Skip to main content

GLBA and Affiliates

Jonathan Foxx
Jun 19, 2015

Question: We would like to know how to handle nonpublic personal information where our affiliates are involved. Do we both have the same restrictions on disclosure?

Answer: A financial institution may disclose non-public personal information (NPI) to its affiliates, but the affiliates are subject to the same restrictions on reusing or re-disclosing the information as the originating financial institution. [15 USC § 6802(c)]

The Gramm-Leach-Bliley Act (GLBA) defines an “affiliate” as “any company that controls, is controlled by, or is under common control with another company.” [15 USC § 6809(6)]

Subject to certain exceptions, GLBA prohibits disclosure of a consumer’s NPI to non-affiliates unless the disclosing financial institution has given the consumer a privacy notice and an opt-out notice, along with a reasonable opportunity to opt out, and the consumer does not opt out of the information sharing with non-affiliates. [16 CFR § 313.10]

The exceptions where financial institutions may share NPI with certain non-affiliated third parties without having to comply with the privacy notice and opt-out requirements are:

1.     Administering or enforcing transactions authorized by the consumer;
2.     Effectuating transactions with the consent of the consumer;
3.     Protecting the confidentiality of the financial institution’s records;
4.     Providing information to rating agencies;
5.     Disclosing data to law enforcement agencies to the extent required;
6.     Providing information to consumer reporting agencies as delineated in FCRA; and
7.     Complying with all federal, state or local laws or regulations.
[15 USC § 6802(e); 16 CFR §§ 313.14, 313.15]

Mention also should be given to the condition where an exemption is allowed for the opt-out requirements, but not the notice requirements. This condition exists for entities that market the financial institution’s products and services, and products or services “offered pursuant to joint agreements between two or more financial institutions.” [15 USC § 6802(b)(2); 16 CFR § 313.13]



Jonathan Foxx is president and managing director of Lenders Compliance Group, Brokers Compliance Group, Servicers Compliance Group and Vendors Compliance Group, national companies devoted to providing regulatory compliance advice and counsel to the mortgage industry. He may be contacted by phone at (516) 442-3456, or e-mail at [email protected].

Published
Jun 19, 2015
'A Long Road To Normal'

Nominated again to lead The Fed, Powell tells Senate committee to expect three rate hikes, but 'if we have to raise interest rates more over time, we will.'

Regulation and Compliance
Jan 11, 2022
CFPB: Complaint Response Worsens At Big 3 Credit Bureaus

Report claims Equifax, Experian, and TransUnion routinely failed to fully respond to consumers with errors.

Regulation and Compliance
Jan 10, 2022
The Fed Names Chairs, Deputy Chairs For 12 Reserve Banks

In recent years, the Federal Reserve System has worked to increase the overall diversity of the Reserve Bank and branch boards of directors and continues to build on those efforts.

Regulation and Compliance
Jan 06, 2022
The Fed: Rate Hike Likely Coming in June

Federal Open Market Committee's December minutes reveal discussion of first hike in federal funds rate in 2Q of 2022, as well as of ending asset purchases by March.

Regulation and Compliance
Jan 05, 2022
AARMR No Protection For Savanah Scares

Conference provides opportunity for regulators to interact, discuss common topics

Regulation and Compliance
Jan 04, 2022
McCargo Sworn In As Ginnie Mae President

Former HUD official becomes the first female to lead the Government National Mortgage Association.

Regulation and Compliance
Jan 04, 2022