Click here to find locations







You are here: Home > Resource Center > Privacy Regulations Challenge Community Banks


Privacy Regulations Challenge Community Banks

When the privacy provisions of the Gramm-Leach-Bliley Act kicked in on July 1, 2001, banks rearranged their risk priorities to focus on privacy issues.  In a recent survey we found that the majority of the community banks polled are taking measures to address the privacy issue.  However, bank officers surveyed said they have ongoing concerns, mostly procedural, about how to handle the regulations.

"Privacy is quickly overtaking other regulatory risk issues in prominence," said Matt Schriner, one of our managing directors and consultant to financial institutions.  "According to industry buzz, the most important regulatory activity that banks engage in over the next 10 years could be developing and implementing plans and policies to comply with tough federal privacy laws."

The survey findings included:
1. When asked what the biggest challenge facing their bank will be when dealing with the new privacy laws, 27% of those surveyed said notification, disclosure and communication with customers.

2. Paperwork and understanding the requirements of regulation shared second place (at 19%) as the biggest challenges presented by the new privacy laws.  Additional responses included: expenses involved with compliance (14%); time involved with compliance (11%); staff training (11%); and waiting to see how state and federal requirements will be implemented (11%).

3. Twenty-four percent of the banks reported having an officer assigned to addressing privacy issues, and 22% had formed an internal privacy committee to examine privacy issues.

To ensure compliance with federal privacy regulations, Schriner recommends financial institutions adopt a six-part privacy program:
1. Convene a Privacy Team  Privacy regulation will affect every area of the bank. All department managers should be members of the privacy team. That team should have a leader, or director of privacy.

2. Assess Your Current Information-Sharing Environment  Banks should survey their entire operation for areas where customer information is shared, or potentially might be shared, with parties outside the bank. Current practices should be scrutinized and modified if necessary.

3. Review Your Strategic Plan  During initial privacy policy development, the privacy committee needs to assess what strategic changes are anticipated for the bank that could affect or be at cross-purposes with its privacy policy. Internet banking, developing a Web site, a new product line or affiliation with a third-party vendor should be analyzed for possible privacy implications.

4. Develop Your Privacy Policy Internally  Determine the privacy policies and procedures in place and convert them to policy statements.

5. Policy Implementation  Because privacy policy covers the entire financial institution, implementation will be an institution-wide effort. An internal policy should be developed and available for access by every employee.

6. Build a Process for Training, Modifications and Auditing  Often policies are written well, but not implemented or updated. Because the bank's privacy policy is subject to regulation, it is also subject to examination. Banks should make sure they have an adequate audit program to ensure employees are adhering to their privacy policy and that these policies are reviewed and amended, as needed.


 

RSM McGladrey Inc. and McGladrey & Pullen LLP have an alternative practice structure. Though separate and independent legal entities, the two firms work together to serve clients' business needs.




Home   | About UsServices/Resources   |   Media   |   Careers   |   Contact Us   |   Log-in

© 2006 McGladrey & Pullen, LLP All Rights Reserved. Contact us toll-free at 1.888.214.1416
Webmaster | Privacy Policy | Disclaimer