Letter to Credit Union No. 16-CU-03: Regulatory Relief on Annual Privacy Notices
January 2015

The NCUA issued a letter detailing a recent amendment to the Gramm-Leach-Bliley Act (GLBA) that creates an exception (under certain circumstances) to the statutory requirement that credit unions provide consumers with annual privacy notices.  According to the LTCU, a credit union is not required to provide an annual privacy notice if:

  • The credit union’s policy and procedures for disclosing nonpublic personal information have not changed since it provided its most recent annual privacy notice to consumers; and
  • The credit union shares nonpublic personal information with nonaffiliated third parties only in accordance with requirements for certain existing GLBA exceptions, including those related to:
    • Performing services for, or functions on behalf of, the credit union, pursuant to a joint marketing agreement;
    • Administering, servicing or processing a transaction a consumer requests or authorizes; maintaining or servicing certain consumer accounts; or performing securitizations, secondary market sales, or similar transactions; or
    • Other specified operational and legal purposes, including disclosure with the consumer’s consent or at the consumer’s direction and disclosure to protect the confidentiality and security of records related to the consumer, service, product or transaction.

NCUA examiners will only expect annual privacy notices to be provided if your credit union does not meet the new requirements noted in this letter. 

Back to NASCUS Regulatory Affairs