agency, an account number or similar form of access number or access code for a consumer's credit card account, deposit account, or transaction account to any nonaffiliated third party for use in telemarketing, direct mail marketing, or other marketing through electronic mail to the con sumer. (b) Exceptions. Paragraph (a) of this section does not apply if you disclose an account number or similar form of access number or access code: (1) To your agent or service provider solely in order to perform marketing for your own products or services, as long as the agent or service provider is not authorized to directly initiate charges to the account; or (2) To a participant in a private label credit card program or an affinity or similar program where the participants in the program are identified to the customer when the customer enters into the program. (c) Examples-(1) Account number. An account number, or similar form of access number or access code, does not include a number or code in an encrypted form, as long as you do not provide the recipient with a means to decode the number or code. (2) Transaction account. A transaction account is an account other than a deposit account or a credit card account. A transaction account does not include an account to which third parties cannot initiate charges. Subpart C-Exceptions $216.13 Exception to opt out requirements for service providers and joint marketing. (a) General rule. (1) The opt out requirements in §§ 216.7 and 216.10 do not apply when you provide nonpublic personal information to a nonaffiliated third party to perform services for you or functions on your behalf, if you: (i) Provide the initial notice in accordance with § 216.4; and (ii) Enter into a contractual agreement with the third party that prohibits the third party from disclosing or using the information other than to carry out the purposes for which you disclosed the information, including use under an exception in §216.14 or 216.15 in the ordinary course of business to carry out those purposes. (2) Example. If you disclose nonpublic personal information under this section to a financial institution with which you perform joint marketing, your contractual agreement with that institution meets the requirements of paragraph (a)(1)(ii) of this section if it prohibits the institution from disclosing or using the nonpublic personal information except as necessary to carry out the joint marketing or under an exception in §216.14 or 216.15 in the ordinary course of business to carry out that joint marketing. (b) Service may include joint marketing. The services a nonaffiliated third party performs for you under paragraph (a) of this section may include marketing of your own products or services or marketing of financial products or services offered pursuant to joint agreements between you and one or more financial institutions. (c) Definition of joint agreement. For purposes of this section, joint agreement means a written contract pursuant to which you and one or more financial institutions jointly offer, endorse, or sponsor a financial product or service. $216.14 Exceptions to notice and opt out requirements for processing and servicing transactions. (a) Exceptions for processing transactions at consumer's request. The requirements for initial notice in § 216.4(a)(2), for the opt out in §§ 216.7 and 216.10, and for service providers and joint marketing in §216.13 do not apply if you disclose nonpublic personal information as necessary to effect, administer, or enforce a transaction that a consumer requests or authorizes, or in connection with: (1) Servicing or processing a financial product or service that a consumer requests or authorizes; (2) Maintaining or servicing the consumer's account with you, or with another entity as part of a private label credit card program or other extension of credit on behalf of such entity; or (3) A proposed or actual securitization, secondary market sale (including sales of servicing rights), or similar transaction related to a transaction of the consumer. (b) Necessary to effect, administer, or enforce a transaction means that the disclosure is: (1) Required, or is one of the lawful or appropriate methods, to enforce your rights or the rights of other persons engaged in carrying out the financial transaction or providing the product or service; or (2) Required, or is a usual, appropriate or acceptable method: (i) To carry out the transaction or the product or service business of which the transaction is a part, and record, service, or maintain the consumer's account in the ordinary course of providing the financial service or financial product; (ii) To administer or service benefits or claims relating to the transaction or the product or service business of which it is a part; (iii) To provide a confirmation, statement, or other record of the transaction, or information on the status or value of the financial service or financial product to the consumer or the consumer's agent or broker; (iv) To accrue or recognize incentives or bonuses associated with the transaction that are provided by you or any other party; (v) To underwrite insurance at the consumer's request or for reinsurance purposes, or for any of the following purposes as they relate to a consumer's insurance: account administration, reporting, investigating, or preventing fraud or material misrepresentation, processing premium payments, processing insurance claims, administering insurance benefits (including utilization review activities), participating in research projects, or as otherwise required or specifically permitted by Federal or State law; or (vi) In connection with: (A) The authorization, settlement, billing, processing, clearing, transferring, reconciling or collection of amounts charged, debited, or otherwise paid using a debit, credit, or other payment card, check, or account number, or by other payment means; (B) The transfer of receivables, accounts, or interests therein; or (C) The audit of debit, credit, or other payment information. § 216.15 Other exceptions to notice and opt out requirements. (a) Exceptions to opt out requirements. The requirements for initial notice in §216.4(a)(2), for the opt out in §§ 216.7 and 216.10, and for service providers and joint marketing in §216.13 do not apply when you disclose nonpublic personal information: (1) With the consent or at the direction of the consumer, provided that the consumer has not revoked the consent or direction; (2)(i) To protect the confidentiality or security of your records pertaining to the consumer, service, product, or transaction; (ii) To protect against or prevent actual or potential fraud, unauthorized transactions, claims, or other liability; (iii) For required institutional risk control or for resolving consumer disputes or inquiries; (iv) To persons holding a legal or beneficial interest relating to the consumer; or (v) To persons acting in a fiduciary or representative capacity on behalf of the consumer; (3) To provide information to insurance rate advisory organizations, guaranty funds or agencies, agencies that are rating you, persons that are assessing your compliance with industry standards, and your attorneys, accountants, and auditors; (4) To the extent specifically permitted or required under other provisions of law and in accordance with the Right to Financial Privacy Act of 1978 (12 U.S.C. 3401 et seq.), to law enforcement agencies (including a federal functional regulator, the Secretary of the Treasury, with respect to 31 U.S.C. Chapter 53, Subchapter II (Records and Reports on Monetary Instruments and Transactions) and 12 U.S.C. Chapter 21 (Financial Recordkeeping), a State insurance authority, with respect to any person domiciled in that insurance authority's State that is engaged in providing insurance, and the Federal Trade Commission), self-regulatory organizations, or for an investigation on a matter related to public safety; (5)(i) To a consumer reporting agency in accordance with the Fair Credit Reporting Act (15 U.S.C. 1681 et seq.), or (ii) From a consumer report reported by a consumer reporting agency; (6) In connection with a proposed or actual sale, merger, transfer, or exchange of all or a portion of a business or operating unit if the disclosure of nonpublic personal information concerns solely consumers of such business or unit; or (7)(i) To comply with Federal, State, or local laws, rules and other applicable legal requirements; (ii) To comply with a properly authorized civil, criminal, or regulatory investigation, or subpoena or summons by Federal, State, or local authorities; or (iii) To respond to judicial process or government regulatory authorities having jurisdiction over you for examination, compliance, or other purposes as authorized by law. (b) Examples of consent and revocation of consent. (1) A consumer may specifically consent to your disclosure to a nonaffiliated insurance company of the fact that the consumer has applied to you for a mortgage so that the insurance company can offer homeowner's insurance to the consumer. (2) A consumer may revoke consent by subsequently exercising the right to opt out of future disclosures of nonpublic personal information as permitted under § 216.7(f). Subpart D-Relation to Other $216.16 Protection of Fair Credit Reporting Act. Nothing in this part shall be construed to modify, limit, or supersede the operation of the Fair Credit Reporting Act (15 U.S.C. 1681 et seq.), and no inference shall be drawn on the basis of the provisions of this part regarding whether information is transaction or experience information under section 603 of that Act. § 216.17 Relation to State laws. (a) In general. This part shall not be construed as superseding, altering, or affecting any statute, regulation, order, or interpretation in effect in any State, except to the extent that such State statute, regulation, order, or interpretation is inconsistent with the provisions of this part, and then only to the extent of the inconsistency. (b) Greater protection under State law. For purposes of this section, a State statute, regulation, order, or interpretation is not inconsistent with the provisions of this part if the protection such statute, regulation, order, or interpretation affords any consumer is greater than the protection provided under this part, as determined by the Federal Trade Commission, after consultation with the Board, on the Federal Trade Commission's own motion, or upon the petition of any interested party. § 216.18 Effective date; transition rule. (a) Effective date. This part is effective November 13, 2000. In order to provide sufficient time for you to establish policies and systems to comply with the requirements of this part, the Board has extended the time for compliance with this part until July 1, 2001. (b)(1) Notice requirement for consumers who are your customers on the compliance date. By July 1, 2001, you must have provided an initial notice, as required by $216.4, to consumers who are your customers on July 1, 2001. (2) Example. You provide an initial notice to consumers who are your customers on July 1, 2001, if, by that date, you have established a system for providing an initial notice to all new customers and have mailed the initial notice to all your existing customers. (c) Two-year grandfathering of service agreements. Until July 1, 2002, a contract that you have entered into with a nonaffiliated third party to perform services for you or functions on your behalf satisfies the provisions of § 216.13(a)(1)(ii) of this part, even if the contract does not include a requirement that the third party maintain the confidentiality of nonpublic personal information, as long as you entered into the contract on or before July 1, 2000. APPENDIX A TO PART 216-SAMPLE CLAUSES Financial institutions, including a group of financial holding company affiliates that use a common privacy notice, may use the following sample clauses, if the clause is accurate for each institution that uses the notice. (Note that disclosure of certain information, such as assets, income, and information from a consumer reporting agency, may give rise to obligations under the Fair Credit Reporting Act, such as a requirement to permit a consumer to opt out of disclosures to affiliates or designation as a consumer reporting agency if disclosures are made to nonaffiliated third parties.) A-1-CATEGORIES OF INFORMATION YOU COLLECT (ALL INSTITUTIONS) You may use this clause, as applicable, to meet the requirement of §216.6(a)(1) to describe the categories of nonpublic personal information you collect. Sample Clause A-1: We collect nonpublic personal information about you from the following sources: • Information we receive from you on applications or other forms; • Information about your transactions with us, our affiliates, or others; and • Information we receive from a consumer reporting agency. A-2-CATEGORIES OF INFORMATION YOU DISCLOSE (INSTITUTIONS THAT DISCLOSE OUTSIDE OF THE EXCEPTIONS) You may use one of these clauses, as applicable, to meet the requirement of § 216.6(a)(2) to describe the categories of nonpublic personal information you disclose. You may use these clauses if you disclose nonpublic personal information other than as permitted by the exceptions in §§ 216.13, 216.14, and 216.15. Sample Clause A-2, Alternative 1: We may disclose the following kinds of nonpublic personal information about you: • Information we receive from you on applications or other forms, such as [provide illustrative examples, such as "your name, address, social security number, assets, and income"]; • Information about your transactions with us, our affiliates, or others, such as [provide illustrative examples, such as "your account balance, payment history, parties to transactions, and credit card usage"]; and • Information we receive from a consumer reporting agency, such as [provide illustrative examples, such as "your creditworthiness and credit history”]. Sample Clause A-2, Alternative 2: We may disclose all of the information that we collect, as described [describe location in the notice, such as "above" or "below"]. A-3-CATEGORIES OF INFORMATION YOU DIS CLOSE AND PARTIES TO WHOM YOU DISCLOSE (INSTITUTIONS THAT DO NOT DISCLOSE OUTSIDE OF THE EXCEPTIONS) You may use this clause, as applicable, to meet the requirements of §§ 216.6(a)(2), (3), and (4) to describe the categories of nonpublic personal information about customers and former customers that you disclose and the categories of affiliates and nonaffiliated third parties to whom you disclose. You may use this clause if you do not disclose nonpublic personal information to any party, other than as permitted by the exceptions in §§ 216.14, and 216.15. Sample Clause A-3: We do not disclose any nonpublic personal information about our customers or former customers to anyone, except as permitted by law. A-4 CATEGORIES OF PARTIES TO WHOM YOU DISCLOSE (INSTITUTIONS THAT DISCLOSE OUTSIDE OF THE EXCEPTIONS) You may use this clause, as applicable, to meet the requirement of §216.6(a)(3) to describe the categories of affiliates and nonaffiliated third parties to whom you disclose nonpublic personal information. You may use this clause if you disclose nonpublic personal information other than as permitted by the exceptions in §§ 216.13, 216.14, and 216.15, as well as when permitted by the exceptions in §§ 216.14, and 216.15. We may disclose the following information to companies that perform marketing services on our behalf or to other financial institutions with whom we have joint marketing agreements: • Information we receive from you on applications or other forms, such as [provide illustrative examples, such as "your name, address, social security number, assets, and income"]; • Information about your transactions with us, our affiliates, or others, such as [provide illustrative examples, such as “your account balance, payment history, parties to transactions, and credit card usage']; and • Information we receive from a consumer reporting agency, such as [provide illustrative examples, such as "your creditworthiness and credit history"]. Sample Clause A-5, Alternative 2: We may disclose all of the information we collect, as described [describe location in the notice, such as "above" or "below"] to companies that perform marketing services on our behalf or to other financial institutions with whom we have joint marketing agreements. A-6-EXPLANATION OF OPT OUT RIGHT (INSTITUTIONS THAT DISCLOSE OUTSIDE OF THE EXCEPTIONS) You may use this clause, as applicable, to meet the requirement of §216.6(a)(6) to provide an explanation of the consumer's right to opt out of the disclosure of nonpublic personal information to nonaffiliated third parties, including the method(s) by which the consumer may exercise that right. You may use this clause if you disclose nonpublic personal information other than as permitted by the exceptions in §§ 216.13, 216.14, and 216.15. Sample Clause A-6: If you prefer that we not disclose nonpublic personal information about you to nonaffiliated third parties, you may opt out of those disclosures, that is, you may direct us not to make those disclosures (other than disclosures permitted by law). If you wish to opt out of disclosures to nonaffiliated third parties, you may [describe a reasonable means of opting out, such as "call the following tollfree number: (insert number)']. A-7-CONFIDENTIALITY AND SECURITY (ALL INSTITUTIONS) You may use this clause, as applicable, to meet the requirement of §216.6(a)(8) to describe your policies and practices with respect to protecting the confidentiality and security of nonpublic personal information. Sample Clause A-7: We restrict access to nonpublic personal information about you to [provide an appropriate description, such as "those employees who need to know that information to provide products or services to you"]. We maintain § 217.1 Authority, purpose, and scope. (a) Authority. This part is issued under the authority of section 19 of the Federal Reserve Act (12 U.S.C. 371a, 461, 505), section 7 of the International Banking Act of 1978 (12 U.S.C. 3105), section 11 of the Federal Reserve Act (12 U.S.C. 248), and section 8 of the Federal Deposit Insurance Act (12 U.S.C. 1818), unless otherwise noted. (b) Purpose. This part prohibits the payment of interest on demand deposits by member banks and other depository institutions within the scope of this part. (c) Scope. (1) This regulation applies to state chartered banks that are members of the Federal Reserve under section 9 of the Federal Reserve Act (12 U.S.C. 321, et seq.) and to all national banks. The regulation also applies to any Federal branch or agency of a foreign bank and to a State uninsured branch or agency of a foreign bank in the same manner and to the same extent as if the branch or agency were a member bank, except as may be otherwise provided by the Board, if: (i) Its parent foreign bank has total worldwide consolidated bank assets in excess of $1 billion; (ii) Its parent foreign bank is controlled by a foreign company which |