Legal wrangling over consumer privacy protection threatens to restrict the ability of banks to share customer information with outside parties.
A provision of the Fair Credit Reporting Act (FCRA) that restricts states from enacting superseding legislation is scheduled to expire on January 1, 2004. With the expiration of this so-called preemption provision, states will be permitted to write their own laws, such as requiring "opt-in" rules for affiliate and third party data sharing.
The FCRA regulates the activities of credit reporting agencies, including the rights of consumers to obtain information about their credit history. In conjunction with the Gramm Leach Bliley Act (GLBA), it also specifies the rules by which banks can share information about customers with third parties.
Under pressure to corral intrusive telemarketing techniques and unsavory spam e-mail, Congress may choose to extend the preemption provision. Still, the prospect of a patchwork of state regulations replacing a uniform national policy has provoked anxiety among banks and the marketing industry.
Banking trade organizations are trying to ensure that lawmakers are evenhanded in their approach. "We don't want to see an unintentional result occur just because privacy becomes an issue," said Robert R. Davis, managing director of government relations for America's Community Bankers, a Washington, D.C.-based trade organization. "We don't want to see elected representatives thinking that there's a big cry from the public to do something about privacy, and inadvertently making it hard for companies who are trusted by the public to be effective in providing services for their customers."
Two banking industry trade groups-America's Community Bankers and the Independent Community Bankers of America-have formed a privacy working group to study the impact of changes in privacy legislation.
The trade organizations hope to preserve the ability to use customer information for cross-selling, despite whatever protections might be enacted against spam. Such proposals as a national "do-not-call" registry could preclude banks from contacting customers about complementary financial products and services.
"Obviously, you can't provide service to customers unless you use information you have about the customer," said Davis. "If you can't offer product information based on what you know about the customer, basically you're depriving customers of things they may need and want."
Changes to privacy laws could also restrict the ability of banks to contract with outside service providers, said Davis. "If you end up having something like an 'opt-in,' you as a customer have to affirmatively let the bank contract with a more efficient outsourcer to provide a certain service. Therefore, the bank doesn't do it, because it's too hard to get everyone to sign up to agree to accept service from the outsourcer."
Such outsourcing arrangements are vital in promoting competition in the banking industry. "Technology has allowed the community institution to compete and offer a range of products with some of the same efficiencies as the large institutions. In fact, this really isn't a large bank-small bank issue, because many larger institutions also have a large number of outsourcing relationships."
Larger banks provide services to smaller banks in areas such as mortgages, annuities and insurance. That, in turn, enables smaller banks to compete with bigger ones, especially when they're "adding a little more value and personal touch involved in the product," said Davis.
"Technology has allowed the small institution to remain competitive and also bring a level of personal touch and decision making," he said.
Current laws adequately protect customer information that's shared between banks and service providers, he added.