As the July 1 deadline for Gramm-Leach-Bliley privacy compliance creeps ever closer, it appears many banks still debate how best to comply with the new regulations, according to a recent survey.
When Bankers Systems, a compliance products and research firm in St. Cloud, Minn., recently surveyed 500 financial institutions on compliance readiness, 9% said they had already mailed their privacy notices; 28% said they had drafted and printed their notices; 52% said their policies and notices were still in the works; and 11% said they had just started studying the regulations.
In analyzing the information-sharing practices of more than 3,900 financial institutions, Bankers Systems reported that 69% of the banks and savings associations surveyed said they didn't plan to share customer information with nonaffiliated third parties outside the law's exceptions, while 65% of the credit unions sampled said they would share members' personal information in ways that would require an opt-out proviso. A little more than half the finance companies sampled said they would share such information.
Asset size played a part in the decision to share or not to share, with the largest institutions showing a greater propensity to provide customer information to third parties than smaller ones. Among banks and savings institutions with more than $1 billion in assets, 64% plan to share customer information with outside parties, compared with 30% for banks and savings associations with assets below $1 billion.
Geography coughed up some interesting tidbits, but didn't seem to follow any logic. In Colorado, Vermont, Mississippi, Montana, North Dakota, Oklahoma and Illinois, nonsharers outnumbered sharers by more than three to one. In Michigan, 72% of the institutions surveyed said they would share customer data, while 69% of those in Utah planned to share.
The institutions doing the least amount of sharing got their disclosure statements out the quickest. Complicated notices requiring opt out language take longer to prepare.