The world wide web… of policies and notices

Hi compliance friends! Since we all spend about 25 hours per day online, let’s take a look at some of the content posted there…. policies and notices! Credit unions attempt to keep many policies and notices in a form that is easily accessible to members, which may sometimes include being hosted on the credit union’s website. We get plenty of questions about which policies are required or expected to be posted on a credit union’s website (as opposed to being sent by carrier pigeon). Some of these include: privacy policies, funds availability, notices about third-party links, suspension of services and financial statements.

Privacy Policy

In general, credit unions are required by Reg P to deliver annual privacy notices to members and revised notices if the credit union’s policy changes. For sending annual and revised notices, section 1016.9 provides general delivery requirements. This section does not provide one universal method of delivering notices, but requires notices to be delivered “so that each consumer can reasonably be expected to receive actual notice in writing or, if the consumer agrees, electronically.” Therefore, posting notices on the website is only permitted if doing so would meet this standard. Regulation P contains illustrations of delivery methods that meet this standard. For example, posting notices online may be permissible for members who conduct transactions electronically, or receive e-statements. Those members can reasonably be expected to see an online notice if it is placed on one of the pages they access to conduct online transactions or see statements. However, if the credit union is aware that members do not participate in online banking, the credit union may need to the send the privacy policy in a form more suitable to its members, such as the good old-fashioned U.S. Postal Service. Credit unions may choose multiple ways of delivering the privacy notice, like posting it online along with sending it with printed statements. Additionally, the privacy policy should be available in writing upon request by a member. Therefore, having a direct link to the policy may be a convenient way to fulfill this request if the requesting member agrees to receive the policy electronically.


continue reading »