July 5, 2008 | Home

STATEMENT OF NEED AND PURPOSE

The board of directors and management team members of Western National Bank  (WNB) recognized the institution’s responsibility to keep transaction information accurate and secure and therefore it will not be shared or sold to a third party for marketing purposes without the specific consent of our customer. It is the responsibility of the Bank’s Compliance Officer to administer WNB’s Privacy Policy. The Compliance Committee will provide the Board of Directors with an annual report of the actions taken to assure bank compliance to this policy.

Comptroller of the Currency (OCC) examiners will be assessing whether both management and the board of directors support and review compliance with Privacy. The development and implementation of these policies and procedures provide a risk management tool which will minimize compliance, reputation and transaction risk.

BACKGROUND AND SUMMARY

The Privacy regulation implemented by the OCC through 12 CFR 40, Privacy of Consumer Financial Information, was the outcome of the Gramm-Leach-Bliley Act of 1999.  The regulation provides for disclosures to consumers of the bank’s privacy policy and the rights of consumers to direct their financial institution not to share their nonpublic personal information with third parties (opt out).  The regulation became effective July 1, 2001. 

SPECIFIC GOALS

The board of directors of WNB have established the following specific goals:

• Appointment of a board designated officer responsible for implementation and maintenance of procedures to address compliance with Privacy;
• A system of internal controls and procedures to ensure ongoing compliance and minimize compliance, reputation and transaction risk;
• Institution of a training process for enhancing staff awareness;
• Implementation of internal, independent periodic monitoring.

APPLICABILITY TO WNB

WNB does not disclose consumer or customer nonpublic personal information outside of the exceptions (13, 14 and 15) contained in the Privacy regulation. In addition, WNB has no affiliates. Therefore, compliance requirements are simplified.  Based on WNB’s limited activity, the bank only needs to furnish the initial and annual Privacy Notices.  Opt out notices are not required at this time.   

Corporations, trusts and other business entities are excluded from the disclosure requirements.  The law covers consumers and customers that are individuals conducting business with the bank for personal, family or household purposes.  

Some of the more specific considerations of the Privacy Policy include:

1. WNB will not disclose specific information about customer relationships unless:
   • The customer requests or authorizes it.
   • The information is provided to help complete a transaction initiated by the customer.
   • The information is supplied to a reputable credit bureau or reporting agency.
   • The release is necessary so that a vendor can perform under a bank contract (i.e. Data Processing).
   • The information is legally required or allowed by law (i.e. required by court subpoena, government financial regulators or law enforcement investigations).
2. Bank employee orientation will include specific instructions concerning the  following:
   • The importance of customer information remaining confidential.
   • WNB’s policies and procedures define the sharing of this information with others on a need to know basis.
   • An employee’s failure to comply with the confidentiality requirement will be cause for disciplinary action or termination depending on the facts of the occurrence.
3. The compliance committee will establish internal procedures:
   • To provide all new employees with WNB’s Privacy Statement.
   • Communicate to existing employees the importance of maintaining the confidential nature of customer information.
   • Review the level of employee access to customer information on a need to know basis.
   • Communicate with all WNB’s managers and supervisors the necessity of reporting all known situations in which customer bank employees have violated confidentiality.
   • An annual review of all policies concerning customer information with all employees and the importance of such policies.
4. Third party contracts.
   • WNB will not knowingly do business with any third party provider who violates or causes to be violated the confidential banking customer relationship.
   • All contracts with third party companies, which involve access to customer information, will be reviewed to ascertain provisions are in place to protect the integrity of the WNB’s bank customer information. When appropriate, copies of the third party companies’ adopted privacy policies will be required.
5. Security of Transactions
   • WNB’s uses a number of procedures to provide for accuracy and security of its transactions. Such procedures include:
   • Using internal bank passwords.
   • Reviewing employee actions.
   • Limiting customer account access.
6. WNB will communicate its Privacy Policy:
   • By providing all customers a written initial notification of the Privacy Policy.
   • On an annual basis provide a disclosure of the bank’s Privacy Policy to all customers.

RECORD RETENTION REQUIREMENTS

There are no specific record retention requirements related to the initial or annual privacy notice.  However, it is recommended that the bank maintain the notices furnished to the customer until the next annual notice is delivered to the customer or until there are changes in the privacy disclosure as a result of changes in WNB’s information sharing practices. 

PENALITIES AND LIABILITIES

There are no specific regulatory penalties for violations of the Privacy Regulation other than corrective action.  However, violations could subject the bank to increased compliance and reputation risk.  Numerous lawsuits have occurred as a result of mishandling consumer and customer information. 

TRAINING

All WNB personnel receive training relating to Privacy through an online third party vendor, Digital University.  Course material provides a good overall synopsis of Privacy requirements and a certification test which requires a 75% passing grade.  Employee certificates and dates of training are maintained by the Compliance Officer. 

AUDIT AND MONITORING

WNB lending Compliance Officer will monitor Privacy compliance on a periodic basis but not less than annually.  Frequency will depend on volume of activity.  Results of the monitoring will be reported to the Board of Directors or a designated committee.  Exceptions and corrective action and follow-up will be included in the reporting. 

REFERENCES

OCC Bulletin 2001-26 – “Privacy of Consumer Financial Information” 12 CFR 40, May 25, 2001, www.occ.treas.gov – Comptroller’s Issuance, OCC Bulletins.

PRIVACY OF CONSUMER FINANCIAL INFORMATION PROCEDURES

OPERATING PROCEDURES

Deposits

• New customers opening accounts (consumer accounts for personal, family, or household purposes) will be provided initial Privacy Notice at deposit account opening.
• Existing customers obtaining a new financial product (for example: consumer loan) or service will only receive a Privacy Notice if there have been changes to the notice or information sharing practices relating to the product or service.

Loans

• New borrowers (consumer related loans for personal, family or household purposes) will be provided initial Privacy Notice at loan closing if not at time of application.
• Existing customers obtaining a new financial product or service will only receive a Privacy Notice if there have been changes to the notice or information sharing practices relating to the product or service.

Annual Privacy Notice

An annual Privacy Notice to all existing customers is required.  Notice can be given anytime during the next calendar year after customer receives the initial notice.  After the first annual notice is delivered each subsequent annual notice should be delivered no longer than 12 months from the first annual notice.

APPENDIX A - Visual Aid for Understanding Privacy Requirements

The following table correlates WNB’s disclosure practices with the notice and opt out requirements of the regulation.  This table covers sharing with nonaffiliated third parties, but not with affiliates (WNB is owned by a one bank holding company, Great Western.  There are no other affiliates.).  Limits on account number sharing and redisclosure and reuse are not covered.

Users may determine a WNB’s obligations by finding the institution’s disclosure practice, and then following the table across to the appropriate consumer status.

WNB Disclosure Practice	Consumer Status
	Consumer (non customer)	Customer
No disclosure of nonpublic personal information.	No privacy notice requirements. Opt out does not apply.	Initial and annual notices required. Opt out does not apply.
Disclosure of nonpublic personal information other than under exceptions 13, 14, or l5 as described below.	Initial, opt out, and revised privacy notices required. Opt out right.	Initial, opt out, and revised privacy notices required. Opt out right.
Disclosure under exceptions: Disclosure for servicing or joint marketing under exception in section 13.	Initial privacy notice required. Contract limiting third party’s redisclosure and use. Opt out does not apply.	Initial and annual privacy notices required. Contract limiting third party’s redisclosure and use. Opt out does not apply.
Disclosure for processing and servicing transactions or other exceptions under section 14.	No privacy notice requirements. Opt out does not apply.	Initial and annual privacy notices required. Opt out does not apply.
Disclosure for exceptions under section 15.	No privacy notice requirements. Opt out does not apply.	Initial and annual privacy notices required. Opt out does not apply.

Member FDIC | Equal Housing Lender