WASHINGTON—If a federal government agency requests financial information on a member, what type of documentation is required before turning information over?
CUNA’s compliance staff reports that according to the Right to Financial Privacy Act (RFPA), a credit union should not release the records of a member unless the requesting agency provides:
- A signed authorization from the member
- A search warrant
- A judicial subpoena
- A summons or administrative subpoena
- A formal written request
The government agency must give a certification to the credit union that it has complied with the RFPA, CUNA said.
“In addition to keeping a copy of the agency’s certification, the credit union must maintain a record of all disclosures provided to the agency and the credit union members must be able to inspect it. Whether an administrative or judicial subpoena or a summons is used, the government agency is required to provide a copy to both the credit union and the member,” CUNA said.
There may be a delay in the government authority notifying the member under various circumstances, such as there is a belief that notification may endanger safety, destruction or tampering of evidence, and more, CUNA added.
According to CUNA, exceptions to the RFPA include:
- No credit union is prohibited from notifying a government authority of a possible illegal activity. The notification may only include the name or other identifying information of the individual, corporation or account
- No credit union is prohibited from providing copies of any financial record to any court or government authority incident to perfecting a security interest, proving a claim in bankruptcy, or otherwise collecting on a debt owing either to the credit union itself or in its role as a fiduciary
“In addition, any credit union making a disclosure of financial records in good-faith reliance upon a certificate by any Government authority or in relation to a crime against the credit union by insiders will not be liable to the member under the RFPA or any state law,” CUNA explained.
RFPA requirements are in addition to the Gramm-Leach-Bliley Act (GLBA) privacy regulation, which requires a credit union provide member notification and an opt-out option before sharing members’ financial information with non-affiliated third parties. There are several exceptions in the GLBA regulation. This exception calls for the disclosure to be permitted in “accordance with the Right to Financial Privacy Act,” CUNA explained.