[Federal Register Volume 76, Number 141 (Friday, July 22, 2011)]
[Rules and Regulations]
[Pages 43879-43890]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2011-17711]
-----------------------------------------------------------------------
COMMODITY FUTURES TRADING COMMISSION
17 CFR Part 162
RIN 3038-AD12
Business Affiliate Marketing and Disposal of Consumer Information
Rules
AGENCY: Commodity Futures Trading Commission.
ACTION: Final rule.
-----------------------------------------------------------------------
SUMMARY: The Commodity Futures Trading Commission is adopting
regulations to implement new statutory provisions enacted by title X of
the Dodd-Frank Wall Street Reform and Consumer Protection Act. These
regulations apply to futures commission merchants, retail foreign
exchange dealers, commodity trading advisors, commodity pool operators,
introducing brokers, swap dealers and major swap participants. The
Dodd-Frank Act provides the Commission with authority to implement
regulations under sections 624 and 628 of the Fair Credit Reporting
Act. The regulations implementing section 624 of the Fair Credit
Reporting Act require CFTC-regulated entities to provide consumers with
the opportunity to prohibit affiliates from using certain information
to make marketing solicitations to consumers. The regulations
implementing section 628 of the FCRA require CFTC-regulated entities
that possess or maintain consumer report information in connection with
their business activities to develop and implement written policies and
procedures for the proper disposal of such information.
DATES: Effective date: September 20, 2011.
Compliance dates: Futures commission merchants, commodity pool
operators, commodity trading advisors, introducing brokers, and retail
foreign exchange dealers shall be in compliance with these rules not
later than November 21, 2011. Swap dealers and major swap participants
shall be in compliance with these rules not later than 60 days after
the effective date of the final entities definition rulemaking, which
the Commission will have published in the Federal Register at a future
date.
FOR FURTHER INFORMATION CONTACT: Carl E. Kennedy, Counsel, (202) 418-
6625, Commodity Futures Trading Commission, Office of the General
Counsel, Three Lafayette Centre, 1155 21st Street, NW., Washington, DC
20581, facsimile number (202) 418-5524, e-mail: [email protected].
SUPPLEMENTARY INFORMATION:
Table of Contents
I. Background
II. Rule Amendments
A. Affiliate Marketing Rules
B. Disposal Rules
II. Cost-Benefit Analysis
III. Paperwork Reduction Act
IV. Regulatory Flexibility Act
V. Text of Final Rules
I. Background
On October 27, 2010, the Commodity Futures Trading Commission
(``Commission'' or ``CFTC'') proposed in the Federal Register the
addition of a new part 162 to its Regulations (the ``Proposal'').\1\
New part 162 was proposed to implement section 1088 of the Dodd-Frank
Wall Street Reform and Consumer Protection Act \2\ (``Dodd-
[[Page 43880]]
Frank Act''), which sets out two amendments to the Fair Credit
Reporting Act (``FCRA'') \3\ and the Fair and Accurate Credit
Transactions Act of 2003 (``FACT Act'').\4\ As amended, the FCRA
directs the Commission to promulgate regulations that are intended to
provide privacy protections to certain consumer information held by any
person that is subject to the enforcement jurisdiction of the
Commission. One provision of section 1088 of the Dodd-Frank Act amends
section 214(b) of the FACT Act--which added section 624 to the FCRA in
2003--and directs the Commission to implement the provisions of section
624 of the FCRA with respect to persons that are subject to the CFTC's
enforcement jurisdiction. Section 624 of the FCRA gives consumers the
right to prohibit certain CFTC-regulated entities \5\ from using
certain information obtained from an affiliate to make solicitations to
that consumer (hereinafter referred in this preamble as the ``affiliate
marketing rules''). Specifically, 17 CFR 162.3 establishes the basic
rules governing the requirement to provide the consumer with notice, a
reasonable opportunity and a simple method to opt out of a company's
use of eligibility information that it obtains from an affiliate for
the purpose of making solicitations to the consumer. This section and
the affiliate marketing rule requirements are discussed in more detail
below.
---------------------------------------------------------------------------
\1\ See 75 FR 66018, Oct. 27, 2010.
\2\ See the Dodd-Frank Wall Street Reform and Consumer
Protection Act, Public Law 111-203, 124 Stat. 1376 (2010). The text
of the Dodd-Frank Act may be accessed at http://www.cftc.gov./
LawRegulation/OTCDERIVATIVES/index.htm.
\3\ See 15 U.S.C. 1681-1681x. The FCRA, enacted in 1970, sets
standards for the collection, communication, and use of information
bearing on a consumer's credit worthiness, credit standing, credit
capacity, character, general reputation, personal characteristics,
or mode of living that is collected and communicated by consumer
reporting agencies.
\4\ See Public Law 108-159, Section 214, 117 Stat. 1952, 1980
(2003). The FACT Act was signed into law on December 4, 2003. The
FACT Act amended the FCRA to enhance the ability of consumers to
combat identity theft, to increase the accuracy of consumer reports,
to allow consumers to exercise greater control regarding the type
and amount of solicitations they receive, and to restrict the use
and disclosure of sensitive medical information. A portion of
section 214 of the FACT Act amended the FCRA to add section 624 to
the FCRA.
\5\ The CFTC-regulated entities that were covered in the
Proposal included futures commission merchants (``FCMs''), retail
foreign exchange dealers (``RFEDs''), commodity trading advisors
(``CTAs''), commodity pool operators (``CPOs''), introducing brokers
(``IBs''), swap dealers (``SDs''), or major swap participants
(``MSPs''). Title VII of the Dodd-Frank Act created two new
entities, which are subject to the jurisdiction of the Commission:
SDs and MSPs. Section 162.2(n) of the Commission's regulations, 17
CFR 162.2(n), defines the term ``major swap participant'' to have
the same meaning as in section 1a(33) of the Commodity Exchange Act,
7 U.S.C. 1 et seq. (``CEA''), as may be further defined by the
Commission's regulations, and includes any person registered as such
thereunder. Section 162.2(r) of the Commission's regulations, 17 CFR
162.2(r), defines the term ``swap dealer'' to have the same meaning
as in section 1a(49) of the CEA, as may be further defined by the
Commission's regulations, and includes any person registered as such
thereunder.
---------------------------------------------------------------------------
The other provision in section 1088 of the Dodd-Frank Act amends
section 628 of the FCRA and mandates that the Commission implement
regulations requiring persons subject to the CFTC's jurisdiction who
possess or maintain consumer report information in connection with
their business activities to properly dispose of that information
(hereinafter referred to in this preamble as the ``disposal rules'').
Both sections 624 and 628 of the FCRA required various Federal
agencies charged with regulating financial institutions in possession
of consumer information to issue regulations in final form in
consultation and coordination with each other. In particular, these
sections required the Office of the Comptroller of the Currency
(``OCC''), the Board of Governors of the Federal Reserve System
(``Board''), the Federal Deposit Insurance Corporation (``FDIC''), the
Office of Thrift Supervision (``OTS''), the National Credit Union
Administration (``NCUA'') (collectively, the ``Banking Agencies''), the
Securities and Exchange Commission (``SEC'') and the Federal Trade
Commission (``FTC'') (the SEC, FTC and the Banking Agencies, are
collectively, the ``Agencies'') in consultation and coordination with
one another, to issue rules implementing these sections of the FCRA.
The Agencies already have adopted final affiliate marketing rules and
disposal rules.\6\ The Commission, after consulting with many of the
Agencies, is acting now pursuant to the Dodd-Frank Act to finalize and
implement the affiliate marketing rules and disposal rules.
---------------------------------------------------------------------------
\6\ For the disposal rules adopted by the various Federal
agencies, see 69 FR 68690 (Nov. 24, 2004) (FTC); 69 FR 77610, Dec.
28, 2004 (Banking Agencies); 73 FR 13692, Mar. 13, 2008 (SEC). For
the affiliate marketing rules adopted by the various Federal
agencies, see 72 FR 61424, Oct. 31, 2007 (FTC); 72 FR 62910, Nov. 7,
2007 (Banking Agencies); 74 FR 58204, Sept. 10, 2009 (SEC).
---------------------------------------------------------------------------
The 60-day public comment period on the Proposal expired on
December 27, 2010.\7\ In response to the Proposal, the Commission
received a total of four comment letters.\8\ Two of the four addressed
the merits or substance of the Proposal.\9\ Specifically, these
comments addressed the following issues: (1) Consistency with the other
Agencies' final regulations; (2) minor changes to the ``consumer''
definition; (3) correction of minor typographical errors; (4) the
compliance date of the rules; and (5) consideration of additional
burdens that Commission did not address in the Proposal's Paperwork
Reduction Act and cost-benefit analyses.\10\
---------------------------------------------------------------------------
\7\ See 75 FR at 66019.
\8\ Copies of these comment letters are available on the
Commission's Web site at http://www.cftc.gov.
\9\ The Securities Industry and Financial Markets Association
(``SIFMA'') submitted a comment letter dated December 20, 2010 (the
``SIFMA letter''). The International Swaps and Derivatives
Association (``ISDA'') and the Financial Services Roundtable
(``FSR'') jointly submitted a comment letter dated December 27, 2010
(the ``ISDA/FSR letter''). As noted above, both letters are
available on the Commission's Web site.
\10\ The Commission also has made a few technical revisions to
its final rules to add clarity. For example, in Sec.
162.4(a)(2)(ii), the Commission revised two of the examples of what
constitutes a continuing relationship with a covered affiliate.
Specifically, the Commission revised these examples to demonstrate
instances where an SD or MSP may have such a relationship, and where
a swap transaction may evidence such a relationship.
---------------------------------------------------------------------------
II. Rule Amendments
A. Affiliate Marketing Rules
Section 624 of the FCRA generally provides that a consumer can
block certain CFTC-regulated entities from soliciting the consumer \11\
based on eligibility information \12\ that such registrant received
from an affiliate \13\ that has or previously had a pre-existing
business relationship \14\ with that
[[Page 43881]]
consumer. To implement section 624 of the FCRA, Sec. 162.3(a)
establishes three conditions that must be met before a covered
affiliate \15\ that does not have a pre-existing business relationship
with a consumer may use eligibility information to make a solicitation
\16\ to that consumer.\17\ First, the rule provides that a notice must
be clearly and conspicuously \18\ disclosed to the consumer in writing
or, if the consumer agrees, electronically, in a concise \19\ notice
that the covered affiliate that does not have a pre-existing business
relationship may use shared eligibility information to make
solicitations to the consumer.\20\ Second, the consumer must be
provided a reasonable opportunity and a reasonable and simple method to
opt out of the use of that eligibility information to make
solicitations to the consumer.\21\ Third, the consumer must not have
opted out.
---------------------------------------------------------------------------
\11\ Proposed Sec. 162.2(f) defined the term ``consumer'' to
mean an individual person. This definition follows the statutory
definition in section 603(c) of the FCRA. As was noted in the
preamble to the Proposal, an individual acting through a legal
representative qualifies as a consumer. The Commission is amending
the definition in the final rule as described herein to address
comments received in response to the Proposal.
\12\ See 17 CFR 162.2(k), which defines the term ``eligibility
information'' to mean any information that would be a consumer
report if the exclusions from the definition of ``consumer report''
in section 603(d)(2)(A) of the FCRA did not apply. Examples of the
type of information that would fall within the definition of
``eligibility information'' includes an affiliate's own transaction
or experience information, such as information about a consumer's
account history with that person, and other information, such as
information from credit bureau reports or applications. The term
``eligibility information'' does not include aggregate or blind data
that does not contain personal identifiers. Examples of personal
identifiers include account numbers, names, or addresses, as well as
Social Security numbers, driver's license numbers, telephone
numbers, or other types of information that, depending on the
circumstances or when used in combination, could identify the
consumer.
\13\ See 17 CFR 162.2(a), which defines ``affiliates'' to mean
``any person that is related by common ownership or common corporate
control with a covered affiliate.''
\14\ See 17 CFR 162.2(q), which defines the term ``pre-existing
business relationship'' to mean a relationship between a person (or
a person's licensed agent) and a consumer based on the following:
(1) A financial contract between the person and the consumer that is
in force on the date on which the consumer is sent a solicitation by
this subpart; (2) the purchase, rental, or lease by the consumer of
a person's financial products or services, or a financial
transaction (including holding an active account or a policy in
force or having another continuing relationship) between the
consumer and the person, during the 18-month period immediately
preceding the date on which a solicitation covered by this subpart
is sent to the consumer; or (3) an inquiry or application by the
consumer regarding a financial product or service offered by that
person during the three-month period immediately preceding the date
on which the consumer is sent a solicitation covered by this
subpart.
\15\ See 17 CFR 162.2(h), which defines the term ``covered
affiliate'' to mean an FCM, RFED, CTA, CPO, IB, SD, or MSP, which is
subject to the jurisdiction of the Commission.
\16\ See 17 CFR 162.2(r), which defines the term
``solicitation'' to mean the marketing of a financial product or
service initiated by a covered affiliate to a particular consumer
that is based on eligibility information communicated to the covered
affiliate by its affiliate and is intended to encourage the consumer
to purchase the covered affiliate's financial product or service. A
communication, such as a telemarketing solicitation, direct mail, or
e-mail, is a solicitation if it is directed to a specific consumer
based on eligibility information. The definition of solicitation
does not, however, include communications that are directed at the
general public without regard to eligibility information, even if
those communications are intended to encourage consumers to purchase
financial products and services from the person initiating the
communications.
\17\ Section 162.3(d) of the Commission's regulations sets forth
when a covered affiliate makes a solicitation to a consumer.
\18\ See 17 CFR 162.2(b), which defines the term ``clear and
conspicuous'' to mean reasonably understandable and designed to call
attention to the nature and significance of the information
presented in the notice.
\19\ See 17 CFR 162.2(h), which defines the term ``concise'' to
mean a reasonably brief expression or statement.
\20\ Section 162.3(b) of the Commission's regulations, 17 CFR
162.3(b), identifies the parties who are responsible to provide the
notice as either: (1) The affiliate with a pre-existing business
relationship to report the initial opt-out notice directly to the
consumer; or (2) one or more of affiliates to provide a joint notice
to the consumer, provided that at least one of the affiliates has or
previously had the pre-existing business relationship with the
consumer.
Section 162.4(b) provides that an opt-out election must be
effective for a period of at least five years beginning when the
consumer's opt-out election is received and implemented, unless the
consumer subsequently revokes the opt-out election in writing or, if
the consumer agrees, electronically.
\21\ Section 162.6(a) of the Commission's regulations, 17 CFR
162.6(a), sets forth the general rule prohibiting covered affiliates
from using eligibility information about a consumer unless the
consumer is provided a reasonable opportunity to opt out, as
required by the proposed regulation. Section 162.7(b) sets forth
reasonable and simple methods of opting out.
---------------------------------------------------------------------------
As noted above, the Commission received specific comments regarding
the definition of certain terms. In particular, the Securities Industry
Financial Markets Association (``SIFMA'') suggested that the Commission
amend the proposed definition of the term ``affiliate'' in order to
make it conform to the Agencies' rules.\22\ In the Proposal, the
Commission defined ``affiliate'' as ``any company that is under common
ownership or common corporate control.'' SIFMA suggested that the
Commission change this definition by using the words ``related by''
rather than ``under.'' The Commission agrees that this change will
further the goal of consistency with other Agencies' rules and has
adopted this suggestion in its final rules.
---------------------------------------------------------------------------
\22\ See the SIFMA letter at 3.
---------------------------------------------------------------------------
In addition, SIFMA and, in a joint letter, the International Swaps
and Derivatives Association (``ISDA'') and the Financial Services
Roundtable (``FSR'') encouraged the Commission to revise the
``consumer'' definition to indicate that individuals who provide
identifiable information for non-consumer purposes are not
``consumers.'' \23\ Specifically, these commenters contend that the
proposed definition is over-inclusive and as a result would include
individuals such as market makers, individual floor brokers, locals,
and others whose individually identifiable information may be collected
in furtherance of market-related transactions for non-consumer
purposes. These commenters recommend that the Commission employ a
definition similar to that in title V of the Gramm-Leach-Bliley
Act.\24\ The Commission agrees that including such individuals could
possibly be overreaching the intent of the FCRA, and has added a
qualifying statement to the consumer definition which excludes from
that definition persons who are ``market makers, floor brokers, locals,
or individual persons whose information is not collected to determine
eligibility for personal, family, or household purposes.''
---------------------------------------------------------------------------
\23\ See the SIFMA letter at 4 and the ISDA/FSR letter at 2.
\24\ See 15 U.S.C. 6809(9).
---------------------------------------------------------------------------
With respect to several of the examples that the Commission set out
in the Proposal's preamble and rule text for the affiliate marketing
rules, SIFMA noted that the Commission's usage of examples in the
Proposal were inconsistent with the usage of examples by other Agencies
in their final rules.\25\ In particular, SIFMA pointed out that, unlike
the other Agencies' rules, the Proposal does not contain examples of
``solicitation,'' and does contain examples of ``eligibility
information.'' SIFMA suggested that, to ``maximize [the final rules']
benefit and promote consistency,'' the Commission revise the affiliate
marketing rules to follow the Agencies' usage of examples in their
final affiliate marketing rules. That is, when the Agencies have
included examples in the text of the rules, the Commission should
incorporate examples into its final rules, and vice versa. In addition,
SIFMA asked the Commission to indicate that the examples are merely
illustrative of acceptable practices and are not prescriptive. Lastly,
SIFMA asked the Commission to make clear that examples and practices
developed in connection with the analogues rules of the Agencies should
be considered as potential guidance for the Commission's rule.
---------------------------------------------------------------------------
\25\ See the SIFMA letter at 5.
---------------------------------------------------------------------------
Despite SIFMA's comments, the Commission does not believe that the
inclusion or exclusion of examples warrants an interpretation of the
Commission's final affiliate marketing rules that is different than the
interpretation of the Agencies' final affiliate marketing rules. The
Commission has chosen a slightly different approach than the Agencies
in terms of its usage of examples. This approach should not be read to
suggest that the Commission intended a different interpretation of its
rules. Indeed, the Commission has included examples where it believes
they will be illustrative, and does not believe that these examples
should be read as prescriptive. Lastly, the Commission has decided not
to include a statement to the effect that the examples in the Agencies'
rules should be considered as guidance with respect to the Commission's
rule. The Agencies' examples are directed at their registrants; the
Commission's examples are directed at its registrants. Again, these
differences should not be interpreted to suggest that the Commission's
rule is different.
SIFMA also pointed out two typographical errors which the
Commission has corrected in the final
[[Page 43882]]
rules.\26\ These corrections were (1) changing the word ``market'' to
``marketing'' in Sec. 162.3(a)(2); and (2) changing the word
``includes'' to ``include'' in Sec. 162.2(k).
---------------------------------------------------------------------------
\26\ See the SIFMA letter at 4-5.
---------------------------------------------------------------------------
B. Disposal Rules
Section 1088 of the Dodd-Frank Act also amends section 628 of the
FCRA, which directs the Commission to adopt comparable and consistent
rules with the Agencies regarding the disposal of sensitive consumer
information. The purpose of these rules is to reduce the risk of
identity theft and other consumer harm from improper disposal of a
consumer report or any record derived from one. The Commission's
disposal rules \27\ apply to certain Commission-regulated entities \28\
that, for a business purpose, maintain or otherwise possess such
consumer information.\29\
---------------------------------------------------------------------------
\27\ See 17 CFR 162.2(i), which defines the terms ``dispose'' or
``disposal'' to mean the discarding or abandonment of consumer
information or the sale, donation, or transfer of any medium,
including computer equipment, upon which consumer information is
stored. The Proposal noted that the sale, donation, or transfer, as
opposed to the discarding or abandonment, of consumer information
would not be considered ``disposal'' under this definition. For
example, an entity subject to the disposal rule that transfers
consumer report information to a third party for marketing purposes
would not be discarding the information for the purposes of the
disposal rule. If the entity sells computer equipment on which
consumer report information is stored, however, the sale would be
considered disposal. This definition is wholly consistent with the
definition of ``dispose'' or ``disposal'' in the Agencies' final
disposal rules. For those reasons, the Commission adopts this
definition as proposed.
\28\ Like the affiliate marketing rules, the types of
Commission-regulated entities that are subject to the disposal rules
are FCMs, RFEDs, CTAs, CPOs, IBs, SDs, and MSPs.
\29\ See 17 CFR 162.2(g), which defines the term ``consumer
information'' to mean any record about an individual, whether in
paper, electronic, or other form that is a consumer report or is
derived from a consumer report (as defined section 603(d)(1) of the
FCRA). Consumer information also means a compilation of such
records. Consumer information does not include information that does
not identify individuals, such as aggregate information or blind
data.
---------------------------------------------------------------------------
The general disposal requirement in Sec. 162.21(a), 17 CFR 162.21,
provides that Commission-regulated entities adopt reasonable, written
policies and procedures that address the administrative, technical, and
physical safeguards for the protection of consumer information.
A commenter suggested that the Commission remove language from the
text of the Proposal, which requires disposal to take place ``pursuant
to a written disposal plan.'' The commenter suggested that such
language would be duplicative and possibly confusing because the
Proposal already required ``written policies and procedures'' for
disposal. The commenter suggested that the removal of this language
would further the conformity of this rule with the other Agencies'
rules. The Commission agrees and has removed the requirement that
disposal take place ``pursuant to a written disposal plan'' from the
final rule text.
The standard for disposal is flexible to allow these entities to
determine what measures are reasonable based on the sensitivity of the
information, the costs and benefits of different disposal methods, and
relevant changes in technology over time.
C. Compliance Dates
In the Proposal, the Commission proposed to adopt part 162 on July
21, which was intended to coincide with the proposed effective date of
the Commission's amendments to part 160 of its regulations.\30\ SIFMA
requested that the Commission extend the effective date of the disposal
and affiliate marketing rules from July 21, 2011 to nine months after
the date of publication.\31\ SIFMA argued that this would allow the
covered entities enough time to come into compliance with the rules.
---------------------------------------------------------------------------
\30\ See 75 FR 66014, Oct. 27, 2010. The effective date of the
part 160 conforming amendments rulemaking was intended to follow the
designated transfer date when various Federal agencies transfer
their consumer protection authority to the Consumer Financial
Protection Bureau pursuant to section 1100H of the Dodd-Frank Act.
\31\ See the SIFMA letter at 6.
---------------------------------------------------------------------------
The Commission partly agrees with SIFMA's comment with respect to
the new entities (i.e., SDs and MSPs) that must comply with the final
rules. The effective date of the final rules will be 60 days from the
date of publication in the Federal Register. However, with respect to
FCMs, IBs, CTAs, CPOs, and RFEDs, the Commission has decided to
establish a compliance date of 120 days after the date of publication
in the Federal Register. In making its decision, the Commission
considered the amount of time that the other Agencies' final rules gave
to affected entities in order to comply with their respective rules.
These Agencies gave their affected entities 120 months to comply with
the provision of their respective rules. In addition, the Commission
considered the fact that many of its regulated entities are currently
required to adhere to the FTC's disposal and affiliate marketing rules
which are substantially identical.
With respect to SDs and MSPs, the Commission has determined that
these new entities shall have 60 days after the date of publication in
the Federal Register of the final entities definitional rulemaking \32\
to come into compliance with these rules. The Commission expects to
approve and publish in the Federal Register the final entities
definitional rulemaking at a date in the future.
---------------------------------------------------------------------------
\32\ See the Commission's proposed entities definitional
rulemaking at 75 FR 80174, Dec. 21, 2010.
---------------------------------------------------------------------------
II. Cost-Benefit Considerations.
Section 15(a) of the CEA explicitly requires the Commission to
consider the costs and benefits of its actions before issuing a rule or
order under the CEA. By its terms, section 15(a) neither requires the
Commission to quantify the costs and benefits of amendments to
regulations, nor does it require the Commission to determine whether
the benefits of the amendments outweigh its costs. Section 15(a)
specifies that the costs and benefits shall be evaluated in light of
five broad areas of market and public concern: (1) Protection of market
participants and the public; (2) efficiency, competitiveness and
financial integrity of futures markets; (3) price discovery; (4) sound
risk management practices; and (5) other public interest
considerations. The Commission may in its discretion give greater
weight to any one of the five enumerated areas and could in its
discretion determine that, notwithstanding its costs, a particular
amendment is necessary or appropriate to protect the public interest or
to effectuate any of the provisions or accomplish any of the purposes
of the CEA.
Section 1088 of the Dodd-Frank Act provides the Commission with
authority to implement rules under sections 624 and 628 of the FCRA. In
its Proposal, the Commission prescribed rules implementing section 624
of the FCRA, which requires certain Commission-regulated entities to
provide consumers with the opportunity to prohibit affiliates from
using certain information to make marketing solicitations to consumers.
The Commission also prescribed rules implementing section 628 of the
FCRA, which requires certain Commission-regulated entities that possess
or maintain consumer report information in connection with their
business activities to develop and implement written policies and
procedures for the proper disposal of such information. These proposed
regulations would require CFTC registrants to do two things with
respect to certain consumer information. The Commission proposed to (1)
create a new part 162 of its regulations to include both the business
affiliate rules
[[Page 43883]]
and the disposal rules and (2) require that this new part apply to the
following Commission-regulated entities: FCMs; IBs; CTAs; CPOs; RFEDs;
SDs; and MSPs.
The cost-benefit discussion in the Proposal analyzed the costs and
benefits of imposing new part 162 on these entities, most of which
currently comply with substantially identical regulations imposed by
the Agencies. With respect to costs, the Commission's Proposal stated
that the costs to aforementioned entities would be de minimis because:
(1) The Commission is providing model notices in the proposed
regulations in order to assist these participants in complying with the
affiliate marketing rules; (2) the affiliate marketing rules only
require periodic notice (i.e., at a maximum, companies would have to
provide notice to a consumer once every five years; at a minimum,
companies would have to provide notice only once per consumer); (3)
market participants can file consolidated and equivalent notices in
order to comply with the affiliate marketing rules; and (4) the
disposal rules were designed to provide market participants with the
greatest flexibility in the development and implementation of a
disposal program (which may vary according to a company's size and the
complexity of its operations, the costs and benefits of available
disposal methods, and the sensitivity of information involved).
The Commission's Proposal also set out the following potential
costs to the general public: (1) Absent the implementation of the
affiliate marketing rules, consumers would have no control over both
the use of their personal information, and the number of solicitations
such consumers would receive from affiliates of company with which they
have a pre-existing business relationship; and (2) absent the
implementation of the disposal rules, there would be an increased
chance that consumer information would be accessible to third parties
who may use such information for identity theft or other unlawful
purposes. With respect to benefits, the Commission's Proposal stated
that, through the implementation of the affiliate marketing rules,
consumers generally will be able to opt out of receiving unsolicited
and targeted materials from businesses with which the consumers have no
pre-existing business relationship. In addition, the Commission's
Proposal stated that, as a result of the implementation of the disposal
rules, the potential for the misuse of consumer information will
greatly decrease.
In issuing final rules, the Commission has considered the costs and
benefits referenced above in light of the comments received in response
to its Proposal and the specific areas of concern identified in section
15(a). An analysis of the section 15(a) factors is set out immediately
below, followed by a discussion of the comments received in response to
the Commission's cost-benefit discussion in its Proposal.
1. Protection of market participants and the public. The Commission
believes that requiring certain Commission-regulated entities to
provide opt-out notices and to protect customer information through
disposal of such information will greatly benefit the general public by
protecting the privacy of the public's personal information. Similarly,
the Commission believes that requiring Commission-regulated entities to
ensure the protection of nonpublic personal information will reduce the
litigation risk that these entities face related to privacy causes of
action. The Commission further believes that the costs, which will be
placed on its regulated entities, will be equal to or no greater than
those costs that the Agencies currently impose on most of these
entities under the Agencies' similar regulations.\33\
---------------------------------------------------------------------------
\33\ The Commission acknowledges that there will likely be an
incremental cost in the aggregate in respect of those entities who
do not currently comply with the Agencies' similar regulations. The
Commission believes that this incremental cost, however, is
outweighed by the benefits that will accrue to the general public in
terms of the privacy protections that will be afforded to their
personal information.
---------------------------------------------------------------------------
2. Efficiency and competition. The Commission believes that the
requirements to provide opt-out notices will benefit efficiency by
reducing the number of solicitations sent to customers. The
Commission's final rules also will benefit efficiency and competition
by providing Commission-regulated entities with flexibility in terms of
how best to distribute opt-out notices and to adopt disposal policies
and procedures to protect customer information. Ultimately, this
flexibility will allow these entities to develop procedures that are
best suited to each entity's business and needs. As noted above, the
Commission believes that the costs, which will be placed on these
entities will be equal to or no greater than those costs currently
placed on them under the Agencies' similar regulations.
3. Price discovery and financial integrity of futures and swaps
markets, price discovery and sound risk management practices. The final
rules should have no effect, from the standpoint of imposing costs or
creating benefits, on the price discovery function or financial
integrity of the futures and swaps markets or on the risk management
practices of the Commission-regulated entities.
4. Other public interest considerations. As noted above, part 162
will provide these entities with maximum flexibility in designing their
own compliance systems in a manner consistent with the legal
requirements under the affiliate marketing rules and disposal rules.
Ultimately, the Commission believes that requiring its entities to
comply with the final affiliate marketing rules and disposal rules will
harmonize privacy protections for individual customers across all
financial markets regardless of whether those entities are regulated by
the Commission or the other Agencies.
5. Response to Comments. In its Proposal, the Commission solicited
comment on its consideration of these costs and benefits. The
Commission received one comment with respect to the cost and benefits
analysis in its Proposal. Specifically, SIFMA argued that the
Commission also should consider anticipated additional costs associated
with monitoring the privacy and opt-out notice process, addressing
consumer issues, and adjusting records to comport with consumer
requests. SIFMA did not provide specific cost information related to
these additional activities. Notwithstanding SIFMA's assertion, the
Commission notes that the additional activities and costs raised by
SIFMA were subsumed within the considerations discussed in the
Proposal.\34\
---------------------------------------------------------------------------
\34\ See the Commission's cost-benefit discussion and Paperwork
Reduction Act analysis at 75 FR at 66030-31.
---------------------------------------------------------------------------
In line with Section 15(a) of the CEA, the Commission believes that
prescribing final rules is in the public interest and will further
protect market the general public, promote efficiency and competition,
and address other public interest considerations such as the
harmonization of regulation across financial markets, regardless of
which Federal regulator oversees a financial entity. In the
Commission's view, these benefits far outweigh the additional costs
that SIFMA cited.
III. Paperwork Reduction Act
Under the Paperwork Reduction Act of 1995 (``PRA''), 44 U.S.C. 3501
et seq., an agency may not conduct or sponsor, and a person is not
required to respond to, a collection of information unless it displays
a currently valid control
[[Page 43884]]
number. The Commission's final rule regarding the protection of
consumer information under the Fair Credit Reporting Act results in
information collection requirements within the meaning of the PRA. The
Commission submitted the proposing release along with supporting
documentation to the Office of Management and Budget (``OMB'') for
review in accordance with 44 U.S.C. 3507(d) and 5 CFR 1320.11. The
Commission requested that OMB approve and assign a new control number
for the collection of information required by the proposing release.
In response to the Commission's request in the proposing release
for comments on any potential paperwork burden associated with both the
proposed affiliate marketing and disposal rules, only SIFMA provided
substantive comments addressing the merits of the Commission's proposed
PRA calculations.\35\ In particular, SIFMA proposed that the burden
estimate for the affiliate marketing rules should be refined to account
for burden hours associated with: (i) Monitoring the opt-out notice
process; (ii) addressing consumer questions and concerns about opt-out
notices; and (iii) adjusting records where a consumer changes his or
her mind about his or her election to opt-in or out. In addition, SIFMA
proposed that the burden estimate for the disposal rules should be
refined to: (i) Revise disposal plans to account for use of new
technology, new business processes, etc.; and (ii) conduct regular
reviews of its disposal plan to determine when revisions are necessary
or advisable.
---------------------------------------------------------------------------
\35\ See the SIFMA letter at 4-5.
---------------------------------------------------------------------------
Based on these comments, the Commission estimates that 3,172
covered entities may incur an additional 3.5 burden hours when
complying with the affiliate marketing rules, for an aggregate of
11,102 annual burden hours. These additional burden hours are
attributable to monitoring the opt-out notice process, addressing
consumer questions and concerns about opt-out notices, and adjusting
customer records.
In addition, the Commission estimates that 3,172 covered entities
may incur an additional 2.4 burden hours when complying with the
disposal rules, for an aggregate of 7,612.8 annual burden hours. These
additional burden hours are attributable to revise and update disposal
plans on an ongoing basis, and conduct regular reviews of its disposal
plan as necessary or advisable. Accordingly, the Commission has
submitted to the OMB an amended calculation of the annual burden hours
for the final affiliate marketing and disposal rules.
IV. Regulatory Flexibility Act
The Regulatory Flexibility Act (``RFA'') \36\ requires that Federal
agencies consider whether the regulations they propose will have a
significant economic impact on a substantial number of small entities
and, if so, provide a regulatory flexibility analysis respecting the
impact.\37\ The Commission's final regulations will affect only FCMs,
IBs, CTAs, CPOs, SDs, and MSPs.
---------------------------------------------------------------------------
\36\ 5 U.S.C. 601 et seq.
\37\ 5 U.S.C. 601 et seq.
---------------------------------------------------------------------------
The regulations implementing section 624 of the FCRA require above-
referenced CFTC-regulated entities to provide consumers with the
opportunity to prohibit affiliates from using certain information to
make marketing solicitations to consumers. The regulations implementing
section 628 of the FCRA require the above-referenced CFTC-regulated
entities that possess or maintain consumer report information in
connection with their business activities to develop and implement a
written program for the proper disposal of such information. The
Commission certified in the Proposal that these rules will not have a
significant economic impact on a substantial number of small entities.
The Commission did not receive any substantive comments to its RFA
analysis in relation to the Proposal. Moreover, the Commission
previously determined that FCMs, CPOs, and IBs are not small entities
for purposes of the RFA.\38\ Therefore, nothing alters the Commission's
determination in the Proposal that the obligations created by these
rules will not create a significant economic impact on a substantial
number of small entities.
---------------------------------------------------------------------------
\38\ Previous determinations for FCMs at 47 FR 18618, 18619,
Apr. 30, 1982; CPOs at 47 FR 18618, 18619, Apr. 30, 1982; and IBs at
48 FR 14933, 14955, Apr. 6, 1983.
---------------------------------------------------------------------------
V. Text of Final Rules
List of Subjects in 17 CFR Part 162
Brokers, Dealers, Consumer protection, Privacy, Reporting and
recordkeeping.
For the reasons stated in the preamble, the Commodity Futures
Trading Commission adds 17 CFR part 162 to read as follows:
PART 162--PROTECTION OF CONSUMER INFORMATION UNDER THE FAIR CREDIT
REPORTING ACT
Sec.
162.1 Purpose and scope.
162.2 Definitions.
Subpart A--Business Affiliate Marketing Rules
162.3 Affiliate marketing opt out and exceptions.
162.4 Scope and duration of opt out.
162.5 Contents of opt-out notice; consolidated and equivalent
notices.
162.6 Reasonable opportunity to opt out.
162.7 Reasonable and simple methods of opting out.
162.8 Acceptable delivery of opt-out notices
162.9 Renewal of opt out.
162.10-162.20 [Reserved.]
Subpart B--Disposal Rules
162.21 Proper disposal of consumer information.
Appendix A to Part 162--Sample Clauses
Authority: Sec. 1088, Pub. L. 111-203; 124 Stat. 1376 (2010).
Sec. 162.1 Purpose and scope.
(a) Purpose. The purpose of this part is to implement various
provisions in the Fair Credit Reporting Act, 15 U.S.C. 1681, et seq.
(``FCRA''), which provide certain protections to consumer information.
(b) Scope. This part applies to certain consumer information held
by the entities listed below. This part shall apply to futures
commission merchants, retail foreign exchange dealers, commodity
trading advisors, commodity pool operators, introducing brokers, major
swap participants and swap dealers, regardless of whether they are
required to register with the Commission. This part does not apply to
foreign futures commission merchants, foreign retail foreign exchange
dealers, commodity trading advisors, commodity pool operators,
introducing brokers, major swap participants and swap dealers unless
such entity registers with the Commission. Nothing in this part
modifies limits or supersedes the requirements set forth in part 160 of
this title.
(c) Examples. The examples in this part are not exclusive.
Compliance with an example, to the extent applicable, constitutes
compliance with this part. Examples in a section illustrate only the
issue described in the section and do not illustrate any other issue
that may arise in this part.
Sec. 162.2 Definitions.
(a) Affiliate. The term ``affiliate'' for the purposes of this part
means any person that is related by common ownership or common
corporate control with a covered affiliate.
(b) Clear and conspicuous. The term ``clear and conspicuous'' means
reasonably understandable and designed to call attention to the nature
and significance of the information presented in the notice.
[[Page 43885]]
(c) Common ownership or common corporate control. The term ``common
ownership or common corporate control'' for the purposes of this part
means the power to exercise a controlling influence over the management
or policies of a company whether through ownership of securities, by
contract, or otherwise. Any person who owns beneficially, either
directly or through one or more controlled companies, more than 25
percent of the voting securities of any company is presumed to control
the company. Any person who does not own more than 25 percent of the
voting securities of a company will be presumed not to control the
company.
(d) Company. The term ``company'' means any corporation, limited
liability company, business trust, general or limited partnership,
association, or similar organization.
(e) Concise.--
(1) In general. The term ``concise'' means a reasonably brief
expression or statement.
(2) Combination with other required disclosures. A notice required
by this part may be concise even if it is combined with other
disclosures required or authorized by Federal or state law.
(f) Consumer. Except as otherwise provided, the term ``consumer''
means an individual person. The term consumer does not include market
makers, floor brokers, locals, or individual persons whose information
is not collected to determine eligibility for personal, family, or
household purposes.
(g) Consumer information. The term ``consumer information'' means
any record about an individual, whether in paper, electronic, or other
form, that is a consumer report or is derived from a consumer report
(as defined in section 603(d)(2) of the FCRA). Consumer information
also means a compilation of such records. Consumer information does not
include information that does not identify individuals, such as
aggregate information or blind data.
(h) Covered affiliate. The term ``covered affiliate'' means a
futures commission merchant, retail foreign exchange dealer, commodity
trading advisor, commodity pool operator, introducing broker, major
swap participant or swap dealer, which is subject to the jurisdiction
of the Commission.
(i) Dispose or Disposal.--
(1) In general. The terms ``dispose'' or ``disposal'' means:
(i) The discarding or abandonment of consumer information; or
(ii) The sale, donation, or transfer of any medium, including
computer equipment, upon which consumer information is stored.
(2) Sale, donation, or transfer of consumer information. The sale,
donation, or transfer of consumer information is not considered
disposal for the purposes of subpart B.
(j) Dodd-Frank Act. The term ``Dodd-Frank Act'' means the Dodd-
Frank Wall Street Reform and Consumer Protection Act (Pub. L. 111-203,
124 Stat. 1376 (2010)).
(k) Eligibility information. The term ``eligibility information''
means any information that would be a consumer report if the exclusions
from the definition of ``consumer report'' in section 603(d)(2)(A) of
the FCRA did not apply. Examples of the type of information that would
fall within the definition of eligibility information include an
affiliate's own transaction or experience information, such as
information about a consumer's account history with that affiliate, and
other information, such as information from credit bureau reports or
applications. Eligibility information does not include aggregate or
blind data that does not contain personal identifiers such as account
numbers, names, or addresses.
(l) FCRA. The term ``FCRA'' means the Fair Credit Reporting Act (15
U.S.C. 1681 et seq.).
(m) Financial product or service. The term ``financial product or
service'' means any product or service that a futures commission
merchant, retail foreign exchange dealer, commodity trading advisor,
commodity pool operator, introducing broker, major swap participant or
swap dealer could offer that is subject to the Commission's
jurisdiction.
(n) GLB Act. The term ``GLB Act'' means the Gramm-Leach-Bliley Act
(Pub. L. 106-102, 113 Stat. 1338 (1999)).
(o) Major swap participant. The term ``major swap participant'' has
the same meaning as in section 1a(33) of the Commodity Exchange Act, 7
U.S.C. 1 et seq., as may be further defined by this title, and includes
any person registered as such thereunder.
(p) Person. The term ``person'' means any individual, partnership,
corporation, trust, estate, cooperative, association, or other entity.
(q) Pre-existing business relationship. The term ``pre-existing
business relationship'' means a relationship between a person, or a
person's licensed agent, and a consumer based on--
(1) A financial contract between the person and the consumer which
is in force on the date on which the consumer is sent a solicitation by
this part;
(2) The purchase, rental, or lease by the consumer of a persons'
services or a financial transaction (including holding an active
account or policy in force or having another continuing relationship)
between the consumer and the person, during the 18-month period
immediately preceding the date on which the consumer is sent a
solicitation covered by this part; or
(3) An inquiry or application by the consumer regarding a financial
product or service offered by that person during the three-month period
immediately preceding the date on which the consumer is sent a
solicitation covered by this part.
(r) Solicitation--(1) In general. The term ``solicitation'' means
the marketing of a financial product or service initiated by an
affiliate to a particular consumer that is--
(i) Based on eligibility information communicated to that covered
affiliate by an affiliate that has or previously had the pre-existing
business relationship with a consumer as described in this part; and
(ii) Intended to encourage the consumer to purchase or obtain such
financial product or service. A solicitation does not include marketing
communications that are directed at the general public.
(2) Examples. Examples of what communications constitute
solicitations include communications such as a telemarketing
solicitation, direct mail, or e-mail, when those communications are
directed to a specific consumer based on eligibility information. A
solicitation does not include communications that are directed at the
general public without regard to eligibility information, even if those
communications are intended to encourage consumers to purchase
financial products and services from the affiliate initiating the
communications.
(s) Swap dealer. The term ``swap dealer'' has the same meaning as
in section 1a(49) of the Commodity Exchange Act, 7 U.S.C. 1 et seq., as
may be further defined by this title, and includes any person
registered as such thereunder.
Subpart A--Business Affiliate Marketing Rules
Sec. 162.3 Affiliate marketing opt out and exceptions.
(a) Initial notice and opt out. A covered affiliate may not use
eligibility information about a consumer that the covered affiliate
receives from an affiliate with the consumer to make a
[[Page 43886]]
solicitation for marketing purposes to such consumer unless--
(1) It is clearly and conspicuously disclosed to the consumer in
writing or if the consumer agrees, electronically, in a concise notice
that the person may use shared eligibility information about that
consumer received from an affiliate to make solicitations for marketing
purposes to such consumer;
(2) The consumer is provided a reasonable opportunity and a
reasonable and simple method to opt out, or prohibit the covered
affiliate from using eligibility information to make solicitations for
marketing purposes to the consumer; and
(3) The consumer has not opted out.
(b) Persons responsible for satisfying the notice requirement. The
notice required by this section must be provided:
(1) By an affiliate that has or previously had a pre-existing
business relationship with a consumer; or
(2) As part of a joint notice from two or more members of an
affiliated group of companies, provided that at least one of the
affiliates on the joint notice has or previously had a pre-existing
business relationship with the consumer.
(c) Exceptions. These proposed regulations would not apply to the
following covered affiliate:
(1) A covered affiliate that has a pre-existing business
relationship with a consumer;
(2) Communications between an employer and employee-consumer (or
his or her beneficiary) in connection with an employee benefit plan;
(3) A covered affiliate that is currently providing services to the
consumer;
(4) If the consumer initiated the communication with the covered
affiliate by oral, electronic, or written means;
(5) If the consumer authorized or requested the covered affiliate's
solicitation; or
(6) If compliance by a person with these regulations would prevent
that person's compliance with state insurance laws pertaining to unfair
discrimination.
(d) Making solicitations.
(1) When a solicitation occurs. A covered affiliate makes a
solicitation for marketing purposes if the person--
(i) Receives eligibility information from an affiliate;
(ii) Uses that eligibility information to do one or more of the
following:
(A) Identify the consumer or type of consumer to receive a
solicitation;
(B) Establish criteria used to select the consumer to receive a
solicitation about the covered affiliate's financial products or
services; or
(C) Decide which of the services or contracts to market to the
consumer or tailor the solicitation to that consumer; and
(iii) As a result of the covered affiliate's use of the eligibility
information, the consumer is provided a solicitation.
(2) Receipt of eligibility information. A covered affiliate may
receive eligibility information from an affiliate in various ways,
including when the affiliate places that information into a common
database that the covered affiliate may access.
(3) Service Providers. Except as provided in paragraph (d)(5) of
this section, a covered affiliate receives or uses an affiliate's
eligibility information if a service provider acting on the covered
affiliate's behalf (regardless of whether such service provider is a
third party or an affiliate of the covered affiliate) receives or uses
that information in the manner described in paragraph (d)(1)(i) or
(d)(1)(ii) of this section. All relevant facts and circumstances will
determine whether a service provider is acting on behalf of a covered
affiliate when it receives or uses an affiliate's eligibility
information in connection with marketing the covered affiliate's
financial products or services.
(4) Use by an affiliate of its own eligibility information. Unless
a covered affiliate uses eligibility information that the covered
affiliate receives from an affiliate in the manner described in
paragraph (d)(2) of this section, the covered affiliate does not make a
solicitation subject to this subpart:
(i) Uses its own eligibility information that it obtained in
connection with a pre-existing business relationship it has or
previously had with the consumer to market the covered affiliate's
financial products or services to the consumer; or
(ii) Directs its service provider to use the affiliate's own
eligibility information that it obtained in connection with a pre-
existing business relationship it has or previously had with the
consumer to market the covered affiliate's financial products or
services to the consumer, and the covered affiliate does not
communicate directly with the service provider regarding that use.
(5) Use of eligibility information by a service provider. (i) In
general. A covered affiliate does not make a solicitation subject to
this subpart if a service provider (including an affiliated or third-
party service provider that maintains or accesses a common database
that the covered affiliate may access) receives eligibility information
from an affiliate that has or previously had a pre-existing business
relationship with the consumer and uses that eligibility information to
market the covered affiliate's financial products or services to the
consumer, so long as--
(A) The affiliate controls access to and use of its eligibility
information by the service provider (including the right to establish
the specific terms and conditions under which the service provider may
use such information to market the covered affiliate's financial
products or services);
(B) The affiliate establishes specific terms and conditions under
which the service provider may access and use such affiliate's
eligibility information to market the covered affiliate's financial
products and services (or those of affiliates generally) to the
consumer, such as the identity of the affiliated companies whose
financial products or services may be marketed to the consumer by the
service provider, the types of financial products or services of
affiliated companies that may be marketed, and the number of times the
consumer may receive marketing materials, and periodically evaluates
the service provider's compliance with those terms and conditions;
(C) The affiliate requires the service provider to implement
reasonable policies and procedures designed to ensure that the service
provider uses such affiliate's eligibility information in accordance
with the terms and conditions established by such affiliate relating to
the marketing of the covered affiliate's financial products or
services;
(D) The affiliate is identified on or with the marketing materials
provided to the consumer; and
(E) The covered affiliate does not directly use its affiliate's
eligibility information in the manner described in paragraph (b)(1)(ii)
of this section.
(ii) Writing requirements. (A) The requirements of paragraphs
(b)(5)(i)(A) and (C) of this section must be set forth in a written
agreement between the affiliate that has or previously had a pre-
existing business relationship with the consumer and the service
provider; and
(B) The specific terms and conditions established by the affiliate
as provided in paragraph (b)(5)(i)(B) of this section must be set forth
in writing.
(e) Relation to affiliate-sharing notice and opt out. Nothing in
this rulemaking will limit the responsibility of a covered affiliate to
comply with the notice and opt-out provisions under other privacy rules
under the FCRA, the GLB Act or the CEA.
Sec. 162.4 Scope and duration of opt out.
(a) Scope of opt-out election-(1) In general. The consumer's
election to opt out prohibits any covered affiliate subject to the
scope of the opt-out notice
[[Page 43887]]
from using eligibility information received from another affiliate to
make solicitations to the consumer.
(2) Continuing relationship-(i) In general. If the consumer
establishes a continuing relationship with a covered affiliate or its
affiliate, an opt-out notice may apply to eligibility information
obtained in connection with--
(A) A single continuing relationship or multiple continuing
relationships that the consumer establishes with a covered affiliate or
its affiliates, including continuing relationships established
subsequent to delivery of the opt-out notice, so long as the notice
adequately describes the continuing relationships covered by the opt
out; or
(B) Any other transaction between the consumer and the covered
affiliate or its affiliates as described in the notice.
(ii) Examples of a continuing relationship. A consumer has a
continuing relationship with a covered affiliate or its affiliate if:
(A) The covered affiliate is a futures commission merchant through
whom a consumer has opened an account, or that carries the consumer's
account on a fully-disclosed basis, or that effects or engages in
commodity interest transactions with or for a consumer, even if the
covered affiliate does not hold any assets of the consumer;
(B) The covered affiliate is an introducing broker that solicits or
accepts specific orders for trades;
(C) The covered affiliate is a commodity trading advisor with whom
a consumer has a contract or subscription, either written or oral,
regardless of whether the advice is standardized, or is based on, or
tailored to, the commodity interest or cash market positions or other
circumstances or characteristics of the particular consumer;
(D) The covered affiliate is a commodity pool operator, and accepts
or receives from the consumer, funds, securities, or property for the
purpose of purchasing an interest in a commodity pool;
(E) The covered affiliate is a major swap participant that holds
securities or other assets as collateral for a loan made to the
consumer, even if the covered affiliate did not make the loan or do not
affect any transactions on behalf of the consumer; or
(F) The covered affiliate is a swap dealer that regularly effects
or engages in swap transactions with or for a consumer even if the
covered affiliate does not hold any assets of the consumer.
(3) No continuing relationship. (i) In general. If there is no
continuing relationship between a consumer and the covered affiliate or
its affiliate, and the covered affiliate or its affiliate obtain
eligibility information about a consumer in connection with a
transaction with the consumer, such as an isolated transaction or a
credit application that is denied, an opt-out notice provided to the
consumer only applies to eligibility information obtained in connection
with that transaction.
(ii) Examples of no continuing relationship. A consumer does not
have a continuing relationship with a covered affiliate or its
affiliate if:
(A) The covered affiliate has acted solely as a ``finder'' for a
futures commission merchant, and the covered affiliate does not solicit
or accept specific orders for trades; or
(B) The covered affiliate has solicited the consumer to participate
in a pool or to direct his or her account and he or she has not
provided the covered affiliate with funds to participate in a pool or
entered into any agreement with the covered affiliate to direct his or
her account.
(4) Menu of alternatives. A consumer may be given the opportunity
to choose from a menu of alternatives when electing to prohibit
solicitations, such as by electing to prohibit solicitations from
certain types of affiliates covered by the opt-out notice but not other
types of affiliates covered by the notice, electing to prohibit
solicitations based on certain types of eligibility information but not
other types of eligibility information, or electing to prohibit
solicitations by certain methods of delivery but not other methods of
delivery. However, one of the alternatives must allow the consumer to
prohibit all solicitations from all of the affiliates that are covered
by the notice.
(5) Special rule for a notice following termination of all
continuing relationships. A consumer must be given a new opt-out notice
if, after all continuing relationships with the covered affiliate or
its affiliate(s) are terminated, the consumer subsequently establishes
another continuing relationship with the covered affiliate or its
affiliate(s) and the consumer's eligibility information is to be used
to make a solicitation. The new opt-out notice must apply, at a
minimum, to eligibility information obtained in connection with the new
continuing relationship. Consistent with paragraph b of this section,
the consumer's decision not to opt out after receiving the new opt-out
notice would not override a prior opt-out election by the consumer that
applies to eligibility information obtained in connection with a
terminated relationship, regardless of whether the new opt-out notice
applies to eligibility information obtained in connection with the
terminated relationship.
(b) Duration of opt-out election. An opt-out election must be
effective for a period of at least five years beginning when the
consumer's opt-out election is received and implemented, unless the
consumer subsequently revokes the opt-out election in writing or, if
the consumer agrees, electronically. An opt-out election may be
established for a period of more than five years or for an indefinite
period unless revoked.
(c) Time period in which a consumer can opt out. A consumer may opt
out at any time.
(d) No effect on opt-out period. An opt-out period may not be
shortened by sending a renewal notice to the consumer before expiration
of the opt-out period, even if the consumer does not renew the opt out.
Sec. 162.5 Contents of opt-out notice; consolidated and equivalent
notices.
(a) Contents of the opt-out notice. (1) In general. An opt-out
notice must be in writing, be clear and conspicuous, as well as
concise, and must accurately disclose the following:
(i) (A) The name of the affiliate that has or previously had a pre-
existing business relationship with a consumer, which is providing the
notice; or
(B) If jointly provided jointly by multiple affiliates and each
affiliate shares a common name, then the notice may indicate that it is
being provided by multiple companies with the same name or multiple
companies in the same group or family of companies. If the affiliates
providing the notice do not share a common name, then the notice must
either separately identify each affiliate by name or identify each of
the common names used by those affiliates;
(ii) The list of affiliates or types of affiliates whose use of
eligibility information is covered by the notice, which may include
companies that become affiliates after the notice is provided to the
consumer;
(iii) A general description of the types of eligibility information
that may be used to make solicitations to the consumer;
(iv) A statement that the consumer may elect to limit the use of
eligibility information to make solicitations to the consumer;
(v) A statement that the consumer's election will apply for the
specified period of time and, if applicable, that the consumer will be
allowed to renew the election once that period expires;
(vi) If the notice is provided to consumers who have previously
elected to opt out, that such consumer does not
[[Page 43888]]
need to act again until the consumer receives a renewal notice; and
(vii) A reasonable and simple method for the consumer to opt out.
(2) Specifying length of time period. If consumer is granted an
opt-out period longer than a five-year duration, the opt-out notice
must specify the length of the opt-out period.
(3) No revised notice for extension of opt-out period. The duration
of an opt-out period may be increased for a period longer than the
period specified in the opt-out notice without having to provide a
revised notice of the increase to the consumer.
(b) Joint relationships. (1) If two or more consumers jointly
obtain a financial product or service, a single opt-out notice may be
provided to joint consumers.
(2) Any of the joint consumers may exercise the right to opt out on
behalf of each joint consumer.
(3) The opt-out election notice must explain how an opt-out
election by a joint consumer will be treated. That is, the notice
should specify whether an opt-out election by a joint consumer will be
treated as applying to all of the associated joint consumers, or as
applying to each joint consumer separately.
(4) If the opt-out election notice provides that each joint
consumer is permitted to opt out separately, one of the joint consumers
must be permitted to opt out on behalf of all of the joint consumers
and the joint consumer must be permitted to exercise his or her
separate rights to opt out in a single response.
(5) A covered affiliate cannot require all joint consumers to opt
out before implementing any opt-out election.
(c) Alternative contents. If the consumer is afforded a broader
right to opt out of receiving marketing than is required by this
subpart, the requirements of this section may be satisfied by providing
the consumer with a clear, conspicuous, and concise notice that
accurately discloses the consumer's opt-out rights.
(d) Coordinated and consolidated consumer notices. A notice
required by this subpart may be coordinated and consolidated with any
other notice or disclosure required to be issued under any other
provision of law by the covered affiliate providing the notice,
including but not limited to notices in the FCRA or the GLB Act privacy
notices.
(e) Equivalent notices. A notice or disclosure that is equivalent
to the notice required by this part in terms of content, and that is
provided to a consumer together with a notice required by any other
provision of law, satisfies the requirements of this section.
(f) Model notices. Model notices are provided in Appendix A of this
part. These notices were meant to facilitate compliance with this
subpart; provided, however, that nothing herein shall be interpreted to
require persons subject to this part to use the model notices.
Sec. 162.6 Reasonable opportunity to opt out.
(a) In general. A covered affiliate must not use eligibility
information about a consumer that the covered affiliate receives from
an affiliate to make a solicitation to such consumer about the covered
affiliate's financial products or services, unless the consumer is
provided a reasonable opportunity to opt out, as required by this
subpart.
(b) Examples. A reasonable opportunity to opt out under this
subpart is:
(1) If the opt-out notice is mailed to the consumer, the consumer
has 30 days from the date the notice is mailed to opt out.
(2) If the opt-out notice is sent via electronic means to the
consumer, the consumer has 30 days from the date the consumer
acknowledges receipt to elect to opt out by any reasonable method.
(3) If the opt-out notice is sent via e-mail (where the consumer
has agreed to receive disclosures by e-mail), the consumer is given 30
days after the e-mail is sent to elect to opt out by any reasonable
method.
(4) If the opt-out notice provided to the consumer at the time of
an electronic transaction, the consumer is required to decide, as a
necessary part of proceeding with the transaction, whether to opt out
before completing the transaction.
(5) If the opt-out notice is provided during an in-person
transaction, the consumer is required to decide, as a necessary part of
completing the transaction, whether to opt out through a simple
process.
(6) If the opt-out notice is provided in conjunction with other
privacy notices required by law, the consumer is allowed to exercise
the opt-out election within a reasonable period of time and in the same
manner as the opt out under that privacy notice.
Sec. 162.7 Reasonable and simple methods of opting out.
(a) In general. A covered affiliate shall be prohibited from using
eligibility information about a consumer received from an affiliate to
make a solicitation to the consumer about the covered affiliate's
financial products or services, unless the consumer is provided a
reasonable and simple method to opt out, as required by this subpart.
(b) Examples. Reasonable and simple methods of opting out include:
(1) Designating a check-off box in a prominent position on an opt-
out election form;
(2) Including a reply form and a self-addressed envelope (in a
mailing);
(3) Providing an electronic means, if the consumer agrees, that can
be electronically mailed or processed through an Internet Web site;
(4) Providing a toll-free telephone number; or
(5) Exercising an opt-out election through whatever means are
acceptable under a consolidated privacy notice required under other
laws.
(c) Specific opt-out method. Each consumer may be required to opt
out through a specific method, as long as that method is acceptable
under this subpart.
Sec. 162.8 Acceptable delivery methods of opt-out notices.
(a) In general. The opt-out notice must be provided so that each
consumer can reasonably be expected to receive actual notice.
(b) Electronic notices. For opt-out notices provided
electronically, the notice may be provided in compliance with either
the electronic disclosure provisions in Sec. 1.4 of this title or the
provisions in section 101 of the Electronic Signatures in Global and
National Commerce Act, 15 U.S.C. 7001 et seq.
Sec. 162.9 Renewal of opt out.
(a) Renewal notice and opt-out requirement. (1) In general. Since
the FCRA provides that opt-out elections can expire in a period of no
less than five years, an affiliate that has or previously had a pre-
existing business relationship with a consumer must provide a renewal
notice to the consumer after such time in order to allow its affiliates
to make solicitations. After the opt-out election period expires, its
affiliates may make solicitations unless:
(i) The consumer has been given a renewal notice that complies with
the requirements of this section and Sec. Sec. 162.6 through 162.8 of
this subpart, and a reasonable opportunity and a reasonable and simple
method to renew the opt-out election, and the consumer does not renew
the opt out; or
(ii) An exception in Sec. 162.3(c) of this subpart applies.
(2) Renewal period. Each opt-out renewal must be effective for a
period of at least five years as provided in Sec. 162.4(b) of this
subpart.
[[Page 43889]]
(3) Affiliates who may provide the renewal notice. The notice
required by this paragraph must be provided:
(i) By the affiliate that provided the previous opt-out notice, or
its successor; or
(ii) As part of a joint renewal notice from two or more members of
an affiliated group of companies, or their successors, that jointly
provided the previous opt-out notice.
(b) Contents of renewal or extension notice. The contents of the
renewal notice must include all of the same contents of the initial
notices, but also must include:
(1) A statement that the consumer previously elected to limit the
use of certain information to make solicitations to the consumer;
(2) A statement that the consumer may elect to renew the consumer's
previous election; and
(3) If applicable, a statement that the consumer's election to
renew will apply for a specified period of time stated in the notice
and that the consumer will be allowed to renew the election once that
period expires.
(c) Timing of renewal notice. Renewal notices must be provided in a
reasonable period of time before the expiration of the opt-out election
period or any time after the expiration of the opt-out period, but
before solicitations that would have been prohibited by the expired
opt-out election are made to the consumer.
(d) No effect on opt-out period. An opt-out period may not be
shortened by sending a renewal notice to the consumer before the
expiration of the opt-out period, even if the consumer does not renew
the opt-out election.
Sec. Sec. 162.10-162.20 [Reserved.]
Subpart B--Disposal Rules
Sec. 162.21 Proper disposal of consumer information.
(a) In general. Any covered affiliate must adopt must adopt
reasonable, written policies and procedures that address
administrative, technical, and physical safeguards for the protection
of consumer information. These written policies and procedures must be
reasonably designed to:
(1) Insure the security and confidentiality of consumer
information;
(2) Protect against any anticipated threats or hazards to the
security or integrity of consumer information; and
(3) Protect against unauthorized access to or use of consumer
information that could result in substantial harm or inconvenience to
any consumer.
(b) Standard. Any covered affiliate under this part who maintains
or otherwise possesses consumer information for a business purpose must
properly dispose of such information by taking reasonable measures to
protect against unauthorized access to or use of the information in
connection with its disposal.
(c) Examples. The following examples are ``reasonable'' disposal
measures for the purposes of this subpart--
(1) Implementing and monitoring compliance with policies and
procedures that require the burning, pulverizing, or shredding of
papers containing consumer information so that the information cannot
practicably be read or reconstructed;
(2) Implementing and monitoring compliance with policies and
procedures that require the destruction or erasure of electronic media
containing consumer information so that the information cannot
practically be read or reconstructed; and
(3) After due diligence, entering into and monitoring compliance
with a written contract with another party engaged in the business of
record destruction to dispose of consumer information in a manner that
is consistent with this rule.
(d) Relation to other laws. Nothing in this section shall be
construed:
(1) To require a person to maintain or destroy any record
pertaining to a consumer that is imposed under Sec. 1.31 or any other
provision of law; or
(2) To alter or affect any requirement imposed under any other
provision of law to maintain or destroy such a record.
Appendix A to Part 162--Sample Clauses
A. Although use of the model forms is not required, use of the
model forms in this Appendix (as applicable) complies with the
requirement in section 624 of the FCRA for clear, conspicuous, and
concise notices.
B. Certain changes may be made to the language or format of the
model forms without losing the protection from liability afforded by
use of the model forms. These changes may not be so extensive as to
affect the substance, clarity, or meaningful sequence of the
language in the model forms. Persons making such extensive revisions
will lose the safe harbor that this Appendix provides. Acceptable
changes include, for example:
1. Rearranging the order of the references to ``your income'',
``your account history'', and ``your credit score''.
2. Substituting other types of information for ``income'',
``account history'', or ``credit score'' for accuracy, such as
``payment history'', ``credit history'', or ``claims history''.
3. Substituting a clearer and more accurate description of the
affiliates providing or covered by the notice for phrases such as
``the [ABC] group of companies,'' including without limitation a
statement that the entity providing the notice recently purchased
the consumer's account.
4. Substituting other types of affiliates covered by the notice
for ``commodity advisor'', ``futures clearing merchant'', or ``swap
dealer'' affiliates.
5. Omitting items that are not accurate or applicable. For
example, if a person does not limit the duration of the opt-out
period, the notice may omit information about the renewal notice.
6. Adding a statement informing consumers how much time they
have to opt out before shared eligibility information may be used to
make solicitations to them.
7. Adding a statement that the consumer may exercise the right
to opt out at any time.
8. Adding the following statement, if accurate: ``If you
previously opted out, you do not need to do so again.''
9. Providing a place on the form for the consumer to fill in
identifying information, such as his or her name and address.
A-1 Model Form for Initial Opt-out notice (Single-
Affiliate Notice)
A-2 Model Form for Initial Opt-out notice (Joint
Notice)
A-3 Model Form for Renewal Notice (Single-Affiliate
Notice)
A-4 Model Form for Renewal Notice (Joint Notice)
A-5 Model Form for Voluntary ``No Marketing'' Notice
A-1 Model Form for Initial Opt-Out Notice (Single-Affiliate Notice)
[Your Choice To Limit Marketing]/[Marketing Opt Out]
--[Name of Affiliate] is providing this notice.
--[Optional: Federal law gives you the right to limit some but not
all marketing from our affiliates. Federal law also requires us to
give you this notice to tell you about your choice to limit
marketing from our affiliates.]
--You may limit our affiliates in the [ABC] group of companies, such
as our [commodity advisor, futures clearing merchant, and swap
dealer] affiliates, from marketing their financial products or
services to you based on your personal information that we collect
and share with them. This information includes your [income], your
[account history with us], and your [credit score].
--Your choice to limit marketing offers from our affiliates will
apply [until you tell us to change your choice]/[for x years from
when you tell us your choice]/[for at least 5 years from when you
tell us your choice]. [Include if the opt-out period expires.] Once
that period expires, you will receive a renewal notice that will
allow you to continue to limit marketing offers from our affiliates
for [another x years]/[at least another 5 years].
--[Include, if applicable, in a subsequent notice, including an
annual notice, for consumers who may have previously opted out.] If
you have already made a choice to limit marketing offers from our
affiliates, you do not need to act again until you receive the
renewal notice.
[[Page 43890]]
To limit marketing offers, contact us [include all that apply]:
--By telephone: 1-877--
--On the Web: www.-.com
--By mail: check the box and complete the form below, and send the
form to:
--[Company name]
--[Company address]
----Do not allow your affiliates to use my personal information to
market to me.
A-2 Model Form for Initial Opt-Out Notice (Joint Notice)
[Your Choice to Limit Marketing]/[Marketing Opt Out]
--The [ABC group of companies] is providing this notice.
--[Optional: Federal law gives you the right to limit some but not
all marketing from the [ABC] companies. Federal law also requires us
to give you this notice to tell you about your choice to limit
marketing from the [ABC] companies.]
--You may limit the [ABC companies], such as the [ABC commodity
advisor, futures clearing merchant, and swap dealer] affiliates,
from marketing their financial products or services to you based on
your personal information that they receive from other [ABC]
companies. This information includes your [income], your [account
history], and your [credit score].
--Your choice to limit marketing offers from the [ABC] companies
will apply [until you tell us to change your choice]/[for x years
from when you tell us your choice]/[for at least 5 years from when
you tell us your choice]. [Include if the opt-out period expires.]
Once that period expires, you will receive a renewal notice that
will allow you to continue to limit marketing offers from the [ABC]
companies for [another x years]/[at least another 5 years].
-[Include, if applicable, in a subsequent notice, including an
annual notice, for consumers who may have previously opted out.] If
you have already made a choice to limit marketing offers from the
[ABC] companies, you do not need to act again until you receive the
renewal notice.
To limit marketing offers, contact us
[include all that apply]:
By telephone: 1-877--
On the Web: www.-.com
By mail: check the box and complete the form below, and send the
form to:
[Company name]
[Company address]
---- Do not allow any company [in the ABC group of companies] to use
my personal information to market to me.
A-3 Model Form for Renewal Notice (Single-Affiliate Notice)
[Renewing Your Choice To Limit Marketing]/[Renewing Your Marketing Opt
Out]
-[Name of Affiliate] is providing this notice.
-[Optional: Federal law gives you the right to limit some but not
all marketing from our affiliates. Federal law also requires us to
give you this notice to tell you about your choice to limit
marketing from our affiliates.]
-You previously chose to limit our affiliates in the [ABC] group of
companies, such as our [commodity advisor, futures clearing
merchant, and swap dealer] affiliates, from marketing their
financial products or services to you based on your personal
information that we share with them. This information includes your
[income], your [account history with us], and your [credit score].
-Your choice has expired or is about to expire.
To renew your choice to limit marketing for [x] more years, contact
us [include all that apply]:
By telephone: 1-877--
On the Web: www.-.com
By mail: check the box and complete the form below, and send the
form to:
[Company name]
[Company address]
----Renew my choice to limit marketing for [x] more years.
A-4 Model Form for Renewal Notice (Joint Notice)
[Renewing Your Choice To Limit Marketing]/[Renewing Your Marketing Opt
Out]
-The [ABC group of companies] is providing this notice.
-[Optional: Federal law gives you the right to limit some but not
all marketing from the [ABC] companies. Federal law also requires us
to give you this notice to tell you about your choice to limit
marketing from the [ABC] companies.]
-You previously chose to limit the [ABC companies], such as the [ABC
commodity advisor, futures clearing merchant, and swap dealer]
affiliates, from marketing their financial products or services to
you based on your personal information that they receive from other
[ABC] companies. This information includes your [income], your
[account history], and your [credit score].
-Your choice has expired or is about to expire.
To renew your choice to limit marketing for [x] more years, contact
us [include all that apply]:
By telephone: 1-877--
On the Web: www.-.com
By mail: check the box and complete the form below, and send the
form to:
[Company name]
[Company address]
---- Renew my choice to limit marketing for [x] more years.
A-5 Model Form for Voluntary ``No Marketing'' Notice
[Your Choice To Stop Marketing]
-[Name of Affiliate] is providing this notice.
You may choose to stop all marketing from us and our affiliates.
To stop all marketing offers, contact us [include all that apply]:
By telephone: 1-877--
On the Web: www.-.com
By mail: check the box and complete the form below, and send the
form to:
[Company name]
[Company address]
---- Do not market to me.
Issued in Washington, DC, on July 7, 2011 by the Commission.
David A. Stawick,
Secretary of the Commission.
Appendices to Business Affiliate Marketing and Disposal of Consumer
Information Rules--Commission Voting Summary and Statements of
Commissioners
Note: The following appendices will not appear in the Code of
Federal Regulations.
Appendix 1--Commission Voting Summary
On this matter, Chairman Gensler and Commissioners Dunn,
Sommers, O'Malia and Chilton voted in the affirmative; no
Commissioner voted in the negative.
Appendix 2--Statement of Chairman Gary Gensler
I support the final rulemaking to extend to customers of CFTC-
regulated entities protections preventing certain business
affiliated marketing and establishing other consumer information
protections under the Fair Credit Reporting Act (FCRA). The
rulemaking protects consumers by providing privacy protections to
nonpublic consumer information held by entities that are subject to
the jurisdiction of the Commission. The final rulemaking provides
customers of CFTC-regulated entities with the same privacy
protections now enjoyed by the customers of entities regulated by
other Federal agencies.
The rulemaking has two important features. First, it allows
customers to prohibit Commission-regulated entities from using
certain consumer information obtained from an affiliate to make
solicitations to that customer for marketing purposes. This will be
done by means of a customer opt out. Second, it requires Commission-
regulated entities to develop and implement a written program and
procedures for the proper disposal of consumer information. The
rulemaking will help prevent the unauthorized use and disclosure of
nonpublic, consumer information.
[FR Doc. 2011-17711 Filed 7-21-11; 8:45 am]
BILLING CODE 6351-01-P