Skip banner
HomeHow Do I?Site MapHelp
Return To Search FormFOCUS
Search Terms: personal w/5 information w/5 privacy, House or Senate or Joint

Document ListExpanded ListKWICFULL format currently displayed

Previous Document Document 181 of 261. Next Document

More Like This
Copyright 1999 Federal Document Clearing House, Inc.  
Federal Document Clearing House Congressional Testimony

July 21, 1999

SECTION: CAPITOL HILL HEARING TESTIMONY

LENGTH: 5530 words

HEADLINE: TESTIMONY July 21, 1999 L. RICHARD FISCHER HOUSE BANKING AND FINANCIAL SERVICES FINANCIAL INSTITUTIONS AND CONSUMER CREDIT UNIONS FINANCIAL PRIVACY

BODY:
WRITTEN STATEMENT OF L. RICHARD FISCHER ON BEHALF OF AMERICAN BANKERS ASSOCIATION CONSUMER BANKERS ASSOCIATION THE FINANCIAL SERVICES ROUNDTABLE VISA U.S.A. BEFORE THE FINANCIAL INSTITUTIONS AND CONSUMER CREDIT SUBCOMMITTEE OF THE COMMITTEE ON BANKING AND FINANCIAL SERVICES U.S. HOUSE OF REPRESENTATIVES JULY 21, 1999 Chairwoman Roukema and Members of the Subcommittee, my name is L. Richard Fischer. I am a partner of Morrison & Foerster and practice in the firm's Washington, D.C., office. I am appearing today on behalf of the American Bankers Association ("ABA"),(1) the Consumer Bankers Association ("CBA"),(2) The Financial Services Roundtable (the "Roundtable"),(3)and Visa U.S.A. ("Visa").(4) For nearly three decades, I have advised a variety of banks and other financial service providers across the United States and internationally on regulatory and retail banking matters, including those related to privacy. In addition, I am the author of the leading treatise in this field, entitled The Law of Financial Privacy, which is now in its third edition. We commend you for holding today's hearing, and appreciate the opportunity to appear before the Financial Institutions and Consumer Credit Subcommittee ("Subcommittee") of the Committee on Banking and Financial Services, of the U.S. House of Representatives, to discuss the on-going efforts of financial institutions to protect consumer privacy. Today, we are living through an information revolution and, as a result, are witnessing the development of new data management technologies that permit the assembly, storage, analysis and sharing of vast amounts of information. Although this information revolution is by no means limited to banks, within the financial services world, the resulting efficiency permits banks to offer consumers unparalleled choice of financial products and services, while simultaneously diminishing the number of unwanted offers. Understandable concerns about the collection and use of personal information by commercial firms have launched an open and dynamic discussion about the appropriate balance between the adequate protection of individual privacy and the fair use of personal information. Banks, for their part, are devoting significant resources to achieving this balance. In the course of addressing the Subcommittee's specific questions, my testimony today will focus on four key themes. First, I will describe the fundamental principle of customer confidentiality upon which banks have relied historically, and continue to rely, for their very success. Second, I will discuss the importance of information sharing to the modern American economy in general and to the banking industry in particular. In so doing, I will provide specific examples of the need for, and the benefits to consumers from, information sharing by financial institutions. I also will describe the significant adverse consequences both for consumers and banks which could arise from significant new information sharing restrictions. Third, I will underscore a critical point that is repeatedly overlooked in many of today's privacy debates: the fact that existing law already regulates information sharing and provides consumers with numerous privacy protections. Finally, I will discuss on-going banking industry efforts to protect consumer privacy, which are vibrant and effective. As a result, I will express my belief, and that of ABA, CBA, the Roundtable and Visa, that the existing legal framework which governs the sharing of information by the banking industry provides effective consumer privacy protection, while permitting the flow of information that is vital to the banking industry and to the U.S. economy as a whole. Given this framework, consumers today have unprecedented access to, and information about, a universe of products and services which could only have been imagined just a few years ago, while retaining the ability to express and enforce their reasonable expectations of privacy. Maintaining the Confidentiality of Customer Information is a Banking Industry Cornerstone Financial institutions have a long history of successfully balancing the need to maintain personal information to serve the financial needs of and identify opportunities for their customers, with the privacy concerns of those customers. Banks historically have recognized that personal information about bank customers should be protected, and consequently have developed strong, internally-initiated safeguards to ensure the confidentiality and proper use of customer information. Given the special relationship they share with their customers, banks are particularly well suited to protect consumer privacy in the electronic commerce age. Although the form and quantity of information may have changed, it is a change in degree, not in kind. The fundamental operating premise of banks -- that to be commercially viable, they must protect their customers' privacy - - extends to new financial services holding companies which, under H.R. 10, will be able to offer an expanded range of products and services to consumers. These financial institutions understand that although their products may be highly innovative, their operating principles must remain traditional -- that is, the protection of consumer privacy is, and will remain, the cornerstone of successful banking. The fact is, the marketplace works. Market-driven dynamics and an ever-increasing public focus on privacy compel each individual bank to respect the privacy wishes of its customers. Stated another way, protecting privacy is not only the right thing to do, but is critical to the commercial success of every financial institution. The banking industry is subject not only to continuous government oversight, but also to close scrutiny by the media and the public. Particularly given the intensely competitive nature of these industries, no bank can thrive, or perhaps even survive, for long should it gain a reputation for indifference about the confidentiality of customer information. Consequently, although the increased availability of consumer information in the modern era enables banks to provide consumers with increasingly diverse product and service opportunities, the use of such information is necessarily balanced with the fundamental commitment of banks to maintain the privacy of personal customer information. In fact, the protection of privacy is increasingly becoming a separate product characteristic, on which consumers shop for products and services, and banks compete for customers. Today and into the foreseeable future, consumers have and will continue to have the ability to choose among a tremendously diverse group of financial institutions -- including community banks, institutions offering only traditional deposit and loan services, and diversified institutions offering a growing array of financial services. Moreover, recent experience demonstrates that the marketplace is vigorous, and that even the suggestion of a market failure with respect to privacy is rapidly addressed. The American public is both sensitive to and vocal on privacy issues, and the marketplace has responded with alacrity to public privacy concerns. This fact was powerfully demonstrated by recent widely-publicized events in which financial institutions quickly reexamined and promptly curtailed the communication of personal information to third parties for certain marketing purposes in direct response to expressions of concern by the public, the press, and federal and state regulators. Furthermore, the banking industry generally -- and ABA, CBA, the Roundtable and Visa in particular -- has been supportive of addressing market failures through legislative action, when appropriate. For instance, the banking industry has actively supported Congressional efforts to address privacy issues relating to identity theft, illegal information brokers and pretext calling. It also is important to note that many of the existing consumer privacy protections have arisen not out of government intervention, but out of market-driven business principles that compel banks to value and protect consumer privacy. Of course, the confidentiality of bank customer information receives additional protection through a variety of federal laws and regulations (some of which I discuss in more detail later in this testimony), as well as through the internal policies and procedures of individual banks. Nevertheless, these laws and regulations are primarily procedural in nature, and are designed principally to facilitate the smooth functioning of the market. Information Sharing is Critical to the U.S. Economy and to the Banking Industry The importance of information sharing to the modern American economy cannot be overstated. Many experts attribute the unparalleled strength of the U.S. economy in large measure to the efficient availability of information and the extraordinary investment of U.S. industry in burgeoning information technologies. For instance, in a recent speech, Federal Reserve Board Chairman Alan Greenspan observed that information technologies have begun to alter the manner in which we do business and create value, often in ways not readily foreseeable even five years ago. . . . Prior to the advent of what has become a veritable avalanche of IT innovations, most of twentieth century business decisionmaking had been hampered by limited information. . . . Large remnants of information void, of course, still persist and forecasts of future events on which all business decisions ultimately depend are still inevitably uncertain. But the recent years' remarkable surge in the availability of real-time information has enabled business management to remove large swaths of inventory safety stocks and worker redundancies, and has armed workers with detailed data to fine tune product specifications to most individual customer needs.(5) With respect to the importance of consumer data to the American economy, Chairman Greenspan writes, "the plethora of information on the characteristics of consumers" has been a "critical component of our ever more finely hewn competitive market system."(6) Greenspan further explains that " s uch information has enabled producers and marketers to fine tune production schedules to the ever greater demands of our consuming public for diversity and individuality of products and services. . . . It has enabled financial institutions to offer a wide variety of customized insurance and other products. Detailed data obtained from consumers as they seek credit or make product choices help engender the whole set of sensitive price signals that are so essential to the functioning of an advanced information based economy such as ours."(7) As Chairman Greenspan's statement shows, information sharing is particularly important to the financial institution sector of the American economy. Information sharing is essential to the ability of financial institutions to meet the ever-increasing consumer demand for the efficient provision of innovative, individually- tailored financial products and services. For instance, information sharing permits financial institutions to outsource many basic business operations -- such as customer account servicing, records administration, auditing, check-printing, and compliance functions -- to third parties, who perform these operations on behalf of financial institutions. These third-party specialists typically perform such services more efficiently, and at a lower cost, than the institution itself might, serving consumers in the most cost-effective and efficient way possible. Moreover, particularly with respect to smaller institutions, such as community banks and credit unions, outsourcing such functions enables institutions to offer products and services to consumers that the institution otherwise simply would not have the capacity or expertise to offer. In this way, the ability to share information and outsource banking operations heightens efficiency and promotes competition in the financial services sector, to the ultimate benefit of consumers. In addition, information sharing is critical to a financial institution's ability to control risk and combat fraud. When, for instance, a bank discovers that it has been defrauded by one of its customers, information sharing allows the bank to promptly inform its mortgage or credit card affiliates of the fraud, which dramatically reduces the chances of the fraudulent operator perpetrating the same scheme on those affiliates. Similarly, when a bank customer reports that a wallet or purse has been stolen, information sharing permits the bank to inform the affiliates and other parties so that they may prevent fraudulent or unauthorized account activity. Thus, any restrictions on the ability of financial institutions to share information for fraud and risk control purposes could threaten the very safety and soundness of insured financial institutions. In this regard, it is worth noting that federal authorities have long understood the potential benefits of information sharing with regard to fraud and other law enforcement activities, and the banking industry has worked with the government to achieve an information-privacy balance. The banking industry is subject to a number of reporting requirements relating to the prevention of fraud and related activities, including the requirement that financial institutions share certain information -- including currency transaction and suspicious activity reports -- with law enforcement and other government authorities to combat criminal activities such as money laundering. While the banking industry has generally supported government efforts directed at fraud prevention, we also have frequently raised concerns about the various mandates crafted to address that worthy goal. These requirements create a constant dilemma for the banking industry: how to balance our obligations to identify and report illegal activities, while also protecting the privacy of customer financial records. In addition, information sharing allows banks to improve services in countless ways that benefit consumers. For instance, information sharing permits financial institutions to offer consumers the convenience of "one-stop shopping," so that a bank customer can, through a single monthly statement or in a single telephone call, obtain information and make decisions about his or her checking account, mortgage loan, credit card account or other financial relationships of the customer with the bank and its affiliates. Otherwise, consumers would be forced to receive multiple statements, or to make multiple telephone calls, to deal separately with each type of account -- a costly and inefficient result for consumers and financial institutions alike. Information sharing also permits consumers to receive lower rates on a variety of products and services offered by financial institutions. For instance, information sharing permits operation of the secondary market in home mortgage and other loans, which provides consumers with significantly lower interest rates that may save the consumer thousands of dollars over the life of the loan. The ability to share information also allows a financial institution to offer reduced rates and fees to a customer of the institution's affiliate, permitting consumers and institutions to benefit from the inherent efficiencies of so-called "relationship banking." For example, the savings provided to consumers by the lower interest rates which result from the secondary mortgage market may be even greater for consumers who choose to link their mortgage loan with a checking or savings account at the lender's affiliate. Information sharing also enables financial institutions to offer consumers popular products such as "affinity" or "co-brand" credit card accounts. Such programs provide frequent flyer miles, grocery or gasoline rebates and other benefits to credit cardholders. Other such programs permit universities and other not-for-profit organizations to benefit from cardholder use of their accounts. These programs simply could not operate without the sharing of information between the credit card issuer and the unaffiliated "affinity" or "co-brand" partner, with whom the consumer also has an existing relationship which is separate from, but related to, the consumer's relationship with the financial institution. Moreover, as Federal Reserve Board Chairman Greenspan has noted, information sharing permits financial institutions to offer products and services that are more closely tailored to consumer needs and desires, dramatically increasing efficiency both for banks and consumers. Finally, the ability to share information has enabled financial institutions to develop and offer consumers an astonishing array of financial products and services, which provide consumers today with unparalleled choice, convenience and opportunity. Consequently, additional restrictions on the flow of information to and among U.S. companies -- particularly financial institutions -- could have severe unintended consequences for the U.S. economy, consumers and the banking industry. New information- sharing restrictions would harm consumers by restricting, or denying altogether, the availability of the various products and services discussed above, as well as of countless other offerings. Moreover, the enactment of new information-sharing restrictions would inevitably have adverse consequences for the development of increasingly innovative offerings. In particular, the establishment of new restrictions could stifle, or even halt, the burgeoning development of new products and services, thereby harming consumers and banks alike. As Federal Reserve Board Chairman Greenspan has said, "Given the high degree of uncertainty inherent in the development of new products and processes, policymakers should be cautious when attempting to anticipate the future path of innovation, or the effects new regulations may have on innovation. . . . Incentive compatible regulation, flexibly constructed and applied, is the logical alternative to an increasingly complex system of rigid rules and regulations that inevitably have unintended consequences, including possible deleterious effects on the innovation process."(8) With this statement in mind, I want to touch on the privacy provisions that are contained in Subtitle A of Title V of H.R. 10 as passed by the House of Representatives, about which the Subcommittee has requested comment. The privacy provisions of H.R. 10 contain a number of unprecedented and sweeping information-sharing restrictions. For instance, H.R. 10 would establish a comprehensive notice and opt-out requirement for the sharing of customer information with unaffiliated third parties, institute a flat prohibition on disclosure to unaffiliated third parties of customer account numbers for specified marketing purposes, and mandate the provision of extremely detailed privacy disclosures at the beginning of a customer relationship and, thereafter, annually. ABA, CBA, the Roundtable and Visa are fervently committed to addressing privacy concerns that may arise from the reforms of H.R. 10. We believe, however, that a number of technical clarifications and corrections to the H.R. 10 privacy provisions are necessary in order to avoid significant adverse unintended consequences which would result from these provisions as approved by the House. Moreover, if Congress determines to enact the privacy provisions contained in H.R. 10, ABA, CBA, the Roundtable and Visa believe it is absolutely essential that they be enacted as the uniform law of the land, so that the same requirements will apply to all financial institutions, and the same protections will be afforded to all consumers, throughout the country. Existing Law Already Regulates Information Sharing and Provides Consumers with Extensive Privacy Protections I now want to underscore a critical point that is often overlooked in many of today's fervid privacy debates. The fact is, existing federal law already regulates information sharing and provides consumers with a plethora of privacy protections. Given time constraints, I will discuss briefly just a handful of the federal laws that play principal roles in regulating information sharing by financial institutions and others: the Fair Credit Reporting Act(9) ("FCRA"), the Electronic Fund Transfer Act(10) ("EFTA"), the Right to Financial Privacy Act of 1978(11) ("Financial Privacy Act"), and the Telephone Consumer Protection Act of 1991(12) ("TCPA"). The Fair Credit Reporting Act The FCRA mandates that, before non-experience consumer information is shared among affiliated companies, consumers must be clearly and conspicuously informed of the possibility of that sharing and be provided an opportunity to opt out of the sharing arrangement altogether.(13) In other words, under the existing FCRA, if a consumer does not want his or her application information or other personal information obtained from third parties, such as credit bureaus, shared among affiliated companies, the consumer is empowered simply to prohibit the sharing of that information. Moreover, it is important to note that the FCRA allows only affiliated companies to share such application or credit bureau information, after provision to the consumer of notice and an opportunity to opt out. If a bank were to share such information with unaffiliated third parties, the bank could become a consumer reporting agency subject to burdensome, complex and onerous requirements of the existing FCRA. Moreover, the FCRA mandates that other notices be provided to consumers in connection with the use of shared consumer information. For example, the FCRA already requires that banks notify consumers when adverse action is taken in connection with credit, insurance, or employment based on information obtained from an affiliate. This affiliate-sharing adverse action notice must inform the consumer that he or she also may obtain the nature of the information that led to the adverse action simply by requesting that information in writing. Once such a request has been made, the bank affiliate then has 30 days to respond by disclosing the nature of the affiliate information used. In addition, the FCRA currently empowers consumers by providing them with choice about how consumer reporting agencies may use their information for so-called "prescreening" purposes. Prescreening is the process in which a consumer reporting agency prepares a list of consumers who, based on the agency's review of its files, meet certain criteria specified by a creditor who has requested the prescreening. In addition to providing the consumer with a firm offer of credit, the FCRA also mandates that banks include prescreening disclosures with every written solicitation to consumers explaining that the offer results from a credit bureau prescreen and that the consumer has the right to opt out of future prescreening by notifying the credit bureau that created the prescreened list. Under the FCRA, a credit bureau that operates on a nationwide basis also is required to operate a joint system with other nationwide credit bureaus that allows consumers to opt out of future prescreening by all such bureaus. The Electronic Fund Transfer Act The FCRA, however, is not the only existing federal law currently mandating that disclosures be made to consumers in connection with information sharing activities. For instance, the EFTA and its implementing Regulation E(14) currently require that consumers be informed about a financial institution's information- sharing practices with regard to all accounts that may incur electronic fund transfers ("EFTs"), which today includes virtually all checking, savings and other deposit accounts. Specifically, Regulation E requires that a financial institution provide consumers with extensive disclosures at the beginning of the consumer's EFT relationship with the institution.(15) As part of these initial disclosures, each financial institution already must state the circumstances under which the financial institution in the ordinary course of business will disclose information concerning a consumer's deposit account to third parties.(16) For purposes of this requirement, the term "third parties" includes other subsidiaries of a financial institution's parent holding company.(17) In making the required disclosure, an institution must describe the circumstances under which information relating to that account generally, not just information concerning EFTs, will be made available to third parties.(18) The Right to Financial Privacy Act The purpose of the Financial Privacy Act is to protect consumer records maintained by financial institutions from improper disclosure to federal government officials or agencies. Specifically, the Financial Privacy Act currently prohibits disclosure to the federal government of records held by certain financial institutions without providing notification to the consumer whose records are sought(19) and the expiration of a "waiting period," during which the consumer may challenge and prevent disclosure through legal action.(20) The Financial Privacy Act requires the government to give the financial institution a certificate of compliance with the statute before the financial institution releases customer records.(21) In order to avoid civil liability for that disclosure, the financial institution must receive and rely on this certificate in good faith in disclosing the records sought.(22) Historically, the most significant privacy concern of consumers relates to government access to their financial records; a concern that far exceeds privacy questions regarding use of information by bank affiliates or third parties.(23) The Telephone Consumer Protection Act The TCPA and its implementing regulation(24) ("TCPA Regulation"), issued by the Federal Communications Commission, provide consumers with important protections by placing significant limitations on live telephone solicitations, among other things. Under the TCPA Regulation, companies can make telemarketing calls to residential telephones only if: (i) the call occurs between 8 a.m. and 9 p.m. (local time at the called party's location); (ii) the caller provides certain identifying information to the consumer; and (iii) the company maintains a company-specific do- not-call list of persons who do not wish to receive telephone solicitations made by or on behalf of the company.(25) Thus, if a consumer wishes to opt out of future telemarketing calls from a particular company, the consumer only need indicate that he or she does not wish to be called again. The company then must add the consumer's name to the company's do-not-call list. In other words, the TCPA Regulation already gives consumers the right under federal law to opt out of telemarketing calls from a particular company. In addition, the TCPA protects consumers by, among other things, restricting the use of automatic telephone dialing devices and prerecorded or artificial telephone messages.(26) Banking Industry Self-Regulation is Vibrant and Effective The Subcommittee also has asked me to discuss banking industry self-regulatory efforts to protect consumer privacy, particularly with respect to electronic commerce. I am pleased to report today that banking industry self-regulation is vibrant and effective. The banking industry is far more than just a collection of individual institutions: each bank has a direct interest in maintaining consumer confidence in the privacy practices of the industry as a whole. Not only do market forces compel each individual bank to protect customer privacy, but market forces also give each bank a direct interest in the adequacy of other institutions' privacy practices, so that consumer confidence in the banking industry as a whole remains strong and unwavering. As a result, industry self-regulatory efforts are extensive and increasing. This determination is underscored by the Federal Trade Commission's ("FTC") recent report to Congress, entitled Self- Regulation and Privacy Online, which was released on July 13, 1999.(27) In that report, the FTC concludes that industry has made significant progress over the past year in its efforts to self-regulate online privacy and, as a result, that the enactment of legislation to address online privacy is not appropriate at this time.(28) As FTC Chairman Robert Pitofsky said in his prepared testimony before a Subcommittee of the House Commerce Committee, while significant challenges remain, industry self- regulatory efforts "reflect industry leaders' substantial effort and commitment to fair information practices. They should be commended for these efforts."(29) Chairman Pitofsky discussed the rationale for the FTC's recommendation against new online privacy legislation: " t he Commission believes that self-regulation is the least intrusive and most efficient means to ensure fair information practices online, given the rapidly evolving nature of the Internet and computer technology."(30) While Chairman Pitofsky's statement was made in the context of online privacy, and did not focus solely on financial institution privacy-related efforts, the progress to which he refers, and the efforts that led to that progress, apply equally to the banking industry. The fact is that, consistent with its long-standing tradition of protecting consumer privacy, the banking industry has been at the forefront of U.S. industry efforts to protect consumer privacy in the modern era. One of the best examples of the banking industry's leadership in efforts to protect consumer privacy, in electronic commerce and elsewhere, is the early adoption of industry-wide privacy principles. For instance, in 1995, Visa adopted and published the Visa Issuer Privacy Principles. In 1996, the ABA and CBA each adopted best practices guidelines to serve as a blueprint for financial institutions to use in developing their own policies. Then, in 1997, all the major bank trade associations jointly adopted uniform Banking Industry Privacy Principles which have served as the basis for the development of individual privacy policies and guidelines by financial institutions throughout the country. These financial institutions, as a result, are obligated, consistent with unfair and deceptive practices and other standards, to comply with their individual privacy policy statements. The banking industry also has demonstrated its leadership in consumer privacy protection through the industry's long-standing, substantial educational efforts. For instance, ABA, CBA, the Roundtable and Visa have used their respective Privacy Principles as the basis for privacy training efforts with thousands of their members around the country. Similarly, among countless other efforts, ABA provides its members, free of charge, a video training tool developed by The Chase Manhattan Bank, which is intended to increase both bank employee and public awareness of privacy issues, such as those relating to prevention of identity theft and pretext calling; CBA sponsors a number of efforts to increase awareness of privacy issues among its members, including weekly programs at which its members discuss key issues with privacy experts; the Roundtable provides numerous alerts to its members and suggestions in addressing privacy, and the Roundtable's Banking Industry Technology Secretariat ("BITS") has provided open forums for bankers to attend, be briefed and discuss privacy issues; and Visa and its member financial institutions have distributed consumer education programs and materials on a wide range of personal financial topics extending far beyond privacy to millions of Americans nationwide, including materials that help consumers learn to live within their means (such as the Choices and Decisions multi-media teaching curriculum, which assists consumers in planning their financial futures), help consumers to recognize the warning signs of potential financial problems, and assist those who are having trouble get out of debt (like Managing Your Debts: How to Regain Financial Health, which is distributed by Visa, the Consumer Federation of America and the National Foundation for Consumer Credit). The ABA, CBA, the Roundtable and Visa believe that the existing legal framework governing the sharing of information by financial institutions -- which effectively employs the interplay of consumer demands, federal laws and regulations, and the teeming marketplace itself -- provides effective consumer privacy protection, while permitting the flow of information that is vital to the banking industry and to the U.S. economy. The result? Ready consumer access to, and information about, a universe of products and services that were only dreamed of just a few years ago. Once again, I want to thank you for the opportunity to appear before you today on behalf of ABA, CBA, the Roundtable and Visa. Please let us know if we can be of additional assistance to the Subcommittee or its staff.

LOAD-DATE: July 24, 1999




Previous Document Document 181 of 261. Next Document


FOCUS

Search Terms: personal w/5 information w/5 privacy, House or Senate or Joint
To narrow your search, please enter a word or phrase:
   
About LEXIS-NEXIS® Congressional Universe Terms and Conditions Top of Page
Copyright © 2002, LEXIS-NEXIS®, a division of Reed Elsevier Inc. All Rights Reserved.