FTC Issues COPPA FAQs

Written By JiJi Bahhur, Regulatory Compliance Counsel

The Federal Trade Commission (FTC) recently issued Complying with COPPA: Frequently Asked Questions which aims to help the industry understand recent changes to the Child Online Privacy Protection Act (COPPA) regulations that go into effect July 1, 2013.  The FAQs – a small entity compliance guide – feature 92 frequently asked questions on the recently amended COPPA. 

When delving into the COPPA amendments, the FAQs are definitely the place to reference if you have any questions.  The Table of Contents is very well-organized so you can go right to the area of concern rather than digging through all 92 questions to find what you are looking for. From the FAQs, here is the Table of Contents: 

Contents:

• GENERAL QUESTIONS ABOUT THE COPPA RULE
• COPPA ENFORCEMENT
• PRIVACY POLICIES AND DIRECT NOTICES TO PARENTS
• WEBSITES AND ONLINE SERVICES DIRECTED TO CHILDREN
• PHOTOS, VIDEOS, AND AUDIO RECORDINGS
• GEOLOCATION DATA
• GENERAL AUDIENCE, TEEN, AND MIXED-AUDIENCE SITES OR SERVICES
• VERIFIABLE PARENTAL CONSENT
• EXCEPTIONS TO PRIOR PARENTAL CONSENT
• PARENTAL ACCESS TO CHILDREN’S PERSONAL INFORMATION
• DISCLOSURE OF INFORMATION TO THIRD PARTIES
• REQUIREMENT TO LIMIT INFORMATION COLLECTION
• COPPA AND SCHOOLS
• COPPA SAFE HARBOR PROGRAMS

The FTC’s FAQ announcement is here.  To view the Rule and compliance materials, go to the FTC's COPPA page for businesses. Some other resources that can be found on that page are as follows:

• Case Highlights (23)
• Reports and Workshops (19)
• Laws, Rules, and Guides (4)
• Compliance Documents (19)

 

 

House Passes H.R. 749 - The Eliminate Privacy Notice Confusion Act

Note: If you are reading this post via the email delivery subscription option - you may have noticed a delay the past couple of days. We're aware of the issue but a solution isn't readily apparent. You can always find the daily blog post directly on the blog's website (just scroll down past the "Welcome Blog Post").

So, if you need your daily fix and haven't seen the email - be sure to check the blog's main website as the post is usually up there by 6 a.m.  Have a great day!

***

Written by Steve Van Beek

One of the pieces of NAFCU's five point plan for regulatory relief is Operational Improvements for Credit Unions - including a specific push for elimination of unnecessary privacy notices. Yesterday, the House took an important step toward this goal by passing H.R. 749.

Now, you might be having déjà vu. Didn't the House pass a similar bill back in December?  They sure did - but since this is a new Congress, they needed to introduce and pass the bill again. And, now attention turns back to the Senate - which failed to pass similar legislation in 2012.

Below is a summary from our December 14th blog post that I've updated slightly with the information from yesterday's action.

***

The Elimination Privacy Notice Confusion Act & What it Means to Your Credit Union

Summary.  The bill - H.R. 749 - was passed by the House on Tuesday and now awaits action in the Senate.

What will the bill do?  The bill would remove the annual privacy notice requirement for certain financial institutions.  

How do we find out if we would be one of these "certain" financial institutions?  Ah, please join me (again!!) as we wander down the rabbit hole called Regulatory & Legislative Complexity (the middle name is "&" for those keeping score at home).     

The Start.  The annual privacy notice requirement comes from Section 503 of Gramm-Leach-Bliley (15 USC 6803):"

"(a) Disclosure required

At the time of establishing a customer relationship with a consumer and not less than annually during the continuation of such relationship, a financial institution shall provide a clear and conspicuous disclosure to such consumer, in writing or in electronic form or other form permitted by the regulations prescribed under section 6804 of this title, of such financial institution’s policies and practices with respect to..."  (emphasis added)."

The Bill.  The bill would add subsection (f) to Section 503 of Gramm-Leach-Bliley:

‘‘(f) EXCEPTION TO ANNUAL NOTICE REQUIREMENT.—A financial institution that—

‘‘(1) provides nonpublic personal information only in accordance with the provisions of subsection (b)(2) or (e) of section 502 or regulations prescribed under section 504(b), and

‘(2) has not changed its policies and practices with regard to disclosing nonpublic personal information from the policies and practices that were disclosed in the most recent disclosure sent to consumers in accordance with this subsection, shall not be required to provide an annual disclosure under this subsection until such time as the financial institution fails to comply with any criteria described in paragraph (1) or (2)."

Ok - so there are two main prongs to obtaining this potential exception.  We'll take them in reverse order. 

Prong 2 - No Changes Since Your Last Privacy Policy.  This is the easier prong.  If you've changed your privacy policy, you'd need to send the annual notice so that members are aware of your new sharing practices.    

Prong 1 - Shares Information Only in Accordance with Exceptions.  This one is where things get a bit dicey.  I'll spoil the ending by letting you know that if this bill becomes law - the CFPB should be amending Regulation P and will have a great opportunity to provide clarity to everyone (credit unions, banks, consumers, etc).    

In order to satisfy Prong 1, credit unions need to share nonpublic personal information about their members "only in accordance with the provisions of subsection (b)(2) or (e) of section 502 or regulations prescribed under section 504(b)."  But, what does that mean?   

These two provisions discuss the situations where credit unions can share nonpublic personal information with nonaffiliates without having to provide the member an opt-out.  

Section 502(b)(2) - 15 USC 6802(b)(2).  This provision outlines the exception for service providers and joint marketing agreements.  It is implemented in 12 CFR 1016.13 of Regulation P.  

Section 502(e) - 15 USC 6802(e).  This provision contains the general exceptions to the opt-out requirements.  Credit unions can share information with nonaffiliated third parties in these situations - such as to service or process a transaction or at the member's request - without needing to provide the member an opportunity to opt-out.  These exceptions are outlined in 12 CFR 1016.14 & 12 CFR 1016.15 of Regulation P.   

***

Confused?  The crux is that in order to satisfy Prong 1 your credit union would need to only share information with nonaffiliates in ways that do not trigger the requirement to provide members the right to opt-out.  Prong 2 is easier in that it will be met if you have had no changes to your privacy policy since your last mailing.  

Your Homework?  Check out whether your credit union's existing privacy policy requires you to provide members the right to opt-out because your credit union shares nonpublic personal information with nonaffiliated third parties.  

Outcome 1:  If you aren't currently required to provide the opt-out to members, this bill could provide some real regulatory relief as it could remove the requirement to send your privacy policy on an annual basis.

Outcome 2:  If you currently share with nonaffiliated third parties (outside of the exceptions discussed above) and are required to provide members the opt-out, check how many nonaffiliated third parties you share with.  How valuable are those relationships?  How does that compare with the regulatory cost (and printing costs and mailing costs) of sending the annual privacy notice?  

***

Reminder:  Keep in mind that this bill still needs to work its way through the Senate.  Additionally, the CFPB would need to amend Regulation P to implement these changes and provide clarity. And, as we discussed in yesterday's blog post - it isn't always a fast process. 

The Eliminate Privacy Notice Confusion Act & What it Means to Your Credit Union

Written by Steve Van Beek

First off, the title of the bill will not help with the confusion that compliance officers face with regard to privacy notices.  Instead, it is meant to address the confusion that faces members as they receive multiple privacy policies from multiple financial institutions and dutifully read them.

Summary.  The bill - H.R. 5817 - was passed by the House on Wednesday and now awaits action in the Senate.

What will the bill do?  The bill would remove the annual privacy notice requirement for certain financial institutions.  

How do we find out if we would be one of these "certain" financial institutions?  Ah, please join me as we wander down the rabbit hole called Regulatory & Legislative Complexity (the middle name is "&" for those keeping score at home).     

The Start.  The annual privacy notice requirement comes from Section 503 of Gramm-Leach-Bliley (15 USC 6803):"

"(a) Disclosure required

At the time of establishing a customer relationship with a consumer and not less than annually during the continuation of such relationship, a financial institution shall provide a clear and conspicuous disclosure to such consumer, in writing or in electronic form or other form permitted by the regulations prescribed under section 6804 of this title, of such financial institution’s policies and practices with respect to..."  (emphasis added)."

The Bill.  The bill would add subsection (f) to Section 503 of Gramm-Leach-Bliley:

‘‘(f) EXCEPTION TO ANNUAL NOTICE REQUIREMENT.—A financial institution that—

‘‘(1) provides nonpublic personal information only in accordance with the provisions of subsection (b)(2) or (e) of section 502 or regulations prescribed under section 504(b), and

‘(2) has not changed its policies and practices with regard to disclosing nonpublic personal information from the policies and practices that were disclosed in the most recent disclosure sent to consumers in accordance with this subsection, shall not be required to provide an annual disclosure under this subsection until such time as the financial institution fails to comply with any criteria described in paragraph (1) or (2)."

Ok - so there are two main prongs to obtaining this potential exception.  We'll take them in reverse order. 

Prong 2 - No Changes Since Your Last Privacy Policy.  This is the easier prong.  If you've changed your privacy policy, you'd need to send the annual notice so that members are aware of your new sharing practices.    

Prong 1 - Shares Information Only in Accordance with Exceptions.  This one is where things get a bit dicey.  I'll spoil the ending by letting you know that if this bill becomes law - the CFPB should be amending Regulation P and will have a great opportunity to provide clarity to everyone (credit unions, banks, consumers, etc).    

In order to satisfy Prong 1, credit unions need to share nonpublic personal information about their members "only in accordance with the provisions of subsection (b)(2) or (e) of section 502 or regulations prescribed under section 504(b)."  But, what does that mean?   

These two provisions discuss the situations where credit unions can share nonpublic personal information with nonaffiliates without having to provide the member an opt-out.  

Section 502(b)(2) - 15 USC 6802(b)(2).  This provision outlines the exception for service providers and joint marketing agreements.  It is implemented in 12 CFR 1016.13 of Regulation P.  

Section 502(e) - 15 USC 6802(e).  This provision contains the general exceptions to the opt-out requirements.  Credit unions can share information with nonaffiliated third parties in these situations - such as to service or process a transaction or at the member's request - without needing to provide the member an opportunity to opt-out.  These exceptions are outlined in 12 CFR 1016.14 & 12 CFR 1016.15 of Regulation P.   

***

Confused?  The crux is that in order to satisfy Prong 1 your credit union would need to only share information with nonaffiliates in ways that do not trigger the requirement to provide members the right to opt-out.  Prong 2 is easier in that it will be met if you have had no changes to your privacy policy since your last mailing.  

Your Homework?  Check out whether your credit union's existing privacy policy requires you to provide members the right to opt-out because your credit union shares nonpublic personal information with nonaffiliated third parties.  

Outcome 1:  If you aren't currently required to provide the opt-out to members, this bill could provide some real regulatory relief as it could remove the requirement to send your privacy policy on an annual basis.

Outcome 2:  If you currently share with nonaffiliated third parties (outside of the exceptions discussed above) and are required to provide members the opt-out, check how many nonaffiliated third parties you share with.  How valuable are those relationships?  How does that compare with the regulatory cost (and printing costs and mailing costs) of sending the annual privacy notice?  

***

Reminder:  Keep in mind that this bill still needs to work its way through the Senate.  Additionally, the CFPB would need to amend Regulation P to implement these changes and provide clarity.  

Lastly, let's take a minute to appreciate a 4-page bill.  Considering we are fast approaching Dodd-Frank Implementation Season^TM, any regulatory relief is a welcome sight (even if there is a need to wade through some legalese to get there).  

Have a great weekend! 

Keeping a Record of NCUA's Regs; NAFCU's Comment Letter on TILA/RESPA

Written by Steve Van Beek

On Tuesday we blogged about the FTC's rescission of their regulations that transferred to the CFPB.  We also indicated that NCUA was likely to follow soon after and rescind their rules.  We also included this information about making a copy of the current rules:

"Prior to this occurring, it might be a good business practice to make a copy of the soon-to-be rescinded regulations to ensure your credit union has a copy of the regulations in effect in the past in the case of a member complaint, exam issue or lawsuit."

A very helpful comment highlighted that the Government Printing Office (GPO) retains a copy of each year's CFR in PDF or XML format.  Below are the 2011 PDFs of the rules that transferred from the NCUA to the CFPB.   

Main Rules.  These three rules were transferred either completely (Privacy and SAFE Act) or almost completely (Fair Credit Reporting Act).

• Part 716 - Privacy of Consumer Financial Information
• Part 717 - Fair Credit Reporting
• Part 761 - Registration of Residential Mortgage Loan Originators 

There are a few other regulations listed in the CFPB's Federal Register notice on the transferred regulations but they are not major changes and only impact certain situations.  Part 707 - NCUA's Truth in Savings regulation - is also included on the list but rulemaking authority for Part 707 remains with NCUA.

Note:  Prior years of regulations can be found by using this GPO starting page.  Hat tip to Kennyb.      

***

TILA/RESPA Disclosure Combination.  On Monday, NAFCU submitted a comment letter to the CFPB on their plans to combine the TILA and RESPA disclosures.  The comment letter is 7 pages long and highlights areas of concerns as the CFPB continues along their Dodd-Frank mandate.  

Remember:  The CFPB has to have an official proposal out for the TILA/RESPA combined disclosures by July 21, 2012.  Their Know Before You Own project was not an official proposed rule and was not part of the Administrative Procedures Act.   

Updated 2012 NAFCU Credit Union Compliance GPS is Now Available!

Written by Steve Van Beek

Shameless Plug Alert!

We are very pleased to announce the availability of the Updated 2012 NAFCU Credit Union Compliance GPS.  Over the course of the last year, there have been many small tweaks and changes that have made life difficult for credit unions and, specifically, compliance officers (and many others as well).  These included technical changes to regulations as well as substantive changes to regulations and regulators.  

The Updated 2012 GPS has been thoroughly updated and edited to reflect these changes and provide those researching credit union issues a useful, electronic guide. 

For example, the Updated GPS includes:

• A New Section on the Consumer Financial Protection Bureau;
• Updated Links after NCUA's Website Change;
• Updated Regulatory Citations Reflecting the CFPB's Ownership of the Consumer Regulations;
• Links to the CFPB's Version of the Electronic Code of Federal Regulations;
• An Expanded Bank Secrecy Act Section;
• A Separate Section on Vendor Management; and
• Many more additional updates and edits to ensure accuracy.   

In non-bullet format, the Updated 2012 GPS contains all new links to the updated NCUA website (including Legal Opinion Letters and Letters to Credit Unions).  The GPS also contains the new, correct citation to the CFPB's regulations (i.e., 12 C.F.R. 1026 rather than 12 C.F.R. 226 for Regulation Z) as well as links to the CFPB's regulations to help you find the most up-to-date version of the consumer regulations.       

Pricing.  The Updated 2012 GPS is $399 for NAFCU members and $499 for anyone else.  The GPS is not limited to credit unions and can be purchased by anyone interested in learning more about credit union laws and regulations. 

***

Table of Contents.  To get a feel for the Updated 2012 GPS, take a look at the following Tables of Contents which list the Sections that are included in each Chapter (plus the Appendix).

• Main Table of Content - 1-Page Snapshot of the 2012 GPS
• Chapter Specific Cover Pages - Listing of the Sections by Chapter
• Complete Table of Content - Listing the Contents of Each Section
• The Consumer Financial Protection Bureau Section Table of Contents 

***

Below are a couple of additional items about the Updated GPS.  

Electronic Manual.  The GPS is designed to be a an electronic manual as it contains numerous links to regulations and guidance documents.  Of course, you can print off your own copy of the GPS and use the hardcopy as a quick resource guide.  But, the best bang for your buck is being able to use the electronic links and be taken directly to the NCUA Legal Opinion Letter being described or NCUA's Statutory Lien regulation in 12 C.F.R. 701.39.

Available to Everyone.  The GPS is available for purchase by anyone and everyone.  We've had law firms and audit firms purchase the GPS in the past in addition to numerous credit unions.  Additionally, your credit union does not need to be a NAFCU member to purchase.  We hope the GPS serves as a valuable resource for anyone seeking to learn more about credit unions and the regulations that impact their daily operations.

One GPS Per Credit Union.  Remember - the purchase of the GPS provides access to your entire credit union or organization!  Please feel free to share the GPS with your colleagues at your credit union.  However, we put a lot of time and effort into creating and editing the GPS and we ask that you not share your GPS with other credit unions or third-parties.  

Regulatory Compliance School.  If your credit union sent someone to NAFCU's 2012 Regulatory Compliance School last week, that person should already have an electronic copy of the Updated GPS.  Be sure to track that copy down and share throughout your credit union.  No additional purchase would be required.  

Finding the CFPB's Regulations

Written by Steve Van Beek

Dodd-Frank transferred authority for the "enumerated consumer laws" to the CFPB on July 21, 2011.  In late December, the CFPB officially republished the regulations that implemented these "enumerated consumer laws" in its own section of the Electronic Code of Federal Regulations.

For credit unions, this means we need to use the CFPB's regulations for our research and our citations.  For example, the correct citation for Regulation Z is now 12 C.F.R. 1026 and not 12 C.F.R. 226.  

***

Why does this matter?  When the CFPB issues changes to these regulations - such as the remittances final rule - these regulations will only update the CFPB's Regulation E.  The prior version of Regulation E - under the Federal Reserve - will not be updated.  In order to research the latest and most accurate information, look to and cite the CFPB's regulations.  Note:  The remittances final rule can be found in Subpart B to Regulation E.    

***

CFPB Regulations.  Below are links to the CFPB's regulations with the updated citations.  This should be the starting point for your research.  

• 12 C.F.R. 1002 - Regulation B:  Equal Credit Opportunity Act
• 12 C.F.R. 1003 - Regulation C:  Home Mortgage Disclosure Act
• 12 C.F.R. 1005 - Regulation E:  Electronic Funds Transfers
• 12 C.F.R. 1006 - Regulation F:  Fair Debt Collection Practices Act
• 12 C.F.R. 1007 - Regulation G:  SAFE Act Mortgage Licensing - Federal System
• 12 C.F.R. 1016 - Regulation P:  Privacy of Consumer Financial Information
• 12 C.F.R. 1022 - Regulation V:  Fair Credit Reporting Act
• 12 C.F.R. 1024 - Regulation X (RESPA):  Real Estate Settlement Procedures Act
• 12 C.F.R. 1026 - Regulation Z - Truth in Lending Act

Above is not a complete list, but they are the ones with the biggest impact on credit unions.  The full listing of the CFPB's regulations is in Section 1000-1099 of Title 12 of the Electronic Code of Federal Regulations.

***

A couple of other items to keep in mind:

• Truth in Savings.  Credit Unions need to follow Part 707 for Truth in Savings rather than Regulation DD.  This blog post has more information.
• Federal Reserve.  The Federal Reserve lost authority for quite a few regulations.  However, they retain control over regulations that were not deemed to be "consumer" regulations.  This blog post has additional information on which regulations stayed with the Federal Reserve.  

More Republishing; Part 707 - Truth in Savings; Wish Granted

Written by Steve Van Beek

A Quick Note:  NAFCU's offices will be closed Friday, December 23rd and Monday, December 26th for the Christmas holiday.  We will be back blogging on Tuesday.  We hope you all have a wonderful holiday weekend!

***

We've tracked the CFPB's republishing in Monday and Tuesday's blog posts.  The CFPB hasn't slowed down.  

• Published in the Federal Register on Wednesday, December 21:
  • Equal Credit Opportunity (Regulation B)
  • Fair Credit Reporting (Regulation V)
  • Interstate Land Sales Registration Program (Regulations J, K, and L)
  • Privacy of Consumer Financial Information (Regulation P)
  • Truth in Savings (Regulation DD)

• Published in the Federal Register on Thursday, December 22:
  • Truth in Lending (Regulation Z)

***

On December 7th, we blogged on the possibility of the CFPB combining consumer regulations when it conducted its republishing.  Now that the CFPB has made progress on their republishing, we know additional information.  

NCUA will retain authority over Part 707 - implementing the Truth in Savings Act for credit unions.  Footnote 2 of the Proposed Rule contains this information:

"2. Dodd-Frank section 1029 generally excludes from this transfer of authority, subject to certain exceptions, any rulemaking authority over a motor vehicle dealer that is predominantly engaged in the sale and servicing of motor vehicles, the leasing and servicing of motor vehicles, or both. Further, Dodd-Frank section 1100B did not grant the Bureau TISA rulemaking authority over credit unions or repeal the NCUA's TISA rulemaking authority over credit unions under 12 U.S.C. 4311."  (emphasis added)

The proposed regulation (12 CFR 1030) mirrors the current Regulation DD (12 CFR 230) and includes this language in Part 1030.1(c):

"(c) Coverage. This part applies to depository institutions except for credit unions. In addition, the advertising rules in § 1030.8 of this part apply to any person who advertises an account offered by a depository institution, including deposit brokers."

What this means is that NCUA will need to follow the CFPB's lead on Truth in Savings issues just as they did in the past following the Federal Reserve.  The U.S. Code section cited by the CFPB - 12 U.S.C. 4311 - still requires NCUA to adopt a "substantially similar" regulation within 90 days.  NCUA's regulation, which will still be located in 12 C.F.R. 707, will continue to reflect the unique nature of credit unions.  

***

This year - my Christmas gift came early.  Two months ago, in fact.       

Michigan's victory over Ohio State wasn't too bad either.  I was able to enjoy The Game with my father-in-law (as he is from Ohio, he didn't enjoy it as much).  Luckily, we were able to get a photo before the game where we both were happy.  

Have a wonderful holiday weekend!

This and That; A Well-Fed Elmo

Posted by Anthony Demangone

Here's a few things to finish off the week.

NCUA.  NCUA held its monthly board meeting yesterday.  There was a minor tweak to its Truth in Savings regulation to bring it into line with Regulation DD.  The also disclosed their priorities for 2011.  You can access the items from the board meeting here.  In addition, we did write an article for today's NAFCU Today on the meeting.   NCUA also issued its most recent edition of the NCUA Report.  This issue tackles some timely issues:

• Financial literacy
• Recent board actions
• Risk management on online banking
• Trends in mortgage delinquencies
• Contingency fund planning

Privacy.  The OTS has issued a compliance guide for the model privacy notice. While this would have been handy dandy three months ago, the guide looks to be written in a clear manner and should be useful if you still have issues in that area. 

MBLs.  Here's a nice historical look at member business lending at credit unions. (Elliot Kashner, at CreditUnions.com)

***

Here's how we found Elmo the other day, thanks to Kate.  I'm just glad that Elmo didn't ask for cottage cheese.  I'm off to State College this weekend to visit family and kneel at the shrine. Have a great weekend, everyone!

Tuesday Grab Bag

Posted by Anthony Demangone

Here are a few items of interest.

Discrimination.  HUD is going to investigate 22 banks and mortgage lenders to see if there is illegal discrimination against minorities related to FHA loans. 

The investigations are in response to 22 complaints the National Community Reinvestment Coalition (NCRC) filed with HUD alleging that the loan activities of the mortgage originators showed that their home lending practices deny FHA- insured loans to African Americans and Latinos with credit scores as high as 640. Federal Housing Administration (FHA) guidelines allow mortgages to borrowers with credit scores above 580, provided the borrowers have down payments equaling 3.5 percent of the loan amount, or above 500, provided the borrowers have down payments equaling 10 percent of the loan amount.

Regulation Z.  The OCC has updated its Regulation Z examination procedures.   These procedures are a great way to gain a solid overview of examiner expectations.  And while the OCC does not regulate credit unions, its views on Regulation Z matters should be useful, as Regulation Z applies evenly to both credit unions and banks.

NCUA Legal Opinion on Gift Card Incentives. Can a credit union use a gift card give-away to boost attendance at its annual meeting?  Yes, but credit unions must be judicious in their use.  At some points, examiners may raise objections on "safety and soundness or corporate waste grounds."  That puts credit unions in a tough position, as this opinion letter doesn't give bright-line guidance or any safe harbors.  When is a gift-card attendance campaign too much? When does it raise a safety and soundness or corporate waste issue? Much like Supreme Court Justice Potter Stewart said about hard-core pornography, I guess that examiners will know it when they see it.  

Privacy.  This blog post provides a nice overview of a recent Commerce Department report on privacy. (Privacy & Security Law Blog.) This isn't a regulatory proposal, so there aren't any changes to our privacy requirements on the horizon (other than the move to the model privacy disclosure).  But privacy is an important issue, and a fluid one.  As technologies and marketing methods evolve, you'll see efforts to amend privacy requirements for American businesses.  This blog post is a nice reminder of that fact. 

Privacy; This and That

Posted by Anthony Demangone

I know that some of you are putting the final touches on your credit union's privacy policy to align it with the new model privacy form.  I'm not going to go into the nuts and bolts of the new model privacy form.  I did this post earlier that covered the "nuts and bolts" issues.  Today, I want to touch on two common questions that we've seen.

1. I don't see a requirement to post our privacy policy on our web site site.  Really? Yes, really.  There's no requirement to post your privacy policy there.  Keep in mind, not every credit union has a web site.  The requirement is to deliver it at account opening, and thereafter on an annual basis per the privacy regulation's requirements.  Again - there's no requirement to post it on your website.  But here's a thought: why wouldn't you post your privacy policy online? 
2. The next question comes in two flavors.  Flavor one: Do we have to use the new form? Flavor two: There is no way we're going to have our form ready by January 1, 2011.  I know the Mayans think the world is ending in 2012, but I fear our demise might come one year earlier based on our progress with this project.  No - there's no requirement to use the new form.  It is a model form, and if you use it according to its requirements beginning on January 1, 2011 - you'll exist in the regulatory Nirvana known as "Safe Harborville." Put another way, regulators and others will not be able to criticize your form if you use it properly.  If you don't have your new form ready on January 1, 2011, will the world end?  I really hope not based on my conversations with a few credit unions.  I'll just say this much...the regulators have given us a model form that provides a safe harbor.  If you don't take advantage of it on January 1, 2011, you will increase your compliance risk.  How much?  I can't speak for the regulators.  But I'll say this: which form would you rather have as your form if an examiner walked into your office on January 1, 2011?  (OK, I understand your credit union is likely closed that day to allow all employees to watch the "can't miss" Outback Bowl, featuring the football powerhouses Penn State and Florida.  But you get my point.)

Here are some other issues that caught my eye.

• Here's yet another wonderful post on overdraft protection from the Bank Lawyer's Blog that provides another view of the recently issued FDIC overdraft protection guidance.  You should read this guy's blog. Every day. And twice on Tuesdays.
• The Fed has issued this notice, WHICH CONTAINS THE INTER-AGENCY EXAM PROCEDURES FOR RISK-BASED PRICING NOTICES. I would have made that text blink if I had a clue about computers and such.  This is a nice little Holiday Gift from the Fed which should give us a better idea of regulator expectations on this issue.  And based on the emails and calls we've been receiving, quite a few of you are still working on this issue.

PS: Apologies for letting Pearl Harbor Day pass without mention yesterday. Shame on me. To any and all veterans out there, many thanks.