Privacy Policy
FOREWORD
Access Finance recognizes the importance of customer privacy and the responsible use of consumer information. It is the responsibility of every employee of Access Finance to be sensitive to consumers’ concerns about their privacy and the use of their personal information, and to take appropriate measures to protect the unauthorized disclosure of that information. This Privacy Policy (“Policy”) addresses Access Finance commitment to protect consumer information and to comply with all applicable federal and state laws that establish requirements for and restrictions on using, sharing, and disclosing nonpublic personal information (“NPI”, defined below) about customers to affiliated and nonaffiliated parties. This Policy incorporates the regulatory requirements concerning consumer financial privacy set forth in Sections 502 and 503 of the Gramm-Leach-Bliley Act (“GLBA”), as implemented through CFPB Regulation P (12 CFR 1016), the opt-out provisions of the Fair Credit Reporting Act (“FCRA”), as implemented through CFPB Regulation V (12 CFR 1022) regarding sharing consumer report information and using information obtained from affiliates for marketing purposes, and the requirements governing access to consumer financial records set forth in the Right to Financial Privacy Act (“RFPA”) (12 USC 35 and 3401 et seq.).
OBJECTIVE
The objective of this Policy is to set forth the requirements employees must adhere to when using, sharing, or disclosing NPI as defined herein.
To the extent Access Finance outsources lending operations to a vendor or engages in a strategic partnership with a third party, it will expect those entities to adhere to the same principles and standards for privacy as are outlined in this policy, to the degree they are applicable.
DEFINITIONS
Consumer – For purposes of this Policy, consumer means an individual, or his or her legal representative, who applies for, obtains, or has obtained a financial product or service from Access Finance that is to be used primarily for personal, family, or household purposes, including in isolated transactions.
Customer – For purposes of this policy, customer means a consumer who has a customer relationship with Access Finance. If a consumer obtains a financial product or service from Access Finance only in isolated transactions, then the consumer is not a customer. Access Finance commercial customers, if any, are not covered by this Policy.1
Customer Relationship – A continuing relationship between a consumer and Access Finance under which Access Finance provides one or more financial products to the consumer that are to be used primarily for personal, family, or household purposes.
Nonpublic Personal Information (“NPI”) – Any information that is not publicly available and is either: (1) provided to Access Finance by a consumer about himself or herself; (2) learned by Access Finance about the consumer through processing his or her accounts; or (3) learned by Access Finance about the consumer from third parties.
POLICY STATEMENT
It is the policy of Access Finance to protect the privacy of NPI it collects and maintains and not to share or disclose that NPI to any affiliated or nonaffiliated parties except as allowed under the information-sharing, notification, and opt-out provisions of the aforementioned laws and regulations, or as otherwise legally permitted or required. This protection is necessary to establish and maintain trust between Access Finance and consumers, maintain compliance with the law, and protect the reputation of Access Finance and Cross River Bank.
POLICY REQUIREMENTS
A. Collection of Consumer Information
Access Finance will limit the collection and use of NPI to that which is legally permissible. Access Finance will update NPI as warranted.
B. Protection of NPI
Access Finance will take commercially reasonable measures to ensure that both the NPI and the relationships between Access Finance and its customers remain confidential. No employee shall divulge NPI to anyone outside Access Finance, except as permitted by law or in a manner consistent with the requirements of this Policy. Access Finance’ practices with regard to customer privacy, including its customer privacy notice and sharing NPI, are described more fully in this Policy.
C. Privacy and Opt-Out Notices
Notice and Opt-Out Requirements for Consumers
It is the policy of Access Finance not to disclose NPI to nonaffiliated third parties, except as permitted or required by regulation or this Policy. As such, Access Finance is not required to comply with the opt-out requirements of Regulation P.
Notice Requirements for Customers
In compliance with Regulation P, Access Finance will provide notice to its customers of its privacy policies and practices as set forth below.
- Initial Privacy Notice. Access Finance will provide an initial notice of its privacy policies and practices to each customer not later than the time the customer relationship is established (this includes existing customers obtaining a new product or service).
- Annual Privacy Notice. Access Finance will provide an annual notice of its privacy policies and practices to each customer only when it has changed its policies or practices about how it shares NPI since the previous notice was sent, provided Access Finance only shares NPI with third parties as permitted by one of the statutory or regulatory exceptions.
Requirements for Notices
Delivery
Access Finance will provide privacy notices in writing, electronically (if the customer agrees to receive electronic disclosures), or by posting it on Access Finance’ website. If Access Finance provides the initial privacy notice only by means of its website, it must require the customer to acknowledge receipt of the notice as a necessary step to completing the transaction that establishes the continuing relationship with Access Finance.
Notice Content
To ensure that Access Finance meets the various content requirements for the privacy notice, it has elected to use the model privacy notice form provided in the Appendix to Regulation P. Use of the form provides Access Finance with a “safe harbor” for compliance with the requirements for notifying consumers of its privacy policy practices and their right to opt out of certain information-sharing practices.
Opt-Out Choices
Regulations P and V provide consumers the right to opt out of certain information sharing between Access Finance and its affiliated and nonaffiliated entities. Access Finance is required to provide in both the initial and annual (if applicable) privacy notices information about these opt-out choices and what steps the consumer must take to opt out.
At present, Access Finance shares NPI with affiliated and nonaffiliated parties only as necessary to service Access Finance’ products or to provide services to consumers on behalf of Access Finance. As such, Access Finance’ information-sharing practices do not trigger any of the opt-out requirements of Regulation P or V. If in the future Access Finance elects to share NPI with affiliated or nonaffiliated parties that would trigger the opt-out requirements, it will ensure that its initial and annual privacy notices contain the required opt-out language.
D.Providing Customer Information to Government Authorities
Access Finance will not provide to any agency or department of the United States, or any officer, employee, or agent thereof, access to or copies of, or the information contained in, the financial records of any customer, except in accordance with the provisions of the RFPA as outlined below.
- The customer has authorized such disclosure by means of a signed and dated statement provided to Access Finance and to the Government authority seeking the information that meets the requirements of section 1104 of the RFPA.
- The financial records are disclosed in response to an administrative subpoena or summons which meets the requirements of section 1105 of the RFPA.
- The financial records are disclosed in response to a search warrant which meets the requirements of section 1106 of the RFPA.
- The financial records are disclosed in response to a judicial subpoena which meets the requirements of section 1107 of the RFPA.
- The financial records are disclosed in response to a formal written request which meets the requirements of section 1108 of the RFPA.
The RFPA does not apply to records sought by any supervisory agency (e.g., FDIC or UDFI) for its supervisory, regulatory, or monetary functions. This includes examinations and any investigations relating to consumer complaints. Additionally, the RFPA does not apply to Internal Revenue Service requests, limited law enforcement inquiries, grand jury proceedings, General Accounting Office proceedings, insider records relating to suspected BSA/AML violations, records required to be reported in accordance with any federal statute or rule, and records obtained under the Federal Rules of Civil and Criminal Procedure.
REVISION HISTORY
Date | Author | Brief Description |
---|---|---|
1/12/2023 | Access Finance | Initial policy |