WASHINGTON – As regulators clamp down on suspected bank accounts that may have ties to terrorist groups, a cautious approach has begun to educate consumers about the type of private financial information that can be shared and in those situations where their permission is not required. The Office of Foreign Asset Control (OFAC) under an executive order by Pres. George W. Bush recently requested assistance in freezing assets of more than 25 persons and organizations of "foreign persons that support or otherwise associate with foreign terrorists." The sharing and disclosure of personal financial account numbers, transactions and buying habits have long been a source of contention between privacy advocates and government entities, but given the urgency to stop the flow of funding within alleged terrorist networks, the public may be willing to give up a piece of their privacy liberty in order to root out suspected cells, some privacy experts contend. "Congress has shifted its attention from privacy to security issues," said John McKechnie, CUNA's senior vice president of governmental affairs. "CUNA has been knee-deep in privacy concerns since 1999 and we've always supported the legitimate need and desire to protect the privacy of members with the needs of credit unions to service their accounts. In this difficult environment, CUNA is especially vigilant that requests don't unnecessarily burden credit unions but we are sensitive to the fact that we are in the midst of a tragedy and it is our duty to help out as much as we can." Dennis Dollar, appointed NCUA Chairman a week after the terrorist attacks, "expects credit unions to participate in (spotting money laundering) just as they did when we sent all credit unions the FBI list of suspects with terrorist ties." "Nothing would make me prouder than to have a credit union make a finding that would help the FBI unravel a terrorist cell," Dollar said. In certain exceptions, consumers do not have the option of opting out of who they're willing to share their information with. The Right to Financial Privacy Act (RFPA) passed in 1978, governs the release of customer financial information to federal government authorities. Generally, the customer must receive notice prior to the release of the information so the customer has an opportunity to challenge the release. However, there are several important deviations, which are particularly pertinent in the aftermath of the terrorist attacks. Officers, employees or agents of a financial institution may notify a government authority of the existence of information which may be relevant to a possible violation of any statute or regulation, according to section 3403(c) of RFPA. In this instance, plotting to commit terrorist attacks would be the violation at issue. This is a very limited exception as the only personal information that can be released is the person's or corporation's name, the type of account and a description of the suspected illegal activity. In another RFPA instance, a government entity such as the FBI can request copies of a person's financial information as it relates to a foreign intelligence investigation without prior permission from a member or customer. Still, in this scenario, the agency requesting such information must provide the financial institution with a compliance certificate, which protects the credit union or bank from liability. Finally, in section 3414(b) of RFPA, a federal government authority may obtain personal financial records without permission if it determines that a delay in receiving the information would cause physical injury to a person, serious property damage or flight to avoid prosecution. In California, a bill that would have required companies to obtain written permission from consumers before sharing information with non-affiliated firms but not their own affiliates was recently defeated before the state's Assembly. Meanwhile, a handful of privacy bills are still pending before Congress that mostly support receiving prior permission before sharing personal records. "Credit unions are rallying around the flag," said Robert Byrer, NAFCU's regulatory compliance counsel. "OFAC absolutely requires under federal emergency powers that credit unions and others comply with the list they have provided for cross checking and we will uphold that requirement." In a related issue, NCUA, the Federal Deposit of Insurance Corp., the Federal Reserve, along with five other regulators will meet on Dec. 4 to discuss possibly simplifying privacy notices sent out in July as required by the Gramm-Leach-Bliley Act. Some complained the notices were hard to read, overly technical and easy to dismiss as junk mail. -

[email protected]