• FTC Offers Guidance to Mortgage Brokers on Compliance with Privacy Regulations
  • July 17, 2003
  • Law Firm: Blank Rome LLP - Philadelphia Office
  • The Federal Trade Commission issued a series of frequency asked questions and answers regarding the extent to which the privacy regulations issued by the FTC ("FTC Privacy Regulations") under the Gramm Leach Bliley Act ("GLB") apply to mortgage brokers. Below is a summary of the FTC's guidance:

    Are mortgage brokers subject to privacy requirements?

    Mortgage brokers are subject to the requirements of GLB and the FTC Privacy Regulations because brokering loans is a financial activity that is covered by GLB and the FTC Privacy Regulations.

    When is a customer relationship established?

    Privacy policy notice requirements are triggered when a mortgage broker establishes a customer relationship with a customer. A customer relationship is established when a mortgage broker enters into an agreement to arrange or broker a residential mortgage loan for an individual or when an individual provides personally identifiable financial information to the mortgage broker to obtain a mortgage loan.

    When may an initial privacy policy notice be given?

    An initial privacy notice may be provided to the customer at the time the customer meets with the mortgage broker to fill out an application, as such individual is providing personally identifiable financial information and therefore a customer relationship is established. An initial privacy notice may also be given on-line if applicants acknowledge its receipt not later than when they submit their application information.

    When is subsequent delivery of a privacy policy notice permitted?

    An initial privacy policy notice need not be given when a customer relationship is established only if: (1) Providing the notice at that time would substantially delay the customer's transaction; and (2) the customer agrees to receive the notice at a later time. Therefore, for an application taken over the phone in which the individual provides personally identifiable financial information, the mortgage broker may send an initial privacy notice after the customer relationship is established (i.e., after the information is given), provided no information is disclosed to nonaffiliated third parties (except as otherwise permitted under the FTC Privacy Regulations) until the notice and a reasonable opportunity to opt out is given.

    Must an annual privacy policy notice be given to an individual who obtained a loan through the mortgage broker but with whom the mortgage broker no longer communicates?

    A mortgage broker is not required to send annual privacy policy notice to individuals with whom it does not communicate as such individuals would be former customers. Annual notices need not be sent to former customers. A customer becomes a former customer in the case of a mortgage loan if the mortgage broker no longer provides any statements or notices to the customer concerning the relationship. However, a revised notice and opt out notice may be required if the mortgage broker intends to disclose information about the former customer other than as provided in initial privacy policy notice.

    Must a customer be able to opt out of disclosure of information to lenders and credit reporting agencies with whom the mortgage broker shares information?

    A mortgage broker is permitted to share customer information as is necessary to process service and administer the loan without providing the customer the opportunity to opt out of such limited purpose disclosure. Disclosure of customer information for processing, administering and servicing a loan as well as disclosure of information to a credit reporting agency are specific exceptions to the opt out requirement under GLB.