Implementation of Bank Privacy Rules Delayed

U.S. banks won a seven-month reprieve Wednesday on complying with new consumer privacy protections required by last year’s legislation allowing banks, insurers and securities firms to combine.

The boards of the Federal Reserve and the Federal Deposit Insurance Corp. gave the banks until July 1, 2001, to live up to the privacy protections. Congress originally called for the rules to be in place a year after enactment of the financial services bill, which President Clinton signed Nov. 12.

The consumer protections include a right to block any transfer of personal information outside of a company, aside from formal joint marketing ventures. Banks also must draft privacy policies and disclose them to customers. Regulators said banks need more time to organize and train for mailing those notices and processing customer replies.

“They’ve been given a breather,” Steve Roberts, a partner with KPMG and head of the audit and consulting firm’s financial services regulatory practice in Washington, said of U.S. banks. “I don’t think [it] is unexpected or completely unreasonable given the complexity” of the requirements.

Big companies face the toughest job: figuring out how their business units collect, use and track customer information, Roberts said in an interview.

“Many banks were just sitting back,” waiting for the final rules, which are little changed from proposals issued in February, he said. “It’s going to take longer to get this job done than they may have envisioned.”

America’s Community Bankers called it a “common sense” improvement, and other trade groups praised the extension.

Some Democrats in Congress disagreed. “We’re disappointed,” said Jesse Jacobs, a spokesman for Sen. Paul Sarbanes of Maryland, the Banking Committee’s top Democrat. The U.S. Public Interest Research Group and other privacy advocates also complained, saying companies have had ample time to prepare.