Copyright 1999 Federal Document Clearing House, Inc.
Federal Document Clearing House Congressional Testimony
July 21, 1999
SECTION: CAPITOL HILL HEARING TESTIMONY
LENGTH: 3430 words
HEADLINE:
TESTIMONY July 21, 1999 BRANDON BECKER HOUSE BANKING AND
FINANCIAL SERVICES FINANCIAL INSTITUTIONS AND CONSUMER CREDIT UNIONS FINANCIAL
PRIVACY
BODY:
WRITTEN STATEMENT OF BRANDON BECKER
ON BEHALF OF THE SECURITIES INDUSTRY ASSOCIATION ("SIA") BEFORE THE SUBCOMMITTEE
ON FINANCIAL INSTITUTIONS AND CONSUMER CREDIT OF THE COMMITTEE ON BANKING AND
FINANCIAL SERVICES OF THE UNITED STATES HOUSE OF REPRESENTATIVES HEARINGS ON THE
FINANCIAL SERVICES ACT OF 1999 (H.R. 10) JULY 21, 1999 Madam Chairwoman and
Members of the Subcommittee, my name is Brandon Becker. I am a partner at the
law firm of Wilmer, Cutler & Pickering and practice here in Washington. I
was formerly Director of the Division of Market Regulation at the Securities and
Exchange Commission and was responsible for the SEC's program to oversee
securities professionals and markets. Today I am appearing on behalf of the
Securities Industry Association ("SIA")(1) to present its views on customer
privacy in the financial services industry. SIA appreciates this opportunity
because SIA and its member-firms have long considered customer financial privacy
to be an issue of utmost importance. Madam Chairwoman, we commend you and the
other Members of the Subcommittee for holding these hearings, which fill an
important gap in the record concerning financial modernization. As you know,
when the SIA wrote to Speaker Hastert this past June, to support the House's
financial modernization legislation, we called for hearings such as these.
Therefore, we very much appreciate your prompt consideration of these issues. As
I will explain in more detail, SIA believes that H.R. 10's privacy provisions,
within the context of the bill's overall financial modernization provisions,
represent a workable, market- based approach for bolstering privacy protection.
As SIA Senior Vice President Steve Judge stated on enactment of H.R. 10, "The
privacy provisions attached to H.R. 10 build upon the industry's long-standing
policy of respecting and protecting its customers' privacy." Indeed, we believe
that the carefully crafted privacy requirements in H.R. 10 should preempt
possible state legislation in this field. SIA looks forward to working with
Congress as it moves to enact H.R. 10, which will bring about the financial
modernization that SIA believes is needed for the benefit of consumers and the
U.S. economy as a whole. THE BEST PROTECTION AGAINST THE MISUSE OF CUSTOMER
INFORMATION IS THE COMPETITIVE MARKET. The first and most important point to
underscore today is that, long before H.R. 10 and its privacy provisions were
even proposed, securities firms were deeply concerned with meeting their
customers' expectations about how their personal, financial information will be
handled. Indeed, it would be impossible for a securities firm to prosper for
long in today's competitive marketplace if it were to gain a reputation for
misusing its customer's information or allowing others to do so. A firm that
uses customer information in ways customers find objectionable quickly will lose
investor confidence -- and market share as well. Furthermore, securities firms
have a strong proprietary interest in protecting their customer data. Securities
firms invest substantial resources to develop relationships with their
customers, and firms therefore treat the data they gather as a valuable asset.
Consequently, firms protect information zealously and do not carelessly let
other firms gain access to this valuable information. Thus, the best and most
dependable constraint on the misuse of customer information by financial
services firms is the operation of the competitive marketplace. And because
securities firms face these strong market incentives to protect the privacy of
their customers' data, they are continually examining ways to ensure that their
treatment of personal information meets the expectations of their customers.
Especially today, as the financial industry is undergoing rapid structural
changes and addressing emerging technological advances such as the World Wide
Web and online trading, securities firms are reviewing and strengthening their
privacy practices to ensure that they remain current both with emerging
technology and consumer expectations. Charles Schwab and many other securities
firms, for example, educate investors about their privacy policies through
privacy practices statements that are accessible from their homepages on the
World Wide Web. Indeed, the Federal Trade Commission recently concluded that,
based on its survey of online privacy practices, the American business community
as a whole is responding to market pressures by adopting privacy policies, and
that no further Internet legislation is needed at this time. Furthermore, SIA is
itself pursuing several initiatives to promote privacy in the securities
industry. For example, SIA recently established a board-level committee that
will be devoted specifically to addressing privacy issues. The committee will
educate SIA's member firms about privacy issues and will work with firms to
develop the most effective means for meeting their customers' privacy
expectations. H.R. 10 WOULD REINFORCE THESE MARKET INCENTIVES BY PROVIDING
CONSUMERS MORE INFORMATION ABOUT PRIVACY PRACTICES SO THEY CAN MAKE INFORMED
DECISIONS ABOUT FINANCIAL SERVICES COMPANIES. The second major point is that SIA
supports the privacy provisions of H.R. 10 in the context of financial
modernization legislation because the privacy provisions take a market-based
approach for protecting consumer privacy. Instead of imposing a set of new,
"one-size-fits-all" regulatory burdens, the privacy provisions of H.R. 10
promote privacy by enhancing consumer choice and thereby bolstering the
operation of competitive market forces. Let me be more specific. By requiring
financial institutions to disclose their privacy policies to consumers, the bill
promotes market incentives. Consumers will be armed with specific information
that will enable them to select those firms whose privacy policies comport with
their wishes. The choices that customers make in response to this flow of
information resulting from the disclosure provisions will reward those
securities firms that honor consumer preferences and punish those that do not.
This provision thus gives consumers the ultimate ability to "opt- out" of
information-sharing practices that they do not like: The bill empowers consumers
to vote with their feet and take their business to financial services firms that
meet their privacy expectations. In addition, H.R. 10 affords consumers an
additional "opt-out" opportunity by permitting them to prevent
information-sharing with non-affiliated third parties. This provision protects
customers' expectations and reassures them that they have control over the use
of their personal information without unduly hindering responsible business
practices. Some customers might not expect or desire that their personal,
financial information will be shared with non-affiliated third parties. The
opt-out provision provides the customer the opportunity to make an educated
decision about whether he or she wishes the firm to provide his or her
information to non-affiliates. At the same time, the requirement does not unduly
restrict firms' ability to share information provided by customers who wish to
receive benefits that arise from such sharing. ADDITIONAL PRIVACY OBLIGATIONS
BEYOND THOSE CONTAINED IN H.R. 10 ARE UNNECESSARY AND ULTIMATELY WOULD HARM
CONSUMERS. SIA does not believe that any additional regulation of
personal, financial information is needed
beyond the privacy provisions of H.R. 10. Indeed, the privacy
requirements and exceptions contained in the bill were carefully crafted to
reflect two important principles that militate against additional privacy
regulations. First, customers' privacy interests are already protected by a
broad array of regulatory requirements, common law principles, and market
pressures. Second, any additional regulatory obligations could harm consumers by
restricting firms' legitimate uses of customer financial information in ways
that benefit customers. On the first point, it is important to emphasize that,
wholly apart from the privacy provisions of H.R. 10, consumers already enjoy
legal protection against the misuse of their personal, financial information. A
broad set of common law principles, statutory provisions, and administrative
regulations impose on securities firms duties to protect private information
that customers entrust with them. For example, securities firms owe their
customers a common law duty of loyalty, which among other things requires firms
to put the interests of the investor ahead of their own. Thus, a firm that
intentionally discloses, or otherwise makes use of, a customer's confidential
information to benefit itself at the expense of the customer may violate its
agency duties to the client and face liability for any resulting damages.
Similarly, securities firms are heavily regulated by industry self-regulatory
organizations ("SROs") such as NASD Regulation, and these organizations have
enforceable regulations in place that would cover the misuse of confidential
information by their members or affiliated persons. Most generally, NASD-R
Conduct Rule 2110 provides, " a member, in the conduct of his business shall
observe high standards of commercial honor and just and equitable principles of
trade." This general provision would reach unauthorized disclosure, or other
misuses, of confidential information benefiting a securities firm at the expense
of an investor. Other SROs maintain similar rules that would reach abuses of
confidential information by their members. Thus, it is important to recognize
that Congress need not address in H.R. 10 all potential types of misuse of
customer information in the financial services industry. Other safeguards do
exist. SIA supports H.R. 10 as a workable supplement to those safeguards. The
second reason that Congress should not add to the regulatory obligations in H.R.
10 is that such modifications would harm consumers. Indeed, as I will explain,
securities firms gather and share personal information about their customers for
many legitimate purposes that benefit consumers both directly and indirectly. In
enacting privacy legislation, Congress should be careful not to hamper
inadvertently these legitimate uses of customer information. A few examples will
illustrate the point. Securities firms are required to gather information about
their clients in order to meet SRO "suitability" rules. Those rules require that
firms recommending securities to retail customers must have a reasonable basis
for recommending the securities, based on information disclosed by the customer.
Thus, firms routinely gather financial information about their customers to
satisfy that obligation, including information about the customer's financial
and tax status, investment holdings, and investment objectives. Restricting the
ability of securities firms to gather and use this information would hamper the
effectiveness of these suitability rules, which, after all, were designed to
protect consumers. Furthermore, information sharing is essential for one of the
principal consumer benefits associated with the recent trend towards diversified
financial firms that H.R. 10 seeks to promote: the ability of a single firm to
offer a package of products tailored to meet a customer's individual needs.
Customers who come to a diversified financial firm expect to gain access to and
receive offers for a variety of products and services under a single brand name.
Indeed, many investors come to diversified firms precisely because such firms
give the investor opportunities to benefit from the diversified offerings of an
integrated firm. Information sharing among affiliates also promotes customer
convenience and lower costs. For example, an asset management firm may introduce
customers to an affiliated broker-dealer for the execution of a securities
trade. Before it can execute the trade, however, the broker-dealer necessarily
needs to obtain information about the customer. By obtaining the information
directly from its affiliated asset management firm, the broker- dealer is able
to avoid the administrative costs and needless delays associated with contacting
the client directly. The savings may then be passed on to investors in the form
of lower fees and commissions. In short, diversified financial firms must, to
meet customer expectations and offer greater financial opportunities to
customers, share customer information with affiliated entities in the same
corporate family. Restricting the sharing of information among affiliates would
impede these beneficial uses of personal information and impose needless costs
on consumers. Indeed, restricting the flow of information from one affiliate to
another reflects the sort of outdated thinking that this financial modernization
bill is designed to eliminate. An opt-out requirement for interaffiliate sharing
of information, for example, would confuse consumers and effectively defeat
efforts by firms to promote a "one firm" identity and bring convenient, one-stop
shopping to their customers through corporate branding and advertising. An
opt-out restriction would require a financial institution to send customers an
ambiguous, confusing message with respect to product offerings from affiliates
sharing a common name. At the same time that customers are presented with a "one
firm" brand image, they will be asked whether they wish to opt-out of receiving
information on products and services that have been designed to meet their
financial goals. Furthermore, restrictions on information sharing among
affiliates would impose significant administrative costs on diversified
financial services firms. Those firms build and operate their back office
computer systems to achieve efficiencies in processing, storing, and retrieving
information. Different arms of a diversified firm typically will share these
systems. An opt- out right that applies to the internal sharing of information
among affiliates would effectively prohibit the use of shared computer systems
and require firms to incur substantial development costs to develop and maintain
stand-alone back office systems for each of their affiliates, leading to
duplicative costs and inefficiencies. Finally, restricting the sharing of
information among affiliates could make it more difficult for securities firms
to meet regulatory requirements. For example, Congress has recognized that
broker-dealers face risks from the activities of affiliated companies, and that
broker-dealers therefore must carefully monitor the activities of their
affiliates. In the Market Reform Act of 1990, Congress granted the SEC authority
to obtain from a broker-dealer information about affiliated companies. The
temporary risk assessment rules that the SEC adopted under this authority
contemplate that broker-dealers will use information from all available sources
-- obviously including the affiliate companies themselves -- to assess their
financial exposure. Congress must be careful not to let privacy regulation
interfere with other important market safety measures that call for the sharing
of information. BECAUSE H.R. 10 ALREADY IMPOSES COMPREHENSIVE DISCLOSURE
OBLIGATIONS, CONGRESS SHOULD AMEND THE BILL TO PREEMPT STATE LAWS THAT ATTEMPT
TO REGULATE THE USE OF PERSONAL FINANCIAL INFORMATION IN THE FINANCIAL SERVICES
INDUSTRY. Because additional privacy regulation is unnecessary and could be
harmful to consumers, Congress should amend H.R. 10 to preempt state laws that
attempt to regulate the use of personal financial information by firms in the
financial services industry. By enacting H.R. 10 with its current privacy
provisions that promote the dissemination to consumers of information they need
to select firms with appropriate privacy policies, Congress will ensure that
consumers are equipped to make informed and effective choices about the handling
of their personal, financial information. The comprehensive disclosure
obligations of H.R. 10, in other words, make further federal or state
intervention superfluous, because the market incentives reinforced by the
legislation will ensure that firms implement effective and efficient privacy
policies. There is a very real danger, however, that states will enact
additional, more burdensome regulations that would undermine the market-based
approach that Congress has taken in H.R. 10. Indeed, several states are
considering such proposals today. In today's national market for financial
services, however, firms cannot reasonably comply with 50 different, and
sometimes conflicting, standards for privacy protection. It would be
impractical, for example, for a financial services firm to establish specialized
computer programs and information-handling practices tailored to individual
privacy requirements in each of the 50 states. Thus, the state that adopts the
most restrictive privacy regulations will, in effect, set the policy for the
nation, because national financial services firms will have to conform their
nationwide operations to that state's regulations. Congress should not let
individual states override its judgment that, with H.R. 10's comprehensive
information disclosure provisions in place, further privacy regulations are
unnecessary. Congress therefore should amend H.R. 10 to preempt state laws that
attempt to regulate the use of personal financial information in the financial
services industry. TWO PROVISIONS OF H.R. 10 SHOULD BE MODIFIED TO AVOID
CREATING UNINTENDED AND UNNECESSARY REGULATORY BURDENS. Although the SIA
supports the privacy provisions in H.R. 10 as part of Congress's financial
modernization initiative, two of its specific provisions need modification. It
is also crucial that Congress not alter the exceptions in the legislation that
are carefully tailored to ensure that the disclosure and opt-out provisions do
not impede standard and appropriate industry practices. The first provision
requiring modification is the language in section 501 describing the
congressional purpose behind the privacy provisions. We believe this language
has the potential to be misconstrued as providing a basis for a private cause of
action under state common or statutory law. The language could be read, however
inappropriately, to create liability for any practice that might be deemed
inconsistent with a standard of conduct that Congress might be perceived to have
established through this language. Furthermore, the language might be construed
to grant regulators broad power to engage in the very type of micromanagement of
privacy practices that the bill itself successfully avoids. Congress should
modify this provision to preclude such unintended legal consequences. Second,
language in section 503 requiring annual notification about privacy policies is
unduly burdensome and unnecessary. This confusingly drafted provision would
appear to require a firm to make annual privacy disclosures even to customers
that are inactive and that do not otherwise receive any regular notices from the
firm. Indeed, a firm would be required to send these additional and costly
notices to customers every year even if the firm's privacy policy has not
changed since the customers last received such notice. Congress should modify or
eliminate this annual disclosure requirement. Once customers have received
notice of a company's privacy policies, they are able to make an informed choice
about whether to do business with the company, and that should be the end of the
company's notice obligations. Little purpose is served by inundating customers
with subsequent, identical notifications from companies with whom the customers
are already doing business. In conclusion, I would again like to thank the
Subcommittee, on behalf of SIA, for providing this important opportunity to
share our views on the privacy provisions of H.R. 10. SIA believes that prompt
enactment of financial services modernization is essential for the nation's
growth and the enhancement of consumer services. Within that overall context of
reform, SIA believes that, notwithstanding the existing protections for consumer
privacy interests, the H.R. 10 privacy provisions are an acceptable way forward
to address both business concerns and consumer expectations. If enacted,
however, we believe these provisions should be the exclusive national standard
for privacy protection in the financial services industry. We thank you against
for this opportunity. I look forward to addressing any questions you may have.
LOAD-DATE: July 24, 1999