that are not reasonable and simple. Reasonable and simple methods for exercising an optout right do not include— (i) Requiring the consumer to write his or her own letter; (ii) Requiring the consumer to call or write to obtain a form for opting out, rather than including the form with the opt-out notice; (iii) Requiring the consumer who receives the opt-out notice in electronic form only, such as through posting at an Internet Web site, to opt out solely by paper mail or by visiting a different Web site without providing a link to that site. (c) Specific opt-out means. Each consumer may be required to opt out through a specific means, as long as that means is reasonable and simple for that consumer. § 334.26 Delivery of opt-out notices. (a) In general. The opt-out notice must be provided so that each consumer can reasonably be expected to receive actual notice. For opt-out notices provided electronically, the notice may be provided in compliance with either the electronic disclosure provisions in this subpart or the provisions in section 101 of the Electronic Signatures in Global and National Commerce Act, 15 U.S.C. 7001 et seq. (b) Examples of reasonable expectation of actual notice. A consumer may reasonably be expected to receive actual notice if the affiliate providing the notice: (1) Hand-delivers a printed copy of the notice to the consumer; (2) Mails a printed copy of the notice to the last known mailing address of the consumer; (3) Provides a notice by e-mail to a consumer who has agreed to receive electronic disclosures by e-mail from the affiliate providing the notice; or (4) Posts the notice on the Internet Web site at which the consumer obtained a product or service electronically and requires the consumer to acknowledge receipt of the notice. (c) Examples of no reasonable expectation of actual notice. A consumer may not reasonably be expected to receive actual notice if the affiliate providing the notice: (1) Only posts the notice on a sign in a branch or office or generally publishes the notice in a newspaper; (2) Sends the notice via e-mail to a consumer who has not agreed to receive electronic disclosures by e-mail from the affiliate providing the notice; or (3) Posts the notice on an Internet Web site without requiring the consumer to acknowledge receipt of the notice. PO 00000 Frm 00062 Fmt 4701 Sfmt 4700 § 334.27 Renewal of opt-out. (a) Renewal notice and opt-out requirement. (1) In general. After the opt-out period expires, you may not make solicitations based on eligibility information you receive from an affiliate to a consumer who previously opted out, unless: (i) The consumer has been given a renewal notice that complies with the requirements of this section and §§ 334.24 through 334.26 of this part, and a reasonable opportunity and a reasonable and simple method to renew the opt-out, and the consumer does not renew the opt-out; or (ii) An exception in § 334.21(c) of this part applies. (2) Renewal period. Each opt-out renewal must be effective for a period of at least five years as provided in § 334.22(b) of this part. (3) Affiliates who may provide the notice. The notice required by this paragraph must be provided: (i) By the affiliate that provided the previous opt-out notice, or its successor; or (ii) As part of a joint renewal notice from two or more members of an affiliated group of companies, or their successors, that jointly provided the previous opt-out notice. (b) Contents of renewal notice. The renewal notice must be clear, conspicuous, and concise, and must accurately disclose: (1) The name of the affiliate(s) providing the notice. If the notice is provided jointly by multiple affiliates and each affiliate shares a common name, such as ‘‘ABC,’’ then the notice may indicate that it is being provided by multiple companies with the ABC name or multiple companies in the ABC group or family of companies, for example, by stating that the notice is provided by ‘‘all of the ABC companies,’’ ‘‘the ABC banking, credit card, insurance, and securities companies,’’ or by listing the name of each affiliate providing the notice. But if the affiliates providing the joint notice do not all share a common name, then the notice must either separately identify each affiliate by name or identify each of the common names used by those affiliates, for example, by stating that the notice is provided by ‘‘all of the ABC and XYZ companies’’ or by ‘‘the ABC banking and credit card companies and the XYZ insurance companies;’’ (2) A list of the affiliates or types of affiliates whose use of eligibility information is covered by the notice, which may include companies that become affiliates after the notice is provided to the consumer. If each affiliate covered by the notice shares a E:\FR\FM\07NOR2.SGM 07NOR2 rwilkins on PROD1PC63 with RULES_2 Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations common name, such as ‘‘ABC,’’ then the notice may indicate that it applies to multiple companies with the ABC name or multiple companies in the ABC group or family of companies, for example, by stating that the notice is provided by ‘‘all of the ABC companies,’’ ‘‘the ABC banking, credit card, insurance, and securities companies,’’ or by listing the name of each affiliate providing the notice. But if the affiliates covered by the notice do not all share a common name, then the notice must either separately identify each covered affiliate by name or identify each of the common names used by those affiliates, for example, by stating that the notice applies to ‘‘all of the ABC and XYZ companies’’ or to ‘‘the ABC banking and credit card companies and the XYZ insurance companies;’’ (3) A general description of the types of eligibility information that may be used to make solicitations to the consumer; (4) That the consumer previously elected to limit the use of certain information to make solicitations to the consumer; (5) That the consumer’s election has expired or is about to expire; (6) That the consumer may elect to renew the consumer’s previous election; (7) If applicable, that the consumer’s election to renew will apply for the specified period of time stated in the notice and that the consumer will be allowed to renew the election once that period expires; and (8) A reasonable and simple method for the consumer to opt out. (c) Timing of the renewal notice. (1) In general. A renewal notice may be provided to the consumer either— (i) A reasonable period of time before the expiration of the opt-out period; or (ii) Any time after the expiration of the opt-out period but before solicitations that would have been prohibited by the expired opt-out are made to the consumer. (2) Combination with annual privacy notice. If you provide an annual privacy notice under the Gramm-Leach-Bliley Act, 15 U.S.C. 6801 et seq., providing a renewal notice with the last annual privacy notice provided to the consumer before expiration of the opt-out period is a reasonable period of time before expiration of the opt-out in all cases. (d) No effect on opt-out period. An opt-out period may not be shortened by sending a renewal notice to the consumer before expiration of the optout period, even if the consumer does not renew the opt-out. VerDate Aug<31>2005 16:20 Nov 06, 2007 Jkt 214001 § 334.28 Effective date, compliance date, and prospective application. (a) Effective date. This subpart is effective January 1, 2008. (b) Mandatory compliance date. Compliance with this subpart is required not later than October 1, 2008. (c) Prospective application. The provisions of this subpart shall not prohibit you from using eligibility information that you receive from an affiliate to make solicitations to a consumer if you receive such information prior to October 1, 2008. For purposes of this section, you are deemed to receive eligibility information when such information is placed into a common database and is accessible by you. I 4. Appendixes A and B to part 334 are added and reserved, and a new Appendix C to part 334 is added to read as follows: Appendix C To Part 334—Model Forms for Opt-Out Notices a. Although use of the model forms is not required, use of the model forms in this Appendix (as applicable) complies with the requirement in section 624 of the Act for clear, conspicuous, and concise notices. b. Certain changes may be made to the language or format of the model forms without losing the protection from liability afforded by use of the model forms. These changes may not be so extensive as to affect the substance, clarity, or meaningful sequence of the language in the model forms. Persons making such extensive revisions will lose the safe harbor that this Appendix provides. Acceptable changes include, for example: 1. Rearranging the order of the references to ‘‘your income,’’ ‘‘your account history,’’ and ‘‘your credit score.’’ 2. Substituting other types of information for ‘‘income,’’ ‘‘account history,’’ or ‘‘credit score’’ for accuracy, such as ‘‘payment history,’’ ‘‘credit history,’’ ‘‘payoff status,’’ or ‘‘claims history.’’ 3. Substituting a clearer and more accurate description of the affiliates providing or covered by the notice for phrases such as ‘‘the [ABC] group of companies,’’ including without limitation a statement that the entity providing the notice recently purchased the consumer’s account. 4. Substituting other types of affiliates covered by the notice for ‘‘credit card,’’ ‘‘insurance,’’ or ‘‘securities’’ affiliates. 5. Omitting items that are not accurate or applicable. For example, if a person does not limit the duration of the opt-out period, the notice may omit information about the renewal notice. 6. Adding a statement informing consumers how much time they have to opt out before shared eligibility information may be used to make solicitations to them. 7. Adding a statement that the consumer may exercise the right to opt out at any time. 8. Adding the following statement, if accurate: ‘‘If you previously opted out, you do not need to do so again.’’ PO 00000 Frm 00063 Fmt 4701 Sfmt 4700 62971 9. Providing a place on the form for the consumer to fill in identifying information, such as his or her name and address: C–1 Model Form for Initial Opt-out Notice (Single-Affiliate Notice) C–2 Model Form for Initial Opt-out Notice (Joint Notice) C–3 Model Form for Renewal Notice (Single-Affiliate Notice) C–4 Model Form for Renewal Notice (Joint Notice) C–5 Model Form for Voluntary ‘‘No Marketing’’ Notice C–1—Model Form for Initial Opt-out Notice (Single-Affiliate Notice)—[Your Choice To Limit Marketing]/[Marketing Opt-out] • [Name of Affiliate] is providing this notice. • [Optional: Federal law gives you the right to limit some but not all marketing from our affiliates. Federal law also requires us to give you this notice to tell you about your choice to limit marketing from our affiliates.] • You may limit our affiliates in the [ABC] group of companies, such as our [credit card, insurance, and securities] affiliates, from marketing their products or services to you based on your personal information that we collect and share with them. This information includes your [income], your [account history with us], and your [credit score]. • Your choice to limit marketing offers from our affiliates will apply [until you tell us to change your choice]/[for x years from when you tell us your choice]/[for at least 5 years from when you tell us your choice]. [Include if the opt-out period expires.] Once that period expires, you will receive a renewal notice that will allow you to continue to limit marketing offers from our affiliates for [another x years]/[at least another 5 years]. • [Include, if applicable, in a subsequent notice, including an annual notice, for consumers who may have previously opted out.] If you have already made a choice to limit marketing offers from our affiliates, you do not need to act again until you receive the renewal notice. To limit marketing offers, contact us [include all that apply]: • By telephone: 1–877–###–#### • On the Web: www.---.com • By mail: Check the box and complete the form below, and send the form to: [Company name] [Company address] lDo not allow your affiliates to use my personal information to market to me. C–2—Model Form for Initial Opt-out Notice (Joint Notice)—[Your Choice To Limit Marketing]/[Marketing Opt-out] • The [ABC group of companies] is providing this notice. • [Optional: Federal law gives you the right to limit some but not all marketing from the [ABC] companies. Federal law also requires us to give you this notice to tell you about your choice to limit marketing from the [ABC] companies.] • You may limit the [ABC] companies, such as the [ABC credit card, insurance, and securities] affiliates, from marketing their E:\FR\FM\07NOR2.SGM 07NOR2 62972 Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations products or services to you based on your personal information that they receive from other [ABC] companies. This information includes your [income], your [account history], and your [credit score]. • Your choice to limit marketing offers from the [ABC] companies will apply [until you tell us to change your choice]/[for x years from when you tell us your choice]/[for at least 5 years from when you tell us your choice]. [Include if the opt-out period expires.] Once that period expires, you will receive a renewal notice that will allow you to continue to limit marketing offers from the [ABC] companies for [another x years]/[at least another 5 years]. • [Include, if applicable, in a subsequent notice, including an annual notice, for consumers who may have previously opted out.] If you have already made a choice to limit marketing offers from the [ABC] companies, you do not need to act again until you receive the renewal notice. To limit marketing offers, contact us [include all that apply]: • By telephone: 1–877–###–#### • On the Web: www.---.com • By mail: Check the box and complete the form below, and send the form to: [Company name] [Company address] lDo not allow any company [in the ABC group of companies] to use my personal information to market to me. rwilkins on PROD1PC63 with RULES_2 C–3—Model Form for Renewal Notice (Single-Affiliate Notice)—[Renewing Your Choice To Limit Marketing]/[Renewing Your Marketing Opt-out] • [Name of Affiliate] is providing this notice. • [Optional: Federal law gives you the right to limit some but not all marketing from our affiliates. Federal law also requires us to give you this notice to tell you about your choice to limit marketing from our affiliates.] • You previously chose to limit our affiliates in the [ABC] group of companies, such as our [credit card, insurance, and securities] affiliates, from marketing their products or services to you based on your personal information that we share with them. This information includes your [income], your [account history with us], and your [credit score]. • Your choice has expired or is about to expire. To renew your choice to limit marketing for [x] more years, contact us [include all that apply]: • By telephone: 1–877–###–#### • On the Web: www.---.com • By mail: Check the box and complete the form below, and send the form to: [Company name] [Company address] lRenew my choice to limit marketing for [x] more years. C–4—Model Form for Renewal Notice (Joint Notice)—[Renewing Your Choice To Limit Marketing]/[Renewing Your Marketing Optout] • The [ABC group of companies] is providing this notice. VerDate Aug<31>2005 16:20 Nov 06, 2007 Jkt 214001 • [Optional: Federal law gives you the right to limit some but not all marketing from the [ABC] companies. Federal law also requires us to give you this notice to tell you about your choice to limit marketing from the [ABC] companies.] • You previously chose to limit the [ABC] companies, such as the [ABC credit card, insurance, and securities] affiliates, from marketing their products or services to you based on your personal information that they receive from other ABC companies. This information includes your [income], your [account history], and your [credit score]. • Your choice has expired or is about to expire. To renew your choice to limit marketing for [x] more years, contact us [include all that apply]: • By telephone: 1–877–###–#### • On the Web: www.---.com • By mail: Check the box and complete the form below, and send the form to: [Company name] [Company address] lRenew my choice to limit marketing for [x] more years. C–5—Model Form for Voluntary ‘‘No Marketing’’ Notice—Your Choice To Stop Marketing • [Name of Affiliate] is providing this notice. • You may choose to stop all marketing from us and our affiliates. To stop all marketing, contact us [include all that apply]: • By telephone: 1–877–###–#### • On the Web: www.---.com • By mail: Check the box and complete the form below, and send the form to: [Company name] [Company address] lDo not market to me. Department of the Treasury Office of Thrift Supervision 12 CFR Chapter V. Authority and Issuance For the reasons discussed in the joint preamble, the Office of Thrift Supervision is amending chapter V of title 12 of the Code of Federal Regulations by amending 12 CFR part 571 as follows: I PART 571—FAIR CREDIT REPORTING 1. The authority citation for part 571 is revised to read as follows: I Authority: 12 U.S.C. 1462a, 1463, 1464, 1467a, 1828, 1831p–1, and 1881–1884; 15 U.S.C. 1681b, 1681c, 1681m, 1681s, and 1681w; 15 U.S.C. 6801 and 6805; Sec. 214 Pub. L. 108–159, 117 Stat. 1952. Subpart A—General Provisions 2. Amend § 571.1 by adding a new paragraph (b)(3) to read as follows: I § 571.1 * PO 00000 * Purpose and scope. * Frm 00064 * Fmt 4701 * Sfmt 4700 (b) * * * (3) The scope of Subpart C of this part is stated in § 571.20(a) of this part. * * * * * I 3. Add a new Subpart C to part 571 to read as follows: Subpart C—Affiliate Marketing Sec. 571.20 Coverage and definitions. 571.21 Affiliate marketing opt-out and exceptions. 571.22 Scope and duration of opt-out. 571.23 Contents of opt-out notice; consolidated and equivalent notices. 571.24 Reasonable opportunity to opt out. 571.25 Reasonable and simple methods of opting out. 571.26 Delivery of opt-out notices. 571.27 Renewal of opt-out. 571.28 Effective date, compliance date, and prospective application. Subpart C—Affiliate Marketing § 571.20 Coverage and definitions. (a) Coverage. Subpart C of this part applies to savings associations whose deposits are insured by the Federal Deposit Insurance Corporation or, in accordance with § 559.3(h)(1) of this chapter, federal savings association operating subsidiaries that are not functionally regulated within the meaning of section 5(c)(5) of the Bank Holding Company Act of 1956, as amended (12 U.S.C. 1844(c)(5)). (b) Definitions. For purposes of this subpart: (1) Clear and conspicuous. The term ‘‘clear and conspicuous’’ means reasonably understandable and designed to call attention to the nature and significance of the information presented. (2) Concise. (i) In general. The term ‘‘concise’’ means a reasonably brief expression or statement. (ii) Combination with other required disclosures. A notice required by this subpart may be concise even if it is combined with other disclosures required or authorized by federal or state law. (3) Eligibility information. The term ‘‘eligibility information’’ means any information the communication of which would be a consumer report if the exclusions from the definition of ‘‘consumer report’’ in section 603(d)(2)(A) of the Act did not apply. Eligibility information does not include aggregate or blind data that does not contain personal identifiers such as account numbers, names, or addresses. (4) Pre-existing business relationship. (i) In general. The term ‘‘pre-existing business relationship’’ means a relationship between a person, or a person’s licensed agent, and a consumer based on— E:\FR\FM\07NOR2.SGM 07NOR2 rwilkins on PROD1PC63 with RULES_2 Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations (A) A financial contract between the person and the consumer which is in force on the date on which the consumer is sent a solicitation covered by this subpart; (B) The purchase, rental, or lease by the consumer of the person’s goods or services, or a financial transaction (including holding an active account or a policy in force or having another continuing relationship) between the consumer and the person, during the 18month period immediately preceding the date on which the consumer is sent a solicitation covered by this subpart; or (C) An inquiry or application by the consumer regarding a product or service offered by that person during the threemonth period immediately preceding the date on which the consumer is sent a solicitation covered by this subpart. (ii) Examples of pre-existing business relationships. (A) If a consumer has a time deposit account, such as a certificate of deposit, at a depository institution that is currently in force, the depository institution has a pre-existing business relationship with the consumer and can use eligibility information it receives from its affiliates to make solicitations to the consumer about its products or services. (B) If a consumer obtained a certificate of deposit from a depository institution, but did not renew the certificate at maturity, the depository institution has a pre-existing business relationship with the consumer and can use eligibility information it receives from its affiliates to make solicitations to the consumer about its products or services for 18 months after the date of maturity of the certificate of deposit. (C) If a consumer obtains a mortgage, the mortgage lender has a pre-existing business relationship with the consumer. If the mortgage lender sells the consumer’s entire loan to an investor, the mortgage lender has a preexisting business relationship with the consumer and can use eligibility information it receives from its affiliates to make solicitations to the consumer about its products or services for 18 months after the date it sells the loan, and the investor has a pre-existing business relationship with the consumer upon purchasing the loan. If, however, the mortgage lender sells a fractional interest in the consumer’s loan to an investor but also retains an ownership interest in the loan, the mortgage lender continues to have a pre-existing business relationship with the consumer, but the investor does not have a pre-existing business relationship with the consumer. If the mortgage lender retains ownership of the loan, but sells ownership of the VerDate Aug<31>2005 16:20 Nov 06, 2007 Jkt 214001 servicing rights to the consumer’s loan, the mortgage lender continues to have a pre-existing business relationship with the consumer. The purchaser of the servicing rights also has a pre-existing business relationship with the consumer as of the date it purchases ownership of the servicing rights, but only if it collects payments from or otherwise deals directly with the consumer on a continuing basis. (D) If a consumer applies to a depository institution for a product or service that it offers, but does not obtain a product or service from or enter into a financial contract or transaction with the institution, the depository institution has a pre-existing business relationship with the consumer and can therefore use eligibility information it receives from an affiliate to make solicitations to the consumer about its products or services for three months after the date of the application. (E) If a consumer makes a telephone inquiry to a depository institution about its products or services and provides contact information to the institution, but does not obtain a product or service from or enter into a financial contract or transaction with the institution, the depository institution has a pre-existing business relationship with the consumer and can therefore use eligibility information it receives from an affiliate to make solicitations to the consumer about its products or services for three months after the date of the inquiry. (F) If a consumer makes an inquiry to a depository institution by e-mail about its products or services, but does not obtain a product or service from or enter into a financial contract or transaction with the institution, the depository institution has a pre-existing business relationship with the consumer and can therefore use eligibility information it receives from an affiliate to make solicitations to the consumer about its products or services for three months after the date of the inquiry. (G) If a consumer has an existing relationship with a depository institution that is part of a group of affiliated companies, makes a telephone call to the centralized call center for the group of affiliated companies to inquire about products or services offered by the insurance affiliate, and provides contact information to the call center, the call constitutes an inquiry to the insurance affiliate that offers those products or services. The insurance affiliate has a pre-existing business relationship with the consumer and can therefore use eligibility information it receives from its affiliated depository institution to make solicitations to the consumer PO 00000 Frm 00065 Fmt 4701 Sfmt 4700 62973 about its products or services for three months after the date of the inquiry. (iii) Examples where no pre-existing business relationship is created. (A) If a consumer makes a telephone call to a centralized call center for a group of affiliated companies to inquire about the consumer’s existing account at a depository institution, the call does not constitute an inquiry to any affiliate other than the depository institution that holds the consumer’s account and does not establish a pre-existing business relationship between the consumer and any affiliate of the account-holding depository institution. (B) If a consumer who has a deposit account with a depository institution makes a telephone call to an affiliate of the institution to ask about the affiliate’s retail locations and hours, but does not make an inquiry about the affiliate’s products or services, the call does not constitute an inquiry and does not establish a pre-existing business relationship between the consumer and the affiliate. Also, the affiliate’s capture of the consumer’s telephone number does not constitute an inquiry and does not establish a pre-existing business relationship between the consumer and the affiliate. (C) If a consumer makes a telephone call to a depository institution in response to an advertisement that offers a free promotional item to consumers who call a toll-free number, but the advertisement does not indicate that the depository institution’s products or services will be marketed to consumers who call in response, the call does not create a pre-existing business relationship between the consumer and the depository institution because the consumer has not made an inquiry about a product or service offered by the institution, but has merely responded to an offer for a free promotional item. (5) Solicitation. (i) In general. The term ‘‘solicitation’’ means the marketing of a product or service initiated by a person to a particular consumer that is— (A) Based on eligibility information communicated to that person by its affiliate as described in this subpart; and (B) Intended to encourage the consumer to purchase or obtain such product or service. (ii) Exclusion of marketing directed at the general public. A solicitation does not include marketing communications that are directed at the general public. For example, television, general circulation magazine, and billboard advertisements do not constitute solicitations, even if those communications are intended to encourage consumers to purchase E:\FR\FM\07NOR2.SGM 07NOR2 62974 Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations products and services from the person initiating the communications. (iii) Examples of solicitations. A solicitation would include, for example, a telemarketing call, direct mail, e-mail, or other form of marketing communication directed to a particular consumer that is based on eligibility information received from an affiliate. (6) You means a person described in paragraph (a) of this section. rwilkins on PROD1PC63 with RULES_2 § 571.21 Affiliate marketing opt-out and exceptions. (a) Initial notice and opt-out requirement. (1) In general. You may not use eligibility information about a consumer that you receive from an affiliate to make a solicitation for marketing purposes to the consumer, unless— (i) It is clearly and conspicuously disclosed to the consumer in writing or, if the consumer agrees, electronically, in a concise notice that you may use eligibility information about that consumer received from an affiliate to make solicitations for marketing purposes to the consumer; (ii) The consumer is provided a reasonable opportunity and a reasonable and simple method to ‘‘opt out,’’ or prohibit you from using eligibility information to make solicitations for marketing purposes to the consumer; and (iii) The consumer has not opted out. (2) Example. A consumer has a homeowner’s insurance policy with an insurance company. The insurance company furnishes eligibility information about the consumer to its affiliated depository institution. Based on that eligibility information, the depository institution wants to make a solicitation to the consumer about its home equity loan products. The depository institution does not have a pre-existing business relationship with the consumer and none of the other exceptions apply. The depository institution is prohibited from using eligibility information received from its insurance affiliate to make solicitations to the consumer about its home equity loan products unless the consumer is given a notice and opportunity to opt out and the consumer does not opt out. (3) Affiliates who may provide the notice. The notice required by this paragraph must be provided: (i) By an affiliate that has or has previously had a pre-existing business relationship with the consumer; or (ii) As part of a joint notice from two or more members of an affiliated group of companies, provided that at least one of the affiliates on the joint notice has or has previously had a pre-existing VerDate Aug<31>2005 16:20 Nov 06, 2007 Jkt 214001 business relationship with the consumer. (b) Making solicitations. (1) In general. For purposes of this subpart, you make a solicitation for marketing purposes if— (i) You receive eligibility information from an affiliate; (ii) You use that eligibility information to do one or more of the following: (A) Identify the consumer or type of consumer to receive a solicitation; (B) Establish criteria used to select the consumer to receive a solicitation; or (C) Decide which of your products or services to market to the consumer or tailor your solicitation to that consumer; and (iii) As a result of your use of the eligibility information, the consumer is provided a solicitation. (2) Receiving eligibility information from an affiliate, including through a common database. You may receive eligibility information from an affiliate in various ways, including when the affiliate places that information into a common database that you may access. (3) Receipt or use of eligibility information by your service provider. Except as provided in paragraph (b)(5) of this section, you receive or use an affiliate’s eligibility information if a service provider acting on your behalf (whether an affiliate or a nonaffiliated third party) receives or uses that information in the manner described in paragraphs (b)(1)(i) or (b)(1)(ii) of this section. All relevant facts and circumstances will determine whether a person is acting as your service provider when it receives or uses an affiliate’s eligibility information in connection with marketing your products and services. (4) Use by an affiliate of its own eligibility information. Unless you have used eligibility information that you receive from an affiliate in the manner described in paragraph (b)(1)(ii) of this section, you do not make a solicitation subject to this subpart if your affiliate: (i) Uses its own eligibility information that it obtained in connection with a pre-existing business relationship it has or had with the consumer to market your products or services to the consumer; or (ii) Directs its service provider to use the affiliate’s own eligibility information that it obtained in connection with a pre-existing business relationship it has or had with the consumer to market your products or services to the consumer, and you do not communicate directly with the service provider regarding that use. PO 00000 Frm 00066 Fmt 4701 Sfmt 4700 (5) Use of eligibility information by a service provider. (i) In general. You do not make a solicitation subject to Subpart C of this part if a service provider (including an affiliated or third-party service provider that maintains or accesses a common database that you may access) receives eligibility information from your affiliate that your affiliate obtained in connection with a pre-existing business relationship it has or had with the consumer and uses that eligibility information to market your products or services to the consumer, so long as— (A) Your affiliate controls access to and use of its eligibility information by the service provider (including the right to establish the specific terms and conditions under which the service provider may use such information to market your products or services); (B) Your affiliate establishes specific terms and conditions under which the service provider may access and use the affiliate’s eligibility information to market your products and services (or those of affiliates generally) to the consumer, such as the identity of the affiliated companies whose products or services may be marketed to the consumer by the service provider, the types of products or services of affiliated companies that may be marketed, and the number of times the consumer may receive marketing materials, and periodically evaluates the service provider’s compliance with those terms and conditions; (C) Your affiliate requires the service provider to implement reasonable policies and procedures designed to ensure that the service provider uses the affiliate’s eligibility information in accordance with the terms and conditions established by the affiliate relating to the marketing of your products or services; (D) Your affiliate is identified on or with the marketing materials provided to the consumer; and (E) You do not directly use your affiliate’s eligibility information in the manner described in paragraph (b)(1)(ii) of this section. (ii) Writing requirements. (A) The requirements of paragraphs (b)(5)(i)(A) and (C) of this section must be set forth in a written agreement between your affiliate and the service provider; and (B) The specific terms and conditions established by your affiliate as provided in paragraph (b)(5)(i)(B) of this section must be set forth in writing. (6) Examples of making solicitations. (i) A consumer has a deposit account with a depository institution, which is affiliated with an insurance company. The insurance company receives E:\FR\FM\07NOR2.SGM 07NOR2 rwilkins on PROD1PC63 with RULES_2 Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations eligibility information about the consumer from the depository institution. The insurance company uses that eligibility information to identify the consumer to receive a solicitation about insurance products, and, as a result, the insurance company provides a solicitation to the consumer about its insurance products. Pursuant to paragraph (b)(1) of this section, the insurance company has made a solicitation to the consumer. (ii) The same facts as in the example in paragraph (b)(6)(i) of this section, except that after using the eligibility information to identify the consumer to receive a solicitation about insurance products, the insurance company asks the depository institution to send the solicitation to the consumer and the depository institution does so. Pursuant to paragraph (b)(1) of this section, the insurance company has made a solicitation to the consumer because it used eligibility information about the consumer that it received from an affiliate to identify the consumer to receive a solicitation about its products or services, and, as a result, a solicitation was provided to the consumer about the insurance company’s products. (iii) The same facts as in the example in paragraph (b)(6)(i) of this section, except that eligibility information about consumers that have deposit accounts with the depository institution is placed into a common database that all members of the affiliated group of companies may independently access and use. Without using the depository institution’s eligibility information, the insurance company develops selection criteria and provides those criteria, marketing materials, and related instructions to the depository institution. The depository institution reviews eligibility information about its own consumers using the selection criteria provided by the insurance company to determine which consumers should receive the insurance company’s marketing materials and sends marketing materials about the insurance company’s products to those consumers. Even though the insurance company has received eligibility information through the common database as provided in paragraph (b)(2) of this section, it did not use that information to identify consumers or establish selection criteria; instead, the depository institution used its own eligibility information. Therefore, pursuant to paragraph (b)(4)(i) of this section, the insurance company has not made a solicitation to the consumer. (iv) The same facts as in the example in paragraph (b)(6)(iii) of this section, VerDate Aug<31>2005 16:20 Nov 06, 2007 Jkt 214001 except that the depository institution provides the insurance company’s criteria to the depository institution’s service provider and directs the service provider to use the depository institution’s eligibility information to identify depository institution consumers who meet the criteria and to send the insurance company’s marketing materials to those consumers. The insurance company does not communicate directly with the service provider regarding the use of the depository institution’s information to market its products to the depository institution’s consumers. Pursuant to paragraph (b)(4)(ii) of this section, the insurance company has not made a solicitation to the consumer. (v) An affiliated group of companies includes a depository institution, an insurance company, and a service provider. Each affiliate in the group places information about its consumers into a common database. The service provider has access to all information in the common database. The depository institution controls access to and use of its eligibility information by the service provider. This control is set forth in a written agreement between the depository institution and the service provider. The written agreement also requires the service provider to establish reasonable policies and procedures designed to ensure that the service provider uses the depository institution’s eligibility information in accordance with specific terms and conditions established by the depository institution relating to the marketing of the products and services of all affiliates, including the insurance company. In a separate written communication, the depository institution specifies the terms and conditions under which the service provider may use the depository institution’s eligibility information to market the insurance company’s products and services to the depository institution’s consumers. The specific terms and conditions are: A list of affiliated companies (including the insurance company) whose products or services may be marketed to the depository institution’s consumers by the service provider; the specific products or types of products that may be marketed to the depository institution’s consumers by the service provider; the categories of eligibility information that may be used by the service provider in marketing products or services to the depository institution’s consumers; the types or categories of the depository institution’s consumers to whom the service PO 00000 Frm 00067 Fmt 4701 Sfmt 4700 62975 provider may market products or services of depository institution affiliates; the number and/or types of marketing communications that the service provider may send to the depository institution’s consumers; and the length of time during which the service provider may market the products or services of the depository institution’s affiliates to its consumers. The depository institution periodically evaluates the service provider’s compliance with these terms and conditions. The insurance company asks the service provider to market insurance products to certain consumers who have deposit accounts with the depository institution. Without using the depository institution’s eligibility information, the insurance company develops selection criteria and provides those criteria, marketing materials, and related instructions to the service provider. The service provider uses the depository institution’s eligibility information from the common database to identify the depository institution’s consumers to whom insurance products will be marketed. When the insurance company’s marketing materials are provided to the identified consumers, the name of the depository institution is displayed on the insurance marketing materials, an introductory letter that accompanies the marketing materials, an account statement that accompanies the marketing materials, or the envelope containing the marketing materials. The requirements of paragraph (b)(5) of this section have been satisfied, and the insurance company has not made a solicitation to the consumer. (vi) The same facts as in the example in paragraph (b)(6)(v) of this section, except that the terms and conditions permit the service provider to use the depository institution’s eligibility information to market the products and services of other affiliates to the depository institution’s consumers whenever the service provider deems it appropriate to do so. The service provider uses the depository institution’s eligibility information in accordance with the discretion afforded to it by the terms and conditions. Because the terms and conditions are not specific, the requirements of paragraph (b)(5) of this section have not been satisfied. (c) Exceptions. The provisions of this subpart do not apply to you if you use eligibility information that you receive from an affiliate: (1) To make a solicitation for marketing purposes to a consumer with whom you have a pre-existing business relationship; E:\FR\FM\07NOR2.SGM 07NOR2 rwilkins on PROD1PC63 with RULES_2 62976 Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations (2) To facilitate communications to an individual for whose benefit you provide employee benefit or other services pursuant to a contract with an employer related to and arising out of the current employment relationship or status of the individual as a participant or beneficiary of an employee benefit plan; (3) To perform services on behalf of an affiliate, except that this subparagraph shall not be construed as permitting you to send solicitations on behalf of an affiliate if the affiliate would not be permitted to send the solicitation as a result of the election of the consumer to opt out under this subpart; (4) In response to a communication about your products or services initiated by the consumer; (5) In response to an authorization or request by the consumer to receive solicitations; or (6) If your compliance with this subpart would prevent you from complying with any provision of State insurance laws pertaining to unfair discrimination in any State in which you are lawfully doing business. (d) Examples of exceptions. (1) Example of the pre-existing business relationship exception. A consumer has a deposit account with a depository institution. The consumer also has a relationship with the depository institution’s securities affiliate for management of the consumer’s securities portfolio. The depository institution receives eligibility information about the consumer from its securities affiliate and uses that information to make a solicitation to the consumer about the depository institution’s wealth management services. The depository institution may make this solicitation even if the consumer has not been given a notice and opportunity to opt out because the depository institution has a pre-existing business relationship with the consumer. (2) Examples of service provider exception. (i) A consumer has an insurance policy issued by an insurance company. The insurance company furnishes eligibility information about the consumer to its affiliated depository institution. Based on that eligibility information, the depository institution wants to make a solicitation to the consumer about its deposit products. The depository institution does not have a pre-existing business relationship with the consumer and none of the other exceptions in paragraph (c) of this section apply. The consumer has been given an opt-out notice and has elected to opt out of receiving such VerDate Aug<31>2005 16:20 Nov 06, 2007 Jkt 214001 solicitations. The depository institution asks a service provider to send the solicitation to the consumer on its behalf. The service provider may not send the solicitation on behalf of the depository institution because, as a result of the consumer’s opt-out election, the depository institution is not permitted to make the solicitation. (ii) The same facts as in paragraph (d)(2)(i) of this section, except the consumer has been given an opt-out notice, but has not elected to opt out. The depository institution asks a service provider to send the solicitation to the consumer on its behalf. The service provider may send the solicitation on behalf of the depository institution because, as a result of the consumer’s not opting out, the depository institution is permitted to make the solicitation. (3) Examples of consumer-initiated communications. (i) A consumer who has a deposit account with a depository institution initiates a communication with the depository institution’s credit card affiliate to request information about a credit card. The credit card affiliate may use eligibility information about the consumer it obtains from the depository institution or any other affiliate to make solicitations regarding credit card products in response to the consumer-initiated communication. (ii) A consumer who has a deposit account with a depository institution contacts the institution to request information about how to save and invest for a child’s college education without specifying the type of product in which the consumer may be interested. Information about a range of different products or services offered by the depository institution and one or more affiliates of the institution may be responsive to that communication. Such products or services may include the following: Mutual funds offered by the institution’s mutual fund affiliate; section 529 plans offered by the institution, its mutual fund affiliate, or another securities affiliate; or trust services offered by a different financial institution in the affiliated group. Any affiliate offering investment products or services that would be responsive to the consumer’s request for information about saving and investing for a child’s college education may use eligibility information to make solicitations to the consumer in response to this communication. (iii) A credit card issuer makes a marketing call to the consumer without using eligibility information received from an affiliate. The issuer leaves a voice-mail message that invites the consumer to call a toll-free number to PO 00000 Frm 00068 Fmt 4701 Sfmt 4700 apply for the issuer’s credit card. If the consumer calls the toll-free number to inquire about the credit card, the call is a consumer-initiated communication about a product or service and the credit card issuer may now use eligibility information it receives from its affiliates to make solicitations to the consumer. (iv) A consumer calls a depository institution to ask about retail locations and hours, but does not request information about products or services. The institution may not use eligibility information it receives from an affiliate to make solicitations to the consumer about its products or services because the consumer-initiated communication does not relate to the depository institution’s products or services. Thus, the use of eligibility information received from an affiliate would not be responsive to the communication and the exception does not apply. (v) A consumer calls a depository institution to ask about retail locations and hours. The customer service representative asks the consumer if there is a particular product or service about which the consumer is seeking information. The consumer responds that the consumer wants to stop in and find out about certificates of deposit. The customer service representative offers to provide that information by telephone and mail additional information and application materials to the consumer. The consumer agrees and provides or confirms contact information for receipt of the materials to be mailed. The depository institution may use eligibility information it receives from an affiliate to make solicitations to the consumer about certificates of deposit because such solicitations would respond to the consumer-initiated communication about products or services. (4) Examples of consumer authorization or request for solicitations. (i) A consumer who obtains a mortgage from a mortgage lender authorizes or requests information about homeowner’s insurance offered by the mortgage lender’s insurance affiliate. Such authorization or request, whether given to the mortgage lender or to the insurance affiliate, would permit the insurance affiliate to use eligibility information about the consumer it obtains from the mortgage lender or any other affiliate to make solicitations to the consumer about homeowner’s insurance. (ii) A consumer completes an online application to apply for a credit card from a credit card issuer. The issuer’s online application contains a blank check box that the consumer may check E:\FR\FM\07NOR2.SGM 07NOR2 Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations to authorize or request information from the credit card issuer’s affiliates. The consumer checks the box. The consumer has authorized or requested solicitations from the card issuer’s affiliates. (iii) A consumer completes an online application to apply for a credit card from a credit card issuer. The issuer’s online application contains a preselected check box indicating that the consumer authorizes or requests information from the issuer’s affiliates. The consumer does not deselect the check box. The consumer has not authorized or requested solicitations from the card issuer’s affiliates. (iv) The terms and conditions of a credit card account agreement contain preprinted boilerplate language stating that by applying to open an account the consumer authorizes or requests to receive solicitations from the credit card issuer’s affiliates. The consumer has not authorized or requested solicitations from the card issuer’s affiliates. (e) Relation to affiliate-sharing notice and opt-out. Nothing in this subpart limits the responsibility of a person to comply with the notice and opt-out provisions of section 603(d)(2)(A)(iii) of the Act where applicable. rwilkins on PROD1PC63 with RULES_2 § 571.22 Scope and duration of opt-out. (a) Scope of opt-out. (1) In general. Except as otherwise provided in this section, the consumer’s election to opt out prohibits any affiliate covered by the opt-out notice from using eligibility information received from another affiliate as described in the notice to make solicitations to the consumer. (2) Continuing relationship. (i) In general. If the consumer establishes a continuing relationship with you or your affiliate, an opt-out notice may apply to eligibility information obtained in connection with— (A) A single continuing relationship or multiple continuing relationships that the consumer establishes with you or your affiliates, including continuing relationships established subsequent to delivery of the opt-out notice, so long as the notice adequately describes the continuing relationships covered by the opt-out; or (B) Any other transaction between the consumer and you or your affiliates as described in the notice. (ii) Examples of continuing relationships. A consumer has a continuing relationship with you or your affiliate if the consumer— (A) Opens a deposit or investment account with you or your affiliate; (B) Obtains a loan for which you or your affiliate owns the servicing rights; (C) Purchases an insurance product from you or your affiliate; VerDate Aug<31>2005 16:20 Nov 06, 2007 Jkt 214001 (D) Holds an investment product through you or your affiliate, such as when you act or your affiliate acts as a custodian for securities or for assets in an individual retirement arrangement; (E) Enters into an agreement or understanding with you or your affiliate whereby you or your affiliate undertakes to arrange or broker a home mortgage loan for the consumer; (F) Enters into a lease of personal property with you or your affiliate; or (G) Obtains financial, investment, or economic advisory services from you or your affiliate for a fee. (3) No continuing relationship. (i) In general. If there is no continuing relationship between a consumer and you or your affiliate, and you or your affiliate obtain eligibility information about a consumer in connection with a transaction with the consumer, such as an isolated transaction or a credit application that is denied, an opt-out notice provided to the consumer only applies to eligibility information obtained in connection with that transaction. (ii) Examples of isolated transactions. An isolated transaction occurs if— (A) The consumer uses your or your affiliate’s ATM to withdraw cash from an account at another financial institution; or (B) You or your affiliate sells the consumer a cashier’s check or money order, airline tickets, travel insurance, or traveler’s checks in isolated transactions. (4) Menu of alternatives. A consumer may be given the opportunity to choose from a menu of alternatives when electing to prohibit solicitations, such as by electing to prohibit solicitations from certain types of affiliates covered by the opt-out notice but not other types of affiliates covered by the notice, electing to prohibit solicitations based on certain types of eligibility information but not other types of eligibility information, or electing to prohibit solicitations by certain methods of delivery but not other methods of delivery. However, one of the alternatives must allow the consumer to prohibit all solicitations from all of the affiliates that are covered by the notice. (5) Special rule for a notice following termination of all continuing relationships. (i) In general. A consumer must be given a new opt-out notice if, after all continuing relationships with you or your affiliate(s) are terminated, the consumer subsequently establishes another continuing relationship with you or your affiliate(s) and the consumer’s eligibility information is to be used to make a solicitation. The new opt-out notice must apply, at a PO 00000 Frm 00069 Fmt 4701 Sfmt 4700 62977 minimum, to eligibility information obtained in connection with the new continuing relationship. Consistent with paragraph (b) of this section, the consumer’s decision not to opt out after receiving the new opt-out notice would not override a prior opt-out election by the consumer that applies to eligibility information obtained in connection with a terminated relationship, regardless of whether the new opt-out notice applies to eligibility information obtained in connection with the terminated relationship. (ii) Example. A consumer has a checking account with a depository institution that is part of an affiliated group. The consumer closes the checking account. One year after closing the checking account, the consumer opens a savings account with the same depository institution. The consumer must be given a new notice and opportunity to opt out before the depository institution’s affiliates may make solicitations to the consumer using eligibility information obtained by the depository institution in connection with the new savings account relationship, regardless of whether the consumer opted out in connection with the checking account. (b) Duration of opt-out. The election of a consumer to opt out must be effective for a period of at least five years (the ‘‘opt-out period’’) beginning when the consumer’s opt-out election is received and implemented, unless the consumer subsequently revokes the optout in writing or, if the consumer agrees, electronically. An opt-out period of more than five years may be established, including an opt-out period that does not expire unless revoked by the consumer. (c) Time of opt-out. A consumer may opt out at any time. § 571.23 Contents of opt-out notice; consolidated and equivalent notices. (a) Contents of opt-out notice. (1) In general. A notice must be clear, conspicuous, and concise, and must accurately disclose: (i) The name of the affiliate(s) providing the notice. If the notice is provided jointly by multiple affiliates and each affiliate shares a common name, such as ‘‘ABC,’’ then the notice may indicate that it is being provided by multiple companies with the ABC name or multiple companies in the ABC group or family of companies, for example, by stating that the notice is provided by ‘‘all of the ABC companies,’’ ‘‘the ABC banking, credit card, insurance, and securities companies,’’ or by listing the name of each affiliate providing the notice. But if the affiliates providing the E:\FR\FM\07NOR2.SGM 07NOR2 rwilkins on PROD1PC63 with RULES_2 62978 Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations joint notice do not all share a common name, then the notice must either separately identify each affiliate by name or identify each of the common names used by those affiliates, for example, by stating that the notice is provided by ‘‘all of the ABC and XYZ companies’’ or by ‘‘the ABC banking and credit card companies and the XYZ insurance companies’’; (ii) A list of the affiliates or types of affiliates whose use of eligibility information is covered by the notice, which may include companies that become affiliates after the notice is provided to the consumer. If each affiliate covered by the notice shares a common name, such as ‘‘ABC,’’ then the notice may indicate that it applies to multiple companies with the ABC name or multiple companies in the ABC group or family of companies, for example, by stating that the notice is provided by ‘‘all of the ABC companies,’’ ‘‘the ABC banking, credit card, insurance, and securities companies,’’ or by listing the name of each affiliate providing the notice. But if the affiliates covered by the notice do not all share a common name, then the notice must either separately identify each covered affiliate by name or identify each of the common names used by those affiliates, for example, by stating that the notice applies to ‘‘all of the ABC and XYZ companies’’ or to ‘‘the ABC banking and credit card companies and the XYZ insurance companies’’; (iii) A general description of the types of eligibility information that may be used to make solicitations to the consumer; (iv) That the consumer may elect to limit the use of eligibility information to make solicitations to the consumer; (v) That the consumer’s election will apply for the specified period of time stated in the notice and, if applicable, that the consumer will be allowed to renew the election once that period expires; (vi) If the notice is provided to consumers who may have previously opted out, such as if a notice is provided to consumers annually, that the consumer who has chosen to limit solicitations does not need to act again until the consumer receives a renewal notice; and (vii) A reasonable and simple method for the consumer to opt out. (2) Joint relationships. (i) If two or more consumers jointly obtain a product or service, a single opt-out notice may be provided to the joint consumers. Any of the joint consumers may exercise the right to opt out. (ii) The opt-out notice must explain how an opt-out direction by a joint VerDate Aug<31>2005 16:20 Nov 06, 2007 Jkt 214001 consumer will be treated. An opt-out direction by a joint consumer may be treated as applying to all of the associated joint consumers, or each joint consumer may be permitted to opt-out separately. If each joint consumer is permitted to opt out separately, one of the joint consumers must be permitted to opt out on behalf of all of the joint consumers and the joint consumers must be permitted to exercise their separate rights to opt out in a single response. (iii) It is impermissible to require all joint consumers to opt out before implementing any opt-out direction. (3) Alternative contents. If the consumer is afforded a broader right to opt out of receiving marketing than is required by this subpart, the requirements of this section may be satisfied by providing the consumer with a clear, conspicuous, and concise notice that accurately discloses the consumer’s opt-out rights. (4) Model notices. Model notices are provided in Appendix C of this part. (b) Coordinated and consolidated notices. A notice required by this subpart may be coordinated and consolidated with any other notice or disclosure required to be issued under any other provision of law by the entity providing the notice, including but not limited to the notice described in section 603(d)(2)(A)(iii) of the Act and the Gramm-Leach-Bliley Act privacy notice. (c) Equivalent notices. A notice or other disclosure that is equivalent to the notice required by this subpart, and that is provided to a consumer together with disclosures required by any other provision of law, satisfies the requirements of this section. § 571.24 out. Reasonable opportunity to opt (a) In general. You must not use eligibility information about a consumer that you receive from an affiliate to make a solicitation to the consumer about your products or services, unless the consumer is provided a reasonable opportunity to opt out, as required by § 571.21(a)(1)(ii) of this part. (b) Examples of a reasonable opportunity to opt out. The consumer is given a reasonable opportunity to opt out if: (1) By mail. The opt-out notice is mailed to the consumer. The consumer is given 30 days from the date the notice is mailed to elect to opt out by any reasonable means. (2) By electronic means. (i) The optout notice is provided electronically to the consumer, such as by posting the notice at an Internet Web site at which PO 00000 Frm 00070 Fmt 4701 Sfmt 4700 the consumer has obtained a product or service. The consumer acknowledges receipt of the electronic notice. The consumer is given 30 days after the date the consumer acknowledges receipt to elect to opt out by any reasonable means. (ii) The opt-out notice is provided to the consumer by e-mail where the consumer has agreed to receive disclosures by e-mail from the person sending the notice. The consumer is given 30 days after the e-mail is sent to elect to opt out by any reasonable means. (3) At the time of an electronic transaction. The opt-out notice is provided to the consumer at the time of an electronic transaction, such as a transaction conducted on an Internet Web site. The consumer is required to decide, as a necessary part of proceeding with the transaction, whether to opt out before completing the transaction. There is a simple process that the consumer may use to opt out at that time using the same mechanism through which the transaction is conducted. (4) At the time of an in-person transaction. The opt-out notice is provided to the consumer in writing at the time of an in-person transaction. The consumer is required to decide, as a necessary part of proceeding with the transaction, whether to opt out before completing the transaction, and is not permitted to complete the transaction without making a choice. There is a simple process that the consumer may use during the course of the in-person transaction to opt out, such as completing a form that requires consumers to write a ‘‘yes’’ or ‘‘no’’ to indicate their opt-out preference or that requires the consumer to check one of two blank check boxes—one that allows consumers to indicate that they want to opt out and one that allows consumers to indicate that they do not want to opt out. (5) By including in a privacy notice. The opt-out notice is included in a Gramm-Leach-Bliley Act privacy notice. The consumer is allowed to exercise the opt-out within a reasonable period of time and in the same manner as the optout under that privacy notice. § 571.25 Reasonable and simple methods of opting out. (a) In general. You must not use eligibility information about a consumer that you receive from an affiliate to make a solicitation to the consumer about your products or services, unless the consumer is provided a reasonable and simple method to opt out, as required by § 571.21(a)(1)(ii) of this part. E:\FR\FM\07NOR2.SGM 07NOR2 Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations (b) Examples. (1) Reasonable and simple opt-out methods. Reasonable and simple methods for exercising the optout right include— (i) Designating a check-off box in a prominent position on the opt-out form; (ii) Including a reply form and a selfaddressed envelope together with the opt-out notice; (iii) Providing an electronic means to opt out, such as a form that can be electronically mailed or processed at an Internet Web site, if the consumer agrees to the electronic delivery of information; (iv) Providing a toll-free telephone number that consumers may call to opt out; or (v) Allowing consumers to exercise all of their opt-out rights described in a consolidated opt-out notice that includes the privacy opt-out under the Gramm-Leach-Bliley Act (15 U.S.C. 6801 et seq.), the affiliate sharing optout under the Act, and the affiliate marketing opt-out under the Act, by a single method, such as by calling a single toll-free telephone number. (2) Opt-out methods that are not reasonable and simple. Reasonable and simple methods for exercising an optout right do not include— (i) Requiring the consumer to write his or her own letter; (ii) Requiring the consumer to call or write to obtain a form for opting out, rather than including the form with the opt-out notice; (iii) Requiring the consumer who receives the opt-out notice in electronic form only, such as through posting at an Internet Web site, to opt out solely by paper mail or by visiting a different Web site without providing a link to that site. (c) Specific opt-out means. Each consumer may be required to opt out through a specific means, as long as that means is reasonable and simple for that consumer. rwilkins on PROD1PC63 with RULES_2 § 571.26 Delivery of opt-out notices. (a) In general. The opt-out notice must be provided so that each consumer can reasonably be expected to receive actual notice. For opt-out notices provided electronically, the notice may be provided in compliance with either the electronic disclosure provisions in this subpart or the provisions in section 101 of the Electronic Signatures in Global and National Commerce Act, 15 U.S.C. 7001 et seq. (b) Examples of reasonable expectation of actual notice. A consumer may reasonably be expected to receive actual notice if the affiliate providing the notice: (1) Hand-delivers a printed copy of the notice to the consumer; VerDate Aug<31>2005 16:20 Nov 06, 2007 Jkt 214001 (2) Mails a printed copy of the notice to the last known mailing address of the consumer; (3) Provides a notice by e-mail to a consumer who has agreed to receive electronic disclosures by e-mail from the affiliate providing the notice; or (4) Posts the notice on the Internet Web site at which the consumer obtained a product or service electronically and requires the consumer to acknowledge receipt of the notice. (c) Examples of no reasonable expectation of actual notice. A consumer may not reasonably be expected to receive actual notice if the affiliate providing the notice: (1) Only posts the notice on a sign in a branch or office or generally publishes the notice in a newspaper; (2) Sends the notice via e-mail to a consumer who has not agreed to receive electronic disclosures by e-mail from the affiliate providing the notice; or (3) Posts the notice on an Internet Web site without requiring the consumer to acknowledge receipt of the notice. § 571.27 Renewal of opt-out. (a) Renewal notice and opt-out requirement. (1) In general. After the opt-out period expires, you may not make solicitations based on eligibility information you receive from an affiliate to a consumer who previously opted out, unless: (i) The consumer has been given a renewal notice that complies with the requirements of this section and §§ 571.24 through 571.26 of this part, and a reasonable opportunity and a reasonable and simple method to renew the opt-out, and the consumer does not renew the opt-out; or (ii) An exception in § 571.21(c) of this part applies. (2) Renewal period. Each opt-out renewal must be effective for a period of at least five years as provided in § 571.22(b) of this part. (3) Affiliates who may provide the notice. The notice required by this paragraph must be provided: (i) By the affiliate that provided the previous opt-out notice, or its successor; or (ii) As part of a joint renewal notice from two or more members of an affiliated group of companies, or their successors, that jointly provided the previous opt-out notice. (b) Contents of renewal notice. The renewal notice must be clear, conspicuous, and concise, and must accurately disclose: (1) The name of the affiliate(s) providing the notice. If the notice is PO 00000 Frm 00071 Fmt 4701 Sfmt 4700 62979 provided jointly by multiple affiliates and each affiliate shares a common name, such as ‘‘ABC,’’ then the notice may indicate that it is being provided by multiple companies with the ABC name or multiple companies in the ABC group or family of companies, for example, by stating that the notice is provided by ‘‘all of the ABC companies,’’ ‘‘the ABC banking, credit card, insurance, and securities companies,’’ or by listing the name of each affiliate providing the notice. But if the affiliates providing the joint notice do not all share a common name, then the notice must either separately identify each affiliate by name or identify each of the common names used by those affiliates, for example, by stating that the notice is provided by ‘‘all of the ABC and XYZ companies’’ or by ‘‘the ABC banking and credit card companies and the XYZ insurance companies’’; (2) A list of the affiliates or types of affiliates whose use of eligibility information is covered by the notice, which may include companies that become affiliates after the notice is provided to the consumer. If each affiliate covered by the notice shares a common name, such as ‘‘ABC,’’ then the notice may indicate that it applies to multiple companies with the ABC name or multiple companies in the ABC group or family of companies, for example, by stating that the notice is provided by ‘‘all of the ABC companies,’’ ‘‘the ABC banking, credit card, insurance, and securities companies,’’ or by listing the name of each affiliate providing the notice. But if the affiliates covered by the notice do not all share a common name, then the notice must either separately identify each covered affiliate by name or identify each of the common names used by those affiliates, for example, by stating that the notice applies to ‘‘all of the ABC and XYZ companies’’ or to ‘‘the ABC banking and credit card companies and the XYZ insurance companies’’; (3) A general description of the types of eligibility information that may be used to make solicitations to the consumer; (4) That the consumer previously elected to limit the use of certain information to make solicitations to the consumer; (5) That the consumer’s election has expired or is about to expire; (6) That the consumer may elect to renew the consumer’s previous election; (7) If applicable, that the consumer’s election to renew will apply for the specified period of time stated in the notice and that the consumer will be allowed to renew the election once that period expires; and E:\FR\FM\07NOR2.SGM 07NOR2 62980 Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations (8) A reasonable and simple method for the consumer to opt out. (c) Timing of the renewal notice. (1) In general. A renewal notice may be provided to the consumer either— (i) A reasonable period of time before the expiration of the opt-out period; or (ii) Any time after the expiration of the opt-out period but before solicitations that would have been prohibited by the expired opt-out are made to the consumer. (2) Combination with annual privacy notice. If you provide an annual privacy notice under the Gramm-Leach-Bliley Act, 15 U.S.C. 6801 et seq., providing a renewal notice with the last annual privacy notice provided to the consumer before expiration of the opt-out period is a reasonable period of time before expiration of the opt-out in all cases. (d) No effect on opt-out period. An opt-out period may not be shortened by sending a renewal notice to the consumer before expiration of the optout period, even if the consumer does not renew the opt-out. § 571.28 Effective date, compliance date, and prospective application. (a) Effective date. This subpart is effective January 1, 2008. (b) Mandatory compliance date. Compliance with this subpart is required not later than October 1, 2008. (c) Prospective application. The provisions of this subpart shall not prohibit you from using eligibility information that you receive from an affiliate to make solicitations to a consumer if you receive such information prior to October 1, 2008. For purposes of this section, you are deemed to receive eligibility information when such information is placed into a common database and is accessible by you. I 4. Add and reserve Appendixes A and B to part 571, and add a new Appendix C to part 571 to read as follows: rwilkins on PROD1PC63 with RULES_2 Appendix C To Part 571—Model Forms for Opt-Out Notices a. Although use of the model forms is not required, use of the model forms in this Appendix (as applicable) complies with the requirement in section 624 of the Act for clear, conspicuous, and concise notices. b. Certain changes may be made to the language or format of the model forms without losing the protection from liability afforded by use of the model forms. These changes may not be so extensive as to affect the substance, clarity, or meaningful sequence of the language in the model forms. Persons making such extensive revisions will lose the safe harbor that this Appendix provides. Acceptable changes include, for example: VerDate Aug<31>2005 16:20 Nov 06, 2007 Jkt 214001 1. Rearranging the order of the references to ‘‘your income,’’ ‘‘your account history,’’ and ‘‘your credit score.’’ 2. Substituting other types of information for ‘‘income,’’ ‘‘account history,’’ or ‘‘credit score’’ for accuracy, such as ‘‘payment history,’’ ‘‘credit history,’’ ‘‘payoff status,’’ or ‘‘claims history.’’ 3. Substituting a clearer and more accurate description of the affiliates providing or covered by the notice for phrases such as ‘‘the [ABC] group of companies,’’ including without limitation a statement that the entity providing the notice recently purchased the consumer’s account. 4. Substituting other types of affiliates covered by the notice for ‘‘credit card,’’ ‘‘insurance,’’ or ‘‘securities’’ affiliates. 5. Omitting items that are not accurate or applicable. For example, if a person does not limit the duration of the opt-out period, the notice may omit information about the renewal notice. 6. Adding a statement informing consumers how much time they have to opt out before shared eligibility information may be used to make solicitations to them. 7. Adding a statement that the consumer may exercise the right to opt out at any time. 8. Adding the following statement, if accurate: ‘‘If you previously opted out, you do not need to do so again.’’ 9. Providing a place on the form for the consumer to fill in identifying information, such as his or her name and address: C–1 Model Form for Initial Opt-out Notice (Single-Affiliate Notice) C–2 Model Form for Initial Opt-out Notice (Joint Notice) C–3 Model Form for Renewal Notice (Single-Affiliate Notice) C–4 Model Form for Renewal Notice (Joint Notice) C–5 Model Form for Voluntary ‘‘No Marketing’’ Notice C–1—Model Form for Initial Opt-out Notice (Single-Affiliate Notice)—[Your Choice To Limit Marketing]/[Marketing Opt-out] • [Name of Affiliate] is providing this notice. • [Optional: Federal law gives you the right to limit some but not all marketing from our affiliates. Federal law also requires us to give you this notice to tell you about your choice to limit marketing from our affiliates.] • You may limit our affiliates in the [ABC] group of companies, such as our [credit card, insurance, and securities] affiliates, from marketing their products or services to you based on your personal information that we collect and share with them. This information includes your [income], your [account history with us], and your [credit score]. • Your choice to limit marketing offers from our affiliates will apply [until you tell us to change your choice]/[for x years from when you tell us your choice]/[for at least 5 years from when you tell us your choice]. [Include if the opt-out period expires.] Once that period expires, you will receive a renewal notice that will allow you to continue to limit marketing offers from our affiliates for [another x years]/[at least another 5 years]. PO 00000 Frm 00072 Fmt 4701 Sfmt 4700 • [Include, if applicable, in a subsequent notice, including an annual notice, for consumers who may have previously opted out.] If you have already made a choice to limit marketing offers from our affiliates, you do not need to act again until you receive the renewal notice. To limit marketing offers, contact us [include all that apply]: • By telephone: 1–877–###–#### • On the Web: www.---.com • By mail: Check the box and complete the form below, and send the form to: [Company name] [Company address] lDo not allow your affiliates to use my personal information to market to me. C–2—Model Form for Initial Opt-out Notice (Joint Notice)—[Your Choice To Limit Marketing]/[Marketing Opt-out] • The [ABC group of companies] is providing this notice. • [Optional: Federal law gives you the right to limit some but not all marketing from the [ABC] companies. Federal law also requires us to give you this notice to tell you about your choice to limit marketing from the [ABC] companies.] • You may limit the [ABC] companies, such as the [ABC credit card, insurance, and securities] affiliates, from marketing their products or services to you based on your personal information that they receive from other [ABC] companies. This information includes your [income], your [account history], and your [credit score]. • Your choice to limit marketing offers from the [ABC] companies will apply [until you tell us to change your choice]/[for x years from when you tell us your choice]/[for at least 5 years from when you tell us your choice]. [Include if the opt-out period expires.] Once that period expires, you will receive a renewal notice that will allow you to continue to limit marketing offers from the [ABC] companies for [another x years]/[at least another 5 years]. • [Include, if applicable, in a subsequent notice, including an annual notice, for consumers who may have previously opted out.] If you have already made a choice to limit marketing offers from the [ABC] companies, you do not need to act again until you receive the renewal notice. To limit marketing offers, contact us [include all that apply]: • By telephone: 1–877–###–#### • On the Web: www.---.com • By mail: Check the box and complete the form below, and send the form to: [Company name] [Company address] lDo not allow any company [in the ABC group of companies] to use my personal information to market to me. C–3—Model Form for Renewal Notice (Single-Affiliate Notice)—[Renewing Your Choice To Limit Marketing]/[Renewing Your Marketing Opt-out] • [Name of Affiliate] is providing this notice. • [Optional: Federal law gives you the right to limit some but not all marketing from our affiliates. Federal law also requires us to E:\FR\FM\07NOR2.SGM 07NOR2 Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations National Credit Union Administration 12 CFR Chapter VII. C–4—Model Form for Renewal Notice (Joint Notice)—[Renewing Your Choice To Limit Marketing]/[Renewing Your Marketing Optout] • The [ABC group of companies] is providing this notice. • [Optional: Federal law gives you the right to limit some but not all marketing from the [ABC] companies. Federal law also requires us to give you this notice to tell you about your choice to limit marketing from the [ABC] companies.] • You previously chose to limit the [ABC] companies, such as the [ABC credit card, insurance, and securities] affiliates, from marketing their products or services to you based on your personal information that they receive from other ABC companies. This information includes your [income], your [account history], and your [credit score]. • Your choice has expired or is about to expire. To renew your choice to limit marketing for [x] more years, contact us [include all that apply]: • By telephone: 1–877–###–#### • On the Web: www.---.com • By mail: Check the box and complete the form below, and send the form to: [Company name] [Company address] lRenew my choice to limit marketing for [x] more years. rwilkins on PROD1PC63 with RULES_2 give you this notice to tell you about your choice to limit marketing from our affiliates.] • You previously chose to limit our affiliates in the [ABC] group of companies, such as our [credit card, insurance, and securities] affiliates, from marketing their products or services to you based on your personal information that we share with them. This information includes your [income], your [account history with us], and your [credit score]. • Your choice has expired or is about to expire. To renew your choice to limit marketing for [x] more years, contact us [include all that apply]: • By telephone: 1–877–###–#### • On the Web: www.---.com • By mail: Check the box and complete the form below, and send the form to: [Company name] [Company address] lRenew my choice to limit marketing for [x] more years. § 717.1 dates. C–5—Model Form for Voluntary ‘‘No Marketing’’ Notice Your Choice To Stop Marketing • [Name of Affiliate] is providing this notice. • You may choose to stop all marketing from us and our affiliates. To stop all marketing, contact us [include all that apply]: • By telephone: 1–877–###–#### • On the Web: www.---.com • By mail: Check the box and complete the form below, and send the form to: [Company name] [Company address] lDo not market to me. VerDate Aug<31>2005 16:20 Nov 06, 2007 Jkt 214001 Authority and Issuance For the reasons discussed in the joint preamble, the National Credit Union Administration is amending chapter VII of title 12 of the Code of Federal Regulations by amending 12 CFR part 717 as follows: I PART 717—FAIR CREDIT REPORTING 1. The authority citation for part 717 is revised to read as follows: I Authority: 12 U.S.C. 1751 et seq.; 15 U.S.C. 1681a, 1681b, 1681c, 1681m, 1681s, 1681w, 6801 and 6805. Subpart A—General Provisions I 2. Revise § 717.1 to read as follows: Purpose, scope, and effective (a) Purpose. The purpose of this part is to implement the provisions of the Fair Credit Reporting Act. This part generally applies to federal credit unions that obtain and use information about consumers to determine the consumer’s eligibility for products, services, or employment, share such information among affiliates, and furnish information to consumer reporting agencies. (b) Scope. (1) [Reserved] (2) Institutions covered. (i) Except as otherwise provided in this part, the regulations in this part apply to federal credit unions. I 3. A new Subpart C is added to part 717 to read as follows: Subpart C—Affiliate Marketing Sec. 717.20 Coverage and definitions. 717.21 Affiliate marketing opt-out and exceptions. 717.22 Scope and duration of opt-out. 717.23 Contents of opt-out notice; consolidated and equivalent notices. 717.24 Reasonable opportunity to opt out. 717.25 Reasonable and simple methods of opting out. 717.26 Delivery of opt-out notices. 717.27 Renewal of opt-out. 717.28 Effective date, compliance date, and prospective application. Subpart C—Affiliate Marketing § 717.20 Coverage and definitions (a) Coverage. Subpart C of this part applies to federal credit unions and their affiliates as defined in § 717.3(a) of Subpart A. (b) Definitions. For purposes of this subpart: (1) Clear and conspicuous. The term ‘‘clear and conspicuous’’ means PO 00000 Frm 00073 Fmt 4701 Sfmt 4700 62981 reasonably understandable and designed to call attention to the nature and significance of the information presented. (2) Concise. (i) In general. The term ‘‘concise’’ means a reasonably brief expression or statement. (ii) Combination with other required disclosures. A notice required by this subpart may be concise even if it is combined with other disclosures required or authorized by federal or state law. (3) Eligibility information. The term ‘‘eligibility information’’ means any information the communication of which would be a consumer report if the exclusions from the definition of ‘‘consumer report’’ in section 603(d)(2)(A) of the Act did not apply. Eligibility information does not include aggregate or blind data that does not contain personal identifiers such as account numbers, names, or addresses. (4) Pre-existing business relationship. (i) In general. The term ‘‘pre-existing business relationship’’ means a relationship between a person, or a person’s licensed agent, and a consumer based on— (A) A financial contract between the person and the consumer which is in force on the date on which the consumer is sent a solicitation covered by this subpart; (B) The purchase, rental, or lease by the consumer of the person’s goods or services, or a financial transaction (including holding an active account or a policy in force or having another continuing relationship) between the consumer and the person, during the 18month period immediately preceding the date on which the consumer is sent a solicitation covered by this subpart; or (C) An inquiry or application by the consumer regarding a product or service offered by that person during the threemonth period immediately preceding the date on which the consumer is sent a solicitation covered by this subpart. (ii) Examples of pre-existing business relationships. (A) If a consumer has a time deposit account, such as a share certificate, at a federal credit union that is currently in force, the federal credit union has a pre-existing business relationship with the consumer and can use eligibility information it receives from its affiliates to make solicitations to the consumer about its products or services. (B) If a consumer obtained a share certificate from a federal credit union, but did not renew the certificate at maturity, the federal credit union has a pre-existing business relationship with the consumer and can use eligibility information it receives from its affiliates E:\FR\FM\07NOR2.SGM 07NOR2 rwilkins on PROD1PC63 with RULES_2 62982 Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations to make solicitations to the consumer about its products or services for 18 months after the date of maturity of the share certificate. (C) If a consumer obtains a mortgage, the mortgage lender has a pre-existing business relationship with the consumer. If the mortgage lender sells the consumer’s entire loan to an investor, the mortgage lender has a preexisting business relationship with the consumer and can use eligibility information it receives from its affiliates to make solicitations to the consumer about its products or services for 18 months after the date it sells the loan, and the investor has a pre-existing business relationship with the consumer upon purchasing the loan. If, however, the mortgage lender sells a fractional interest in the consumer’s loan to an investor but also retains an ownership interest in the loan, the mortgage lender continues to have a pre-existing business relationship with the consumer, but the investor does not have a pre-existing business relationship with the consumer. If the mortgage lender retains ownership of the loan, but sells ownership of the servicing rights to the consumer’s loan, the mortgage lender continues to have a pre-existing business relationship with the consumer. The purchaser of the servicing rights also has a pre-existing business relationship with the consumer as of the date it purchases ownership of the servicing rights, but only if it collects payments from or otherwise deals directly with the consumer on a continuing basis. (D) If a consumer applies to a federal credit union for a product or service that it offers, but does not obtain a product or service from or enter into a financial contract or transaction with the institution, the federal credit union has a pre-existing business relationship with the consumer and can therefore use eligibility information it receives from an affiliate to make solicitations to the consumer about its products or services for three months after the date of the application. (E) If a consumer makes a telephone inquiry to a federal credit union about its products or services and provides contact information to the institution, but does not obtain a product or service from or enter into a financial contract or transaction with the institution, the federal credit union has a pre-existing business relationship with the consumer and can therefore use eligibility information it receives from an affiliate to make solicitations to the consumer about its products or services for three months after the date of the inquiry. VerDate Aug<31>2005 16:20 Nov 06, 2007 Jkt 214001 (F) If a consumer makes an inquiry to a federal credit union by e-mail about its products or services, but does not obtain a product or service from or enter into a financial contract or transaction with the institution, the federal credit union has a pre-existing business relationship with the consumer and can therefore use eligibility information it receives from an affiliate to make solicitations to the consumer about its products or services for three months after the date of the inquiry. (G) If a consumer has an existing relationship with a federal credit union that is part of a group of affiliated companies, makes a telephone call to the centralized call center for the group of affiliated companies to inquire about products or services offered by the insurance brokerage affiliate, and provides contact information to the call center, the call constitutes an inquiry to the insurance brokerage affiliate that offers those products or services. The insurance brokerage affiliate has a preexisting business relationship with the consumer and can therefore use eligibility information it receives from its affiliated federal credit union to make solicitations to the consumer about its products or services for three months after the date of the inquiry. (iii) Examples where no pre-existing business relationship is created. (A) If a consumer makes a telephone call to a centralized call center for a group of affiliated companies to inquire about the consumer’s existing account at a federal credit union, the call does not constitute an inquiry to any affiliate other than the federal credit union that holds the consumer’s account and does not establish a pre-existing business relationship between the consumer and any affiliate of the account-holding federal credit union. (B) If a consumer who has a deposit account with a federal credit union makes a telephone call to an affiliate of the institution to ask about the affiliate’s retail locations and hours, but does not make an inquiry about the affiliate’s products or services, the call does not constitute an inquiry and does not establish a pre-existing business relationship between the consumer and the affiliate. Also, the affiliate’s capture of the consumer’s telephone number does not constitute an inquiry and does not establish a pre-existing business relationship between the consumer and the affiliate. (C) If a consumer makes a telephone call to a federal credit union in response to an advertisement that offers a free promotional item to consumers who call a toll-free number, but the advertisement does not indicate that the PO 00000 Frm 00074 Fmt 4701 Sfmt 4700 federal credit union’s products or services will be marketed to consumers who call in response, the call does not create a pre-existing business relationship between the consumer and the federal credit union because the consumer has not made an inquiry about a product or service offered by the institution, but has merely responded to an offer for a free promotional item. (5) Solicitation. (i) In general. The term ‘‘solicitation’’ means the marketing of a product or service initiated by a person to a particular consumer that is— (A) Based on eligibility information communicated to that person by its affiliate as described in this subpart; and (B) Intended to encourage the consumer to purchase or obtain such product or service. (ii) Exclusion of marketing directed at the general public. A solicitation does not include marketing communications that are directed at the general public. For example, television, general circulation magazine, and billboard advertisements do not constitute solicitations, even if those communications are intended to encourage consumers to purchase products and services from the person initiating the communications. (iii) Examples of solicitations. A solicitation would include, for example, a telemarketing call, direct mail, e-mail, or other form of marketing communication directed to a particular consumer that is based on eligibility information received from an affiliate. (6) You means a person described in paragraph (a) of this section. § 717.21 Affiliate marketing opt-out and exceptions. (a) Initial notice and opt-out requirement. (1) In general. You may not use eligibility information about a consumer that you receive from an affiliate to make a solicitation for marketing purposes to the consumer, unless— (i) It is clearly and conspicuously disclosed to the consumer in writing or, if the consumer agrees, electronically, in a concise notice that you may use eligibility information about that consumer received from an affiliate to make solicitations for marketing purposes to the consumer; (ii) The consumer is provided a reasonable opportunity and a reasonable and simple method to ‘‘opt out,’’ or prohibit you from using eligibility information to make solicitations for marketing purposes to the consumer; and (iii) The consumer has not opted out. E:\FR\FM\07NOR2.SGM 07NOR2 rwilkins on PROD1PC63 with RULES_2 Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations (2) Example. A consumer has a homeowner’s insurance policy obtained through an insurance brokerage. The insurance brokerage furnishes eligibility information about the consumer to its affiliated federal credit union. Based on that eligibility information, the federal credit union wants to make a solicitation to the consumer about its home equity loan products. The federal credit union does not have a preexisting business relationship with the consumer and none of the other exceptions apply. The federal credit union is prohibited from using eligibility information received from its insurance brokerage affiliate to make solicitations to the consumer about its home equity loan products unless the consumer is given a notice and opportunity to opt out and the consumer does not opt out. (3) Affiliates who may provide the notice. The notice required by this paragraph must be provided: (i) By an affiliate that has or has previously had a pre-existing business relationship with the consumer; or (ii) As part of a joint notice from two or more members of an affiliated group of companies, provided that at least one of the affiliates on the joint notice has or has previously had a pre-existing business relationship with the consumer. (b) Making solicitations. (1) In general. For purposes of this subpart, you make a solicitation for marketing purposes if— (i) You receive eligibility information from an affiliate; (ii) You use that eligibility information to do one or more of the following: (A) Identify the consumer or type of consumer to receive a solicitation; (B) Establish criteria used to select the consumer to receive a solicitation; or (C) Decide which of your products or services to market to the consumer or tailor your solicitation to that consumer; and (iii) As a result of your use of the eligibility information, the consumer is provided a solicitation. (2) Receiving eligibility information from an affiliate, including through a common database. You may receive eligibility information from an affiliate in various ways, including when the affiliate places that information into a common database that you may access. (3) Receipt or use of eligibility information by your service provider. Except as provided in paragraph (b)(5) of this section, you receive or use an affiliate’s eligibility information if a service provider acting on your behalf (whether an affiliate or a nonaffiliated VerDate Aug<31>2005 16:20 Nov 06, 2007 Jkt 214001 third party) receives or uses that information in the manner described in paragraphs (b)(1)(i) or (b)(1)(ii) of this section. All relevant facts and circumstances will determine whether a person is acting as your service provider when it receives or uses an affiliate’s eligibility information in connection with marketing your products and services. (4) Use by an affiliate of its own eligibility information. Unless you have used eligibility information that you receive from an affiliate in the manner described in paragraph (b)(1)(ii) of this section, you do not make a solicitation subject to this subpart if your affiliate: (i) Uses its own eligibility information that it obtained in connection with a pre-existing business relationship it has or had with the consumer to market your products or services to the consumer; or (ii) Directs its service provider to use the affiliate’s own eligibility information that it obtained in connection with a pre-existing business relationship it has or had with the consumer to market your products or services to the consumer, and you do not communicate directly with the service provider regarding that use. (5) Use of eligibility information by a service provider. (i) In general. You do not make a solicitation subject to Subpart C of this part if a service provider (including an affiliated or third-party service provider that maintains or accesses a common database that you may access) receives eligibility information from your affiliate that your affiliate obtained in connection with a pre-existing business relationship it has or had with the consumer and uses that eligibility information to market your products or services to the consumer, so long as— (A) Your affiliate controls access to and use of its eligibility information by the service provider (including the right to establish the specific terms and conditions under which the service provider may use such information to market your products or services); (B) Your affiliate establishes specific terms and conditions under which the service provider may access and use the affiliate’s eligibility information to market your products and services (or those of affiliates generally) to the consumer, such as the identity of the affiliated companies whose products or services may be marketed to the consumer by the service provider, the types of products or services of affiliated companies that may be marketed, and the number of times the consumer may receive marketing materials, and periodically evaluates the service PO 00000 Frm 00075 Fmt 4701 Sfmt 4700 62983 provider’s compliance with those terms and conditions; (C) Your affiliate requires the service provider to implement reasonable policies and procedures designed to ensure that the service provider uses the affiliate’s eligibility information in accordance with the terms and conditions established by the affiliate relating to the marketing of your products or services; (D) Your affiliate is identified on or with the marketing materials provided to the consumer; and (E) You do not directly use your affiliate’s eligibility information in the manner described in paragraph (b)(1)(ii) of this section. (ii) Writing requirements. (A) The requirements of paragraphs (b)(5)(i)(A) and (C) of this section must be set forth in a written agreement between your affiliate and the service provider; and (B) The specific terms and conditions established by your affiliate as provided in paragraph (b)(5)(i)(B) of this section must be set forth in writing. (6) Examples of making solicitations. (i) A consumer has a deposit account with a federal credit union, which is affiliated with an insurance brokerage. The insurance brokerage receives eligibility information about the consumer from the federal credit union. The insurance brokerage uses that eligibility information to identify the consumer to receive a solicitation about insurance brokerage services, and, as a result, the insurance brokerage provides a solicitation to the consumer about its services. Pursuant to paragraph (b)(1) of this section, the insurance brokerage has made a solicitation to the consumer. (ii) The same facts as in the example in paragraph (b)(6)(i) of this section, except that after using the eligibility information to identify the consumer to receive a solicitation about insurance brokerage services, the insurance brokerage asks the federal credit union to send the solicitation to the consumer and the federal credit union does so. Pursuant to paragraph (b)(1) of this section, the insurance brokerage has made a solicitation to the consumer because it used eligibility information about the consumer that it received from an affiliate to identify the consumer to receive a solicitation about its products or services, and, as a result, a solicitation was provided to the consumer about the insurance brokerage’s services. (iii) The same facts as in the example in paragraph (b)(6)(i) of this section, except that eligibility information about consumers that have deposit accounts with the federal credit union is placed into a common database that all E:\FR\FM\07NOR2.SGM 07NOR2 rwilkins on PROD1PC63 with RULES_2 62984 Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations members of the affiliated group of companies may independently access and use. Without using the federal credit union’s eligibility information, the insurance brokerage develops selection criteria and provides those criteria, marketing materials, and related instructions to the federal credit union. The federal credit union reviews eligibility information about its own consumers using the selection criteria provided by the insurance brokerage to determine which consumers should receive the insurance brokerage’s marketing materials and sends marketing materials about the insurance brokerage’s services to those consumers. Even though the insurance brokerage has received eligibility information through the common database as provided in paragraph (b)(2) of this section, it did not use that information to identify consumers or establish selection criteria; instead, the federal credit union used its own eligibility information. Therefore, pursuant to paragraph (b)(4)(i) of this section, the insurance brokerage has not made a solicitation to the consumer. (iv) The same facts as in the example in paragraph (b)(6)(iii) of this section, except that the federal credit union provides the insurance brokerage’s criteria to the federal credit union’s service provider and directs the service provider to use the federal credit union’s eligibility information to identify federal credit union consumers who meet the criteria and to send the insurance brokerage’s marketing materials to those consumers. The insurance brokerage does not communicate directly with the service provider regarding the use of the federal credit union’s information to market its services to the federal credit union’s consumers. Pursuant to paragraph (b)(4)(ii) of this section, the insurance brokerage has not made a solicitation to the consumer. (v) An affiliated group of companies includes a federal credit union, an insurance brokerage, and a service provider. Each affiliate in the group places information about its consumers into a common database. The service provider has access to all information in the common database. The federal credit union controls access to and use of its eligibility information by the service provider. This control is set forth in a written agreement between the federal credit union and the service provider. The written agreement also requires the service provider to establish reasonable policies and procedures designed to ensure that the service provider uses the federal credit union’s eligibility information in accordance with specific VerDate Aug<31>2005 16:20 Nov 06, 2007 Jkt 214001 terms and conditions established by the federal credit union relating to the marketing of the products and services of all affiliates, including the insurance brokerage. In a separate written communication, the federal credit union specifies the terms and conditions under which the service provider may use the federal credit union’s eligibility information to market the insurance brokerage’s products and services to the federal credit union’s consumers. The specific terms and conditions are: a list of affiliated companies (including the insurance brokerage) whose products or services may be marketed to the federal credit union’s consumers by the service provider; the specific products or types of products that may be marketed to the federal credit union’s consumers by the service provider; the categories of eligibility information that may be used by the service provider in marketing products or services to the federal credit union’s consumers; the types or categories of the federal credit union’s consumers to whom the service provider may market products or services of federal credit union affiliates; the number and/or types of marketing communications that the service provider may send to the federal credit union’s consumers; and the length of time during which the service provider may market the products or services of the federal credit union’s affiliates to its consumers. The federal credit union periodically evaluates the service provider’s compliance with these terms and conditions. The insurance brokerage asks the service provider to market insurance products to certain consumers who have deposit accounts with the federal credit union. Without using the federal credit union’s eligibility information, the insurance brokerage develops selection criteria and provides those criteria, marketing materials, and related instructions to the service provider. The service provider uses the federal credit union’s eligibility information from the common database to identify the federal credit union’s consumers to whom insurance brokerage services will be marketed. When the insurance brokerage’s marketing materials are provided to the identified consumers, the name of the federal credit union is displayed on the brokerage marketing materials, an introductory letter that accompanies the marketing materials, an account statement that accompanies the marketing materials, or the envelope containing the marketing materials. The requirements of paragraph (b)(5) of this section have been satisfied, and the PO 00000 Frm 00076 Fmt 4701 Sfmt 4700 insurance brokerage has not made a solicitation to the consumer. (vi) The same facts as in the example in paragraph (b)(6)(v) of this section, except that the terms and conditions permit the service provider to use the federal credit union’s eligibility information to market the products and services of other affiliates to the federal credit union’s consumers whenever the service provider deems it appropriate to do so. The service provider uses the federal credit union’s eligibility information in accordance with the discretion afforded to it by the terms and conditions. Because the terms and conditions are not specific, the requirements of paragraph (b)(5) of this section have not been satisfied. (c) Exceptions. The provisions of this subpart do not apply to you if you use eligibility information that you receive from an affiliate: (1) To make a solicitation for marketing purposes to a consumer with whom you have a pre-existing business relationship; (2) To facilitate communications to an individual for whose benefit you provide employee benefit or other services pursuant to a contract with an employer related to and arising out of the current employment relationship or status of the individual as a participant or beneficiary of an employee benefit plan; (3) To perform services on behalf of an affiliate, except that this subparagraph shall not be construed as permitting you to send solicitations on behalf of an affiliate if the affiliate would not be permitted to send the solicitation as a result of the election of the consumer to opt out under this subpart; (4) In response to a communication about your products or services initiated by the consumer; (5) In response to an authorization or request by the consumer to receive solicitations; or (6) If your compliance with this subpart would prevent you from complying with any provision of State insurance laws pertaining to unfair discrimination in any State in which you are lawfully doing business. (d) Examples of exceptions. (1) Example of the pre-existing business relationship exception. A consumer has a deposit account with a federal credit union. The consumer also has a relationship with the federal credit union’s securities brokerage affiliate. The federal credit union receives eligibility information about the consumer from its securities brokerage affiliate and uses that information to make a solicitation to the consumer E:\FR\FM\07NOR2.SGM 07NOR2 rwilkins on PROD1PC63 with RULES_2 Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations about the federal credit union’s wealth management services. The federal credit union may make this solicitation even if the consumer has not been given a notice and opportunity to opt out because the federal credit union has a pre-existing business relationship with the consumer. (2) Examples of service provider exception. (i) A consumer has an insurance policy obtained through an insurance brokerage. The insurance brokerage furnishes eligibility information about the consumer to its affiliated federal credit union. Based on that eligibility information, the federal credit union wants to make a solicitation to the consumer about membership and its deposit products. The federal credit union does not have a pre-existing business relationship with the consumer and none of the other exceptions in paragraph (c) of this section apply. The consumer has been given an opt-out notice and has elected to opt out of receiving such solicitations. The federal credit union asks a service provider to send the solicitation to the consumer on its behalf. The service provider may not send the solicitation on behalf of the federal credit union because, as a result of the consumer’s opt-out election, the federal credit union is not permitted to make the solicitation. (ii) The same facts as in paragraph (d)(2)(i) of this section, except the consumer has been given an opt-out notice, but has not elected to opt out. The federal credit union asks a service provider to send the solicitation to the consumer on its behalf. The service provider may send the solicitation on behalf of the federal credit union because, as a result of the consumer’s not opting out, the federal credit union is permitted to make the solicitation. (3) Examples of consumer-initiated communications. (i) A consumer who has a deposit account with a federal credit union initiates a communication with the federal credit union’s credit card affiliate to request information about a credit card. The credit card affiliate may use eligibility information about the consumer it obtains from the federal credit union or any other affiliate to make solicitations regarding credit card products in response to the consumer-initiated communication. (ii) A consumer who has a deposit account with a federal credit union contacts the institution to request information about how to save and invest for a child’s college education without specifying the type of product in which the consumer may be interested. Information about a range of different products or services offered by VerDate Aug<31>2005 16:20 Nov 06, 2007 Jkt 214001 the federal credit union and one or more affiliates of the institution may be responsive to that communication. Such products or services may include the following: Mutual funds offered by the institution; section 529 plans offered by the institution or its securities brokerage affiliate; or trust services offered by the institution or its trust services affiliate. Any affiliate offering investment counseling services that would be responsive to the consumer’s request for information about saving and investing for a child’s college education may use eligibility information to make solicitations to the consumer in response to this communication. (iii) A credit card issuer makes a marketing call to the consumer without using eligibility information received from an affiliate. The issuer leaves a voice-mail message that invites the consumer to call a toll-free number to apply for the issuer’s credit card. If the consumer calls the toll-free number to inquire about the credit card, the call is a consumer-initiated communication about a product or service and the credit card issuer may now use eligibility information it receives from its affiliates to make solicitations to the consumer. (iv) A consumer calls a federal credit union to ask about retail locations and hours, but does not request information about products or services. The institution may not use eligibility information it receives from an affiliate to make solicitations to the consumer about its products or services because the consumer-initiated communication does not relate to the federal credit union’s products or services. Thus, the use of eligibility information received from an affiliate would not be responsive to the communication and the exception does not apply. (v) A consumer calls a federal credit union to ask about retail locations and hours. The customer service representative asks the consumer if there is a particular product or service about which the consumer is seeking information. The consumer responds that the consumer wants to stop in and find out about share certificates. The customer service representative offers to provide that information by telephone and mail additional information and application materials to the consumer. The consumer agrees and provides or confirms contact information for receipt of the materials to be mailed. The federal credit union may use eligibility information it receives from an affiliate to make solicitations to the consumer about share certificates because such solicitations would respond to the consumer-initiated communication about products or services. PO 00000 Frm 00077 Fmt 4701 Sfmt 4700 62985 (4) Examples of consumer authorization or request for solicitations. (i) A consumer who obtains a mortgage from a federal credit union authorizes or requests information about obtaining homeowner’s insurance through the federal credit union’s insurance brokerage affiliate. Such authorization or request, whether given to the federal credit union or to the insurance brokerage affiliate, would permit the insurance brokerage to use eligibility information about the consumer it obtains from the federal credit union or any other affiliate to make solicitations to the consumer about its homeowner’s insurance services. (ii) A consumer completes an online application to apply for a credit card from a credit card issuer. The issuer’s online application contains a blank check box that the consumer may check to authorize or request information from the credit card issuer’s affiliates. The consumer checks the box. The consumer has authorized or requested solicitations from the card issuer’s affiliates. (iii) A consumer completes an online application to apply for a credit card from a credit card issuer. The issuer’s online application contains a preselected check box indicating that the consumer authorizes or requests information from the issuer’s affiliates. The consumer does not deselect the check box. The consumer has not authorized or requested solicitations from the card issuer’s affiliates. (iv) The terms and conditions of a credit card account agreement contain preprinted boilerplate language stating that by applying to open an account the consumer authorizes or requests to receive solicitations from the credit card issuer’s affiliates. The consumer has not authorized or requested solicitations from the card issuer’s affiliates. (e) Relation to affiliate-sharing notice and opt-out. Nothing in this subpart limits the responsibility of a person to comply with the notice and opt-out provisions of section 603(d)(2)(A)(iii) of the Act where applicable. § 717.22 Scope and duration of opt-out. (a) Scope of opt-out. (1) In general. Except as otherwise provided in this section, the consumer’s election to opt out prohibits any affiliate covered by the opt-out notice from using eligibility information received from another affiliate as described in the notice to make solicitations to the consumer. (2) Continuing relationship. (i) In general. If the consumer establishes a continuing relationship with you or your affiliate, an opt-out notice may E:\FR\FM\07NOR2.SGM 07NOR2 rwilkins on PROD1PC63 with RULES_2 62986 Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations apply to eligibility information obtained in connection with— (A) A single continuing relationship or multiple continuing relationships that the consumer establishes with you or your affiliates, including continuing relationships established subsequent to delivery of the opt-out notice, so long as the notice adequately describes the continuing relationships covered by the opt-out; or (B) Any other transaction between the consumer and you or your affiliates as described in the notice. (ii) Examples of continuing relationships. A consumer has a continuing relationship with you or your affiliate if the consumer— (A) Opens a deposit or investment account with you or your affiliate; (B) Obtains a loan for which you or your affiliate owns the servicing rights; (C) Purchases an insurance product from you or your affiliate; (D) Holds an investment product through you or your affiliate, such as when you act or your affiliate acts as a custodian for securities or for assets in an individual retirement arrangement; (E) Enters into an agreement or understanding with you or your affiliate whereby you or your affiliate undertakes to arrange or broker a home mortgage loan for the consumer; (F) Enters into a lease of personal property with you or your affiliate; or (G) Obtains financial, investment, or economic advisory services from you or your affiliate for a fee. (3) No continuing relationship. (i) In general. If there is no continuing relationship between a consumer and you or your affiliate, and you or your affiliate obtain eligibility information about a consumer in connection with a transaction with the consumer, such as an isolated transaction or a credit application that is denied, an opt-out notice provided to the consumer only applies to eligibility information obtained in connection with that transaction. (ii) Examples of isolated transactions. An isolated transaction occurs if— (A) The consumer uses your or your affiliate’s ATM to withdraw cash from an account at another financial institution; or (B) You or your affiliate sells the consumer a cashier’s check or money order, airline tickets, travel insurance, or traveler’s checks in isolated transactions. (4) Menu of alternatives. A consumer may be given the opportunity to choose from a menu of alternatives when electing to prohibit solicitations, such as by electing to prohibit solicitations from certain types of affiliates covered by the VerDate Aug<31>2005 16:20 Nov 06, 2007 Jkt 214001 opt-out notice but not other types of affiliates covered by the notice, electing to prohibit solicitations based on certain types of eligibility information but not other types of eligibility information, or electing to prohibit solicitations by certain methods of delivery but not other methods of delivery. However, one of the alternatives must allow the consumer to prohibit all solicitations from all of the affiliates that are covered by the notice. (5) Special rule for a notice following termination of all continuing relationships. (i) In general. A consumer must be given a new opt-out notice if, after all continuing relationships with you or your affiliate(s) are terminated, the consumer subsequently establishes another continuing relationship with you or your affiliate(s) and the consumer’s eligibility information is to be used to make a solicitation. The new opt-out notice must apply, at a minimum, to eligibility information obtained in connection with the new continuing relationship. Consistent with paragraph (b) of this section, the consumer’s decision not to opt out after receiving the new opt-out notice would not override a prior opt-out election by the consumer that applies to eligibility information obtained in connection with a terminated relationship, regardless of whether the new opt-out notice applies to eligibility information obtained in connection with the terminated relationship. (ii) Example. A consumer is a member of a federal credit union that is part of an affiliated group. The consumer terminates his membership. One year later, the consumer rejoins and opens a savings account with the same federal credit union. The consumer must be given a new notice and opportunity to opt out before the federal credit union’s affiliates may make solicitations to the consumer using eligibility information obtained by the federal credit union in connection with the newly established account relationship, regardless of whether the consumer opted out in connection with accounts held during the previous member relationship. (b) Duration of opt-out. The election of a consumer to opt out must be effective for a period of at least five years (the ‘‘opt-out period’’) beginning when the consumer’s opt-out election is received and implemented, unless the consumer subsequently revokes the optout in writing or, if the consumer agrees, electronically. An opt-out period of more than five years may be established, including an opt-out period that does not expire unless revoked by the consumer. PO 00000 Frm 00078 Fmt 4701 Sfmt 4700 (c) Time of opt-out. A consumer may opt out at any time. § 717.23 Contents of opt-out notice; consolidated and equivalent notices. (a) Contents of opt-out notice. (1) In general. A notice must be clear, conspicuous, and concise, and must accurately disclose: (i) The name of the affiliate(s) providing the notice. If the notice is provided jointly by multiple affiliates and each affiliate shares a common name, such as ‘‘ABC,’’ then the notice may indicate that it is being provided by multiple companies with the ABC name or multiple companies in the ABC group or family of companies, for example, by stating that the notice is provided by ‘‘all of the ABC companies,’’ ‘‘the ABC federal credit union, credit card, insurance brokerage, and securities brokerage companies,’’ or by listing the name of each affiliate providing the notice. But if the affiliates providing the joint notice do not all share a common name, then the notice must either separately identify each affiliate by name or identify each of the common names used by those affiliates, for example, by stating that the notice is provided by ‘‘all of the ABC and XYZ companies’’ or by ‘‘the ABC federal credit union and credit card companies and the XYZ insurance brokerage company’’; (ii) A list of the affiliates or types of affiliates whose use of eligibility information is covered by the notice, which may include companies that become affiliates after the notice is provided to the consumer. If each affiliate covered by the notice shares a common name, such as ‘‘ABC,’’ then the notice may indicate that it applies to multiple companies with the ABC name or multiple companies in the ABC group or family of companies, for example, by stating that the notice is provided by ‘‘all of the ABC companies,’’ ‘‘the ABC federal credit union, credit card, insurance brokerage, and securities brokerage companies,’’ or by listing the name of each affiliate providing the notice. But if the affiliates covered by the notice do not all share a common name, then the notice must either separately identify each covered affiliate by name or identify each of the common names used by those affiliates, for example, by stating that the notice applies to ‘‘all of the ABC and XYZ companies’’ or to ‘‘the ABC federal credit union and credit card companies and the XYZ insurance brokerage company’’; (iii) A general description of the types of eligibility information that may be E:\FR\FM\07NOR2.SGM 07NOR2 rwilkins on PROD1PC63 with RULES_2 Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations used to make solicitations to the consumer; (iv) That the consumer may elect to limit the use of eligibility information to make solicitations to the consumer; (v) That the consumer’s election will apply for the specified period of time stated in the notice and, if applicable, that the consumer will be allowed to renew the election once that period expires; (vi) If the notice is provided to consumers who may have previously opted out, such as if a notice is provided to consumers annually, that the consumer who has chosen to limit solicitations does not need to act again until the consumer receives a renewal notice; and (vii) A reasonable and simple method for the consumer to opt out. (2) Joint relationships. (i) If two or more consumers jointly obtain a product or service, a single opt-out notice may be provided to the joint consumers. Any of the joint consumers may exercise the right to opt out. (ii) The opt-out notice must explain how an opt-out direction by a joint consumer will be treated. An opt-out direction by a joint consumer may be treated as applying to all of the associated joint consumers, or each joint consumer may be permitted to opt-out separately. If each joint consumer is permitted to opt out separately, one of the joint consumers must be permitted to opt out on behalf of all of the joint consumers and the joint consumers must be permitted to exercise their separate rights to opt out in a single response. (iii) It is impermissible to require all joint consumers to opt out before implementing any opt-out direction. (3) Alternative contents. If the consumer is afforded a broader right to opt out of receiving marketing than is required by this subpart, the requirements of this section may be satisfied by providing the consumer with a clear, conspicuous, and concise notice that accurately discloses the consumer’s opt-out rights. (4) Model notices. Model notices are provided in Appendix C of this part. (b) Coordinated and consolidated notices. A notice required by this subpart may be coordinated and consolidated with any other notice or disclosure required to be issued under any other provision of law by the entity providing the notice, including but not limited to the notice described in section 603(d)(2)(A)(iii) of the Act and the Gramm-Leach-Bliley Act privacy notice. (c) Equivalent notices. A notice or other disclosure that is equivalent to the VerDate Aug<31>2005 16:20 Nov 06, 2007 Jkt 214001 notice required by this subpart, and that is provided to a consumer together with disclosures required by any other provision of law, satisfies the requirements of this section. § 717.24 out. Reasonable opportunity to opt (a) In general. You must not use eligibility information about a consumer that you receive from an affiliate to make a solicitation to the consumer about your products or services, unless the consumer is provided a reasonable opportunity to opt out, as required by § 717.21(a)(1)(ii) of this part. (b) Examples of a reasonable opportunity to opt out. The consumer is given a reasonable opportunity to opt out if: (1) By mail. The opt-out notice is mailed to the consumer. The consumer is given 30 days from the date the notice is mailed to elect to opt out by any reasonable means. (2) By electronic means. (i) The optout notice is provided electronically to the consumer, such as by posting the notice at an Internet Web site at which the consumer has obtained a product or service. The consumer acknowledges receipt of the electronic notice. The consumer is given 30 days after the date the consumer acknowledges receipt to elect to opt out by any reasonable means. (ii) The opt-out notice is provided to the consumer by e-mail where the consumer has agreed to receive disclosures by e-mail from the person sending the notice. The consumer is given 30 days after the e-mail is sent to elect to opt out by any reasonable means. (3) At the time of an electronic transaction. The opt-out notice is provided to the consumer at the time of an electronic transaction, such as a transaction conducted on an Internet Web site. The consumer is required to decide, as a necessary part of proceeding with the transaction, whether to opt out before completing the transaction. There is a simple process that the consumer may use to opt out at that time using the same mechanism through which the transaction is conducted. (4) At the time of an in-person transaction. The opt-out notice is provided to the consumer in writing at the time of an in-person transaction. The consumer is required to decide, as a necessary part of proceeding with the transaction, whether to opt out before completing the transaction, and is not permitted to complete the transaction without making a choice. There is a simple process that the consumer may PO 00000 Frm 00079 Fmt 4701 Sfmt 4700 62987 use during the course of the in-person transaction to opt out, such as completing a form that requires consumers to write a ‘‘yes’’ or ‘‘no’’ to indicate their opt-out preference or that requires the consumer to check one of two blank check boxes—one that allows consumers to indicate that they want to opt out and one that allows consumers to indicate that they do not want to opt out. (5) By including in a privacy notice. The opt-out notice is included in a Gramm-Leach-Bliley Act privacy notice. The consumer is allowed to exercise the opt-out within a reasonable period of time and in the same manner as the optout under that privacy notice. § 717.25 Reasonable and simple methods of opting out. (a) In general. You must not use eligibility information about a consumer that you receive from an affiliate to make a solicitation to the consumer about your products or services, unless the consumer is provided a reasonable and simple method to opt out, as required by § 717.21(a)(1)(ii) of this part. (b) Examples. (1) Reasonable and simple opt-out methods. Reasonable and simple methods for exercising the optout right include— (i) Designating a check-off box in a prominent position on the opt-out form; (ii) Including a reply form and a selfaddressed envelope together with the opt-out notice; (iii) Providing an electronic means to opt out, such as a form that can be electronically mailed or processed at an Internet Web site, if the consumer agrees to the electronic delivery of information; (iv) Providing a toll-free telephone number that consumers may call to opt out; or (v) Allowing consumers to exercise all of their opt-out rights described in a consolidated opt-out notice that includes the privacy opt-out under the Gramm-Leach-Bliley Act, 15 U.S.C. 6801 et seq., the affiliate sharing opt-out under the Act, and the affiliate marketing opt-out under the Act, by a single method, such as by calling a single toll-free telephone number. (2) Opt-out methods that are not reasonable and simple. Reasonable and simple methods for exercising an optout right do not include— (i) Requiring the consumer to write his or her own letter; (ii) Requiring the consumer to call or write to obtain a form for opting out, rather than including the form with the opt-out notice; (iii) Requiring the consumer who receives the opt-out notice in electronic form only, such as through posting at an E:\FR\FM\07NOR2.SGM 07NOR2 62988 Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations Internet Web site, to opt out solely by paper mail or by visiting a different Web site without providing a link to that site. (c) Specific opt-out means. Each consumer may be required to opt out through a specific means, as long as that means is reasonable and simple for that consumer. § 717.26 Delivery of opt-out notices. (a) In general. The opt-out notice must be provided so that each consumer can reasonably be expected to receive actual notice. For opt-out notices provided electronically, the notice may be provided in compliance with either the electronic disclosure provisions in this subpart or the provisions in section 101 of the Electronic Signatures in Global and National Commerce Act, 15 U.S.C. 7001 et seq. (b) Examples of reasonable expectation of actual notice. A consumer may reasonably be expected to receive actual notice if the affiliate providing the notice: (1) Hand-delivers a printed copy of the notice to the consumer; (2) Mails a printed copy of the notice to the last known mailing address of the consumer; (3) Provides a notice by e-mail to a consumer who has agreed to receive electronic disclosures by e-mail from the affiliate providing the notice; or (4) Posts the notice on the Internet Web site at which the consumer obtained a product or service electronically and requires the consumer to acknowledge receipt of the notice. (c) Examples of no reasonable expectation of actual notice. A consumer may not reasonably be expected to receive actual notice if the affiliate providing the notice: (1) Only posts the notice on a sign in a branch or office or generally publishes the notice in a newspaper; (2) Sends the notice via e-mail to a consumer who has not agreed to receive electronic disclosures by e-mail from the affiliate providing the notice; or (3) Posts the notice on an Internet Web site without requiring the consumer to acknowledge receipt of the notice. rwilkins on PROD1PC63 with RULES_2 § 717.27 Renewal of opt-out. (a) Renewal notice and opt-out requirement. (1) In general. After the opt-out period expires, you may not make solicitations based on eligibility information you receive from an affiliate to a consumer who previously opted out, unless: (i) The consumer has been given a renewal notice that complies with the requirements of this section and VerDate Aug<31>2005 16:20 Nov 06, 2007 Jkt 214001 §§ 717.24 through 717.26 of this part, and a reasonable opportunity and a reasonable and simple method to renew the opt-out, and the consumer does not renew the opt-out; or (ii) An exception in § 717.21(c) of this part applies. (2) Renewal period. Each opt-out renewal must be effective for a period of at least five years as provided in § 717.22(b) of this part. (3) Affiliates who may provide the notice. The notice required by this paragraph must be provided: (i) By the affiliate that provided the previous opt-out notice, or its successor; or (ii) As part of a joint renewal notice from two or more members of an affiliated group of companies, or their successors, that jointly provided the previous opt-out notice. (b) Contents of renewal notice. The renewal notice must be clear, conspicuous, and concise, and must accurately disclose: (1) The name of the affiliate(s) providing the notice. If the notice is provided jointly by multiple affiliates and each affiliate shares a common name, such as ‘‘ABC,’’ then the notice may indicate that it is being provided by multiple companies with the ABC name or multiple companies in the ABC group or family of companies, for example, by stating that the notice is provided by ‘‘all of the ABC companies,’’ ‘‘the ABC federal credit union, credit card, insurance brokerage, and securities brokerage companies,’’ or by listing the name of each affiliate providing the notice. But if the affiliates providing the joint notice do not all share a common name, then the notice must either separately identify each affiliate by name or identify each of the common names used by those affiliates, for example, by stating that the notice is provided by ‘‘all of the ABC and XYZ companies’’ or by ‘‘the ABC federal credit union and credit card companies and the XYZ insurance brokerage company’’; (2) A list of the affiliates or types of affiliates whose use of eligibility information is covered by the notice, which may include companies that become affiliates after the notice is provided to the consumer. If each affiliate covered by the notice shares a common name, such as ‘‘ABC,’’ then the notice may indicate that it applies to multiple companies with the ABC name or multiple companies in the ABC group or family of companies, for example, by stating that the notice is provided by ‘‘all of the ABC companies,’’ ‘‘the ABC federal credit union, credit card, insurance brokerage, and securities PO 00000 Frm 00080 Fmt 4701 Sfmt 4700 brokerage companies,’’ or by listing the name of each affiliate providing the notice. But if the affiliates covered by the notice do not all share a common name, then the notice must either separately identify each covered affiliate by name or identify each of the common names used by those affiliates, for example, by stating that the notice applies to ‘‘all of the ABC and XYZ companies’’ or to ‘‘the ABC federal credit union and credit card companies and the XYZ insurance brokerage company’’; (3) A general description of the types of eligibility information that may be used to make solicitations to the consumer; (4) That the consumer previously elected to limit the use of certain information to make solicitations to the consumer; (5) That the consumer’s election has expired or is about to expire; (6) That the consumer may elect to renew the consumer’s previous election; (7) If applicable, that the consumer’s election to renew will apply for the specified period of time stated in the notice and that the consumer will be allowed to renew the election once that period expires; and (8) A reasonable and simple method for the consumer to opt out. (c) Timing of the renewal notice. (1) In general. A renewal notice may be provided to the consumer either— (i) A reasonable period of time before the expiration of the opt-out period; or (ii) Any time after the expiration of the opt-out period but before solicitations that would have been prohibited by the expired opt-out are made to the consumer. (2) Combination with annual privacy notice. If you provide an annual privacy notice under the Gramm-Leach-Bliley Act, 15 U.S.C. 6801 et seq., providing a renewal notice with the last annual privacy notice provided to the consumer before expiration of the opt-out period is a reasonable period of time before expiration of the opt-out in all cases. (d) No effect on opt-out period. An opt-out period may not be shortened by sending a renewal notice to the consumer before expiration of the optout period, even if the consumer does not renew the opt out. § 717.28 Effective date, compliance date, and prospective application. (a) Effective date. This subpart is effective January 1, 2008. (b) Mandatory compliance date. Compliance with this subpart is required not later than October 1, 2008. (c) Prospective application. The provisions of this subpart shall not E:\FR\FM\07NOR2.SGM 07NOR2 Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations prohibit you from using eligibility information that you receive from an affiliate to make solicitations to a consumer if you receive such information prior to October 1, 2008. For purposes of this section, you are deemed to receive eligibility information when such information is placed into a common database and is accessible by you. 4. Appendixes A and B to part 717 are added and reserved, a new Appendix C to part 717 is added to read as follows: rwilkins on PROD1PC63 with RULES_2 Appendix C To Part 717—Model Forms for Opt-Out Notices a. Although use of the model forms is not required, use of the model forms in this Appendix (as applicable) complies with the requirement in section 624 of the Act for clear, conspicuous, and concise notices. b. Certain changes may be made to the language or format of the model forms without losing the protection from liability afforded by use of the model forms. These changes may not be so extensive as to affect the substance, clarity, or meaningful sequence of the language in the model forms. Persons making such extensive revisions will lose the safe harbor that this Appendix provides. Acceptable changes include, for example: 1. Rearranging the order of the references to ‘‘your income,’’ ‘‘your account history,’’ and ‘‘your credit score.’’ 2. Substituting other types of information for ‘‘income,’’ ‘‘account history,’’ or ‘‘credit score’’ for accuracy, such as ‘‘payment history,’’ ‘‘credit history,’’ ‘‘payoff status,’’ or ‘‘claims history.’’ 3. Substituting a clearer and more accurate description of the affiliates providing or covered by the notice for phrases such as ‘‘the [ABC] group of companies,’’ including without limitation a statement that the entity providing the notice recently purchased the consumer’s account. 4. Substituting other types of affiliates covered by the notice for ‘‘credit card,’’ ‘‘insurance brokerage,’’ or ‘‘securities brokerage’’ affiliates. 5. Omitting items that are not accurate or applicable. For example, if a person does not limit the duration of the opt-out period, the notice may omit information about the renewal notice. 6. Adding a statement informing consumers how much time they have to opt out before shared eligibility information may be used to make solicitations to them. 7. Adding a statement that the consumer may exercise the right to opt out at any time. 8. Adding the following statement, if accurate: ‘‘If you previously opted out, you do not need to do so again.’’ 9. Providing a place on the form for the consumer to fill in identifying information, such as his or her name and address: C–1 Model Form for Initial Opt-out Notice (Single-Affiliate Notice) C–2 Model Form for Initial Opt-out Notice (Joint Notice) C–3 Model Form for Renewal Notice (Single-Affiliate Notice) VerDate Aug<31>2005 16:20 Nov 06, 2007 Jkt 214001 C–4 Model Form for Renewal Notice (Joint Notice) C–5 Model Form for Voluntary ‘‘No Marketing’’ Notice C–1—Model Form for Initial Opt-out Notice (Single-Affiliate Notice)—[Your Choice To Limit Marketing]/[Marketing Opt-out] • [Name of Affiliate] is providing this notice. • [Optional: Federal law gives you the right to limit some but not all marketing from our affiliates. Federal law also requires us to give you this notice to tell you about your choice to limit marketing from our affiliates.] • You may limit our affiliates in the [ABC] group of companies, such as our [credit card, insurance brokerage, and securities brokerage] affiliates, from marketing their products or services to you based on your personal information that we collect and share with them. This information includes your [income], your [account history with us], and your [credit score]. • Your choice to limit marketing offers from our affiliates will apply [until you tell us to change your choice]/[for x years from when you tell us your choice]/[for at least 5 years from when you tell us your choice]. [Include if the opt-out period expires.] Once that period expires, you will receive a renewal notice that will allow you to continue to limit marketing offers from our affiliates for [another x years]/[at least another 5 years]. • [Include, if applicable, in a subsequent notice, including an annual notice, for consumers who may have previously opted out.] If you have already made a choice to limit marketing offers from our affiliates, you do not need to act again until you receive the renewal notice. To limit marketing offers, contact us [include all that apply]: • By telephone: 1–877–###–#### • On the Web: www.---.com • By mail: Check the box and complete the form below, and send the form to: [Company name] [Company address] lDo not allow your affiliates to use my personal information to market to me. C–2—Model Form for Initial Opt-out Notice (Joint Notice)—[Your Choice To Limit Marketing]/[Marketing Opt-out] • The [ABC group of companies] is providing this notice. • [Optional: Federal law gives you the right to limit some but not all marketing from the [ABC] companies. Federal law also requires us to give you this notice to tell you about your choice to limit marketing from the [ABC] companies.] • You may limit the [ABC] companies, such as the [ABC credit card, insurance brokerage, and securities brokerage] affiliates, from marketing their products or services to you based on your personal information that they receive from other [ABC] companies. This information includes your [income], your [account history], and your [credit score]. • Your choice to limit marketing offers from the [ABC] companies will apply [until you tell us to change your choice]/[for x years PO 00000 Frm 00081 Fmt 4701 Sfmt 4700 62989 from when you tell us your choice]/[for at least 5 years from when you tell us your choice]. [Include if the opt-out period expires.] Once that period expires, you will receive a renewal notice that will allow you to continue to limit marketing offers from the [ABC] companies for [another x years]/[at least another 5 years]. • [Include, if applicable, in a subsequent notice, including an annual notice, for consumers who may have previously opted out.] If you have already made a choice to limit marketing offers from the [ABC] companies, you do not need to act again until you receive the renewal notice. To limit marketing offers, contact us [include all that apply]: • By telephone: 1–877–###–#### • On the Web: www.---.com • By mail: Check the box and complete the form below, and send the form to: [Company name] [Company address] lDo not allow any company [in the ABC group of companies] to use my personal information to market to me. C–3—Model Form for Renewal Notice (Single-Affiliate Notice)—[Renewing Your Choice To Limit Marketing]/[Renewing Your Marketing Opt-out] • [Name of Affiliate] is providing this notice. • [Optional: Federal law gives you the right to limit some but not all marketing from our affiliates. Federal law also requires us to give you this notice to tell you about your choice to limit marketing from our affiliates.] • You previously chose to limit our affiliates in the [ABC] group of companies, such as our [credit card, insurance brokerage, and securities brokerage] affiliates, from marketing their products or services to you based on your personal information that we share with them. This information includes your [income], your [account history with us], and your [credit score]. • Your choice has expired or is about to expire. To renew your choice to limit marketing for [x] more years, contact us [include all that apply]: • By telephone: 1–877–###–#### • On the Web: www.---.com • By mail: Check the box and complete the form below, and send the form to: [Company name] [Company address] lRenew my choice to limit marketing for [x] more years. C–4—Model Form for Renewal Notice (Joint Notice)—[Renewing Your Choice To Limit Marketing]/[Renewing Your Marketing Optout] • The [ABC group of companies] is providing this notice. • [Optional: Federal law gives you the right to limit some but not all marketing from the [ABC] companies. Federal law also requires us to give you this notice to tell you about your choice to limit marketing from the [ABC] companies.] • You previously chose to limit the [ABC] companies, such as the [ABC credit card, insurance brokerage, and securities E:\FR\FM\07NOR2.SGM 07NOR2 62990 Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / Rules and Regulations brokerage] affiliates, from marketing their products or services to you based on your personal information that they receive from other ABC companies. This information includes your [income], your [account history], and your [credit score]. • Your choice has expired or is about to expire. To renew your choice to limit marketing for [x] more years, contact us [include all that apply]: • By telephone: 1–877–###–#### • On the Web: www.---.com • By mail: Check the box and complete the form below, and send the form to: [Company name] [Company address] lRenew my choice to limit marketing for [x] more years. rwilkins on PROD1PC63 with RULES_2 C–5—Model Form for Voluntary ‘‘No Marketing’’ Notice—Your Choice To Stop Marketing • [Name of Affiliate] is providing this notice. VerDate Aug<31>2005 16:20 Nov 06, 2007 Jkt 214001 • You may choose to stop all marketing from us and our affiliates. To stop all marketing, contact us [include all that apply]: • By telephone: 1–877–###–#### • On the Web: www.---.com • By mail: Check the box and complete the form below, and send the form to: [Company name] [Company address] lDo not market to me. Dated: October 12, 2007. John C. Dugan, Comptroller of the Currency. By order of the Board of Governors of the Federal Reserve System, October 23, 2007. Jennifer J. Johnson, Secretary of the Board. By order of the Board of Directors, Dated at Washington, DC., this 16th day of October, 2007. PO 00000 Frm 00082 Fmt 4701 Sfmt 4700 FEDERAL DEPOSIT INSURANCE CORPORATION Robert E. Feldman, Executive Secretary. Dated: September 27, 2007. By the Office of Thrift Supervision, John M. Reich, Director. By order of the National Credit Union Administration Board, October 15, 2007. Mary F. Rupp, Secretary of the Board. [FR Doc. 07–5349 Filed 11–6–07; 8:45 am] BILLING CODE 4810–33–P; 6210–01–P; 6714–01–P; 6720–01–P; 7535–01–P E:\FR\FM\07NOR2.SGM 07NOR2

Agencies

[Federal Register Volume 72, Number 215 (Wednesday, November 7, 2007)]
[Rules and Regulations]
[Pages 62910-62990]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: 07-5349]



[[Page 62909]]

  
  
  
  
  
  
-----------------------------------------------------------------------


Part II

Department of the Treasury



Office of the Comptroller of the Currency



12 CFR Part 41



Federal Reserve System

12 CFR Part 222



Federal Deposit Insurance Corporation

12 CFR Part 334



Department of the Treasury



Office of Thrift Supervision

12 CFR Part 571



National Credit Union Administration

12 CFR Part 717



Fair Credit Reporting Affiliate Marketing Regulations; Final Rule

Federal Register / Vol. 72, No. 215 / Wednesday, November 7, 2007 / 
Rules and Regulations

[[Page 62910]]


-----------------------------------------------------------------------

DEPARTMENT OF THE TREASURY

Office of the Comptroller of the Currency

12 CFR Part 41

[Docket ID. OCC-2007-0010]
RIN 1557-AC88

FEDERAL RESERVE SYSTEM

12 CFR Part 222

[Regulation V; Docket No. R-1203]

FEDERAL DEPOSIT INSURANCE CORPORATION

12 CFR Part 334

RIN 3064-AC83

DEPARTMENT OF THE TREASURY

Office of Thrift Supervision

12 CFR Part 571

[Docket ID. OTS-2007-0020]
RIN 1550-AB90

NATIONAL CREDIT UNION ADMINISTRATION

12 CFR Part 717


Fair Credit Reporting Affiliate Marketing Regulations

AGENCIES: Office of the Comptroller of the Currency, Treasury (OCC); 
Board of Governors of the Federal Reserve System (Board); Federal 
Deposit Insurance Corporation (FDIC); Office of Thrift Supervision, 
Treasury (OTS); and National Credit Union Administration (NCUA).

ACTION: Final rules.

-----------------------------------------------------------------------

SUMMARY: The OCC, Board, FDIC, OTS, and NCUA (Agencies) are publishing 
final rules to implement the affiliate marketing provisions in section 
214 of the Fair and Accurate Credit Transactions Act of 2003, which 
amends the Fair Credit Reporting Act. The final rules generally 
prohibit a person from using information received from an affiliate to 
make a solicitation for marketing purposes to a consumer, unless the 
consumer is given notice and a reasonable opportunity and a reasonable 
and simple method to opt out of the making of such solicitations.

DATES: Effective Date: These rules are effective January 1, 2008.
    Mandatory Compliance Date: October 1, 2008.

FOR FURTHER INFORMATION CONTACT: OCC: Amy Friend, Assistant Chief 
Counsel, (202) 874-5200; Michael Bylsma, Director, or Stephen Van 
Meter, Assistant Director, Community and Consumer Law, (202) 874-5750; 
or Patrick T. Tierney, Senior Attorney, Legislative and Regulatory 
Activities Division, (202) 874-5090, Office of the Comptroller of the 
Currency, 250 E Street, SW., Washington, DC 20219.
    Board: David A. Stein, Counsel; Ky Tran-Trong, Counsel; or Amy E. 
Burke, Attorney, Division of Consumer and Community Affairs, (202) 452-
3667 or (202) 452-2412; or Kara Handzlik, Attorney, Legal Division, 
(202) 452-3852, Board of Governors of the Federal Reserve System, 20th 
and C Streets, NW., Washington, DC 20551. For users of a 
Telecommunications Device for the Deaf (TDD) only, contact (202) 263-
4869.
    FDIC: Ruth R. Amberg, Senior Counsel, (202) 898-3736, or Richard M. 
Schwartz, Counsel, Legal Division, (202) 898-7424; April Breslaw, 
Chief, Compliance Section, (202) 898-6609; David P. Lafleur, Policy 
Analyst, Division of Supervision and Consumer Protection, (202) 898-
6569, Federal Deposit Insurance Corporation, 550 17th Street, NW., 
Washington, DC 20429.
    OTS: Suzanne McQueen, Consumer Regulations Analyst, Compliance and 
Consumer Protection Division, (202) 906-6459; or Richard Bennett, 
Senior Compliance Counsel, (202) 906-7409, Office of Thrift 
Supervision, 1700 G Street, NW., Washington, DC 20552.
    NCUA: Linda Dent, Staff Attorney, Office of General Counsel, (703) 
518-6540, National Credit Union Administration, 1775 Duke Street, 
Alexandria, VA 22314-3428.

SUPPLEMENTARY INFORMATION:

I. Background

The Fair Credit Reporting Act

    The Fair Credit Reporting Act (FCRA or Act), which was enacted in 
1970, sets standards for the collection, communication, and use of 
information bearing on a consumer's credit worthiness, credit standing, 
credit capacity, character, general reputation, personal 
characteristics, or mode of living. (15 U.S.C. 1681-1681x.) In 1996, 
the Consumer Credit Reporting Reform Act extensively amended the FCRA. 
(Pub. L. 104-208, 110 Stat. 3009.)
    The FCRA, as amended, provides that a person may communicate to an 
affiliate or a non-affiliated third party information solely as to 
transactions or experiences between the consumer and the person without 
becoming a consumer reporting agency.\1\ In addition, the communication 
of such transaction or experience information among affiliates will not 
result in any affiliate becoming a consumer reporting agency. See FCRA 
Sec. Sec.  603(d)(2)(A)(i) and (ii).
---------------------------------------------------------------------------

    \1\ The FCRA creates substantial obligations for a person that 
meets the definition of a ``consumer reporting agency'' in section 
603(f) of the statute.
---------------------------------------------------------------------------

    Section 603(d)(2)(A)(iii) of the FCRA provides that a person may 
communicate ``other'' information--that is, information that is not 
transaction or experience information--among its affiliates without 
becoming a consumer reporting agency if it is clearly and conspicuously 
disclosed to the consumer that such information may be communicated 
among affiliates and the consumer is given an opportunity, before the 
information is communicated, to ``opt out'' or direct that the 
information not be communicated among such affiliates, and the consumer 
has not opted out.

The Fair and Accurate Credit Transactions Act of 2003

    The President signed into law the Fair and Accurate Credit 
Transactions Act of 2003 (FACT Act) on December 4, 2003. (Pub. L. 108-
159, 117 Stat. 1952.) In general, the FACT Act amends the FCRA to 
enhance the ability of consumers to combat identity theft, increase the 
accuracy of consumer reports, restrict the use of medical information 
in credit eligibility determinations, and allow consumers to exercise 
greater control regarding the type and number of solicitations they 
receive.
    Section 214 of the FACT Act added a new section 624 to the FCRA. 
This provision gives consumers the right to restrict a person from 
using certain information obtained from an affiliate to make 
solicitations to that consumer. Section 624 generally provides that if 
a person receives certain consumer eligibility information from an 
affiliate, the person may not use that information to make 
solicitations to the consumer about its products or services, unless 
the consumer is given notice and an opportunity and a simple method to 
opt out of such use of the information, and the consumer does not opt 
out. The statute also provides that section 624 does not apply, for 
example, to a person using eligibility information: (1) To make 
solicitations to a consumer with whom the person has a pre-existing 
business relationship; (2) to perform services for another affiliate 
subject to certain conditions; (3) in response to a communication 
initiated by the

[[Page 62911]]

consumer; or (4) to make a solicitation that has been authorized or 
requested by the consumer. Unlike the FCRA affiliate sharing opt-out 
and the Gramm-Leach-Bliley Act (GLBA) non-affiliate sharing opt-out, 
which apply indefinitely, section 624 provides that a consumer's 
affiliate marketing opt-out election must be effective for a period of 
at least five years. Upon expiration of the opt-out period, the 
consumer must be given a renewal notice and an opportunity to renew the 
opt-out before information received from an affiliate may be used to 
make solicitations to the consumer.
    Section 624 governs the use of information by an affiliate, not the 
sharing of information among affiliates, and thus is distinct from the 
affiliate sharing opt-out under section 603(d)(2)(A)(iii) of the FCRA. 
Nevertheless, the affiliate marketing and affiliate sharing opt-outs 
and the information subject to the two opt-outs overlap to some extent. 
As noted above, the FCRA allows transaction or experience information 
to be shared among affiliates without giving the consumer notice and an 
opportunity to opt out, but provides that ``other'' information, such 
as information from credit reports and credit applications, may not be 
shared among affiliates without giving the consumer notice and an 
opportunity to opt out. The new affiliate marketing opt-out applies to 
both transaction or experience information and ``other'' information. 
Thus, certain information will be subject to two opt-outs, a sharing 
opt-out and a marketing use opt-out.
    Section 214(b) of the FACT Act requires the Agencies, the Federal 
Trade Commission (FTC), and the Securities and Exchange Commission 
(SEC) to prescribe regulations, in consultation and coordination with 
each other, to implement the FCRA's affiliate marketing opt-out 
provisions. In adopting regulations, each Agency must ensure that the 
affiliate marketing notification methods provide a simple means for 
consumers to make choices under section 624, consider the affiliate 
sharing notification practices employed on the date of enactment by 
persons subject to section 624, and ensure that notices may be 
coordinated and consolidated with other notices required by law.

II. The Interagency Proposal

    On July 15, 2004, the Agencies published a notice of proposed 
rulemaking in the Federal Register (69 FR 42502) to implement section 
214 of the FACT Act.\2\ The proposal defined the key terms ``pre-
existing business relationship'' and ``solicitation'' essentially as 
defined in the statute. The Agencies did not propose to include 
additional circumstances within the meaning of ``pre-existing business 
relationship'' or other types of communications within the meaning of 
``solicitation.''
---------------------------------------------------------------------------

    \2\ The FTC published its proposed affiliate marketing rule in 
the Federal Register on June 15, 2004 (69 FR 33324). The SEC 
published its proposed affiliate marketing rule in the Federal 
Register on July 14, 2004 (69 FR 42301).
---------------------------------------------------------------------------

    To address the scope of the affiliate marketing opt-out, the 
proposal defined ``eligibility information'' to mean any information 
the communication of which would be a ``consumer report'' if the 
statutory exclusions from the definition of ``consumer report'' in 
section 603(d)(2)(A) of the FCRA for transaction or experience 
information and for ``other'' information that is subject to the 
affiliate-sharing opt-out did not apply. The Agencies substituted the 
term ``eligibility information'' for the more complicated statutory 
language regarding the communication of information that would be a 
consumer report, but for clauses (i), (ii), and (iii) of section 
603(d)(2)(A) of the FCRA.\3\ In addition, the proposal incorporated 
each of the scope limitations contained in the statute, such as the 
pre-existing business relationship exception.
---------------------------------------------------------------------------

    \3\ Under section 603(d)(1) of the FCRA, a ``consumer report'' 
means any written, oral, or other communication of any information 
by a consumer reporting agency bearing on a consumer's credit 
worthiness, credit standing, credit capacity, character, general 
reputation, personal characteristics, or mode of living which is 
used or expected to be used or collected in whole or in part for the 
purpose of serving as a factor in establishing the consumer's 
eligibility for credit or insurance to be used primarily for 
personal, family, or household purposes, employment purposes, or any 
other purpose authorized in section 604 of the FCRA. 15 U.S.C. 
1681a(d).
---------------------------------------------------------------------------

    Section 624 does not state which affiliate must give the consumer 
the affiliate marketing opt-out notice. The proposal provided that the 
person communicating information about a consumer to its affiliate 
would be responsible for satisfying the notice requirement, if 
applicable. A rule of construction provided flexibility to allow the 
notice to be given by the person that communicates information to its 
affiliate, by the person's agent, or through a joint notice with one or 
more other affiliates. The Agencies designed this approach to provide 
flexibility and to facilitate the use of a single coordinated notice, 
while taking into account existing affiliate sharing notification 
practices. At the same time, the approach sought to ensure that the 
notice would be effective because it generally would be provided by or 
on behalf of an entity from which the consumer would expect to receive 
important notices, and would not be provided along with solicitations.
    The proposal also provided guidance on the contents of the opt-out 
notice, what constitutes a reasonable opportunity to opt out, 
reasonable and simple methods of opting out, and the delivery of opt-
out notices. Finally, the proposal provided guidance on the effect of 
the limited duration of the opt-out and the requirement to provide an 
extension notice upon expiration of the opt-out period.

III. Overview of Comments Received

    Each agency received the following number of comment letters: OCC--
30, Board--42, FDIC--29, OTS--20, NCUA--18. Many commenters sent copies 
of the same letter to more than one Agency. The Agencies received 
comments from a variety of banks, thrifts, credit unions, credit card 
companies, mortgage lenders, other non-bank creditors, and industry 
trade associations. The Agencies also received comments from consumer 
groups, the National Association of Attorneys General (``NAAG''), and 
individual consumers. In addition, the Agencies considered comments 
submitted to the FTC and the SEC.
    Most industry commenters objected to several key aspects of the 
proposal. The most significant areas of concern raised by industry 
commenters related to which affiliate would be responsible for 
providing the notice, the scope of certain exceptions to the notice and 
opt-out requirement, and the content or the inclusion of definitions 
for terms such as ``clear and conspicuous'' and ``pre-existing business 
relationship.'' Consumer groups and NAAG generally supported the 
proposal, although these commenters believed that the proposal could be 
strengthened in certain respects. A more detailed discussion of the 
comments is contained in the Section-by-Section Analysis below.

IV. Section-by-Section Analysis

Section --.1 Purpose, Scope, and Effective Dates

    Section --.1 of the proposal set forth the purpose and scope of 
each Agency's regulations. The Agencies received few comments on this 
section. Some of the Agencies have revised this section in the final 
rules for clarity and to reflect the fact that the institutions subject 
to the FCRA regulation will vary in different subparts of the Agencies' 
FCRA rules. The coverage provision for

[[Page 62912]]

each Agency's affiliate marketing rule is set forth in Subpart C, Sec.  
--.20(a).

Section --.2 Examples

    Proposed Sec.  ----.2 described the scope and effect of the 
examples included in the proposed rule. Most commenters supported the 
proposed use of non-exclusive examples to illustrate the operation of 
the rules. One commenter, concerned that the use of examples would 
increase the risk of litigation, urged the Agencies to delete all 
examples.
    The Agencies adopted Sec.  --.2 as part of the final medical 
information rules. See 70 FR 70664 (Nov. 22, 2005). The comments 
received in this rulemaking do not warrant any revisions to Sec.  --.2. 
The Agencies do not believe the use of illustrative examples will 
materially increase the risk of litigation, but rather will provide 
useful guidance for compliance purposes, which may alleviate litigation 
risks for institutions. Therefore, it is unnecessary to re-publish 
Sec.  --.2 in these final rules.
    As Sec.  --.2 states, examples in a paragraph illustrate only the 
issue described in the paragraph and do not illustrate any other issue 
that may arise in the part. Similarly, the examples do not illustrate 
any issues that may arise under other laws or regulations.\4\
---------------------------------------------------------------------------

    \4\ NCUA has modified examples in its final rule text where the 
original example referenced products or services impermissible for 
federal credit unions.
---------------------------------------------------------------------------

Section --.3 Definitions

    Section --.3 of the proposal contained definitions for the 
following terms: ``Act,'' ``affiliate'' (as well as the related terms 
``company'' and ``control''); ``clear and conspicuous''; ``consumer''; 
``eligibility information''; ``person''; ``pre-existing business 
relationship''; ``solicitation''; and, except for the OCC's proposal, 
``you.''
    The Agencies have previously defined the terms ``Act,'' 
``affiliate,'' ``company,'' ``consumer,'' and ``person,'' along with a 
definition of ``common ownership or common corporate control'' as a 
substitute for the definition of ``control,'' as part of the final 
medical information rules. See 70 FR 70664 (Nov. 22, 2005). Those 
definitions that elicited comment are discussed below. However, it is 
unnecessary to re-publish Sec.  --.3 in these final rules because the 
Agencies have not revised these definitions.
    The Agencies have moved the definitions of ``clear and 
conspicuous,'' ``eligibility information,'' ``pre-existing business 
relationship,'' ``solicitation,'' and ``you'' or ``bank'' to Subpart C, 
Sec.  --.20(b). Three of these terms relate solely to the affiliate 
marketing provisions and, thus, are more appropriately defined in 
Subpart C. For the reasons discussed below, the Agencies also believe 
that it is more appropriate to define ``clear and conspicuous'' for the 
limited purpose of the affiliate marketing rules. Each of these 
definitions is discussed in detail below.
Affiliate, Common Ownership or Common Corporate Control, and Company
    Several FCRA provisions apply to information sharing with persons 
``related by common ownership or affiliated by corporate control,'' 
``related by common ownership or affiliated by common corporate 
control,'' or ``affiliated by common ownership or common corporate 
control.'' E.g., FCRA, sections 603(d)(2), 615(b)(2), and 625(b)(2). 
Each of these provisions was enacted as part of the 1996 amendments to 
the FCRA. Similarly, section 2 of the FACT Act defines the term 
``affiliate'' to mean ``persons that are related by common ownership or 
affiliated by corporate control.'' In contrast, the GLBA defines 
``affiliate'' to mean ``any company that controls, is controlled by, or 
is under common control with another company.'' See 15 U.S.C. 6809(6).
    In the proposal, the Agencies sought to harmonize the various FCRA 
and FACT Act formulations by defining ``affiliate'' to mean ``any 
person that is related by common ownership or common corporate control 
with another person.'' Industry commenters generally supported the 
Agencies' goal of harmonizing the various FCRA definitions of 
``affiliate'' for consistency. Many of these commenters, however, 
believed that the most effective way to do this was for the Agencies to 
incorporate into the FCRA the definition of ``affiliate'' used in the 
GLBA privacy regulations. In addition, a few industry commenters urged 
the Agencies to incorporate into the definition of ``affiliate'' 
certain concepts from California's Financial Information Privacy Act so 
as to exempt certain classes of corporate affiliates from the 
restrictions on affiliate sharing or marketing.\5\
---------------------------------------------------------------------------

    \5\ These commenters noted that the California law places no 
restriction on information sharing among affiliates if they: (1) Are 
regulated by the same or similar functional regulators; (2) are 
involved in the same broad line of business, such as banking, 
insurance, or securities; and (3) share a common brand identity.
---------------------------------------------------------------------------

    In the final medical information rules, the Agencies defined the 
term ``affiliate'' to mean a company that is related by common 
ownership or common corporate control with another company. See 70 FR 
70,664 (Nov. 22, 2005).\6\ The Agencies substituted the term 
``company'' for ``person'' in the definition because they did not 
believe that certain types of persons, such as individuals, could be 
related by common ownership or common corporate control.
---------------------------------------------------------------------------

    \6\ For purposes of the regulation, an ``affiliate'' includes an 
operating subsidiary of a bank or savings association, and a credit 
union service organization that is controlled by a federal credit 
union.
---------------------------------------------------------------------------

    The Agencies do not believe there is a substantive difference 
between the FACT Act definition of ``affiliate'' and the definition of 
``affiliate'' in section 509 of the GLBA. The Agencies are not aware of 
any circumstances in which two entities would be affiliates for 
purposes of the FCRA but not for purposes of the GLBA privacy rules, or 
vice versa. Also, even though affiliated entities have had to comply 
with different FCRA and GLBA formulations of the ``affiliate'' 
definition since 1999, commenters did not identify any specific 
compliance difficulties or uncertainty resulting from the fact that the 
two statutes use somewhat different wording to describe what 
constitutes an affiliate.
    As explained in the supplementary information to the final medical 
information rules, the Agencies declined to incorporate into the 
definition of ``affiliate'' exceptions for entities regulated by the 
same or similar functional regulators, entities in the same line of 
business, or entities that share a common brand or identity. See 70 FR 
70,665 (Nov. 22, 2005). These exceptions were incorporated into the 
California Financial Information Privacy Act in August 2003.\7\ 
Congress, however, did not incorporate these exceptions from California 
law into the definition of ``affiliate'' when it enacted the FACT Act 
at the end of 2003. Accordingly, the Agencies believe that the approach 
followed in the final medical information rules best effectuates the 
intent of Congress.
---------------------------------------------------------------------------

    \7\ See Cal. Financial Code Sec.  4053(c).
---------------------------------------------------------------------------

    Under the GLBA privacy rules, the definition of ``control'' 
determines whether two or more entities meet the definition of 
``affiliate.'' \8\ The Agencies included the same definition of 
``control'' in the proposal and received no comments on the proposed 
definition. The Agencies interpret the phrase ``related by common 
ownership or common corporate control'' used in the FACT Act to have 
the same meaning

[[Page 62913]]

as ``control'' in the GLBA privacy rules. For example, if an individual 
owns 25 percent of two companies, the companies would be affiliates 
under both the GLBA and FCRA definitions. However, the individual would 
not be considered an affiliate of the companies because the definition 
of ``affiliate'' is limited to companies. For purposes of clarity, the 
final medical information rules defined the term ``control'' to mean 
``common ownership or common corporate control'' in order to track more 
closely the terminology used in the FACT Act. See 70 FR 70,664 (Nov. 
22, 2005).\9\
---------------------------------------------------------------------------

    \8\ See 12 CFR 40.3(g), 216.3(g), 332.3(g), 573.3(g), and 
716(g).
    \9\ For purposes of the regulation, NCUA presumes that a federal 
credit union has a controlling influence over the management or 
policies of a credit union service organization if it is 67 percent 
owned by credit unions.
---------------------------------------------------------------------------

    The proposal also defined the term ``company'' to mean any 
corporation, limited liability company, business trust, general or 
limited partnership, association, or similar organization. The proposed 
definition of ``company'' excluded some entities that are ``persons'' 
under the FCRA, including estates, cooperatives, and governments or 
governmental subdivisions or agencies, as well as individuals. The 
Agencies received no comments on the proposed definition of 
``company,'' which was adopted in the final medical information rules.
    The Agencies adopted definitions of ``affiliate,'' ``common 
ownership and common corporate control,'' and ``company'' in the final 
FCRA medical information rules. See 70 FR 70,664 (Nov. 22, 2005). It is 
unnecessary to re-publish those definitions in these rules.
Consumer
    Proposed paragraph (e) defined the term ``consumer'' to mean an 
individual. This definition is identical to the definition of 
``consumer'' in section 603(c) of the FCRA.
    Several commenters asked the Agencies to narrow the proposed 
definition to apply only to individuals who obtain financial products 
or services primarily for personal, family, or household purposes, in 
part to achieve consistency with the definition of ``consumer'' in the 
GLBA. The FCRA's definition of ``consumer,'' however, differs from, and 
is broader than, the definition of that term in the GLBA. The Agencies 
believe that the use of distinct definitions of ``consumer'' in the two 
statutes reflects differences in the scope and objectives of each 
statute. Therefore, the Agencies adopted the FCRA's statutory 
definition of ``consumer'' in the final medical information rules. See 
70 FR 70,664 (Nov. 22, 2005). It is unnecessary to re-publish the 
definition in these rules. For purposes of this definition, an 
individual acting through a legal representative would qualify as a 
consumer.
Person
    Proposed paragraph (l) defined the term ``person'' to mean any 
individual, partnership, corporation, trust, estate, cooperative, 
association, government or governmental subdivision or agency, or other 
entity. This definition is identical to the definition of ``person'' in 
section 603(b) of the FCRA.
    One commenter requested clarification of how the proposed 
definition of ``person'' would affect other provisions of the affiliate 
marketing rules. Specifically, this commenter asked how the 
supplementary information's discussion of agents might affect the scope 
provisions of the rule.
    The supplementary information to the proposal stated that a person 
may act through an agent, including but not limited to a licensed agent 
(in the case of an insurance company) or a trustee. The supplementary 
information also provided that actions taken by an agent on behalf of a 
person that are within the scope of the agency relationship would be 
treated as actions of that person. The Agencies included these 
statements to address comprehensively the status of agents and to 
eliminate the need to refer specifically to licensed agents in the 
proposed definition of ``pre-existing business relationship.'' As 
discussed below, many commenters believed that licensed agents should 
be expressly included in the definition of ``pre-existing business 
relationship.'' The Agencies have revised the final rules in response 
to those comments. By specifically addressing licensed agents, the 
final rules do not alter the general principles of principal-agent 
relationships that apply to all agents, not just licensed agents. The 
Agencies will treat actions taken by an agent on behalf of a person 
that are within the scope of the agency relationship as actions of that 
person, regardless of whether the agent is a licensed agent or not.
    The Agencies adopted the FCRA's statutory definition of ``person'' 
in the final medical information rules. See 70 FR 70664 (Nov. 22, 
2005). Therefore, it is unnecessary to re-publish the definition in 
these rules.

Section --.20 Coverage and definitions

Coverage
    Section --.20(a) of the final rules identifies the persons covered 
by Subpart C of each Agency's rule. Section --.20(a) thus describes the 
scope of each Agency's rule.
Definitions
    Section --.20(b) of the final rules contains the definitions of six 
terms for purposes of Subpart C.
Clear and Conspicuous
    Proposed Sec.  --.3(c) defined the term ``clear and conspicuous'' 
to mean reasonably understandable and designed to call attention to the 
nature and significance of the information presented. Under this 
definition, institutions would retain flexibility in determining how 
best to meet the clear and conspicuous standard. The supplementary 
information to the proposal provided guidance regarding a number of 
practices that institutions might wish to consider in making their 
notices clear and conspicuous. These practices were derived largely 
from guidance included in the GLBA privacy rules.
    Industry commenters urged the Agencies not to define ``clear and 
conspicuous'' in the final rules. The principal objection these 
commenters raised was that this definition would significantly increase 
the risk of litigation and civil liability. Although these commenters 
recognized that the proposed definition was derived from the GLBA 
privacy regulations, they noted that compliance with the GLBA privacy 
regulations is enforced exclusively through administrative action, not 
through private litigation. These commenters also stated that the Board 
had withdrawn a similar proposal to define ``clear and conspicuous'' 
for purposes of Regulations B, E, M, Z, and DD, in part because of 
concerns about civil liability. Some industry commenters believed that 
it was not necessary to define the term in order for consumers to 
receive clear and conspicuous disclosures based on industry's 
experience in providing clear and conspicuous affiliate sharing opt-out 
notices. Consumer groups believed that incorporation of the standard 
and examples from the GLBA privacy regulations was not adequate because 
they did not believe that the existing standard has proven sufficient 
to ensure effective privacy notices.
    In the final rules, the Agencies have relocated the definition of 
``clear and conspicuous'' to Sec.  --.20(b)(1) in order to limit its 
applicability to the affiliate

[[Page 62914]]

marketing opt-out notice and renewal notice. Except for certain non-
substantive changes made for purposes of clarity, the definition of 
``clear and conspicuous'' is the same as in the proposal and is 
substantively the same as the definition used in the GLBA privacy 
rules. The Agencies believe that the clear and conspicuous standard for 
the affiliate marketing opt-out notices should be substantially similar 
to the standard that applies to GLBA privacy notices because the 
affiliate marketing opt-out notice may be provided on or with the GLBA 
privacy notice.
    In defining ``clear and conspicuous,'' the Agencies believe it is 
more appropriate to focus on the affiliate marketing opt-out notices 
that are the subject of this rulemaking, rather than adopting a 
generally applicable definition governing all consumer disclosures 
under the FCRA. This approach gives the Agencies the flexibility to 
refine or clarify the clear and conspicuous requirement for different 
disclosures, if necessary. In addition, this approach is consistent 
with the approach the Board indicated it would take when it withdrew 
its proposed clear and conspicuous rules. The Board noted that it 
intended ``to focus on individual disclosures and to consider ways to 
make specific improvements to the effectiveness of each disclosure.'' 
See 69 FR 35541, 35543 (June 25, 2004).
    The statute directs the Agencies to provide specific guidance 
regarding how to comply with the clear and conspicuous standard. See 15 
U.S.C. 1681s-3(a)(2)(B). For that reason, the Agencies do not agree 
with commenters that requested the elimination of the definition of 
``clear and conspicuous'' and related guidance. Rather, the Agencies 
believe it is necessary to define ``clear and conspicuous'' in the 
final rules and provide specific guidance for how to satisfy that 
standard in connection with this notice.
    Accordingly, the final rules contain two types of specific guidance 
on satisfying the requirement to provide a clear and conspicuous opt-
out notice. First, as in the proposal, the supplementary information to 
the final rules describes certain techniques that may be used to make 
notices clear and conspicuous. These techniques are described below. 
Second, the Agencies have adopted model forms that may, but are not 
required to, be used to facilitate compliance with the affiliate 
marketing notice requirements. The requirement for clear and 
conspicuous notices would be satisfied by the appropriate use of one of 
the model forms.
    As noted in the supplementary information to the proposal, 
institutions may wish to consider a number of methods to make their 
notices clear and conspicuous. The various methods described below for 
making a notice clear and conspicuous are suggestions that institutions 
may wish to consider in designing their notices. Use of any of these 
methods alone or in combination is voluntary. Institutions are not 
required to use any particular method or combination of methods to make 
their disclosures clear and conspicuous. Rather, the particular facts 
and circumstances will determine whether a disclosure is clear and 
conspicuous.
    A notice or disclosure may be made reasonably understandable 
through various methods that include: Using clear and concise 
sentences, paragraphs, and sections; using short explanatory sentences; 
using bullet lists; using definite, concrete, everyday words; using 
active voice; avoiding multiple negatives; avoiding legal and highly 
technical business terminology; and avoiding explanations that are 
imprecise and are readily subject to different interpretations. In 
addition, a notice or disclosure may be designed to call attention to 
the nature and significance of the information in it through various 
methods that include: Using a plain-language heading; using a typeface 
and type size that are easy to read; using wide margins and ample line 
spacing; and using boldface or italics for key words. Further, 
institutions that provide the notice on a Web page may use text or 
visual cues to encourage scrolling down the page, if necessary, to view 
the entire notice and may take steps to ensure that other elements on 
the Web site (such as text, graphics, hyperlinks, or sound) do not 
distract attention from the notice. When a notice or disclosure is 
combined with other information, methods for designing the notice or 
disclosure to call attention to the nature and significance of the 
information in it may include using distinctive type sizes, styles, 
fonts, paragraphs, headings, graphic devices, and appropriate groupings 
of information. However, there is no need to use distinctive features, 
such as distinctive type sizes, styles, or fonts, to differentiate an 
affiliate marketing opt-out notice from other components of a required 
disclosure, for example, where a GLBA privacy notice combines several 
opt-out disclosures in a single notice. Moreover, nothing in the clear 
and conspicuous standard requires segregation of the affiliate 
marketing opt-out notice when it is combined with a GLBA privacy notice 
or other required disclosures.
    The Agencies recognize that it will not be feasible or appropriate 
to incorporate all of the methods described above all the time. The 
Agencies recommend, but do not require, that institutions consider the 
methods described above in designing their opt-out notices. The 
Agencies also encourage the use of consumer or other readability 
testing to devise notices that are understandable to consumers.
    Finally, although the Agencies understand the concerns of some 
industry commenters about the potential for civil liability, the 
Agencies believe that these concerns are mitigated by the safe harbors 
afforded by the model forms in Appendix C. The Agencies note that the 
affiliate sharing opt-out notice under section 603(d)(2)(A)(iii) of the 
FCRA, which may be enforced through private rights of action, must be 
included in the GLBA privacy notice. Therefore, the affiliate sharing 
opt-out notice generally is disclosed in a manner consistent with the 
clear and conspicuous standard set forth in the GLBA privacy 
regulations. Commenters did not identify any litigation that has 
resulted from the requirement to provide a clear and conspicuous 
affiliate sharing opt-out notice. The Agencies believe that compliance 
with the examples and use of the model forms, although optional, should 
minimize the risk of litigation.
Concise
    Proposed Sec.  --.21(b) defined the term ``concise'' to mean a 
reasonably brief expression or statement. The proposal also provided 
that a notice required by Subpart C may be concise even if it is 
combined with other disclosures required or authorized by federal or 
state law. Such disclosures include, but are not limited to, a GLBA 
privacy notice, an affiliate-sharing notice under section 
603(d)(2)(A)(iii) of the FCRA, and other consumer disclosures. Finally, 
the proposal clarified that the requirement for a concise notice would 
be satisfied by the appropriate use of one of the model forms contained 
in proposed Appendix C to each Agency's FCRA rule, although use of the 
model forms is not required. The Agencies received no comments on the 
proposed definition of ``concise.'' The final rules renumber the 
definition of ``concise'' as Sec.  --.20(b)(2). The reference to the 
model forms has been moved to Appendix C, but otherwise the definition 
is adopted as proposed.

[[Page 62915]]

Eligibility Information
    Proposed Sec.  --.3(j) defined the term ``eligibility information'' 
to mean any information the communication of which would be a consumer 
report if the exclusions from the definition of ``consumer report'' in 
section 603(d)(2)(A) of the FCRA did not apply. As proposed, 
eligibility information would include a person's own transaction or 
experience information, such as information about a consumer's account 
history with that person, and ``other'' information under section 
603(d)(2)(A)(iii), such as information from consumer reports or 
applications.
    Most commenters generally supported the proposed definition of 
``eligibility information'' as an appropriate means of simplifying the 
statutory terminology without changing the scope of the information 
covered by the rule. A number of commenters requested that the Agencies 
clarify that certain types of information do not constitute eligibility 
information, such as name, address, telephone number, Social Security 
number, and other identifying information. One commenter requested the 
exclusion of publicly available information from the definition. 
Another commenter requested additional clarification regarding the term 
``transaction or experience information.'' A few commenters suggested 
that the Agencies include examples of what is and is not included 
within ``eligibility information.'' Finally, one commenter urged the 
Agencies to revise the definition to restate much of the statutory 
definition of ``consumer report'' to eliminate the need for cross-
references.
    The final rules renumber the definition of ``eligibility 
information'' as --.20(b)(3). The Agencies have revised the definition 
to clarify that the term ``eligibility information'' does not include 
aggregate or blind data that does not contain personal identifiers. 
Examples of personal identifiers include account numbers, names, or 
addresses, as indicated in the definition, as well as Social Security 
numbers, driver's license numbers, telephone numbers, or other types of 
information that, depending on the circumstances or when used in 
combination, could identify the individual.
    The Agencies also believe that further clarification of, or 
exclusions from, the term ``eligibility information,'' such as the 
categorical exclusion of names, addresses, telephone numbers, other 
identifying information, or publicly available information, would 
directly implicate the definitions of ``consumer report'' and 
``consumer reporting agency'' in sections 603(d) and (f), respectively, 
of the FCRA. The Agencies decided not to define the terms ``consumer 
report'' and ``consumer reporting agency'' in this rulemaking and not 
to interpret the meaning of terms used in those definitions, such as 
``transaction or experience'' information. The Agencies anticipate 
addressing the definitions of ``consumer report'' and ``consumer 
reporting agency'' in a separate rulemaking after the required FACT Act 
rules have been completed. The Agencies also note that financial 
institutions have relied on these statutory definitions for many years.
Pre-Existing Business Relationship
    Proposed Sec.  --.3(m) defined the term ``pre-existing business 
relationship'' to mean a relationship between a person and a consumer 
based on the following:
    (1) A financial contract between the person and the consumer that 
is in force;
    (2) The purchase, rental, or lease by the consumer of that person's 
goods or services, or a financial transaction (including holding an 
active account or a policy in force or having another continuing 
relationship) between the consumer and that person, during the 18-month 
period immediately preceding the date on which a solicitation covered 
by Subpart C is sent to the consumer; or
    (3) An inquiry or application by the consumer regarding a product 
or service offered by that person during the three-month period 
immediately preceding the date on which a solicitation covered by 
Subpart C is sent to the consumer.
    The proposed definition generally tracked the statutory definition 
contained in section 624 of the FCRA, with certain revisions for 
clarity. Although the statute gave the Agencies the authority to 
identify by regulation other circumstances that qualify as a pre-
existing business relationship, the Agencies did not propose to 
exercise this authority. In the final rules, the definition of ``pre-
existing business relationship'' has been renumbered as Sec.  
--.20(b)(4).
    Industry commenters suggested certain revisions to the proposed 
definition of ``pre-existing business relationship.'' Many industry 
commenters asked the Agencies to include in the definition statutory 
language relating to ``a person's licensed agent.'' A number of these 
commenters noted that this concept was particularly important to the 
insurance industry where independent, licensed agents frequently act as 
the main point of contact between the consumer and the insurance 
company.
    In the final rules, the phrase ``or a person's licensed agent'' has 
been added to the definition of ``pre-existing business relationship'' 
to track the statutory language. For example, assume that a person is a 
licensed agent for the affiliated ABC life, auto, and homeowners' 
insurance companies. A consumer purchases an ABC auto insurance policy 
through the licensed agent. The licensed agent may use eligibility 
information about the consumer obtained in connection with the ABC auto 
policy it sold to the consumer to market ABC life and homeowner's 
insurance policies to the consumer for the duration of the pre-existing 
business relationship without offering the consumer the opportunity to 
opt out of that use.
    Regarding the first basis for a pre-existing business relationship 
(a financial contract in force), several industry commenters asked the 
Agencies to clarify that a financial contract includes any in-force 
contract that relates to a financial product or service covered by 
title V of the GLBA. One commenter objected to the requirement that the 
contract be in force on the date of the solicitation. This commenter 
believed that the Agencies should interpret the statute to permit the 
exception to apply if a contract is in force at the time the affiliate 
uses the information, rather than when the solicitation is sent, noting 
that there may be a delay between the use and the solicitation.
    The Agencies have revised the first prong of the definition of 
``pre-existing business relationship'' to reflect the definition's 
relocation to Subpart C, but have otherwise adopted it as proposed. 
Although a comprehensive definition of the term ``financial contract'' 
has not been included in the final rules, the Agencies construe the 
statutory term ``financial contract'' at least to include a contract 
that relates to a consumer's purchase or lease of a financial product 
or service that a financial holding company could offer under section 
4(k) of the Bank Holding Company Act of 1956 (12 U.S.C. 1843(k)). In 
addition, a financial contract which is in force will, in virtually all 
instances, qualify as a ``financial transaction,'' as that term is used 
in the second prong of the definition of ``pre-existing business 
relationship.'' The Agencies do not agree with the suggestion that the 
financial contract should be in force on the date of use rather than on 
the date the solicitation is sent. The approach taken in the proposed 
and final rules is consistent with the approach used in the other two 
prongs of the statutory definition.

[[Page 62916]]

    Industry commenters also suggested certain clarifications to the 
second basis for a pre-existing business relationship--a purchase, 
rental, or lease by the consumer of the person's goods or services, or 
a financial transaction between the consumer and the person during the 
preceding 18 months. Several industry commenters noted that, 
notwithstanding the example in the proposal regarding a lapsed 
insurance policy, it was not clear from what point in time the 18-month 
period begins to run in the case of many purchase, rental, lease, or 
financial transactions. These commenters asked the Agencies to clarify 
that the 18-month period begins to run at the time all contractual 
responsibilities of either party under the purchase, rental, lease, or 
financial transaction expire. In addition, some commenters indicated 
that the term ``active account'' should be clarified to mean any 
account with outstanding contractual responsibilities on either side of 
an account relationship, regardless of whether specific transactions do 
or do not occur on that account.
    The Agencies have revised the second prong of the definition of 
``pre-existing business relationship'' to reflect the definition's 
relocation to Subpart C, but have otherwise adopted it as proposed. The 
Agencies decline to interpret the term ``active account'' as requested 
by some commenters. The Agencies note that section 603(r) of the FCRA 
defines the term ``account'' to have the same meaning as in section 903 
of the Electronic Fund Transfer Act (EFTA). Under the EFTA, the term 
``account'' means a demand deposit, savings deposit, or other asset 
account established primarily for personal, family, or household 
purposes. Some commenters, however, apparently believed that the term 
``active account'' included extensions of credit. Credit extensions 
presumably would qualify as ``another continuing relationship,'' as 
used in the definition of ``pre-existing business relationship.''
    More generally, however, even though a ``financial transaction'' 
would include in virtually all cases a financial contract which is in 
force, as noted above, the Agencies do not believe it is appropriate to 
state that the 18-month period begins to run when all outstanding 
contractual responsibilities of both parties expire, regardless of 
whether specific transactions occur. Such a clarification would not 
appropriately address circumstances such as charge-offs, bankruptcies, 
early terminations, or extended periods of credit inactivity that could 
trigger commencement of the 18 month period. In addition, some contract 
provisions, such as arbitration clauses and choice of law provisions, 
may continue to have legal effect after all contractual performance has 
ended. The Agencies do not believe that the continued effectiveness of 
such provisions should delay commencement of the 18-month period.
    Nevertheless, the Agencies believe that a few examples may provide 
useful guidance to facilitate compliance. For example, in the case of a 
closed-end mortgage or auto loan, the 18-month period generally would 
begin to run when the consumer pays off the outstanding balance on the 
loan. In a lease or rental transaction, the 18-month period generally 
would begin to run when the lease or rental agreement expires or is 
terminated by mutual agreement. In the case of general purpose credit 
cards that are issued with an expiration date, the 18-month period 
generally would begin to run when the consumer pays off the outstanding 
balance on the card and the card is either cancelled or expires without 
being renewed.
    Commenters also made certain suggestions regarding the third basis 
for a pre-existing business relationship--an inquiry or application by 
the consumer regarding a product or service offered by the person 
during the preceding three months. Consumer groups urged the Agencies 
to clarify that an inquiry must be made of the specific affiliate, 
rather than a general inquiry about a product or service. Industry 
commenters expressed concern about certain statements in the 
supplementary information that explained the meaning of an inquiry.
    The Agencies do not agree that an inquiry must be made of a 
specific affiliate. Many affiliated institutions use a central call 
center to handle consumer inquiries. The clarification urged by 
consumer groups could preclude the establishment of a pre-existing 
business relationship based on a consumer's call to a central call 
center about a specific product or service offered by an affiliate.
    In the supplementary information to the proposal, the Agencies 
noted that certain elements of the definition of ``pre-existing 
business relationship'' were substantially similar to the definition of 
``established business relationship'' under the amended Telemarketing 
Sales Rule (TSR) (16 CFR 310.2(n)). The TSR definition was informed by 
Congress's intent that the ``established business relationship'' 
exemption to the ``do not call'' provisions of the Telephone Consumer 
Protection Act (47 U.S.C. 227 et seq.) should be grounded on the 
reasonable expectations of the consumer.\10\ The Agencies observed that 
Congress's incorporation of similar language in the definition of 
``pre-existing business relationship'' \11\ suggested that it would be 
appropriate to consider the reasonable expectations of the consumer in 
determining the scope of this exception. Thus, the Agencies explained 
that, for purposes of this regulation, an inquiry would include any 
affirmative request by a consumer for information after which the 
consumer would reasonably expect to receive information from the 
affiliate about its products or services.\12\ Moreover, a consumer 
would not reasonably expect to receive information from the affiliate 
if the consumer did not request information or did not provide contact 
information to the affiliate.
---------------------------------------------------------------------------

    \10\ H.R. Rep. No. 102-317, at 14-15 (1991). See also 68 FR 
4,580, 4,591-94 (Jan. 29, 2003).
    \11\ 149 Cong. Rec. S13,980 (daily ed. Nov. 5, 2003) (statement 
of Senator Feinstein) (noting that the ``pre-existing business 
relationship'' definition ``is the same definition developed by the 
Federal Trade Commission in creating a national `Do Not Call' 
registry for telemarketers'').
    \12\ See 68 FR at 4,594.
---------------------------------------------------------------------------

    Industry commenters objected to the discussion in the supplementary 
information. Some of these commenters believed that looking to the 
reasonable expectations of the consumer would narrow the scope of the 
exception and impose on institutions a subjective standard that 
depended upon the consumer's state of mind. These commenters also 
maintained that the availability of the exception should not depend 
upon the consumer both requesting information and providing contact 
information to the affiliate. Some commenters noted that either 
requesting information or providing contact information should suffice 
to establish an expectation of receiving solicitations. Other 
commenters noted that consumers would not provide contact information 
if they believed that the affiliate would already have the consumer's 
contact information or would obtain it from the consumer's financial 
institution. Some commenters believed that the consumer should not have 
to make an affirmative request for information in order to have an 
inquiry. Commenters also expressed concern that the discussion in the 
supplementary information would require consumers to use specific words 
to trigger the exception.
    The Agencies have revised the third prong of the definition of 
``pre-existing business relationship'' to reflect the definition's 
relocation to Subpart C, but have otherwise adopted it as proposed. The 
Agencies continue to believe that it

[[Page 62917]]

is appropriate to consider what the consumer says in determining 
whether the consumer has made an inquiry about a product or service. It 
may not be necessary, however, for the consumer to provide contact 
information in all cases. As discussed below, the Agencies have revised 
the examples of inquiries to illustrate different circumstances.
    Consumer groups and NAAG urged the Agencies not to expand the 
definition of ``pre-existing business relationship'' to include any 
additional types of relationships. Industry commenters suggested a 
number of additional bases for establishing a pre-existing business 
relationship. Several industry commenters believed that the term ``pre-
existing business relationship'' should be defined to include 
relationships arising out of the ownership of servicing rights, a 
participation interest in lending transactions, and similar 
relationships. These commenters provided no further explanation for why 
such an expansion was necessary. One commenter urged the Agencies to 
expand the definition of ``pre-existing business relationship'' to 
apply to affiliates that share a common trade name, share the same 
employees or representatives, operate out of the same physical location 
or locations, and offer similar products.
    In addition, a number of industry commenters requested 
clarification of the term ``pre-existing business relationship'' as 
applied to manufacturers that make sales through dealers. These 
commenters explained that automobile manufacturers do not sell vehicles 
directly to consumers, but through franchised dealers. Vehicle 
financing may be arranged through a manufacturer's captive finance 
company or independent sources of financing. These commenters noted 
that manufacturers often provide consumers with information about 
warranty coverage, recall notices, and other product information. 
According to these commenters, manufacturers also send solicitations to 
consumers about their products and services, drawing in part on 
transaction or experience information from the captive finance company. 
These commenters asked the Agencies to clarify that the relationship 
between a manufacturer and a consumer qualifies as a pre-existing 
business relationship based on the purchase, rental, or lease of the 
manufacturer's goods, or, alternatively, to exercise their authority to 
add this relationship as an additional basis for a pre-existing 
business relationship. One commenter asked the Agencies to clarify that 
a pre-existing business relationship could be established even if the 
person provides a product or service to the consumer without charging a 
fee.
    The Agencies do not believe it is necessary to add any additional 
bases for a pre-existing business relationship. The Agencies 
acknowledge that a pre-existing business relationship exists where a 
person owns the servicing rights to a consumer's loan and such person 
collects payments from, or otherwise deals directly with, the consumer. 
In the Agencies' view, however, that situation qualifies as a financial 
transaction and thus falls within the second prong of the definition of 
``pre-existing business relationship.'' The Agencies have included an 
example, discussed below, to illustrate how the ownership of servicing 
rights can create a pre-existing business relationship.
    A pre-existing business relationship does not arise, however, 
solely from a participation interest in a lending transaction because 
such an interest does not result in a financial contract or a financial 
transaction between the consumer and the participating party. The 
Agencies decline to add a specific provision for franchised dealers. 
The statute contains no special provision addressing franchised 
dealers, as it does for licensed agents. Moreover, a franchised dealer 
and a manufacturer generally are not affiliates and thus are subject to 
the GLBA privacy rules relating to information sharing with non-
affiliated third parties. The Agencies also find no basis for including 
within the meaning of ``pre-existing business relationship'' any 
affiliate that shares a common trade name or representatives, or that 
operates from the same location or offers similar products. Finally, 
the Agencies decline to add a provision that would create a pre-
existing business relationship when a consumer obtains a product or 
service without charge from a person. Such a provision would be overly 
broad, is not necessary given the breadth of the statutory definition 
of ``pre-existing business relationship,'' and could result in 
circumvention of the notice requirement.
    Proposed Sec.  --.20(d)(1) provided four examples of the pre-
existing business relationship exception. In the final rules, these 
examples have been renumbered as Sec.  --.20(b)(4)(ii) and (iii), and 
revised to illustrate the definition of ``pre-existing business 
relationship,'' rather than the corresponding exception.
    The two examples relating to the first and second prongs of the 
definition of ``pre-existing business relationship'' have been revised 
in Sec.  --.20(b)(4)(ii)(A) and (B) to focus on a depository 
institution as the person with the pre-existing business relationship, 
but are otherwise substantively similar to the proposal. One commenter 
recommended expanding the example now contained in Sec.  
--.20(b)(4)(ii)(A) to refer to the licensed agent that wrote the policy 
or services the relationship. The Agencies believe that adding the term 
``licensed agent'' to the definition is sufficient and see no reason to 
further complicate this example to illustrate how the definition 
applies to licensed agents.
    Section --.20(b)(4)(ii)(C) is new and illustrates when a pre-
existing business relationship is created in the context of a mortgage 
loan. This example specifically addresses circumstances where either 
the loan or ownership of the servicing rights to the loan is sold to a 
third party. As this example illustrates, sale of the entire loan by 
the original lender terminates the financial transaction between the 
consumer and that lender and creates a new financial transaction 
between the consumer and the purchaser of the loan. However, the 
original lender's sale of a fractional interest in the loan to an 
investor does not create a new financial transaction between the 
consumer and the investor. When the original lender sells a fractional 
interest in the consumer's loan to an investor but also retains an 
ownership interest in the loan, however, the original lender continues 
to have a pre-existing business relationship with the consumer because 
the consumer obtained a loan from the lender and the lender continues 
to own an interest in the loan. In addition, the ownership of servicing 
rights coupled with direct dealings with the consumer results in a 
financial transaction between the consumer and the owner of the 
servicing rights, thereby creating a pre-existing business relationship 
between the consumer and the owner of the servicing rights. The 
Agencies note that a financial institution that owns servicing rights 
generally has a customer relationship with the consumer and an 
obligation to provide a GLBA privacy notice to the consumer.
    The example in proposed Sec.  --.20(d)(1)(iii) regarding 
applications and inquiries elicited comment. Some industry commenters 
urged the Agencies to revise this example so that it does not depend 
upon the consumer's expectations or the consumer providing contact 
information. These commenters noted, for example, that the contact 
information would be self-evident if the consumer makes an e-mail 
request or provides a return address on an envelope. These commenters 
also believed that in the case of a telephone

[[Page 62918]]

call initiated by a consumer, a captured telephone number should be 
sufficient to create an inquiry if the consumer requests information 
about products or services.
    In the final rules, the Agencies have crafted three separate 
examples from proposed Sec.  --.20(d)(1)(iii). Section 
--.20(b)(4)(ii)(D) provides an example where a consumer applies for a 
product or service, but does not obtain the product or service for 
which she applied. Contact information is not mentioned in this example 
because the consumer presumably would have supplied it on the 
application.
    Section --.20(b)(4)(ii)(E) provides an example where a consumer 
makes a telephone inquiry about a product or service offered by a 
depository institution and provides contact information to the 
institution, but does not obtain a product or service from or enter 
into a financial transaction with the institution. The Agencies do not 
believe that an institution's capture of a consumer's telephone number 
during a telephone conversation with the consumer about the 
institution's products or services is sufficient to create an inquiry. 
In that circumstance, to ensure that an inquiry has been made, the 
institution should ask the consumer to provide his or her contact 
information, or confirm with the consumer that the consumer has a pre-
existing business relationship with an affiliate.
    Section --.20(b)(4)(ii)(F) provides an example where the consumer 
makes an e-mail inquiry about a product or service offered by a 
depository institution, but does not separately provide contact 
information. In that case, the consumer provides the financial 
institution with contact information in the form of the consumer's e-
mail address. In addition, e-mail communications, unlike telephone 
communications, do not provide institutions with the same opportunity 
to ask for the consumer's contact information.
    Industry commenters recommended deleting the example in proposed 
Sec.  --.20(d)(1)(iv) illustrating a call center scenario where a 
consumer would not reasonably expect to receive information from an 
affiliate. In the final rules, the Agencies have included a positive 
example of an inquiry made by a consumer through a call center in Sec.  
--.20(b)(4)(ii)(G), while retaining the negative example from the 
proposal in Sec.  --.20(b)(4)(iii)(A). In addition, the Agencies have 
included in Sec.  --.20(b)(4)(iii)(B) an example of a consumer call to 
ask about retail locations and hours, which does not create a pre-
existing business relationship. This example is substantively similar 
to the example from proposed Sec.  --.20(d)(2)(iii).
    A new example in Sec.  --.20(b)(4)(iii)(C) illustrates a case where 
a consumer responds to an advertisement that offers a free promotional 
item, but the advertisement does not indicate that an affiliate's 
products or services will be marketed to consumers who respond to the 
advertisement. The example illustrates that the consumer's response 
does not create a pre-existing business relationship because the 
consumer has not made an inquiry about a product or service, but has 
merely responded to an offer for a free promotional item. Similarly, if 
a consumer is directed by a company with which the consumer has a pre-
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.