Regulations issued by the Federal Trade Commission ("FTC"), for privately insured credit unions, and the National Credit Union Administration ("NCUA"), for federally insured credit unions, implementing the privacy provisions of the Gramm-Leach-Bliley Act ("the GLB Act") became effective on July 1, 2001. The purpose of this statement is to explain how the ASI Excess Share Insurance Policy ("Policy") issued to your credit union currently exceeds the requirements of both FTC and NCUA privacy regulations and demonstrates ASI's strong commitment to protect the confidentiality of the information provided us. In addition, we want to advise you that, after consultation with counsel, we have determined that no additional contractual provisions are necessary at this time regarding privacy.
For the most part, the information provided to ASI relates to the financial condition of the insured credit union and does not contain any nonpublic personal information regarding individuals. Therefore, this financial information provided ASI is not covered by the privacy requirements of the GLB Act, and the implementing regulations.
In the course of providing financial information to ASI, nonpublic personal information regarding your members is also included. This occurs, for example, where such information is made available to us during the course of our examination of your credit union, or when reporting those credit union members with accounts in excess of $100,000 and covered by our Policy. All of the information which participating credit unions are required to submit to ASI is either specifically required by law, or has been determined by ASI to be appropriate and necessary in order to assess a credit union's safety and soundness, adherence with the company's Risk Eligibility Standards and continued insurability. These purposes clearly fall within the exceptions provided for in Sections 502(e)(1)(A) and 502(e)(4) of the GLB Act and the implementing regulations of the FTC and NCUA. (See 16 CFR 313.14(a), (a)(1) and 313.15(a)(3) of FTC's Regulations and 12 CFR 716.14(a), (a)(1) and 716.15(a)(3) of NCUA's Regulations.)
Because any nonpublic personal information provided ASI by participating credit unions falls under these exceptions, credit unions are not required to provide members with notice and the opportunity to opt out, nor are they required to enter into contractual agreements with ASI regarding nondisclosure or the use of such information. ASI understands that it is bound by Section 502(c) of the GLB Act, which places limits on its ability to reuse any nonpublic personal information provided by its insured credit unions.
Notwithstanding the fact that the information provided by our insured credit unions either is not covered by or is exempt from notice, opt out and the contractual requirements of the GLB Act and the implementing regulations of the FTC or NCUA, our Policy also contains provisions ensuring strict confidentiality and nondisclosure.
Under the terms and conditions of our Policy, both ASI and the participating credit union agree to be bound by the provisions of Chapter 1761 of the Ohio Revised Code ("O.R.C."). Under Section 1761.08(A) of the O.R.C., certain financial and examination information furnished under the statute by a participating credit union's supervisory authority are not public documents, and the information contained in them is privileged and confidential to ASI and for its sole use in carrying out its statutory functions. In addition, O.R.C. Section 1761.08(G) requires that ASI, participating credit unions and their agents use the information shared with ASI only for the purposes authorized by the statute and authorizes prosecution of those who would violate the provision.
The requirements imposed upon ASI and its participating credit unions by governing statute, with regard to the information furnished to ASI, are more stringent than those imposed by the GLB Act. Thus, the Ohio statutes provide greater protection for all information shared with ASI, whether it be nonpublic personal information regarding members or financial and examination reports of participating credit unions. These protections are written into ASI's Policy within Section III, Terms and Conditions.
In addition, Section XIX of the Policy, entitled "Confidential Information," binds ASI to keep all information provided to us confidential. This Section reads: "The Insurer shall not release any information obtained from an Excess Insured to any third party, except as requested by the Insurer's regulatory authority, its independent auditors or as ordered by a court of law."
In conclusion, the information provided by participating credit unions to ASI as a condition of providing excess share insurance coverage of member accounts is either not covered by the provisions of the GLB Act or is exempt from the requirements to provide notice and an opportunity to members to opt out, and there is no requirement for credit unions to enter into separate or additional contractual agreements regarding confidentiality and the use of such information. Since ASI's Policy contains terms and conditions concerning confidentiality and the use of information by ASI, as well as by participating credit unions, there is no need for ASI to modify its existing Policy or to enter into any type of additional agreements regarding confidentiality or nondisclosure of information at this time. In addition, you should be aware that ASI has established procedures and practices designed to safeguard information provided the company under its Policy.