A question was recently posed to CUNA’s compliance staff about the Right to Financial Privacy Act (RFPA).
Specifically, if a federal government agency requests financial information on a member, what type of documentation is required before turning information over?
According to the act, a credit union should not release the records of a member unless the requesting agency provides:
The government agency must give a certification to the credit union that it has complied with the RFPA.
In addition to keeping a copy of the agency’s certification, the credit union must maintain a record of all disclosures provided to the agency and the credit union members must be able to inspect it.
Whether an administrative or judicial subpoena or a summons is used, the government agency is required to provide a copy to both the credit union and the member.
There may be a delay in the government authority notifying the member under various circumstances, such as there is a belief that notification may endanger safety, destruction or tampering of evidence, and more.
Exceptions to the RFPA include:
In addition, ny credit union making a disclosure of financial records in good-faith reliance upon a certificate by any Government authority or in relation to a crime against the credit union by insiders will not be liable to the member under the RFPA or any state law.
RFPA requirements are in addition to the Gramm-Leach-Bliley Act (GLBA) privacy regulation, which requires a credit union provide member notification and an opt-out option before sharing your members’ financial information with non-affiliated third parties.
There are several exceptions in the GLBA regulation. This exception calls for the disclosure to be permitted in “accordance with the Right to Financial Privacy Act.”