Democrats on the Senate Banking Committee have released a regulatory relief bill intended to be an alternative to the bill released by Senator Richard Shelby.  While Senator Shelby’s bill is entitled the “Financial Regulatory Improvement Act of 2015,” the alternative bill is entitled the “Community Financial Institution Regulatory Relief and Consumer Protection Act of 2015.”

The bill released by Democrats includes the same provision as Senator Shelby’s bill directed at the annual financial privacy notice required by the Gramm-Leach-Bliley Act (GLBA).  Like Senator Shelby’s bill, the alternative bill would amend the GLBA to create an exception under which a financial institution would not have to deliver an annual financial privacy notice if it satisfied certain conditions. Key among such conditions is that the institution has not changed its policies and practices with respect to sharing nonpublic personal information from those disclosed in its most recent annual financial privacy notice.

The alternative version would also amend the Consumer Financial Protection Act to add various provisions of the Servicemembers Civil Relief Act to the “enumerated consumer laws” that can be enforced by the CFPB.  In addition, it would amend the TILA ability to repay provision by creating a safe harbor for mortgage loans that meet certain conditions and are held in portfolio by banks and credit unions with less than $10 billion in assets.  This safe harbor is substantially narrower than the safe harbor that Senator Shelby’s bill would create.

Senator Shelby’s bill is scheduled for markup on May 21, 2015.

In addition to the numerous mortgage-related provisions in Senator Shelby’s regulatory reform bill entitled the “Financial Regulatory Improvement Act of 2015,” the bill contains a provision directed at the annual financial privacy notice required by the Gramm-Leach-Bliley Act (GLBA), which is implemented by Regulation P.  In October 2014, a CFPB amendment to Regulation P became effective that allows financial institutions that meet certain requirements to deliver annual financial privacy notices to their customers using an alternative online delivery method.

Section 101 of the regulatory relief bill would go a step further by amending the GLBA to create an exception under which a financial institution would not have to deliver an annual financial privacy notice if it (1) does not share nonpublic personal information (NPPI) with nonaffiliated third parties in a manner that triggers GLBA opt-out rights, (2) has not changed its policies and practices with respect to sharing NPPI from those disclosed in the most recent annual privacy notice, and (3) otherwise provides customers access to the institution’s most recent annual privacy notice in electronic or other form permitted by regulations.

Earlier this week, the House of Representatives, in bipartisan votes, passed the following regulatory reform bills:

  • The “Eliminate Privacy Notice Confusion Act, H.R. 601, would create an exemption from the Gramm-Leach-Bliley Act’s annual notice requirement for institutions that have not changed their privacy policies since their most recent annual notice and only share personal information within the statutory exceptions.  In October 2014, the CFPB issued a final rule that amended Regulation P to allow a financial institution that meets certain requirements, including generally having no change in its most recent privacy notice, to deliver annual privacy notices to their customers using an alternative online delivery method.  The bill would eliminate the annual notice requirement entirely for institutions that qualify for the exemption.
  • The “Helping Expand Lending Practices in Rural Communities Act,” H.R. 1259, would direct the CFPB to establish an application process to apply for an area to be designated as a rural area if the CFPB has not already been designated it as such.  The CFPB has created exemptions from certain mortgage rules, including the qualified mortgage rule, for small banks that operate primarily in rural or undeserved areas.
  • The “Federal Advisory Committee Act,” H.R. 1265, would apply the requirements of the Federal Advisory Committee Act to the CFPB.  While the CFPB reversed its closed-door policy to make meetings of its advisory boards and councils open to the public, the bill would mandate that such meetings be open to the public, subject only to the exceptions allow by the FACA.
  • The ‘‘SAFE Act Confidentiality and Privilege Enhancement Act,’’ H.R. 1480, would amend the S.A.F.E. Mortgage Licensing Act of 2008 to allow information provided to the Nationwide Mortgage Licensing System and Registry to be shared with state and federal regulatory officials with financial services oversight authority (such as the Fed) without  loss of privilege or confidentiality protections provided by federal and state laws.  Currently, the privilege and confidentiality protections only apply to information shared with state and federal regulatory officials with mortgage industry oversight authority.

All of the bills were supported by the American Bankers Association.

Nearly three years after identifying the Gramm-Leach-Bliley Act (GLBA) annual privacy notice requirement as a candidate for streamlining, the CFPB issued a final rule earlier this week to allow financial institutions that meet certain requirements to deliver such notices using an alternative online delivery method.  The rule will be effective immediately upon its publication in the Federal Register.

Financial institutions have typically mailed these notices.  Under the CFPB’s final rule, a financial institution that meets the rule’s requirements will be able to save on mailing costs by posting its annual privacy notice on its website.  While offering potential benefits to banks and nonbanks, the CFPB’s final rule does not amend separate GLBA regulations that have been issued by the SEC, CFTC or FTC.  This means the CFPB’s final rule will not apply to an entity that is subject to the GLBA regulations of these other agencies.  For example, auto dealers for whom the FTC has GLBA rulewriting authority would not be able to take advantage of the CFPB’s final rule.

While industry is generally pleased with the CFPB’s issuance of the final rule, the CFPB’s progress on streamlining has been limited.  The GLBA annual privacy notice requirement was one of nine specific potential opportunities for streamlining regulations identified by the CFPB in the notice it published in December 2012.  In the notice, the CFPB also sought input from commenters on other streamlining opportunities.  Although two of the other specific opportunities identified by the CFPB have been addressed (the ATM sticker notice which was eliminated by Congress in 2012 and the credit card independent ability-to-pay requirement for applicants who are 21 or older which the CFPB eliminated last year), other streamlining opportunities identified by the CFPB and commenters continue to await the CFPB’s attention.  In the December 2012 notice, the CFPB suggested that it would focus on streamlining once it had completed the mortgage-related rulemaking required by Dodd-Frank.  Now that such rulemaking is nearly completed, we hope the CFPB will make streamlining a priority.

For a discussion of the rule’s requirements for using the alternative online delivery method, see our legal alert.

The CFPB is extending the comment period on its proposed rule that would amend Regulation P to allow financial institutions that satisfy certain conditions to deliver annual privacy notices to their customers using an alternative online delivery method. 

In a notice to be published in tomorrow’s Federal Register, the CFPB states that it is extending the deadline for comments to be filed from June 12, 2014 to July 14, 2014.  According to the notice, the CFPB received “a coordinated request from banking and financial service provider trade associations” asking for the comment period to be extended from 30 to 90 days.  The CFPB determined that only a 30-day extension was appropriate.

The CFPB has published a proposed rule that would amend Regulation P to allow financial institutions that satisfy certain conditions to deliver annual privacy notices to their customers using an alternative online delivery method. 

Under the Gramm-Leach-Bliley Act, financial institutions must provide initial and annual privacy notices that inform customers about the sharing of their nonpublic personal information with third parties.  Financial institutions have typically provided the annual privacy notice through direct mailings, but the proposed rule could potentially save some financial institutions the costs of mailing by posting the annual privacy notice in a clear and conspicuous manner on the institutions’ websites and directing customers to the notice via a statement message or other communication at least once annually. 

For a detailed summary of the proposal, see our legal alert.