cfr_sections
Data license: Public Domain (U.S. Government data) · Data source: Federal Register API & Regulations.gov API
35 rows where part_number = 248 and title_number = 17 sorted by section_id
This data as json, CSV (advanced)
Suggested facets: subpart, subpart_name, amendment_citations
| section_id ▼ | title_number | title_name | chapter | subchapter | part_number | part_name | subpart | subpart_name | section_number | section_heading | agency | authority | source_citation | amendment_citations | full_text |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 17:17:5.0.1.1.8.1.13.1 | 17 | Commodity and Securities Exchanges | II | 248 | PART 248—REGULATIONS S-P, S-AM, AND S-ID | A | Subpart A—Regulation S-P: Privacy of Consumer Financial Information and Safeguarding Personal Information | § 248.1 Purpose and scope. | SEC | [65 FR 40362, June 29, 2000, as amended at 69 FR 71329, Dec. 8, 2004] | (a) Purpose. This subpart governs the treatment of nonpublic personal information about consumers by the financial institutions listed in paragraph (b) of this section. This subpart: (1) Requires a financial institution to provide notice to customers about its privacy policies and practices; (2) Describes the conditions under which a financial institution may disclose nonpublic personal information about consumers to nonaffiliated third parties; and (3) Provides a method for consumers to prevent a financial institution from disclosing that information to most nonaffiliated third parties by “opting out” of that disclosure, subject to the exceptions in §§ 248.13, 248.14, and 248.15. (b) Scope. Except with respect to § 248.30(b), this subpart applies only to nonpublic personal information about individuals who obtain financial products or services primarily for personal, family, or household purposes from the institutions listed below. This subpart does not apply to information about companies or about individuals who obtain financial products or services primarily for business, commercial, or agricultural purposes. This part applies to brokers, dealers, and investment companies, as well as to investment advisers that are registered with the Commission. It also applies to foreign (non-resident) brokers, dealers, investment companies and investment advisers that are registered with the Commission. These entities are referred to in this subpart as “you.” This subpart does not apply to foreign (non-resident) brokers, dealers, investment companies and investment advisers that are not registered with the Commission. Nothing in this subpart modifies, limits, or supersedes the standards governing individually identifiable health information promulgated by the Secretary of Health and Human Services under the authority of sections 262 and 264 of the Health Insurance Portability and Accountability Act of 1996 (42 U.S.C. 1320d-1320d-8). | ||||
| 17:17:5.0.1.1.8.1.13.2 | 17 | Commodity and Securities Exchanges | II | 248 | PART 248—REGULATIONS S-P, S-AM, AND S-ID | A | Subpart A—Regulation S-P: Privacy of Consumer Financial Information and Safeguarding Personal Information | § 248.2 Model privacy form: rule of construction. | SEC | [74 FR 62984, Dec. 1, 2009] | (a) Model privacy form. Use of the model privacy form in appendix A to subpart A of this part, consistent with the instructions in appendix A to subpart A, constitutes compliance with the notice content requirements of §§ 248.6 and 248.7 of this part, although use of the model privacy form is not required. (b) Examples. The examples in this part provide guidance concerning the rule's application in ordinary circumstances. The facts and circumstances of each individual situation, however, will determine whether compliance with an example, to the extent practicable, constitutes compliance with this part. (c) Substituted compliance with CFTC financial privacy rules by futures commission merchants and introducing brokers. Except with respect to § 248.30(b), any futures commission merchant or introducing broker (as those terms are defined in the Commodity Exchange Act (7 U.S.C. 1, et seq. )) registered by notice with the Commission for the purpose of conducting business in security futures products pursuant to section 15(b)(11)(A) of the Securities Exchange Act of 1934 (15 U.S.C. 78o(b)(11)(A)) that is subject to and in compliance with the financial privacy rules of the Commodity Futures Trading Commission (17 CFR part 160) will be deemed to be in compliance with this part. | ||||
| 17:17:5.0.1.1.8.1.13.3 | 17 | Commodity and Securities Exchanges | II | 248 | PART 248—REGULATIONS S-P, S-AM, AND S-ID | A | Subpart A—Regulation S-P: Privacy of Consumer Financial Information and Safeguarding Personal Information | § 248.3 Definitions. | SEC | [65 FR 40362, June 29, 2000, as amended at 66 FR 45147, Aug. 27, 2001; 74 FR 40431, Aug. 11, 2009] | As used in this subpart, unless the context requires otherwise: (a) Affiliate of a broker, dealer, or investment company, or an investment adviser registered with the Commission means any company that controls, is controlled by, or is under common control with the broker, dealer, or investment company, or investment adviser registered with the Commission. In addition, a broker, dealer, or investment company, or an investment adviser registered with the Commission will be deemed an affiliate of a company for purposes of this subpart if: (1) That company is regulated under Title V of the GLBA by the Federal Trade Commission or by a Federal functional regulator other than the Commission; and (2) Rules adopted by the Federal Trade Commission or another federal functional regulator under Title V of the GLBA treat the broker, dealer, or investment company, or investment adviser registered with the Commission as an affiliate of that company. (b) Broker has the same meaning as in section 3(a)(4) of the Securities Exchange Act of 1934 (15 U.S.C. 78c(a)(4)). (c)(1) Clear and conspicuous means that a notice is reasonably understandable and designed to call attention to the nature and significance of the information in the notice. (2) Examples —(i) Reasonably understandable. You make your notice reasonably understandable if you: (A) Present the information in the notice in clear, concise sentences, paragraphs, and sections; (B) Use short explanatory sentences or bullet lists whenever possible; (C) Use definite, concrete, everyday words and active voice whenever possible; (D) Avoid multiple negatives; (E) Avoid legal and highly technical business terminology whenever possible; and (F) Avoid explanations that are imprecise and readily subject to different interpretations. (ii) Designed to call attention. You design your notice to call attention to the nature and significance of the information in it if you: (A) Use a plain-language heading to call attention to the notice; (B) Use a typeface and type s… | ||||
| 17:17:5.0.1.1.8.1.13.4 | 17 | Commodity and Securities Exchanges | II | 248 | PART 248—REGULATIONS S-P, S-AM, AND S-ID | A | Subpart A—Regulation S-P: Privacy of Consumer Financial Information and Safeguarding Personal Information | § 248.4 Initial privacy notice to consumers required. | SEC | (a) Initial notice requirement. You must provide a clear and conspicuous notice that accurately reflects your privacy policies and practices to: (1) Customer. An individual who becomes your customer, not later than when you establish a customer relationship, except as provided in paragraph (e) of this section; and (2) Consumer. A consumer, before you disclose any nonpublic personal information about the consumer to any nonaffiliated third party, if you make such a disclosure other than as authorized by §§ 248.14 and 248.15. (b) When initial notice to a consumer is not required. You are not required to provide an initial notice to a consumer under paragraph (a) of this section if: (1) You do not disclose any nonpublic personal information about the consumer to any nonaffiliated third party, other than as authorized by §§ 248.14 and 248.15; and (2) You do not have a customer relationship with the consumer. (c) When you establish a customer relationship —(1) General rule. You establish a customer relationship when you and the consumer enter into a continuing relationship. (2) Special rule for loans. You do not have a customer relationship with a consumer if you buy a loan made to the consumer but do not have the servicing rights for that loan. (3) Examples of establishing customer relationship. You establish a customer relationship when the consumer: (i) Effects a securities transaction with you or opens a brokerage account with you under your procedures; (ii) Opens a brokerage account with an introducing broker or dealer that clears transactions with and for its customers through you on a fully disclosed basis; (iii) Enters into an advisory contract with you (whether in writing or orally); or (iv) Purchases shares you have issued (and the consumer is the record owner of the shares), if you are an investment company. (d) Existing customers. When an existing customer obtains a new financial product or service from you that is to be used primarily for personal, family, or household purpos… | |||||
| 17:17:5.0.1.1.8.1.13.5 | 17 | Commodity and Securities Exchanges | II | 248 | PART 248—REGULATIONS S-P, S-AM, AND S-ID | A | Subpart A—Regulation S-P: Privacy of Consumer Financial Information and Safeguarding Personal Information | § 248.5 Annual privacy notice to customers required. | SEC | [65 FR 40362, June 29, 2000, as amended at 89 FR 47786, June 3, 2024] | (a)(1) General rule. Except as provided by paragraph (e) of this section, you must provide a clear and conspicuous notice to customers that accurately reflects your privacy policies and practices not less than annually during the continuation of the customer relationship. Annually means at least once in any period of 12 consecutive months during which that relationship exists. You may define the 12-consecutive-month period, but you must apply it to the customer on a consistent basis. (2) Example. You provide a notice annually if you define the 12-consecutive-month period as a calendar year and provide the annual notice to the customer once in each calendar year following the calendar year in which you provided the initial notice. For example, if a customer opens an account on any day of year 1, you must provide an annual notice to that customer by December 31 of year 2. (b)(1) Termination of customer relationship. You are not required to provide an annual notice to a former customer. (2) Examples. Your customer becomes a former customer when: (i) The individual's brokerage account is closed; (ii) The individual's investment advisory contract is terminated; (iii) You are an investment company and the individual is no longer the record owner of securities you have issued; or (iv) You are an investment company and your customer has been determined to be a lost securityholder as defined in 17 CFR 240.17a-24(b). (c) Special rule for loans. If you do not have a customer relationship with a consumer under the special provision for loans in § 248.4(c)(2), then you need not provide an annual notice to that consumer under this section. (d) Delivery. When you are required to deliver an annual privacy notice by this section, you must deliver it according to § 248.9. (e) Exception to annual privacy notice requirement —(1) When exception available. You are not required to deliver an annual privacy notice if you: (i) Provide nonpublic personal information to nonaffiliated third parties only in accord… | ||||
| 17:17:5.0.1.1.8.1.13.6 | 17 | Commodity and Securities Exchanges | II | 248 | PART 248—REGULATIONS S-P, S-AM, AND S-ID | A | Subpart A—Regulation S-P: Privacy of Consumer Financial Information and Safeguarding Personal Information | § 248.6 Information to be included in privacy notices. | SEC | [65 FR 40362, June 29, 2000, as amended at 74 FR 62985, Dec. 1, 2009] | (a) General rule. The initial, annual, and revised privacy notices that you provide under §§ 248.4, 248.5, and 248.8 must include each of the following items of information that applies to you or to the consumers to whom you send your privacy notice, in addition to any other information you wish to provide: (1) The categories of nonpublic personal information that you collect; (2) The categories of nonpublic personal information that you disclose; (3) The categories of affiliates and nonaffiliated third parties to whom you disclose nonpublic personal information, other than those parties to whom you disclose information under §§ 248.14 and 248.15; (4) The categories of nonpublic personal information about your former customers that you disclose and the categories of affiliates and nonaffiliated third parties to whom you disclose nonpublic personal information about your former customers, other than those parties to whom you disclose information under §§ 248.14 and 248.15; (5) If you disclose nonpublic personal information to a nonaffiliated third party under § 248.13 (and no other exception applies to that disclosure), a separate statement of the categories of information you disclose and the categories of third parties with whom you have contracted; (6) An explanation of the consumer's right under § 248.10(a) to opt out of the disclosure of nonpublic personal information to nonaffiliated third parties, including the method(s) by which the consumer may exercise that right at that time; (7) Any disclosures that you make under section 603(d)(2)(A)(iii) of the Fair Credit Reporting Act (15 U.S.C. 1681a(d)(2)(A)(iii)) (that is, notices regarding the ability to opt out of disclosures of information among affiliates); (8) Your policies and practices with respect to protecting the confidentiality and security of nonpublic personal information; and (9) Any disclosure that you make under paragraph (b) of this section. (b) Description of nonaffiliated third parties subject to exceptions. If you disclose nonpu… | ||||
| 17:17:5.0.1.1.8.1.13.7 | 17 | Commodity and Securities Exchanges | II | 248 | PART 248—REGULATIONS S-P, S-AM, AND S-ID | A | Subpart A—Regulation S-P: Privacy of Consumer Financial Information and Safeguarding Personal Information | § 248.7 Form of opt out notice to consumers; opt out methods. | SEC | [65 FR 40362, June 29, 2000, as amended at 74 FR 62985, Dec. 1, 2009] | (a)(1) Form of opt out notice. If you are required to provide an opt out notice under § 248.10(a), you must provide a clear and conspicuous notice to each of your consumers that accurately explains the right to opt out under that section. The notice must state: (i) That you disclose or reserve the right to disclose nonpublic personal information about your consumer to a nonaffiliated third party; (ii) That the consumer has the right to opt out of that disclosure; and (iii) A reasonable means by which the consumer may exercise the opt out right. (2) Examples —(i) Adequate opt out notice. You provide adequate notice that the consumer can opt out of the disclosure of nonpublic personal information to a nonaffiliated third party if you: (A) Identify all of the categories of nonpublic personal information that you disclose or reserve the right to disclose, and all of the categories of nonaffiliated third parties to which you disclose the information, as described in § 248.6(a)(2) and (3) and state that the consumer can opt out of the disclosure of that information; and (B) Identify the financial products or services that the consumer obtains from you, either singly or jointly, to which the opt out direction would apply. (ii) Reasonable opt out means. You provide a reasonable means to exercise an opt out right if you: (A) Designate check-off boxes in a prominent position on the relevant forms with the opt out notice; (B) Include a reply form together with the opt out notice; (C) Provide an electronic means to opt out, such as a form that can be sent via electronic mail or a process at your web site, if the consumer agrees to the electronic delivery of information; or (D) Provide a toll-free telephone number that consumers may call to opt out. (iii) Unreasonable opt out means. You do not provide a reasonable means of opting out if: (A) The only means of opting out is for the consumer to write his or her own letter to exercise that opt out right; or (B) The only means of opting out as described i… | ||||
| 17:17:5.0.1.1.8.1.13.8 | 17 | Commodity and Securities Exchanges | II | 248 | PART 248—REGULATIONS S-P, S-AM, AND S-ID | A | Subpart A—Regulation S-P: Privacy of Consumer Financial Information and Safeguarding Personal Information | § 248.8 Revised privacy notices. | SEC | (a) General rule. Except as otherwise authorized in this subpart, you must not, directly or through any affiliate, disclose any nonpublic personal information about a consumer to a nonaffiliated third party other than as described in the initial notice that you provided to that consumer under § 248.4, unless: (1) You have provided to the consumer a clear and conspicuous revised notice that accurately describes your policies and practices; (2) You have provided to the consumer a new opt out notice; (3) You have given the consumer a reasonable opportunity, before you disclose the information to the nonaffiliated third party, to opt out of the disclosure; and (4) The consumer does not opt out. (b) Examples. (1) Except as otherwise permitted by §§ 248.13, 248.14, and 248.15, you must provide a revised notice before you: (i) Disclose a new category of nonpublic personal information to any nonaffiliated third party; (ii) Disclose nonpublic personal information to a new category of nonaffiliated third party; or (iii) Disclose nonpublic personal information about a former customer to a nonaffiliated third party, if that former customer has not had the opportunity to exercise an opt out right regarding that disclosure. (2) A revised notice is not required if you disclose nonpublic personal information to a new nonaffiliated third party that you adequately described in your prior notice. (c) Delivery. When you are required to deliver a revised privacy notice by this section, you must deliver it according to § 248.9. | |||||
| 17:17:5.0.1.1.8.1.13.9 | 17 | Commodity and Securities Exchanges | II | 248 | PART 248—REGULATIONS S-P, S-AM, AND S-ID | A | Subpart A—Regulation S-P: Privacy of Consumer Financial Information and Safeguarding Personal Information | § 248.9 Delivering privacy and opt out notices. | SEC | (a) How to provide notices. You must provide any privacy notices and opt out notices, including short-form initial notices that this subpart requires so that each consumer can reasonably be expected to receive actual notice in writing or, if the consumer agrees, electronically. (b)(1) Examples of reasonable expectation of actual notice. You may reasonably expect that a consumer will receive actual notice if you: (i) Hand-deliver a printed copy of the notice to the consumer; (ii) Mail a printed copy of the notice to the last known address of the consumer; (iii) For the consumer who conducts transactions electronically, post the notice on the electronic site and require the consumer to acknowledge receipt of the notice as a necessary step to obtaining a particular financial product or service; or (iv) For an isolated transaction with the consumer, such as an ATM transaction, post the notice on the ATM screen and require the consumer to acknowledge receipt of the notice as a necessary step to obtaining the particular financial product or service. (2) Examples of unreasonable expectation of actual notice. You may not, however, reasonably expect that a consumer will receive actual notice of your privacy policies and practices if you: (i) Only post a sign in your branch or office or generally publish advertisements of your privacy policies and practices; or (ii) Send the notice via electronic mail to a consumer who does not obtain a financial product or service from you electronically. (c) Annual notices only. (1) You may reasonably expect that a customer will receive actual notice of your annual privacy notice if: (i) The customer uses your web site to access financial products and services electronically and agrees to receive notices at the web site and you post your current privacy notice continuously in a clear and conspicuous manner on the web site; or (ii) The customer has requested that you refrain from sending any information regarding the customer relationship, and your current privacy notic… | |||||
| 17:17:5.0.1.1.8.1.14.10 | 17 | Commodity and Securities Exchanges | II | 248 | PART 248—REGULATIONS S-P, S-AM, AND S-ID | A | Subpart A—Regulation S-P: Privacy of Consumer Financial Information and Safeguarding Personal Information | § 248.10 Limits on disclosure of nonpublic personal information to nonaffiliated third parties. | SEC | (a)(1) Conditions for disclosure. Except as otherwise authorized in this subpart, you may not, directly or through any affiliate, disclose any nonpublic personal information about a consumer to a nonaffiliated third party unless: (i) You have provided to the consumer an initial notice as required under § 248.4; (ii) You have provided to the consumer an opt out notice as required in § 248.7; (iii) You have given the consumer a reasonable opportunity, before you disclose the information to the nonaffiliated third party, to opt out of the disclosure; and (iv) The consumer does not opt out. (2) Opt out definition. Opt out means a direction by the consumer that you not disclose nonpublic personal information about that consumer to a nonaffiliated third party, other than as permitted by §§ 248.13, 248.14, and 248.15. (3) Examples of reasonable opportunity to opt out. You provide a consumer with a reasonable opportunity to opt out if: (i) By mail. You mail the notices required in paragraph (a)(1) of this section to the consumer and allow the consumer to opt out by mailing a form, calling a toll-free telephone number, or any other reasonable means within 30 days after the date you mailed the notices. (ii) By electronic means. A customer opens an on-line account with you and agrees to receive the notices required in paragraph (a)(1) of this section electronically, and you allow the customer to opt out by any reasonable means within 30 days after the date that the customer acknowledges receipt of the notices in conjunction with opening the account. (iii) Isolated transaction with consumer. For an isolated transaction, such as the provision of brokerage services to a consumer as an accommodation, you provide the consumer with a reasonable opportunity to opt out if you provide the notices required in paragraph (a)(1) of this section at the time of the transaction and request that the consumer decide, as a necessary part of the transaction, whether to opt out before completing the transaction. (b) Appli… | |||||
| 17:17:5.0.1.1.8.1.14.11 | 17 | Commodity and Securities Exchanges | II | 248 | PART 248—REGULATIONS S-P, S-AM, AND S-ID | A | Subpart A—Regulation S-P: Privacy of Consumer Financial Information and Safeguarding Personal Information | § 248.11 Limits on redisclosure and reuse of information. | SEC | (a)(1) Information you receive under an exception. If you receive nonpublic personal information from a nonaffiliated financial institution under an exception in § 248.14 or § 248.15, your disclosure and use of that information is limited as follows: (i) You may disclose the information to the affiliates of the financial institution from which you received the information; (ii) You may disclose the information to your affiliates, but your affiliates may, in turn, disclose and use the information only to the extent that you may disclose and use the information; and (iii) You may disclose and use the information pursuant to an exception in § 248.14 or § 248.15 in the ordinary course of business to carry out the activity covered by the exception under which you received the information. (2) Example. If you receive a customer list from a nonaffiliated financial institution in order to provide account-processing services under the exception in § 248.14(a), you may disclose that information under any exception in § 248.14 or § 248.15 in the ordinary course of business in order to provide those services. You could also disclose that information in response to a properly authorized subpoena or in the ordinary course of business to your attorneys, accountants, and auditors. You could not disclose that information to a third party for marketing purposes or use that information for your own marketing purposes. (b)(1) Information you receive outside of an exception. If you receive nonpublic personal information from a nonaffiliated financial institution other than under an exception in § 248.14 or § 248.15, you may disclose the information only: (i) To the affiliates of the financial institution from which you received the information; (ii) To your affiliates, but your affiliates may, in turn, disclose the information only to the extent that you can disclose the information; and (iii) To any other person, if the disclosure would be lawful if made directly to that person by the financial institution from which y… | |||||
| 17:17:5.0.1.1.8.1.14.12 | 17 | Commodity and Securities Exchanges | II | 248 | PART 248—REGULATIONS S-P, S-AM, AND S-ID | A | Subpart A—Regulation S-P: Privacy of Consumer Financial Information and Safeguarding Personal Information | § 248.12 Limits on sharing account number information for marketing purposes. | SEC | (a) General prohibition on disclosure of account numbers. You must not, directly or through an affiliate, disclose, other than to a consumer reporting agency, an account number or similar form of access number or access code for a consumer's credit card account, deposit account, or transaction account to any nonaffiliated third party for use in telemarketing, direct mail marketing, or other marketing through electronic mail to the consumer. (b) Exceptions. Paragraph (a) of this section does not apply if you disclose an account number or similar form of access number or access code: (1) To your agent or service provider solely in order to perform marketing for your own products or services, as long as the agent or service provider is not authorized to directly initiate charges to the account; or (2) To a participant in a private label credit card program or an affinity or similar program where the participants in the program are identified to the customer when the customer enters into the program. (c) Example—Account number. An account number, or similar form of access number or access code, does not include a number or code in an encrypted form, as long as you do not provide the recipient with a means to decode the number or code. | |||||
| 17:17:5.0.1.1.8.1.15.13 | 17 | Commodity and Securities Exchanges | II | 248 | PART 248—REGULATIONS S-P, S-AM, AND S-ID | A | Subpart A—Regulation S-P: Privacy of Consumer Financial Information and Safeguarding Personal Information | § 248.13 Exception to opt out requirements for service providers and joint marketing. | SEC | (a) General rule. (1) The opt out requirements in §§ 248.7 and 248.10 do not apply when you provide nonpublic personal information to a nonaffiliated third party to perform services for you or functions on your behalf, if you: (i) Provide the initial notice in accordance with § 248.4; and (ii) Enter into a contractual agreement with the third party that prohibits the third party from disclosing or using the information other than to carry out the purposes for which you disclosed the information, including use under an exception in § 248.14 or § 248.15 in the ordinary course of business to carry out those purposes. (2) Example. If you disclose nonpublic personal information under this section to a financial institution with which you perform joint marketing, your contractual agreement with that institution meets the requirements of paragraph (a)(1)(ii) of this section if it prohibits the institution from disclosing or using the nonpublic personal information except as necessary to carry out the joint marketing or under an exception in § 248.14 or § 248.15 in the ordinary course of business to carry out that joint marketing. (b) Service may include joint marketing. The services a nonaffiliated third party performs for you under paragraph (a) of this section may include marketing of your own products or services or marketing of financial products or services offered pursuant to joint agreements between you and one or more financial institutions. (c) Definition of joint agreement. For purposes of this section, joint agreement means a written contract pursuant to which you and one or more financial institutions jointly offer, endorse, or sponsor a financial product or service. | |||||
| 17:17:5.0.1.1.8.1.15.14 | 17 | Commodity and Securities Exchanges | II | 248 | PART 248—REGULATIONS S-P, S-AM, AND S-ID | A | Subpart A—Regulation S-P: Privacy of Consumer Financial Information and Safeguarding Personal Information | § 248.14 Exceptions to notice and opt out requirements for processing and servicing transactions. | SEC | (a) Exceptions for processing and servicing transactions at consumer's request. The requirements for initial notice in § 248.4(a)(2), for the opt out in §§ 248.7 and 248.10, and for initial notice in § 248.13 in connection with service providers and joint marketing, do not apply if you disclose nonpublic personal information as necessary to effect, administer, or enforce a transaction that a consumer requests or authorizes, or in connection with: (1) Processing or servicing a financial product or service that a consumer requests or authorizes; (2) Maintaining or servicing the consumer's account with you, or with another entity as part of a private label credit card program or other extension of credit on behalf of such entity; or (3) A proposed or actual securitization, secondary market sale (including sales of servicing rights), or similar transaction related to a transaction of the consumer. (b) Necessary to effect, administer, or enforce a transaction means that the disclosure is: (1) Required, or is one of the lawful or appropriate methods, to enforce your rights or the rights of other persons engaged in carrying out the financial transaction or providing the product or service; or (2) Required, or is a usual, appropriate, or acceptable method: (i) To carry out the transaction or the product or service business of which the transaction is a part, and record, service, or maintain the consumer's account in the ordinary course of providing the financial service or financial product; (ii) To administer or service benefits or claims relating to the transaction or the product or service business of which it is a part; (iii) To provide a confirmation, statement, or other record of the transaction, or information on the status or value of the financial service or financial product to the consumer or the consumer's agent or broker; (iv) To accrue or recognize incentives or bonuses associated with the transaction that are provided by you or any other party; (v) To underwrite insurance at the consumer's r… | |||||
| 17:17:5.0.1.1.8.1.15.15 | 17 | Commodity and Securities Exchanges | II | 248 | PART 248—REGULATIONS S-P, S-AM, AND S-ID | A | Subpart A—Regulation S-P: Privacy of Consumer Financial Information and Safeguarding Personal Information | § 248.15 Other exceptions to notice and opt out requirements. | SEC | (a) Exceptions to notice and opt out requirements. The requirements for initial notice in § 248.4(a)(2), for the opt out in §§ 248.7 and 248.10, and for initial notice in § 248.13 in connection with service providers and joint marketing do not apply when you disclose nonpublic personal information: (1) With the consent or at the direction of the consumer, provided that the consumer has not revoked the consent or direction; (2)(i) To protect the confidentiality or security of your records pertaining to the consumer, service, product, or transaction; (ii) To protect against or prevent actual or potential fraud, unauthorized transactions, claims, or other liability; (iii) For required institutional risk control or for resolving consumer disputes or inquiries; (iv) To persons holding a legal or beneficial interest relating to the consumer; or (v) To persons acting in a fiduciary or representative capacity on behalf of the consumer; (3) To provide information to insurance rate advisory organizations, guaranty funds or agencies, agencies that are rating you, persons that are assessing your compliance with industry standards, and your attorneys, accountants, and auditors; (4) To the extent specifically permitted or required under other provisions of law and in accordance with the Right to Financial Privacy Act of 1978 (12 U.S.C. 3401 et seq. ), to law enforcement agencies (including a federal functional regulator, the Secretary of the Treasury, with respect to 31 U.S.C. Chapter 53, Subchapter II (Records and Reports on Monetary Instruments and Transactions) and 12 U.S.C. Chapter 21 (Financial Recordkeeping), a State insurance authority, with respect to any person domiciled in that insurance authority's State that is engaged in providing insurance, and the Federal Trade Commission), self-regulatory organizations, or for an investigation on a matter related to public safety; (5)(i) To a consumer reporting agency in accordance with the Fair Credit Reporting Act (15 U.S.C. 1681 et seq. ), or (ii) From a consum… | |||||
| 17:17:5.0.1.1.8.1.16.16 | 17 | Commodity and Securities Exchanges | II | 248 | PART 248—REGULATIONS S-P, S-AM, AND S-ID | A | Subpart A—Regulation S-P: Privacy of Consumer Financial Information and Safeguarding Personal Information | § 248.16 Protection of Fair Credit Reporting Act. | SEC | Nothing in this subpart shall be construed to modify, limit, or supersede the operation of the Fair Credit Reporting Act (15 U.S.C. 1681 et seq. ), and no inference shall be drawn on the basis of the provisions of this subpart regarding whether information is transaction or experience information under section 603 of that Act. | |||||
| 17:17:5.0.1.1.8.1.16.17 | 17 | Commodity and Securities Exchanges | II | 248 | PART 248—REGULATIONS S-P, S-AM, AND S-ID | A | Subpart A—Regulation S-P: Privacy of Consumer Financial Information and Safeguarding Personal Information | § 248.17 Relation to State laws. | SEC | [65 FR 40362, June 29, 2000, as amended at 89 FR 47786, June 3, 2024 | (a) In general. This subpart shall not be construed as superseding, altering, or affecting any statute, regulation, order, or interpretation in effect in any State, except to the extent that such State statute, regulation, order, or interpretation is inconsistent with the provisions of this subpart, and then only to the extent of the inconsistency. (b) Greater protection under State law. For purposes of this section, a State statute, regulation, order, or interpretation is not inconsistent with the provisions of this subpart if the protection such statute, regulation, order, or interpretation affords any consumer is greater than the protection provided under this subpart, as determined by the Consumer Financial Protection Bureau, after consultation with the Commission, on theConsumer Financial Protection Bureau's own motion, or upon the petition of any interested party. | ||||
| 17:17:5.0.1.1.8.1.16.18 | 17 | Commodity and Securities Exchanges | II | 248 | PART 248—REGULATIONS S-P, S-AM, AND S-ID | A | Subpart A—Regulation S-P: Privacy of Consumer Financial Information and Safeguarding Personal Information | § 248.18 Effective date; transition rule. | SEC | (a) Effective date. This subpart is effective November 13, 2000. In order to provide sufficient time for you to establish policies and systems to comply with the requirements of this subpart, the compliance date for this subpart is July 1, 2001. (b)(1) Notice requirement for consumers who are your customers on the compliance date. By July 1, 2001, you must have provided an initial notice, as required by § 248.4, to consumers who are your customers on July 1, 2001. (2) Example. You provide an initial notice to consumers who are your customers on July 1, 2001, if, by that date, you have established a system for providing an initial notice to all new customers and have mailed the initial notice to all your existing customers. (c) Two-year grandfathering of service agreements. Until July 1, 2002, a contract that you have entered into with a nonaffiliated third party to perform services for you or functions on your behalf satisfies the provisions of § 248.13(a)(2), even if the contract does not include a requirement that the third party maintain the confidentiality of nonpublic personal information, as long as you entered into the agreement on or before July 1, 2000. | |||||
| 17:17:5.0.1.1.8.1.16.19 | 17 | Commodity and Securities Exchanges | II | 248 | PART 248—REGULATIONS S-P, S-AM, AND S-ID | A | Subpart A—Regulation S-P: Privacy of Consumer Financial Information and Safeguarding Personal Information | §§ 248.19-248.29 [Reserved] | SEC | ||||||
| 17:17:5.0.1.1.8.1.16.20 | 17 | Commodity and Securities Exchanges | II | 248 | PART 248—REGULATIONS S-P, S-AM, AND S-ID | A | Subpart A—Regulation S-P: Privacy of Consumer Financial Information and Safeguarding Personal Information | § 248.30 Procedures to safeguard customer information, including response programs for unauthorized access to customer information and customer notice; disposal of customer information and consumer information. | SEC | [89 FR 47786, June 3, 2024] | (a) Policies and procedures to safeguard customer information —(1) General requirements. Every covered institution must develop, implement, and maintain written policies and procedures that address administrative, technical, and physical safeguards for the protection of customer information. (2) Objectives. These written policies and procedures must be reasonably designed to: (i) Ensure the security and confidentiality of customer information; (ii) Protect against any anticipated threats or hazards to the security or integrity of customer information; and (iii) Protect against unauthorized access to or use of customer information that could result in substantial harm or inconvenience to any customer. (3) Response programs for unauthorized access to or use of customer information. Written policies and procedures in paragraph (a)(1) of this section must include a program reasonably designed to detect, respond to, and recover from unauthorized access to or use of customer information, including customer notification procedures. This response program must include procedures for the covered institution to: (i) Assess the nature and scope of any incident involving unauthorized access to or use of customer information and identify the customer information systems and types of customer information that may have been accessed or used without authorization; (ii) Take appropriate steps to contain and control the incident to prevent further unauthorized access to or use of customer information; and (iii) Notify each affected individual whose sensitive customer information was, or is reasonably likely to have been, accessed or used without authorization in accordance with paragraph (a)(4) of this section unless the covered institution determines, after a reasonable investigation of the facts and circumstances of the incident of unauthorized access to or use of sensitive customer information, that the sensitive customer information has not been, and is not reasonably likely to be, used in a manner that would res… | ||||
| 17:17:5.0.1.1.8.1.16.21 | 17 | Commodity and Securities Exchanges | II | 248 | PART 248—REGULATIONS S-P, S-AM, AND S-ID | A | Subpart A—Regulation S-P: Privacy of Consumer Financial Information and Safeguarding Personal Information | §§ 248.31-248.100 [Reserved] | SEC | ||||||
| 17:17:5.0.1.1.8.2.17.1 | 17 | Commodity and Securities Exchanges | II | 248 | PART 248—REGULATIONS S-P, S-AM, AND S-ID | B | Subpart B—Regulation S-AM: Limitations on Affiliate Marketing | § 248.101 Purpose and scope. | SEC | (a) Purpose. The purpose of this subpart is to implement section 624 of the Fair Credit Reporting Act, 15 U.S.C. 1681, et seq. (“FCRA”). Section 624, which was added to the FCRA by section 214 of the Fair and Accurate Credit Transactions Act of 2003, Public Law 108-159, 117 Stat. 1952 (2003) (“FACT Act” or “Act”), regulates the use of consumer information received from an affiliate to make marketing solicitations. (b) Scope. This subpart applies to any broker or dealer other than a notice-registered broker or dealer, to any investment company, and to any investment adviser or transfer agent registered with the Commission. These entities are referred to in this subpart as “you.” | |||||
| 17:17:5.0.1.1.8.2.17.10 | 17 | Commodity and Securities Exchanges | II | 248 | PART 248—REGULATIONS S-P, S-AM, AND S-ID | B | Subpart B—Regulation S-AM: Limitations on Affiliate Marketing | § 248.126 Delivery of opt out notices. | SEC | (a) In general. The opt out notice must be provided so that each consumer can reasonably be expected to receive actual notice. For opt out notices provided electronically, the notice may be provided in compliance with either the electronic disclosure provisions in this subpart or the provisions in section 101 of the Electronic Signatures in Global and National Commerce Act, 15 U.S.C. 7001, et seq. (b) Examples of reasonable expectation of actual notice. A consumer may reasonably be expected to receive actual notice if the affiliate providing the notice: (1) Hand-delivers a printed copy of the notice to the consumer; (2) Mails a printed copy of the notice to the last known mailing address of the consumer; (3) Provides a notice by e-mail to a consumer who has agreed to receive electronic disclosures by e-mail from the affiliate providing the notice; or (4) Posts the notice on the Internet Web site at which the consumer obtained a product or service electronically and requires the consumer to acknowledge receipt of the notice. (c) Examples of no reasonable expectation of actual notice. A consumer may not reasonably be expected to receive actual notice if the affiliate providing the notice: (1) Only posts the notice on a sign in a branch or office or generally publishes the notice in a newspaper; (2) Sends the notice by e-mail to a consumer who has not agreed to receive electronic disclosures by e-mail from the affiliate providing the notice; or (3) Posts the notice on an Internet Web site without requiring the consumer to acknowledge receipt of the notice. | |||||
| 17:17:5.0.1.1.8.2.17.11 | 17 | Commodity and Securities Exchanges | II | 248 | PART 248—REGULATIONS S-P, S-AM, AND S-ID | B | Subpart B—Regulation S-AM: Limitations on Affiliate Marketing | § 248.127 Renewal of opt out elections. | SEC | (a) Renewal notice and opt out requirement —(1) In general. After the opt out period expires, you may not make marketing solicitations to a consumer who previously opted out, unless: (i) The consumer has been given a renewal notice that complies with the requirements of this section and §§ 248.124 through 248.126, and a reasonable opportunity and a reasonable and simple method to renew the opt out, and the consumer does not renew the opt out; or (ii) An exception in § 248.121(c) applies. (2) Renewal period. Each opt out renewal must be effective for a period of at least five years as provided in § 248.122(b). (3) Affiliates who may provide the notice. The notice required by this paragraph must be provided: (i) By the affiliate that provided the previous opt out notice, or its successor; or (ii) As part of a joint renewal notice from two or more members of an affiliated group of companies, or their successors, that jointly provided the previous opt out notice. (b) Contents of renewal notice. The renewal notice must be clear, conspicuous, and concise, and must accurately disclose: (1) The name of the affiliate(s) providing the notice. If the notice is provided jointly by multiple affiliates and each affiliate shares a common name, such as “ABC,” then the notice may indicate it is being provided by multiple companies with the ABC name or multiple companies in the ABC group or family of companies, for example, by stating that the notice is provided by “all of the ABC companies,” “the ABC banking, credit card, insurance, and securities companies,” or by listing the name of each affiliate providing the notice. But if the affiliates providing the joint notice do not all share a common name, then the notice must either separately identify each affiliate by name or identify each of the common names used by those affiliates, for example, by stating that the notice is provided by “all of the ABC and XYZ companies” or by “the ABC banking and securities companies and the XYZ insurance companies”; (2) A list … | |||||
| 17:17:5.0.1.1.8.2.17.12 | 17 | Commodity and Securities Exchanges | II | 248 | PART 248—REGULATIONS S-P, S-AM, AND S-ID | B | Subpart B—Regulation S-AM: Limitations on Affiliate Marketing | § 248.128 Effective date, compliance date, and prospective application. | SEC | (a) Effective date. This subpart is effective September 10, 2009. (b) Mandatory compliance date. Compliance with this subpart is required not later than January 1, 2010. (c) Prospective application. The provisions of this subpart do not prohibit you from using eligibility information that you receive from an affiliate to make a marketing solicitation to a consumer if you receive such information prior to January 1, 2010. For purposes of this section, you are deemed to receive eligibility information when such information is placed into a common database and is accessible by you. | |||||
| 17:17:5.0.1.1.8.2.17.2 | 17 | Commodity and Securities Exchanges | II | 248 | PART 248—REGULATIONS S-P, S-AM, AND S-ID | B | Subpart B—Regulation S-AM: Limitations on Affiliate Marketing | § 248.102 Examples. | SEC | The examples in this subpart are not exclusive. The examples in this subpart provide guidance concerning the rules' application in ordinary circumstances. The facts and circumstances of each individual situation, however, will determine whether compliance with an example, to the extent applicable, constitutes compliance with this subpart. Examples in a paragraph illustrate only the issue described in the paragraph and do not illustrate any other issue that may arise under this subpart. Similarly, the examples do not illustrate any issues that may arise under other laws or regulations. | |||||
| 17:17:5.0.1.1.8.2.17.3 | 17 | Commodity and Securities Exchanges | II | 248 | PART 248—REGULATIONS S-P, S-AM, AND S-ID | B | Subpart B—Regulation S-AM: Limitations on Affiliate Marketing | §§ 248.103-248.119 [Reserved] | SEC | ||||||
| 17:17:5.0.1.1.8.2.17.4 | 17 | Commodity and Securities Exchanges | II | 248 | PART 248—REGULATIONS S-P, S-AM, AND S-ID | B | Subpart B—Regulation S-AM: Limitations on Affiliate Marketing | § 248.120 Definitions. | SEC | As used in this subpart, unless the context requires otherwise: (a) Affiliate of a broker, dealer, or investment company, or an investment adviser or transfer agent registered with the Commission means any person that is related by common ownership or common control with the broker, dealer, or investment company, or the investment adviser or transfer agent registered with the Commission. In addition, a broker, dealer, or investment company, or an investment adviser or transfer agent registered with the Commission will be deemed an affiliate of a company for purposes of this subpart if: (1) That company is regulated under section 214 of the FACT Act, Public Law 108-159, 117 Stat. 1952 (2003), by a government regulator other than the Commission; and (2) Rules adopted by the other government regulator under section 214 of the FACT Act treat the broker, dealer, or investment company, or investment adviser or transfer agent registered with the Commission as an affiliate of that company. (b) Broker has the same meaning as in section 3(a)(4) of the Securities Exchange Act of 1934 (15 U.S.C. 78c(a)(4)). A “broker” does not include a broker registered by notice with the Commission under section 15(b)(11) of the Securities Exchange Act of 1934 (15 U.S.C. 78o(b)(11)). (c) Clear and conspicuous means reasonably understandable and designed to call attention to the nature and significance of the information presented. (d) Commission means the Securities and Exchange Commission. (e) Company means any corporation, limited liability company, business trust, general or limited partnership, association, or similar organization. (f) Concise —(1) In general. The term “concise” means a reasonably brief expression or statement. (2) Combination with other required disclosures. A notice required by this subpart may be concise even if it is combined with other disclosures required or authorized by Federal or State law. (g) Consumer means an individual. (h) Control of a company means the power to exercise a co… | |||||
| 17:17:5.0.1.1.8.2.17.5 | 17 | Commodity and Securities Exchanges | II | 248 | PART 248—REGULATIONS S-P, S-AM, AND S-ID | B | Subpart B—Regulation S-AM: Limitations on Affiliate Marketing | § 248.121 Affiliate marketing opt out and exceptions. | SEC | (a) Initial notice and opt out requirement —(1) In general. You may not use eligibility information about a consumer that you receive from an affiliate to make a marketing solicitation to the consumer, unless: (i) It is clearly and conspicuously disclosed to the consumer in writing or, if the consumer agrees, electronically, in a concise notice that you may use eligibility information about that consumer received from an affiliate to make marketing solicitations to the consumer; (ii) The consumer is provided a reasonable opportunity and a reasonable and simple method to “opt out,” or the consumer prohibits you from using eligibility information to make marketing solicitations to the consumer; and (iii) The consumer has not opted out. (2) Example. A consumer has a brokerage account with a broker-dealer. The broker-dealer furnishes eligibility information about the consumer to its affiliated investment adviser. Based on that eligibility information, the investment adviser wants to make a marketing solicitation to the consumer about its discretionary advisory accounts. The investment adviser does not have a pre-existing business relationship with the consumer and none of the other exceptions apply. The investment adviser is prohibited from using eligibility information received from its broker-dealer affiliate to make marketing solicitations to the consumer about its discretionary advisory accounts unless the consumer is given a notice and opportunity to opt out and the consumer does not opt out. (3) Affiliates who may provide the notice. The notice required by this paragraph must be provided: (i) By an affiliate that has or has previously had a pre-existing business relationship with the consumer; or (ii) As part of a joint notice from two or more members of an affiliated group of companies, provided that at least one of the affiliates on the joint notice has or has previously had a pre-existing business relationship with the consumer. (b) Making marketing solicitations —(1) In general. For purpos… | |||||
| 17:17:5.0.1.1.8.2.17.6 | 17 | Commodity and Securities Exchanges | II | 248 | PART 248—REGULATIONS S-P, S-AM, AND S-ID | B | Subpart B—Regulation S-AM: Limitations on Affiliate Marketing | § 248.122 Scope and duration of opt out. | SEC | (a) Scope of opt out —(1) In general. Except as otherwise provided in this section, the consumer's election to opt out prohibits any affiliate covered by the opt out notice from using eligibility information received from another affiliate as described in the notice to make marketing solicitations to the consumer. (2) Continuing relationship —(i) In general. If the consumer establishes a continuing relationship with you or your affiliate, an opt out notice may apply to eligibility information obtained in connection with: (A) A single continuing relationship or multiple continuing relationships that the consumer establishes with you or your affiliates, including continuing relationships established subsequent to delivery of the opt out notice, so long as the notice adequately describes the continuing relationships covered by the opt out; or (B) Any other transaction between the consumer and you or your affiliates as described in the notice. (ii) Examples of continuing relationships. A consumer has a continuing relationship with you or your affiliate if the consumer: (A) Opens a brokerage account or enters into an advisory contract with you or your affiliate; (B) Obtains a loan for which you or your affiliate owns the servicing rights; (C) Purchases investment company shares in his or her own name; (D) Holds an investment through you or your affiliate; such as when you act or your affiliate acts as a custodian for securities or for assets in an individual retirement arrangement; (E) Enters into an agreement or understanding with you or your affiliate whereby you or your affiliate undertakes to arrange or broker a home mortgage loan for the consumer; (F) Enters into a lease of personal property with you or your affiliate; or (G) Obtains financial, investment, or economic advisory services from you or your affiliate for a fee. (3) No continuing relationship —(i) In general. If there is no continuing relationship between a consumer and you or your affiliate, and you or your affiliate obtain elig… | |||||
| 17:17:5.0.1.1.8.2.17.7 | 17 | Commodity and Securities Exchanges | II | 248 | PART 248—REGULATIONS S-P, S-AM, AND S-ID | B | Subpart B—Regulation S-AM: Limitations on Affiliate Marketing | § 248.123 Contents of opt out notice; consolidated and equivalent notices. | SEC | (a) Contents of opt out notice —(1) In general. A notice must be clear, conspicuous, and concise, and must accurately disclose: (i) The name of the affiliate(s) providing the notice. If the notice is provided jointly by multiple affiliates and each affiliate shares a common name, such as “ABC,” then the notice may indicate that it is being provided by multiple companies with the ABC name or multiple companies in the ABC group or family of companies, for example, by stating that the notice is provided by “all of the ABC companies,” “the ABC banking, credit card, insurance, and securities companies,” or by listing the name of each affiliate providing the notice. But if the affiliates providing the joint notice do not all share a common name, then the notice must either separately identify each affiliate by name or identify each of the common names used by those affiliates, for example, by stating that the notice is provided by “all of the ABC and XYZ companies” or by “the ABC bank and securities companies and the XYZ insurance companies”; (ii) A list of the affiliates or types of affiliates whose use of eligibility information is covered by the notice, which may include companies that become affiliates after the notice is provided to the consumer. If each affiliate covered by the notice shares a common name, such as “ABC,” then the notice may indicate that it applies to multiple companies with the ABC name or multiple companies in the ABC group or family of companies, for example, by stating that the notice is provided by “all of the ABC companies,” “the ABC banking, credit card, insurance, and securities companies,” or by listing the name of each affiliate providing the notice. But if the affiliates covered by the notice do not all share a common name, then the notice must either separately identify each covered affiliate by name or identify each of the common names used by those affiliates, for example, by stating that the notice applies to “all of the ABC and XYZ companies” or to “the ABC banking and secu… | |||||
| 17:17:5.0.1.1.8.2.17.8 | 17 | Commodity and Securities Exchanges | II | 248 | PART 248—REGULATIONS S-P, S-AM, AND S-ID | B | Subpart B—Regulation S-AM: Limitations on Affiliate Marketing | § 248.124 Reasonable opportunity to opt out. | SEC | (a) In general. You must not use eligibility information that you receive from an affiliate to make marketing solicitations to a consumer about your products or services unless the consumer is provided a reasonable opportunity to opt out, as required by § 248.121(a)(1)(ii). (b) Examples of a reasonable opportunity to opt out. The consumer is given a reasonable opportunity to opt out if: (1) By mail. The opt out notice is mailed to the consumer. The consumer is given 30 days from the date the notice is mailed to elect to opt out by any reasonable means. (2) By electronic means. (i) The opt out notice is provided electronically to the consumer, such as by posting the notice at an Internet Web site at which the consumer has obtained a product or service. The consumer acknowledges receipt of the electronic notice. The consumer is given 30 days after the date the consumer acknowledges receipt to elect to opt out by any reasonable means. (ii) The opt out notice is provided to the consumer by e-mail where the consumer has agreed to receive disclosures by e-mail from the person sending the notice. The consumer is given 30 days after the e-mail is sent to elect to opt out by any reasonable means. (3) At the time of an electronic transaction. The opt out notice is provided to the consumer at the time of an electronic transaction, such as a transaction conducted on an Internet Web site. The consumer is required to decide, as a necessary part of proceeding with the transaction, whether to opt out before completing the transaction. There is a simple process that the consumer may use to opt out at that time using the same mechanism through which the transaction is conducted. (4) At the time of an in-person transaction. The opt out notice is provided to the consumer in writing at the time of an in-person transaction. The consumer is required to decide, as a necessary part of proceeding with the transaction, whether to opt out before completing the transaction, and is not permitted to complete the transaction w… | |||||
| 17:17:5.0.1.1.8.2.17.9 | 17 | Commodity and Securities Exchanges | II | 248 | PART 248—REGULATIONS S-P, S-AM, AND S-ID | B | Subpart B—Regulation S-AM: Limitations on Affiliate Marketing | § 248.125 Reasonable and simple methods of opting out. | SEC | (a) In general. You must not use eligibility information about a consumer that you receive from an affiliate to make a marketing solicitation to the consumer about your products or services, unless the consumer is provided a reasonable and simple method to opt out, as required by § 248.121(a)(1)(ii). (b) Examples —(1) Reasonable and simple opt out methods. Reasonable and simple methods for exercising the opt out right include: (i) Designating a check-off box in a prominent position on the opt out form; (ii) Including a reply form and a self-addressed envelope together with the opt out notice; (iii) Providing an electronic means to opt out, such as a form that can be electronically mailed or processed at an Internet Web site, if the consumer agrees to the electronic delivery of information; (iv) Providing a toll-free telephone number that consumers may call to opt out; or (v) Allowing consumers to exercise all of their opt out rights described in a consolidated opt out notice that includes the GLBA privacy, FCRA affiliate sharing, and FCRA affiliate marketing opt outs, by a single method, such as by calling a single toll-free telephone number. (2) Opt out methods that are not reasonable and simple. Reasonable and simple methods for exercising an opt out right do not include: (i) Requiring the consumer to write his or her own letter; (ii) Requiring the consumer to call or write to obtain a form for opting out, rather than including the form with the opt out notice; or (iii) Requiring the consumer who receives the opt out notice in electronic form only, such as through posting at an Internet Web site, to opt out solely by paper mail or by visiting a different Web site without providing a link to that site. (c) Specific opt out means. Each consumer may be required to opt out through a specific means, as long as that means is reasonable and simple for that consumer. | |||||
| 17:17:5.0.1.1.8.3.17.1 | 17 | Commodity and Securities Exchanges | II | 248 | PART 248—REGULATIONS S-P, S-AM, AND S-ID | C | Subpart C—Regulation S-ID: Identity Theft Red Flags | § 248.201 Duties regarding the detection, prevention, and mitigation of identity theft. | SEC | (a) Scope. This section applies to a financial institution or creditor, as defined in the Fair Credit Reporting Act (15 U.S.C. 1681), that is: (1) A broker, dealer or any other person that is registered or required to be registered under the Securities Exchange Act of 1934; (2) An investment company that is registered or required to be registered under the Investment Company Act of 1940, that has elected to be regulated as a business development company under that Act, or that operates as an employees' securities company under that Act; or (3) An investment adviser that is registered or required to be registered under the Investment Advisers Act of 1940. (b) Definitions. For purposes of this subpart, and Appendix A of this subpart, the following definitions apply: (1) Account means a continuing relationship established by a person with a financial institution or creditor to obtain a product or service for personal, family, household or business purposes. Account includes a brokerage account, a mutual fund account ( i.e., an account with an open-end investment company), and an investment advisory account. (2) The term board of directors includes: (i) In the case of a branch or agency of a foreign financial institution or creditor, the managing official of that branch or agency; and (ii) In the case of a financial institution or creditor that does not have a board of directors, a designated employee at the level of senior management. (3) Covered account means: (i) An account that a financial institution or creditor offers or maintains, primarily for personal, family, or household purposes, that involves or is designed to permit multiple payments or transactions, such as a brokerage account with a broker-dealer or an account maintained by a mutual fund (or its agent) that permits wire transfers or other payments to third parties; and (ii) Any other account that the financial institution or creditor offers or maintains for which there is a reasonably foreseeable risk to customers or to the… | |||||
| 17:17:5.0.1.1.8.3.17.2 | 17 | Commodity and Securities Exchanges | II | 248 | PART 248—REGULATIONS S-P, S-AM, AND S-ID | C | Subpart C—Regulation S-ID: Identity Theft Red Flags | § 248.202 Duties of card issuers regarding changes of address. | SEC | (a) Scope. This section applies to a person described in § 248.201(a) that issues a credit or debit card (card issuer). (b) Definitions. For purposes of this section: (1) Cardholder means a consumer who has been issued a credit card or debit card as defined in 15 U.S.C. 1681a(r). (2) Clear and conspicuous means reasonably understandable and designed to call attention to the nature and significance of the information presented. (3) Other terms not defined in this subpart have the same meaning as in the Fair Credit Reporting Act (15 U.S.C. 1681 et seq. ). (c) Address validation requirements. A card issuer must establish and implement reasonable written policies and procedures to assess the validity of a change of address if it receives notification of a change of address for a consumer's debit or credit card account and, within a short period of time afterwards (during at least the first 30 days after it receives such notification), the card issuer receives a request for an additional or replacement card for the same account. Under these circumstances, the card issuer may not issue an additional or replacement card, until, in accordance with its reasonable policies and procedures and for the purpose of assessing the validity of the change of address, the card issuer: (1)(i) Notifies the cardholder of the request: (A) At the cardholder's former address; or (B) By any other means of communication that the card issuer and the cardholder have previously agreed to use; and (ii) Provides to the cardholder a reasonable means of promptly reporting incorrect address changes; or (2) Otherwise assesses the validity of the change of address in accordance with the policies and procedures the card issuer has established pursuant to § 248.201. (d) Alternative timing of address validation. A card issuer may satisfy the requirements of paragraph (c) of this section if it validates an address pursuant to the methods in paragraph (c)(1) or (c)(2) of this section when it receives an address change notificat… |
Advanced export
JSON shape: default, array, newline-delimited, object
CREATE TABLE cfr_sections (
section_id TEXT PRIMARY KEY,
title_number INTEGER,
title_name TEXT,
chapter TEXT,
subchapter TEXT,
part_number TEXT,
part_name TEXT,
subpart TEXT,
subpart_name TEXT,
section_number TEXT,
section_heading TEXT,
agency TEXT,
authority TEXT,
source_citation TEXT,
amendment_citations TEXT,
full_text TEXT
);
CREATE INDEX idx_cfr_title ON cfr_sections(title_number);
CREATE INDEX idx_cfr_part ON cfr_sections(part_number);
CREATE INDEX idx_cfr_agency ON cfr_sections(agency);