Payday loan servicing new york

Editor's note: The Board of Governors of the Commercial Law League requested League Counsel, Dave Goch, to provide guidance to members on complying with federal privacy laws that became effective July 1, 2001. Following is his analysis of traditional non-financial firms' obligation under the Gramm-Leach-Bliley Privacy Policy Disclosure Law Immediately following his analysis is a sample letter that may be used to notify clients of privacy policies.

Businesses that never thought of themselves as banks or insurance companies are now discovering they may be subject to privacy notification regulations of the Gramm-Leach-Bliley ("GLB") Financial Services Modernization Act of 1999.

Those businesses include law firms, accountants, real estate appraisers, retailers, software makers, businesses that provide career counseling services related to the banking industry, credit counseling, and telephone companies. Some have already mailed customers privacy policy notices similar to those sent by banks, securities firms and insurance companies that were the primary targets of the Act.

GLB requires "financial institutions" to annually send customers a copy of their policies for sharing and selling their personal information to other companies, including marketers. The law also requires companies to set up a mechanism by which customers can opt-out of such sharing or selling of their personal information. It is important to note that companies falling under the privacy policy requirements must only give notice to customers acting as individuals; the law does not require privacy policy disclosure to business customers or sole proprietors buying items and services on behalf of their companies.

Non-financial services companies, not traditionally thought to be "financial companies", providing services to individual customers may be required to develop an official privacy policy and send out notices to customers if they conduct "financial activities." (In fact, recently, an FTC official familiar with the issue said outright that the GLB applies specifically to "financial arrangements"-no matter of what type of company conducts them.) This is because the GLB, requiring the privacy notices, makes reference to the Bank Holding Company Act of 1956.

The Bank Holding Company Act of 1956 outlines traditional financial activities such as lending, insuring, and underwriting securities. But it also references a Federal Reserve Board list of financial activities "closely related" to banking. That list includes:

"Brokering or servicing loans; leasing real or personal property (or acting as agent, broker, or advisor in such leasing) without operating, maintaining or repairing the property; appraising real or personal property; check guaranty, collection agency, credit bureau, and real estate settlement services; providing financial or investment advisory activities including tax planning, tax preparation, and instruction on individual financial management; management consulting and counseling activities (including providing financial career counseling); courier services for banking instruments; printing and selling checks ad related documents; community development or advisory activities; selling money orders, savings bonds or traveler's checks; and providing financial data processing and transmission services, facilities (including hardware, software, documentation, or operating personnel), data bases, advice or access to these by technological means."

That definition means, for example, a company making tax return software, might have to send out privacy policy notices to its customers even if they do not plan to share or sell customer information to a third party Other examples include a collection agency collecting on behalf of an individual, or a law firm representing an individual in a personal bankruptcy Furthermore, if the company does sell or share an individual's personal information to third parties, the company must provide a mechanism for its customers to opt-out of information sharing (as banks and credit card companies are doing).

Meanwhile, retailers, or any other business, that offers lay-aways or installment plans for delinquent payments may be subject to the privacy policy disclosure requirements. Even "ma-and-pa" businesses may have to create a privacy policy and send out customer notices. Retailers who offer payment plans for items like furniture or appliances-including the common "Make No Payments for Six Months" promotions-might fall under the privacy policy disclosure laws. They would then have to send out the privacy notice, even if the business has no plans to sell the customer financial information it collects.

An FTC attorney has recently stated that the FTC, in its regulation, left some flexibility for businesses that occasionally engage in one of the listed financial activities. A company not "significantly engaged" in such financial activities would not fall under the rule, according to the attorney But there are no percentages, guidelines or thresholds that define the term. Companies running an informal lay-away program or running "tabs" for customers probably would not fall under the requirements; but companies who do such as a regular part of their business likely would fall under the requirements.

With regard to attorneys/law firm obligations, the New York State Bar Association has written to the FTC asking to exempt lawyers from having to issue privacy policies to their clients. Lawyers fear that representing or advising clients on tax law, estate planning, domestic relations or bankruptcy could be considered "financial activities" under the privacy policy provision of the GLB. The irony, lawyers argue, is that their own professional confidentiality agreements and protections with their clients are far beyond anything contained in the law. But by having to mail privacy notices stating just that, lawyers argue that clients may feel there is the possibility of information about them being shared with an outside party.

However, in what appears to be its response, on July 9, 2001, a Federal Trade Commission official confirmed that any non-financial services companies seeking to escape new privacy policy regulations will have to ask Congress for help, not regulators.

Examples

GLB includes within the definition of "financial institution" a company that complies, or aggregates, an individual's on-line accounts, such as mortgages, loans, credit cards, at that company's web site as a service to the individual, who may access all of his account information on that Internet site. This company must comply with GLB and provide initial and annual privacy notices.

A mortgage lender that sells all loans as soon as a loan is closed and funded is still required to provide initial privacy notices at the time of establishing the customer relationship; however, the individual's status as customer of the lender terminates at such time as the lender sells the loan. At that point, they are only consumers of the lender and there is no obligation for the lender to provide them with an annual notice. The mortgage buyer would then be required to provide privacy notices to these customers.

Similarly, if a party buys debt (e.g., a file of debt from CitiBank), it steps into the shoes of CitiBank, and to the extent CitiBank had to provide notice to customers, the debt buyer would as well.

A debt collector collecting debts of businesses need not send out privacy notices because a business or corporation is not a "consumer" or "customer" as defined in GLB. A debt collector collecting the debts of individuals for a business need not send out privacy notices because the business is not a "consumer" or "customer." However, the debt collector may be required to maintain the confidentiality of the data.

Conversely, a debt collector collecting debts on behalf of an individual (e.g., collecting a judgment or on a person to person loan) would be required to provide the customer, the person the collector is collecting on behalf of, notice (Assuming that the collector possesses non-public personal information about the customer).

If an individual guarantees a business purpose loan in his individual capacity, he is not applying for a financial product or service primarily for a personal, family or household purpose. The business is receiving the financial product. Thus, there is no "consumer" or "customer" and no privacy notice is required.

A mortgage broker establishes a customer relationship with individuals and is therefore required to provide privacy notices. A mortgage broker undertakes to arrange or broker a mortgage loan for the customer and therefore is considered a "financial institution."