February 20, 2014

On Feb. 12, the Federal Reserve Board (FRB) requested comment on proposals to repeal its Regulation DD (Truth in Savings) and Regulation P (Privacy of Consumer Financial Information), as well as amend its Regulation V (Fair Credit Reporting).

The Dodd-Frank Wall Street Reform and Consumer Protection Act (Dodd-Frank) transferred rulemaking and enforcement authority of certain consumer financial protection laws from the FRB to the Consumer Financial Protection Bureau (CFPB). The CFPB has issued interim final rules that are substantially identical to the FRB’s Regulation DD and Regulation P. Therefore, FRB is proposing to repeal its versions of Regulation DD and Regulation P. Community banks and other financial institutions may want to consider potential changes in enforcement activity relating to truth in savings and consumer privacy rules under the CFPB’s authority.

Additionally, the FRB is proposing to amend the identity theft red flags rule (the Identity Theft Red Flags Rule) under its Regulation V. The FRB’s Identity Theft Red Flags Rule requires financial institutions, including banks, finance companies, automobile dealers, mortgage brokers, utility companies, telecommunications companies, and any “creditor” holding any consumer account or other account for which there is a reasonably foreseeable risk of identity theft, to develop and implement an identity theft prevention program in connection with new and existing accounts. The FRB proposes to narrow the scope of the definition of “creditor” to exclude persons who sell a product or service for which the consumer can pay later, such as persons who do not regularly and in the ordinary course of business:

  1. obtain or use consumer reports in connection with a credit transaction;
  2. furnish information to consumer reporting agencies in connection with a credit transaction; or
  3. advance funds to or on behalf of a person.

The definition of creditor under FRB’s Regulation V will still include banks and other financial institutions, regardless of whether they meet the revised definition. Healthcare and other professionals may want to comment on whether the amended definition of creditor would be appropriate, as well as the benefits and risks of no longer maintaining an identity theft prevention program in connection with new and existing accounts.

McGuireWoods LLP will monitor the FRB’s proposed amendments and work with clients to gather and submit comments. Please contact one of the authors or your regular McGuireWoods lawyer if you have any questions regarding the FRB regulations or data privacy issues.