A Summary of Key Compliance Issues for

the Equipment Leasing Industry

Andrew Hinton, Esquire
Associate General Counsel and
Global Chief Compliance Officer
GE Commercial Finance – Capital Solutions

Jerome Walker, Esquire

Troutman Sanders LLP
Financial Institutions Group
May 1, 2006
Summary of Key Leasing Compliance Issues.

• 1. Anti-Money Laundering.
• 2. Terrorist Financing.
• 3. Consumer Leasing.
• 4. Personal Property Leasing.
• 5. Privacy and Information Sharing.
What Is Money Laundering?

• Process by which a person conceals the

existence, nature or source of the proceeds
of illegal activity and disguises them to make
them appear legitimate.

• “Reverse money laundering” - also of concern

to those providing financing/funding: using legal
proceeds for unlawful activities, i.e., terrorist
financing through charities.
Why Money Laundering?

• Criminals/terrorists launder funds to

• keep the enterprise growing and profitable
• diversify into “legal” businesses
• enjoy the fruits of their labors – all under the radar
screens of governmental authorities.

• It happens because “crime pays”:

• E.g., est. 20% of narcotics sales revenue goes to cost
of production/distribution … remaining 80% is pure
profit and must be managed.
How big is the problem?

• Money laundering accounts for 2-5% of the world’s

annual gross national product -- $800 BB to $2 trillion
each year. (IMF est.)
How much has been spent to address the
problem?

• In 2004, U.S. banks alone spent $3.6 BB/year to fight

money laundering, up from $700 million in 2000. (The
Economist)
• Business, government, and the public together spend $7
BB/year to counter money laundering -- $25 per person.
How is money laundering done?

— Placement – Physical disposal of bulk cash or its initial

placement into the financial system, e.g., cash purchases of
money orders or depositing cash or making cash payments in
amounts of $10,000 or less to avoid reporting.

— Layering – Create layers of financial transactions, e.g.,

buying goods with money orders or opening bank accounts at
one bank with money orders and wire transferring funds to
another bank.

— Integration – Provide apparent legitimacy to the criminal

proceeds, e.g., using the wired funds to buy goods and services
or to buy a legitimate business.
Common Money Laundering Methods and
Schemes.

• Use of cash-equivalents – money orders,

travelers checks, cashier’s checks, and foreign
bank drafts (e.g., Mexican bank drafts)
• Currency smuggling
• Use of complex offshore legal structures and
shell banks
• Front businesses
• Underground banking – unlicensed remitters
• Credit/debit cards
• Trade-based money laundering schemes
– Black Market Peso Exchange
Government Response to the Problem of Money
Laundering.

• Three types of laws:

– Criminal: employees go to jail, company fined
– Regulatory: large penalties, burdensome settlement
requirements
– Forfeiture: even if no one is prosecuted, company
can lose assets traceable to criminal activity

The best defense is a good offense: A comprehensive risk-based

AML compliance program tailored to the business’ specific operations.
Criminal Money Laundering Laws -- 18 U.S.C. §§
1956 and 1957.

• In the U.S., it is a crime to engage in virtually any type of

transaction with the knowledge that the proceeds
involved are the proceeds of unlawful activity if the
government can prove that the proceeds were derived
from a specified unlawful activity.
– Unlawful Activity – Generally any violation of criminal law –
foreign, federal, state or even local.
– Specified Unlawful Activities (SUA): There are over 200 SUAs –
U.S. and certain foreign crimes, e.g., drug trafficking, official
corruption, misappropriation of government funds, terrorist acts
and bank fraud.
– U.S. Mail or wire fraud involving a scheme to defraud a foreign
government of taxes also is an SUA.
Criminal Money Laundering Laws -- 18 U.S.C. §§
1956 and 1957.

• Knowledge
– Either actual knowledge OR “willful blindness”.
– Government does not have to prove that the
defendant knew the specific type of unlawful activity.
• Criminal Money Laundering Laws
– Penalties: Up to 20 years in prison for each violation
and fines up to $500,000 or double the amount of the
property involved, whichever is greater.
– Corporate Criminal Liability: In the U.S., actions of an
employee can be attributed to the corporation.
Current Special Government Concerns in Addition
to Traditional Drug Money Laundering.

• Terrorism or terrorist financing

• Foreign Political Corruption/Senior Foreign Political
Figures or Politically Exposed Persons
• Banking to foreign shell banks, foreign unlicensed
financial institutions, unlicensed money services
businesses, and casas de cambio
• Correspondent banking for Russian and Latvian
customers
• Black Market Peso Exchange
• Serious regulatory violations, e.g., failure to report
suspicious activity
What is a Senior Foreign Political Figure?

• Current or former senior officials

– Elected or not elected
– From any branch of government, including senior military officials and
the diplomats or senior executives of a government-owned enterprises
• Current or former senior officials of a major political party or
candidates
• Immediate family members – spouse, parents, siblings, children, in-
laws
• Persons known to have close personal relations to a SFPF
• Legal entities formed by the SFPF or for the SFPF’s benefit

The concern is that some or all of their funds may be derived from
public corruption.
Tangible Benefits of AML Compliance Programs.

Required by some countries’ laws, e.g. USA PATRIOT Act.

U.S. bank regulators consider it a sound industry practice for large and complex financial
institution organizations with international operations to assess the organization’s AML
risks on a consolidated basis across business lines and legal entities and to implement an
enterprise-wide AML program to manage the risks.

A strong risk-based AML compliance program can provide some protection against crime, civil
and forfeiture liability.

U.S. Sentencing Guidelines identify fully implemented compliance program as a mitigating factor
in sentencing… a good compliance program creates a disincentive to prosecution.

Following reasonable due diligence procedures under an AML compliance program will help
establish innocent ownership - - a legal defense.

Strong AML program will also reduce fraud loses, reputational harm
Elements of Business AML Compliance Programs.

Designated AML Officer(s) or Money Laundering Reporting Officer

• Customer Identification/Verification
• Watchlist Checking
• Know Your Customer—Risk Based
• Stratify customers/transactions into higher and lower risk
• Apply appropriate level of due diligence

• Source of Funds
• Type of Funds
• Suspicious Activity Reporting
• Cash Reporting/Recordkeeping/Documentation
• Training
• Auditing
Key Employee Requirements.

Immediately elevate any suspicions or “red flags” of money

laundering/terrorist financing/other criminal activity to the business Money
Laundering Reporting Officer (MLRO), Compliance Officer, business legal counsel,
or other person designated as responsible.
+ Resolve any concerns promptly before proceeding further.
• Maintain strict confidentiality regarding any suspicions to avoid violating
criminal or civil laws against “tipping off” that third party.
+ Before any change in your business’ course of conduct with such a third party,
review the matter with counsel, compliance officer and/or MLRO to minimize the
risk of “tipping off” liability.
• Document carefully the policies, procedures, and compliance with the AML
Program, including exceptions.
• Training and auditing. Applicable employees (e.g., in the Sales/Marketing,
Customer Service, Risk/Underwriting, Collections, Finance, and
Legal/Compliance functions) should attend in-depth AML training, and
cooperate in required audits of the program.
Key Business Requirements: Party
Identification/Verification.

Applies to all “Parties”:

Customers, guarantors, partners, potential acquisition
targets, service providers, and third party
representatives, e.g., agents and dealers)

1) Party identification and verification. Obtain basic identifying

information (such as name, address, date of birth and taxpayer or other
government identification number) to assure that a prospective Party
is in fact the entity or person who it claims it is, using appropriate due
diligence.

• Where higher risk of money laundering/terrorist financing/official

corruption -- or required by law -- take appropriate risk-based measures
for identifying and verifying the identities of the principals of Parties.
Key Business Requirements: Watchlist Checking
and KYC.

2) Watchlist checking: Prior to funding a loan or entering into

a transaction, prospective Parties should be checked
against applicable government Watchlists of known or
suspected terrorists, drug traffickers, and other sanctioned
individuals and entities.

3) KYC Minimum Requirements and Enhanced Due

Diligence. To assess the Party's risk -- both before the
relationship and throughout its lifetime -- each business
should identify the level of due diligence necessary to
“Know Your Party,” (“KYC”) and apply those measures.
Key Business Requirements: Risk-Based KYC.

Recommended KYC approach:

1. Stratify biz relationships into lower/higher risk tiers,

using factors such as geography, type of party, nature
of business, transaction type.
2.
2. For each tier, then conduct risk based due
diligence measures, deepening in extent for higher risk
customers and transactions.

• KYC is RISK-BASED: Variable, based on

circumstances
What is Risk-Based?

• The extent of Due Diligence appropriate both at the beginning and throughout
the course of the relationship -- depends upon the risk posed. Some factors:
– The types of products, services and transactions offered
– The country where the product or service is offered or transaction occurs
– The nature of the Party, including the type of business, the complexity of the legal,
ownership and management structure, the Party’s nationality, the geographical
locations where the Party does business and has financial relationships, the business’
customers and suppliers, and the sources of funds for payment
– The purpose and intended nature of the relationship, including size of the relationship
and value and velocity of transactions
– How the relationship is established, e.g., in person or over the Internet, over the
telephone or by mail (i.e., where there is no face-to-face contact)

Rule of thumb: The more transparent and easy to document the Party’s
ownership and source of funds, the lower the risk.
How Do You Perform the Due Diligence?

• Depending on the risk, appropriate due diligence may include:

– Identifying/obtaining evidence of legal existence and ownership structure
– Identifying/determining the owners, directors and senior business managers
– Obtaining source of wealth and funds information
– Obtaining financial statements
– Obtaining financial institution and trade references
– Conducting international and local media searches, Internet searches and public
record checks, and using special commercial database services
– Conducting Complinet searches or checking other lists of Politically Exposed Persons
– Conducting on-site visits of the business
– Meeting with the U.S. and other embassies in foreign jurisdictions
– Engaging a security or investigative firm with expertise in the area
Performing Due Diligence: Higher Risk
Jurisdictions.

• Secrecy and tax havens, e.g., British Virgin Islands

• Drug producing or transshipment countries, e.g.,
Colombia and Mexico
• Terrorist financing countries, e.g., Lebanon
• Countries with a high level of public corruption, e.g.,
Nigeria
• Countries unconnected with the transaction

• NOTE: Don’t take too much comfort from the fact that
a Party is not from a higher risk jurisdiction.
Performing Due Diligence: Higher Risk Customers
and Types.

• High net worth individuals

• Current and former Senior Foreign Political Figures or
Politically Exposed Persons
• Foreign Shell Banks and Banks with Offshore Licenses
– Never do business with a foreign shell bank
• Banks in a jurisdiction not logical for the transaction
• U.S. and Foreign Money Services Businesses
– Never do business with an unlicensed MSB
• Casinos and Card Clubs
• Offshore companies, partnerships, trusts
Performing Due Diligence: Higher Risk Customers
and Types.
• Sellers or Lessors of Cars, Boats
and Airplanes
• Transportation Companies
• Travel Agencies
• Jewelry, Gems and Precious Metals Dealers
• Import-Export Companies
• Cash Intensive Businesses
• Pawn Brokers
• Pay Day Lenders
• Auctioneers
• Telemarketers
• Real Estate Agents, Title Companies and Real Estate Attorneys
• Lawyers, Accountants
Key Business Requirements: Source of Funds,
Type of Funds.
- Source of funds protections ensure the funds are traceable to a
legitimate source
- Consider reaching agreement with customer on how payment will be
made, including the method and source of payment, e.g., account
number, account name, and name of the customer's bank…then check
incoming payments to ensure compliance.
– Payments from unrelated third parties should be carefully scrutinized
and a logical explanation and approval should be provided.

- Type of funds protections reduce exposure to payments that are

common
to money laundering schemes
– Consider reaching agreement with customer on what type of payment
will be made--e.g., wire transfer or check.
– Multiple payments a red flag ... should trigger further due diligence.
Types of Funds.

• The safest form of payment is by check, direct debit or wire drawn on

an account in the name of the customer at a financial institution that is
logical for the customer.
• Generally, payment policies will -
– Prohibit cash or travelers check payments
– Prohibit or restrict payments with money orders (unless a standard form of
payment for the product or service and then only in the exact amount due)
– Prohibit or restrict payments with cashier’s checks and bank drafts
– Prohibit or restrict payments with multiple instruments
– Prohibit checks drawn on accounts of non-bank financial institutions, such as
casas de cambio
– Prohibit payment from or to unrelated third parties unless approved and where
there is a logical relationship to the customer
Key Business Requirements: Cash Reporting,
Documentation, Training, and Auditing.

• Comply with cash reporting or recordkeeping

requirements, including monitoring for payments
below reporting/ recording threshold.
• Maintain documents for at least 5 years (longer
where required by law).
• Provide initial and periodic training for appropriate
employees
• Conduct compliance monitoring and periodic
independent audits
Cash Reporting Requirements.

• In the U.S., traditional financial institutions under the BSA are required
to file Currency Transaction Reports (CTRs) for all currency transactions by,
to or through the financial institution over $10,000 by or on behalf of the
same person on the same day.

• All other trades or businesses, e.g., insurance companies and

manufacturing companies, must file reports on cash received over $10,000
in one or a series of related transactions.
- Cash for certain businesses and under certain circumstances can include cash-
equivalent monetary instruments, i.e., money orders, travelers checks and bank
and cashier’s checks with face values of $10,000 or less.

- If there is a suspicion that the instruments were purchased (“structured”) in a way

to avoid cash reporting requirements, the monetary instruments must be
reported like cash.
Audit Element of the AML Compliance Program.

• For some financial institutions, periodic independent testing by a qualified

party (outside the compliance function) is legally required.
- Banks and securities broker-dealers (and soon, life insurance companies):
independent testing by internal audit or an outside firm should be conducted
annually.

• An audit should test all aspects of the program to assure compliance with
legal and regulatory requirements and the business’ KYC, payment and
suspicious activity monitoring and reporting policies and procedures and
assess the effectiveness of the program.

• Auditors must not be afraid to ask hard questions and be willing to elevate
issues if the answers are not satisfactory.

• Auditors and audit programs must be current and business-specific.

• Must be mechanisms to ensure that required remedial steps are taken.

Key Business Requirements: Suspicious Activity
Monitoring and Reporting.
• Procedures for detecting possible money laundering activity,
including routine monitoring for suspicious activity
• Procedures for seeking advice and immediately escalating
internally potentially suspicious activity or red flags of
money laundering, terrorist financing and other criminal
activity and taking appropriate action, including resolving
concerns promptly before proceeding further with the
transaction and reporting suspicious activity to
government authorities consistent with privacy and other
applicable laws
• Procedures for maintaining strict confidentiality regarding any
suspicious activity to avoid tipping off a Party and violating
criminal or civil laws
Suspicious Activity – Red Flags/Warning Signs.

• Requests or attempts to bend the rules, including the payment policy

• Reluctance to provide information or providing false or
inconsistent information
• Types of services or products (or in amounts) not consistent with the
customer’s business
• Overly complex ownership structure/structures where beneficial
ownership cannot be ascertained
• Financial relationships in jurisdictions not logical for the customer or
in high risk jurisdictions
• Transactions involving foreign shell or offshore banks or unregulated
financial institutions
• Excessive curiosity about AML policies and procedures
Suspicious Activity – Red Flags/Warning Signs.

• Rumors or negative press reports

• Subpoenas or other law enforcement inquiries
• Payments by cash or cash equivalents, particularly if just below
government reporting thresholds
• Payments from unrelated third parties
• Payments from an owner’s personal account (depending on the industry
customer profile)
• Early repayments of loans, especially with cash, cash equivalents
or payments from unrelated third parties
• Payments with multiple instruments
• Overpayments necessitating refunds without a reasonable explanation
Other BSA Reporting Requirements.

• Two BSA reporting provisions that apply to all persons

(businesses and individuals), not just to financial
institutions.
– Cross-border/international transportations, mailings,
shipments or receipts of currency or other monetary instruments
(e.g., travelers checks in any form and bearer negotiable
instruments and securities) in excess of $10,000 must be
reported to Customs (the Report of International Transportation
of Currency or Monetary Instruments or “CMIR” requirement).
– Persons subject to U.S. jurisdiction must file reports on bank
and other foreign accounts valued over $10,000 in a
calendar year (the Foreign Bank and Financial Accounts Report
or “FBAR” requirement).
Suspicious Activity Reporting Requirement.

• Applicability of BSA SAR Requirement

• Required
– Banks and their operating subsidiaries
– Securities Broker-Dealers
– Including insurance companies registered with the SEC solely for the purpose of
selling variable products with respect to those products
– Money Services Businesses
– Insurance Companies – as of May 2, 2006
– Would cover only the portion of the business that deals in life and investment
products with exceptions for term and group insurance
• Proposed
– Mutual Funds
– Responsibilities can be apportioned by contract, e.g., if funds are sold through an
independent broker-dealer
• Expected
– Non-depository subsidiaries of Savings and Loan Holding Companies in
appropriate cases.
Suspicious Activity Reporting Requirement.

• Covered financial institutions must file SARs on transactions where

the institution knows, suspects or has reason to suspect that there
has been a transaction, transactions or attempted transactions by,
through or to the institution:
– Involving possible violations of federal law or regulation,
– Involving money laundering or BSA violations, including structuring,
– Involving the use of legitimately-derived funds to finance criminal
activity, e.g., terrorism, or
– If the transaction has no business or lawful purpose or is not the sort in
which the particular customer would normally be expected to engage,
and the bank knows of no reasonable explanation. . . .
• Also, in the U.S., non-depository subsidiaries of Savings and Loan
Holding Companies are strongly encouraged by the OTS to file
SARs in appropriate circumstances.
Terrorist Financing – The Challenge.

• One of the reasons terrorist financing is so difficult to

detect is that the amounts of money involved can be
small.
– Entire 9/11 operation est. cost: $400-500K, with $270 spent in
the United States.
– USS Cole operation is estimated to have cost < $10K.
– Many of the terrorists came with their own funds – traveler’s
checks and ATM cards on Middle Eastern accounts. The
hijackers that used U.S. banks, contrary to press reports, had
legitimate identification and did not use false social security
numbers.
– There were, however, five wire transfers to an account at a bank
in Florida from Dubai (the largest $70,000) which today would
most likely attract the attention of a bank, especially by a
customer whose occupation was “student.”
Terrorist Financing.

• Sometimes, terrorist cells will have to support

themselves with Focus on criminal activities that
generate proceeds and charitable contribution
financing.
• crime – drug trafficking, cigarette smuggling, dealing in
counterfeit goods, identity theft, and credit card fraud.
– Traditional criminal money laundering needs … may be
vulnerable to detection.
• Terrorist organizations also receive funds from legal
sources channeled through non-government
organizations and charities – “reverse money
laundering.”
– These cases show that, in conducting KYC on non-profit
organizations, you need to understand carefully the objects
of the client’s benevolence.
Case Examples – Banco Popular de Puerto Rico.

• In January 2003, federal money laundering/BSA

case that showed the U.S. government
continues to focus on traditional money
laundering.
• The bank was in a time warp - Miami circa. 1980 -
when drug money launderers brought cash into many
banks by the bagful without raising any red flags.
• The case was settled by a “deferred prosecution”
agreement requiring payment in lieu of a forfeiture of
$21 million, which also satisfied the BSA penalty.
Banco Popular de Puerto Rico – Lessons Learned.

• The case involved accounts for two local businesses

and an account for a Dominican Republic money
transmitter.

• As reported, the facts appear to support a finding of

willful blindness to the illegal source of funds at a
minimum.

• It is alleged that the bank failed to conduct adequate

due diligence on the customers and that there had
been total inattention throughout the bank to
monitoring and reporting of suspicious activity.
Banco Popular de Puerto Rico – Lessons Learned.

• With respect to the largest of the accounts (into which

$20 million was deposited in less than three years),
the red flags were flying full staff
- The customer described his business at various times to
bank personnel as different things -- as a phone card
seller/money transmitter, as a café and as a gas station.

- There was a dramatic rapid increase in deposits – in cash, in

small bills, sometimes brought in paper bags or gym bags.

- Cash deposits were followed by domestic and international

funds transfers to over 300 entities in the US and abroad.
Banco Popular de Puerto Rico – Lessons Learned.

• The gang could not shoot straight!

- The business was one block from the bank. Employees
walked by it on the way to work and remarked that there did
not seem to be many customers.
- An employee told the branch manager early in the account
history that the activity was suspicious. There was no
followup.
- At one point, the customer was asked to use the night
deposit box because counting his cash was tying up normal
activity.
- When asked why his deposits increased, the customer said
he had consolidated his bank accounts. No attempt was
made to confirm this.
Banco Popular de Puerto Rico – Lessons Learned.

• It gets worse . . .
- At one point, the legal department received a
criminal subpoena for account records. They
never informed the branch or the Compliance
Department.
- When the bank finally filed a SAR, apparently after
a visit by a Customs agent, only a small fraction of
the activity was reported.
- The Compliance Department then failed to notify
senior management of the seriousness of the SAR
situation.
Banco Popular de Puerto Rico – Lessons Learned.

• Are there lessons non-bank leasing businesses can learn from a

bank and a drug money laundering case?
– Employee training is essential.
– KYC – Bakery Rule (If they say they are a bakery, there better be
bread).
– Never ignore red flags such as unusual spikes in business activity.
– Establish good lines of communication within an organization.
– Confession is good for the soul, unless you hold back the big sins.
– Subpoenas are wake up calls, even if you have been asleep a long
time.
– A good compliance officer and/or audit program can save the day.
– Be alert to clients who are or use non-traditional financial institutions
and clients in countries that are high risk for money laundering.
Case Example: AmSouth.

• Based on failure to identify and report suspicious activity with

aggravating circumstances.
• The unreported matters involved fraud, not classic money
laundering, drugs, terrorism, or public corruption.
• Results
- Deferred prosecution with a $40 million forfeiture
- $10 million BSA civil penalty – Federal Reserve and FinCEN
- Cease and Desist Order – Federal Reserve and state regulator
• Key failings
- Poor communication within the bank
- Poor training on the SAR requirements
- Did not respond timely or fully to subpoenas
Case Example: Riggs Bank.

• AML compliance failures led to the demise of this bank to the

Presidents. In February 2005, Riggs Bank pleaded guilty to criminal
BSA violations based on failure to report suspicious activity and paid a
$16 million criminal fine.
• This is one chapter in a long history of BSA/AML compliance problems
at Riggs that apparently reached the highest levels of the bank.
• The Riggs matter has created a current regulatory environment in the
U.S. of low tolerance for AML/BSA failures and high government
expectations.
• The compliance issues center on three problematic groups of clients:
- Saudi Embassy related accounts
- Teodoro Obiang/Equtorial Guinea accounts
- Augusto Pinochet
Results for Riggs.

• Criminal plea to Bank Secrecy Act violations -- $16 million fine

• Ongoing criminal investigations of individuals
• Two enforcement orders/$25 million civil penalty
• Congressional hearings/adverse publicity
• Shareholder suits
• Spanish criminal case settlement, including former Chairman
• Loss of key business lines – the Edge, Embassy banking – and,
ultimately, sale of the bank at a reduced price
• Loss of half of the jobs post-acquisition
• Lost reputation never to be regained
• U.S. regulators on a mission
Conclusion.

• Benefits of a Strong AML Program

- In an anti-terrorism climate, guarding your business’ brand—
likely your business’ largest asset

- Avoiding criminal and civil liability and enforcement actions

- Avoiding aggressive scrutiny and micro management by

regulators

- Direct business savings by reducing collateral fraud risks

through strong KYC
Enhanced Due Diligence:

Avoiding “Aiding & Abetting”

Liability
Overview.

1. Aiding & Abetting Liability:

What is it?
2. Why be Concerned?
3. Recent Cases
4. Suggested Business Approach
5. Tips for Tax Counsel & Accountants
 Aiding & Abetting Liability: What is it?

Elements:

1. Illegal or wrongful conduct by

WSJ, 11/3/04 another person or party (a “primary
Bank of America Settles Suit
Over the Collapse of Enron actor”);
By RICK BROOKS and CARRICK MOLLENKAMP
Staff Reporters of THE WALL STREET JOURNAL
July 6, 2004; Page C3

Bank of America Corp. became the first 2. The business knows or should
bank to settle a class-action lawsuit
alleging that some of the top U.S. have known of the illegality or
financial institutions participated in a
scheme with Enron Corp. executives to wrongful conduct; and
deceive shareholders.

3. The business provides substantial

assistance to the primary actor in
carrying out the illegal or wrongful
conduct.

Never Assist Another’s Wrongdoing…

Customer is NOT Always Right!
Scope is Potentially Broad.
Government or Plaintiff May Argue:

• Both the business and individual employees liable

• Liability may arise from affirmative assistance, failure to act, failure to
disclose, or concealment.
• Actual knowledge not required – “reckless disregard” sufficient
(e.g., existence of red flags without proper investigation)
• Knowledge of employees throughout business may be aggregated
to make a case of actual knowledge or reckless disregard
• Acts/omissions outside U.S. can lead to liability both outside and in
the U.S.
 More Resources … More Enforcement
Disgorgement & Penalties
SEC budget increased ($MM)
108% in 3 years 3500
$913 3100
1000 $842
3000
$716
800 2500
600 2000
675%
$438
1300
400 1500

1000
200 402
500
0
in milions FY2002 FY2003 FY2004 FY2005 0
FY2003 FY2004 FY2005

+
¾842 new staff members in FY
’03 & ‘04 … 100+ more in 2005
 Examples of Enforcement Activities Against Public
Companies
Types of cases - FY 2004 Earnings Management 2005 –
Market
Manipulation
fraudulent schemes to inflate
Securities
Other
6% revenue and earnings to meet
Offering Insider
15% 8%
Trading
or exceed Wall Street
7% projections
Broker-Dealer • Symbol Technologies
22%
• HealthSouth
Investment
• Bristol-Myers Squibb
Financial
Companies Disclosure • Huntington Bancshares
14% 28%

Aider and Abetter Claims

Accounting fraud/inaccurate disclosure 2005 2004/05– assisted customer in
engaged in improper accounting, fraudulent carrying out fraud
transactions or reported false results • Time Warner for Homestore
• Kmart • Time Warner • General Re for AIG
• Global Crossing • Qwest • Financial institutions for Enron
• Waste Management • Adelphia • Vendors of Royal Ahold
• Worldcom • Homestore
 Who’s Paying for Enron?
Shareholder suit involves 10 Bankruptcy Court Enforcement suits
financial institutions …> $7 “Megaclaims” suit brought by brought by SEC and local
billion so far Enron district attorneys

Settled: Settled: Settled:

CIBC - $2.4 b
JPM Chase - $2.2 b
Citi - $2 b
Lehman - $222.5 mm
Banc of America - $69 mm
Outside directors - $168 mm
Arthur Andersen - $32 mm
Not yet resolved: Merrill,
Deutsche Bank, CSFB,
Barclays
Royal Bank of Canada - $25 CIBC - $80 mm
mm JPM Chase - $135 mm
RBS - $20 mm Citi - $120 mm
CIBC - $250 mm Merrill - $80 mm
Toronto Dominion - $130 mm
JPM Chase - $350 mm SEC may bring action
against other parties as
well
Not yet resolved: Barclays, Citi,
CSFB, Deutsche Bank, Merrill

$8.2 Billion So Far … and Climbing

 Other Recent Cases
• Daniel Bayly, former head of Merrill Lynch Investment Banking
Serving 30 months in prison for Nigerian barge deal. Government alleged side deal
guaranteed Merrill 15% return on $7 million investment.
Bayly’s involvement -- single 7 minute conference call.

• Royal Ahold
Nine executives charged in scheme to create accounting fraud; company to pay
$1.1 billion.

“If you know or have reason to know that your are helping a company
mislead its investors, you are in violation of the federal securities laws.”
Stephen Cutler, Director, SEC Enforcement Division
A Real Threat Against Financing
Companies
¾Involvement in Structuring or Advising on Improper Deals

¾Helping to Finance “Sham” Transactions

¾Financing a Company That Is Engaged in Illegal/Improper

Conduct or in Breaching Its Obligations to Others

¾Enabling Securities Fraud, Accounting Fraud, Tax Evasion

¾Enabling Officers or Directors to Breach Fiduciary Duties

Red Flags: Transactions
Channel Stuffing
Inflates sales figures by forcing more
products through a distribution channel than
• Unusual deal structures / use of
the channel can sell …especially common at offshore vehicles
quarter or year end.
• Transactions with no apparent
economic justification
Side Letters
Material terms placed in separate writings or • No true transfer of risk/reward
oral arrangements…used to argue intent to
keep key parts of an agreement secret. • End of period transactions
• Tax-motivated transactions
Conditional Sales/Purchase • “Window dressing” deals
Agreement
Transfer of assets or securities, where parties • Transactions structured to
contemplate a subsequent, unusual return circumvent known regulatory
or “round-tripping” of those
requirements, or illegally evade
assets…arguably shows sale was a sham,
e.g. to inflate income. tax obligations
Red Flags: Certifications
Areas of Concern: Potential Exposure Areas:
• Customer requests to make • Product and equipment
any representation that is: servicing and other support
- inaccurate services
- incomplete
• Performance of government
even where the certification
contracts
does not involve an unsafe,
life threatening or dangerous
condition
• Certifications to allow 3rd
party to circumvent known
regulatory requirements

Not Limited to Financial Fraud

Cases
 Steps You Can Take
That May Mitigate Red Flags
¾ Increased Focus on “Know Your Customer” and “Know Your Deal”
Crucial

¾ Ensure Knowledge of the Deal’s Business Justification

¾ Obtain Opinions from Outside Counsel

¾ Review by Third-Party Participants

¾ Expanded Customer Representations

¾ Do Not Assume That a Customer’s Violation of Laws, Accounting Rules,

Fiduciary Duties Or Third Party Contracts is “Not Our Problem!”

¾ If it LOOKS like a duck and QUACKS like a duck it probably is a DUCK!

Don’t Just Document The File - Ask Questions, Drill Down, Investigate,
Elevate Issues and Really Understand The Deal
Final Tips. Final Tips

Public Companies present potential for greater exposure

• View transaction from customer standpoint

• Small employee involvement could carry big penalty

• Market Practice not necessarily a defense

• There are other theories

• Equitable Subordination (Enron decision): Courts may bar recovery on
good deals if you also made some bad deals
• Deepening Insolvency
• European experience
Consumer Leasing and Personal Property Leasing
Compliance.

• At the Federal level, a consumer lease is

governed by the Consumer Leasing Act (15
U.S.C. 1667-1667e) and Regulation M (12
C.F.R. 213).

• National banks and their operating subsidiaries

must also comply with 12 U.S.C. 24 (Seventh),
12 U.S.C. 24 (Tenth) and 12 C.F.R. 23. See
also 12 C.F.R. 211.5 (d)(3) and (d)(19) and 12
C.F.R. 225.28(b).
Consumer Leasing and Personal Property Leasing
Compliance.

• There are also state laws governing consumer

leasing and personal property leasing
compliance.

• In some cases, Regulation M preempts the state

laws, but in other cases, it does not.
Federal Preemption of State Law. 12 C.F.R. 213.9.

• State law that is inconsistent with the

requirements of the Consumer Leasing Act and
Regulation M is preempted to the extent of the
inconsistency. If a lessor cannot comply with a
state law without violating a provision of
Regulation M, the state law is inconsistent and is
preempted, unless the state law gives greater
protection and benefit to the consumer.
Scope and Purpose of Federal Law. 12 C.F.R.
213.1(b).
• Regulation M of the Board of Governors of the Federal
Reserve System, the Consumer Leasing Regulation,
applies to all persons that are lessors of personal
property under consumer leases.
• The purpose of Regulation M is to:
• 1. ensure that lessees of personal property receive
meaningful disclosures that enable them to compare
lease terms with other leases and, where
appropriate, with credit transactions;
• 2. limit the amount of balloon payments in consumer
lease transactions; and
• 3. provide for the accurate disclosure of lease terms in
advertising.
Key Definitions. 15 U.S.C. 1667.

• A consumer lease is a contract in the form of a lease or

bailment for the use of personal property by a natural
person for a period of time exceeding four months, and
for a total contractual obligation not exceeding $25,000,
primarily for personal, family, or household purposes,
whether or not the lessee has the option to purchase or
otherwise become the owner of the property at the
expiration of the lease. The term does not include a
lease for agricultural, business, or commercial purposes,
or to a government or governmental agency or
instrumentality, or to an organization.
Key Definitions. 15 U.S.C. 1667.

• A “lessee” is a natural person who leases or is

offered a consumer lease. A “lessor” is a person
who is regularly engaged in leasing, offering to
lease, or arranging to lease under a consumer
lease. “Personal property” is any property which
is not real property under the laws of the State
where situated at the time offered or otherwise
made available for lease.
Required Disclosures. 15 U.S.C. 1667a.

• Each lessor shall give a lessee prior to the

consummation of the lease a dated written statement on
which the lessor and lessee are identified setting out
accurately and in a clear and conspicuous manner the
following information with respect to that lease, as
applicable:
• 1. A brief description or identification of the leased
property;
• 2. The amount of any payment by the lessee required
at the inception of the lease;
• 3. The amount paid or payable by the lessee for official
fees, registration, certificate of title, or license fees or
taxes;
Required Disclosures. 15 USC 1667a.

• 4. The amount of other charges payable by the lessee

not included in the periodic payments, a description
of the charges and that the lessee shall be liable for
the differential, if any, between the anticipated fair
market value of the leased property and its
appraised actual value at the termination of the
lease, if the lessee has such liability;
• 5. A statement of the amount or method of determining
the amount of any liabilities the lease imposes upon
the lessee at the end of the term and whether or not
the lessee has the option to purchase the leased
property and at what price and time;
Required Disclosures. 15 U.S.C. 1667a.

• 6. A statement identifying all express warranties and

guarantees made by the manufacturer or lessor with
respect to the leased property, and identifying the
party responsible for maintaining or servicing the
leased property together with a description of the
responsibility;
• 7. A brief description of insurance provided or paid
for by the lessor or required of the lessee, including
the types and amounts of the coverages and costs;
Required Disclosures. 15 U.S.C. 1667a.

• 8. A description of any security interest held or to be

retained by the lessor in connection with the lease
and a clear identification of the property to which the
security interest relates;
• 9. The number, amount, and due dates or periods of
payments under the lease and the total amount of
such periodic payments;
Required Disclosures. 15 U.S.C. 1667a.

• 10. Where the lease provides that the lessee shall be

liable for the anticipated fair market value of the
property on expiration of the lease, the fair market
value of the property at the inception of the lease,
the aggregate cost of the lease on expiration, and
the differential between them; and
• 11. A statement of the conditions under which the
lessee or lessor may terminate the lease prior to the
end of the term and the amount or method of
determining any penalty or other charge for
delinquency, default, late payments, or early
termination.
Lessee Liability. 15 U.S.C. 1667b.

• Where the lessee’s liability on expiration of a consumer

lease is based on the estimated residual value of the
property, the estimated residual value shall be a
reasonable approximation of the anticipated actual fair
market value of the property on lease expiration. The
following rebuttable presumptions apply:

• 1. The estimated residual value is unreasonable to

the extent that the estimated residual value exceeds
the actual residual value by more than three times
the average payment allocable to a monthly period
under the lease.
Lessee Liability. 15 U.S.C. 1667b.

• 2. Where the lessee has such liability on expiration of a

consumer lease, the lessor’s estimated residual
value is not in good faith to the extent that the
estimated residual value exceeds the actual residual
value by more than three times the average
payment allocable to a monthly period under the
lease.
• The presumptions do not apply to the extent the excess
of estimated over actual residual value is due to physical
damage to the property beyond reasonable wear and
use, or to excessive use, and the lease may set
standards for such wear and use if such standards are
not unreasonable.
Advertising Generally. 15 U.S.C. 1667c; 12 C.F.R.
213.2(b).

• Advertisement means a commercial message in any

medium that directly or indirectly promotes a consumer
lease transaction. If an advertisement for a consumer
lease includes a statement of the amount of any
payment or a statement that any or no initial payment is
required, the advertisement must clearly and
conspicuously state, as applicable:

• 1. the transaction advertised is a lease;

• 2. the total amount of any initial payments required on
or before consummation of the lease or delivery
of the property, whichever is later;
Advertising Generally. 15 U.S.C. 1667c; 12 C.F.R.
213.2(b).

• 3. that a security deposit is required;

• 4. the number, amount, and timing of scheduled
payments; and
• 5. with respect to a lease in which the liability of the
consumer at the end of the lease term is based on
the anticipated residual value of the property, that an
extra charge may be imposed at the end of the lease
term.
Radio Advertising. 15 U.S.C. 1667c.

• An advertisement by radio broadcast will be

deemed to be in compliance with the general
requirements if the advertisement:

• 1. clearly and conspicuously indicates that the

transaction advertised is a lease and the
total amount of any initial payments required
on or before consummation of the lease or
delivery of the property, whichever is later;
Radio Advertising. 15 U.S.C. 1667c.

2. provides the number, amounts, due dates or

periods of scheduled payments, and the total
of such payments under the lease; and
3. refers to a toll free number or the name and
date of a written advertisement so long the
advertisement is broadcast three days prior
to the broadcast or ten days after the
broadcast.
Liability of Lessors. 15 U.S.C. 1667d and 15
U.S.C. 1640.

• Except as otherwise provided in this section, a lessor

who fails to comply with Section 1667-1667d is liable to
such person in an amount equal to the sum of:

• 1. any actual damage sustained by such person as a

result of the failure;
• 2. in the case of an individual action, twice the amount
of any finance charge in connection with the
transaction;
Liability of Lessors. 15 U.S.C. 1667d and 15
U.S.C. 1640.
• 3. in the case of an individual action relating to a
consumer lease under part E, 25 per centum of the
total amount of monthly payments under the lease,
except that the liability shall not be less than $100
nor greater than $1,000, or
• 4. in the case of a class action, such amount as the
court may allow, except that as to each member of
the class no minimum recovery shall be applicable,
and the total recovery in any class action or
series of class actions arising out of the same
failure to comply by the same creditor shall not be
more than the lesser of $500,000 or 1 per centum of
the net worth of the creditor;
Federal Enforcement Agencies. 12 C.F.R. 213,
Appendix B.

• 1. The Comptroller of the Currency is the enforcement

agency for national banks and federal branches and
federal agencies of foreign banks.

• 2. The Federal Reserve is the enforcement agency for

state member banks, branches and agencies of
foreign banks (other than federal branches, federal
agencies, and insured state branches of foreign
banks), commercial lending companies owned or
controlled by foreign banks, and organizations
operating under section 25 or 25A of the Federal
Reserve Act.
Federal Enforcement Agencies. 12 C.F.R. 213,
Appendix B.

• 3. The Federal Deposit Insurance Corporation is the

enforcement agency for nonmember insured banks
and insured state branches of foreign banks.

• 4. The Office of Thrift Supervision is the enforcement

agency for savings institutions insured under the
Savings Association Insurance Fund of the FDIC
and federally chartered savings banks insured under
the Bank Insurance Fund of the FDIC (but not
including state-chartered savings banks insured
under the Bank Insurance Fund).
Federal Enforcement Agencies. 12 C.F.R. 213,
Appendix B.

• 5. The National Credit Union Administration is

the enforcement agency for Federal credit
unions.

• 6. The Department of Transportation, Aviation

Enforcement and Proceedings is the
enforcement agency for air carriers.

• 7. The Packers and Stockyards Administration is

the enforcement agency for those who are
subject to the Packers and Stockyards Act.
Federal Enforcement Agencies. 12 C.F.R. 213,
Appendix B.

• 8. The Farm Credit Administration is the

enforcement agency for Federal land banks,
Federal land bank associations, Federal
intermediate credit banks, and production
credit associations.

• 9. The Federal Trade Commission is the

enforcement agency for all other lessors.
National Bank Authority to Engage in Personal
Property Leasing. 12 U.S.C. 24.

• To resolve a controversy over whether a national bank is

authorized to engage in personal property leasing
activity, Congress added Paragraph Tenth to 12 U.S.C.
24, which provides that a national bank may invest in
tangible personal property, including, without limitation,
vehicles, manufactured homes, machinery, equipment,
or furniture, for lease financing transactions on a net
lease basis, but such investment may not exceed 10
percent of the assets of the national bank. Prior to that,
national banks relied upon 12 U.S.C. 24 (Seventh).
The Comptroller of the Currency’s Personal
Property Leasing Regulation. 12 C.F.R. 23.3 (a).

• A national bank may acquire personal property

for the purpose of, or in connection with leasing
property, and may engage in activities incidental
thereto, if the lease qualifies as a full-payout
lease and a net lease. Full-payout lease means
a lease in which the national bank reasonably
expects to realize the return of its full investment
in the leased property, plus the estimated cost of
financing the property over the term of the lease,
from rentals, estimated tax benefits and the
estimated residual value of the property at the
expiration of the lease term.
The Comptroller of the Currency’s Personal
Property Leasing Regulation. 12 C.F.R. 23.3 (a).

• Net lease means a lease under which the

national bank will not, directly or indirectly,
provide or be obligated to provide for:
• 1. Servicing, repair, or maintenance of the
leased property during the lease term;
• 2. Parts or accessories for the leased property;
• 3. Loan of replacement or substitute property
while the leased property is being serviced;
The Comptroller of the Currency’s Personal
Property Leasing Regulation. 12 C.F.R. 23.3 (a).

• 4. Payment of insurance for the lessee, except

where the lessee has failed in its contractual
obligation to purchase or maintain required
insurance; or
• 5. Renewal of any license or registration for the
property unless renewal by the bank is
necessary to protect its interest as
owner or financier of the property.
The Comptroller of the Currency’s Personal
Property Leasing Regulation. 12 C.F.R. 23.3 (b).

• If, in good faith, a national bank believes that

there has been a change in condition that
threatens its financial position by increasing its
exposure to loss, then the bank may:
• 1. Take reasonable and appropriate action to
salvage or protect the value of the leased
property or its interests arising under the
lease; and
• 2. Acquire or perfect title to the leased property
pursuant to any existing rights.
The Comptroller of the Currency’s Personal
Property Leasing Regulation. 12 C.F.R. 23.3 (b).

• A national bank may include any provision in a

lease, or make any additional agreement, to
protect its financial position or investment in the
event of a change in conditions that would
increase its exposure to loss.
• A national bank may arrange for a third party to
provide any of the services enumerated in 12
C.F.R. 23.2(f) to the lessee at the expense of the
lessee.
The Comptroller of the Currency’s Personal
Property Leasing Regulation. 12 C.F.R. 23.4 (a)

• A national bank may acquire specific property to be

leased only after the bank has entered into:
• 1. A conforming lease;
• 2. A legally binding written agreement that indemnifies
the bank against loss in connection with its
acquisition of the property; or
• 3. A legally binding written commitment to enter into
a conforming lease.
• A conforming lease means a lease authorized under 12
U.S.C. 24 (Tenth) or 12 U.S.C. 24 (Seventh).
The Comptroller of the Currency’s Personal
Property Leasing Regulation. 12 C.F.R. 23.4 (b)
• A national bank may acquire property to be leased
without complying with the requirements of 12 CFR 23.4
(a) if:

• 1. The acquisition of the property is consistent with the

leasing business then conducted by the bank or is
consistent with a business plan for expansion of the
bank's existing leasing business or for entry into the
leasing business; and
• 2. The bank's aggregate investment in property held
does not exceed 15 percent of the bank's capital and
surplus.
The Comptroller of the Currency’s Personal
Property Leasing Regulation. 12 C.F.R. 23.4 (c)
• At the expiration of the lease (including any renewals or
extensions with the same lessee), or in the event of a
default on a lease agreement prior to the expiration of
the lease term, a national bank shall either liquidate the
off-lease property or re-lease it under a conforming lease
as soon as practicable. Liquidation or re-lease must
occur not later than five years from the date that the
bank acquires the legal right to possession or control of
the property, except the OCC may extend the period for
up to an additional five years, if the bank provides a
clearly convincing demonstration why any additional
holding period is necessary. The bank must value off-
lease property at the lower of current fair market value or
book value promptly after the property becomes off-
lease property.
The Comptroller of the Currency’s Personal
Property Leasing Regulation. 12 C.F.R. 23.10.

• Pursuant to 12 U.S.C. 24(Tenth) a national bank may

invest in tangible personal property, including vehicles,
manufactured homes, machinery, equipment, or
furniture, for the purpose of, or in connection with leasing
that property, if the aggregate book value of the property
does not exceed 10 percent of the bank's consolidated
assets and the related lease is a conforming lease. For
the purpose of measuring compliance with the 10
percent limit, a national bank records the investment in a
lease entered into net of any nonrecourse debt the bank
has incurred to finance the acquisition of the leased
asset.
The Comptroller of the Currency’s Personal
Property Leasing Regulation. 12 C.F.R. 23.11.

• A lease authorized by 12 U.S.C. 24

(Tenth) must have an initial term of not
less than 90 days. A national bank may
acquire property subject to an existing
lease with a remaining maturity of less
than 90 days if, at its inception, the lease
was a conforming lease.
The Comptroller of the Currency’s Personal
Property Leasing Regulation. 12 C.F.R. 23.20.

• Pursuant to 12 U.S.C. 24 (Seventh) a national

bank may invest in tangible or intangible
personal property, including vehicles,
manufactured homes, machinery, equipment,
furniture, patents, copyrights, and other
intellectual property, for the purpose of, or in
connection with leasing that property, if the
related lease is a conforming lease representing
a noncancelable obligation of the lessee
(notwithstanding the possible early termination
of that lease).
Privacy and Information Sharing; Graham Leach
Bliley and Its Implementing Regulations.

• In addition to Sections 6801-6809, each of the Federal

Reserve, the FDIC, the OCC and the Federal Trade
Commission (the “FTC”) has adopted privacy
regulations. See 15 U.S.C. 6801-6809; 12 C.F.R. 216;
12 C.F.R. 332; 12 C.F.R. 40 and 16 C.F.R. 313
(collectively, the regulations shall be referred to as the
“Privacy Regulations”).

• The Privacy Regulations place limitations on the

circumstance in which financial institutions may disclose
nonpublic personal information of consumers and
requires certain disclosures to be made.
Scope of the Privacy Regulations.

• The Privacy Regulations apply only to nonpublic

personal information about individuals who obtain
financial products or services primarily for personal,
family or household purposes.

• The Privacy Regulations do not apply to information

about companies or about individuals who obtain
financial products or services for business, commercial,
or agricultural purposes.
Key Definitions in the Privacy Regulations -
Customer.

• Customer means a consumer who has a

customer relationship with you.
• Customer relationship means a continuing
relationship between a consumer and you under
which you provide one or more financial
products or services to the consumer that are to
be used primarily for personal, family, or
household purposes.
Key Definitions in the Privacy Regulations -
Customer.

• A consumer has a continuing relationship with

you if the consumer:
• 1. Has a credit or investment account with you;
• 2. Obtains a loan from you;
• 3. Purchases an insurance product from you;
• 4. Holds an investment product through you,
such as when you act as a custodian for
securities or for assets in an Individual
Retirement Arrangement;
Key Definitions in the Privacy Regulations -
Customer.

• 5. Enters into an agreement or understanding

with you whereby you undertake to arrange
or broker a home mortgage loan, or credit to
purchase a vehicle, for the consumer;
• 6. Enters into a lease of personal property on a
non-operating basis with you;
• 7. Obtains financial, investment, or economic
advisory services from you for a fee;
• 8. Becomes your client for the purpose of
obtaining tax preparation or credit counseling
services from you;
Key Definitions in the Privacy Regulations -
Customer.

• 9. Obtains career counseling while seeking

employment with a financial institution or the
finance, accounting, or audit department of any
company (or while employed by such a financial
institution or department of any company);
• 10. Is obligated on an account that you purchase from
another financial institution, regardless of whether
the account is in default when purchased, unless
you do not locate the consumer or attempt to collect
any amount from the consumer on the account;
• 11. Obtains real estate settlement services from you; or
• 12. Has a loan for which you own the servicing rights.
Key Definitions in the Privacy Regulations -
Customer.
• A consumer does not have a continuing relationship with
you if:
• 1. The consumer obtains a financial product or service
from you only in isolated transactions, such as using
your ATM to withdraw cash from an account at
another financial institution; purchasing a money
order from you; cashing a check with you; or making
a wire transfer through you;
• 2. You sell the consumer's loan and do not retain the
rights to service that loan;
• 3. You sell the consumer airline tickets, travel
insurance, or traveler's checks in isolated
transactions;
Key Definitions in the Privacy Regulations -
Customer.

• 5. The consumer obtains one-time personal or

real property appraisal services from you; or
• 6. The consumer purchases checks for a
personal checking account from you.
Key Definitions in the Privacy Regulations –
Financial Institutions.

• Examples of Financial Institutions include:

• 1. A retailer that extends credit by issuing its

own credit card directly to consumers.
• 2. A personal property or real estate appraiser.
• 3. An automobile dealership that, as a usual
part of its business, leases automobiles on a
nonoperating basis for longer than 90 days.
Key Definitions in the Privacy Regulations –
Financial Institutions.

• 4. A career counselor that specializes in

providing career counseling services to
individuals currently employed by or recently
displaced from a financial organization,
individuals who are seeking employment with
a financial organization, or individuals who
are currently employed by or seeking
placement with the finance, accounting or
audit departments of any company.
Key Definitions in the Privacy Regulations –
Financial Institutions.

• 5. A business that prints and sells checks for

consumers, either as its sole business or as
one of its product lines.
• 6. A business that regularly wires money to and
from consumers.
Key Definitions in the Privacy Regulations –
Financial Institutions.

• 7. A check cashing business.

• 8. An accountant or other tax preparation
service that is in the business of completing
income tax returns is a financial institution
because tax preparation services.
• 9. A business that operates a travel agency in
connection with financial services.
Key Definitions in the Privacy Regulations –
Financial Institutions.

• 10. An entity that provides real estate settlement

services.
• 11. A mortgage broker.
• 12. An investment advisory company and a
credit counseling service.
• 13. Banks.
• 14. Investment banks.
• 15. Thrifts.
• 16. Insurance companies.
Key Definitions in the Privacy Regulations –
Financial Institutions.

• Financial institution does not include:

• 1. Any person or entity with respect to any
financial activity that is subject to the
jurisdiction of the Commodity Futures
Trading Commission;
• 2. The Federal Agricultural Mortgage
Corporation or any entity chartered and
operating under the Farm Credit Act of 1971;
or
Key Definitions in the Privacy Regulations –
Financial Institutions.

• 3. Institutions chartered by Congress

specifically to engage in securitizations,
secondary market sales (including sales of
servicing rights) or similar transactions
related to a transaction of a consumer, as
long as such institutions do not sell or
transfer nonpublic personal information to a
nonaffiliated third party other than as
permitted.
• 4. Entities that engage in financial activities but
that are not significantly engaged in those
financial activities.
Key Definitions in the Privacy Regulations –
Financial Institutions.

• Examples of entities that are not significantly

engaged in financial activities include:
• 1. A retailer if its only means of extending credit
are occasional “lay away” and deferred
payment plans or accepting payment by
means of credit cards issued by others.
• 2. A retailer is not a financial institution merely
because it accepts payment in the form of
cash, checks, or credit cards that it did not
issue.
Key Definitions in the Privacy Regulations –
Financial Institutions.

• 3. A merchant is not a financial institution

merely because it allows an individual to “run
a tab.”
• 4. A grocery store is not a financial institution
merely because it allows individuals to whom
it sells groceries to cash a check, or
write a check for a higher amount than the
grocery purchase and obtain cash in return.
Key Definitions in the Privacy Regulations –
Nonpublic Personal Information.
• Nonpublic personal information means personally
identifiable financial information and any list, description,
or other grouping of consumers (and publicly available
information pertaining to them) that is derived using any
personally identifiable financial information that is not
publicly available.
• Nonpublic personal information does not include publicly
available information included on certain lists or any list,
description, or other grouping of consumers (and publicly
available information pertaining to them) that is derived
without using any personally identifiable financial
information that is not publicly available.
Key Definitions in the Privacy Regulations –
Nonpublic Personal Information.

• The covered list includes any list of individuals' names

and street addresses that is derived in whole or in part
using personally identifiable financial information (that is
not publicly available), such as account numbers.
• Nonpublic personal information does not include any list
of individuals' names and addresses that contains only
publicly available information, is not derived, in whole or
in part, using personally identifiable financial information
that is not publicly available, and is not disclosed in a
manner that indicates that any of the individuals on the
list is a consumer of a financial institution.
Key Definitions in the Privacy Regulations –
Personally Identifiable Financial Information.

• Personally identifiable financial information

means any information:
• 1. A consumer provides to you to obtain a
financial product or service from you;
• 2. About a consumer resulting from any
transaction involving a financial product or
service between you and a consumer; or
• 3. You otherwise obtain about a consumer in
connection with providing a financial product
or service to that consumer.
Key Definitions in the Privacy Regulations –
Personally Identifiable Financial Information.

• Personally identifiable financial information

includes:
• 1. Information a consumer provides to you on
an application to obtain a loan, credit card, or
other financial product or service;
• 2. Account balance information, payment
history, overdraft history, and credit or debit
card purchase information;
• 3. The fact that an individual is or has been one
of your customers or has obtained a financial
product or service from you;
Key Definitions in the Privacy Regulations –
Personally Identifiable Financial Information.

• 4. Any information about your consumer if it is

disclosed in a manner that indicates that the
individual is or has been your consumer;
• 5. Any information that a consumer provides to
you or that you or your agent otherwise
obtain in connection with collecting on, or
servicing, a credit account;
• 6. Any information you collect through an
Internet “cookie”; and
• 7. Information from a consumer report.
Key Definitions in the Privacy Regulations –
Personally Identifiable Financial Information.

• Personally identifiable financial information does

not include a list of names and addresses of
customers of an entity that is not a financial
institution and information that does not identify
a consumer, such as aggregate information or
blind data that does not contain personal
identifiers such as account numbers, names, or
addresses.
Initial Privacy Notice.

• You must provide a clear and conspicuous

notice that accurately reflects your privacy
policies and practices to an individual who
becomes your customer, not later than when you
establish a customer relationship with a limited
exception and a consumer, before you disclose
any nonpublic personal information about the
consumer to any nonaffiliated third party, if you
make the disclosure other than as authorized by
16 C.F.R. 313.14 and 313.15.
Initial Privacy Notice.

• You are not required to provide an initial notice

to a consumer if you do not disclose any
nonpublic personal information about the
consumer to any nonaffiliated third party, other
than as authorized by 16 C.F.R 313.14 and
313.15 and you do not have a customer
relationship with the consumer.
• You establish a customer relationship when you
and the consumer enter into a continuing
relationship.
Initial Privacy Notice – Existing Customers.

• When an existing customer obtains a new financial

product or service from you that is to be used primarily
for personal, family, or household purposes, you satisfy
the initial notice requirements as follows:
• 1. You may provide a revised privacy notice that
covers the customer's new financial product or
service; or
• 2. If the initial, revised, or annual notice that you most
recently provided to that customer was accurate with
respect to the new financial product or service, you
do not need to provide a new privacy notice.
Initial Privacy Notice – Delayed Notice.

• You may provide the initial notice within a

reasonable time after you establish a customer
relationship if establishing the customer
relationship is not at the customer's election or
providing notice not later than when you
establish a customer relationship would
substantially delay the customer's transaction
and the customer agrees to receive the notice at
a later time.
Annual Privacy Notice.

• You must provide a clear and conspicuous

notice to customers that accurately reflects your
privacy policies and practices not less than
annually. Annually means at least once in any
period of 12 consecutive months. You may
define the 12-consecutive-month period, but you
must apply it to the customer on a consistent
basis.
Annual Privacy Notice.

• You are not required to provide an annual notice

to a former customer. Your customer becomes a
former customer when:
• 1. In the case of a closed-end loan, the
customer pays the loan in full, you charge off
the loan, or you sell the loan without
retaining servicing rights;
• 2. In the case of a credit card relationship or
other open-end credit relationship, you sell
the receivables without retaining servicing
rights;
Annual Privacy Notice.

• 3. In the case of credit counseling services, the

customer has failed to make required payments
under a debt management plan, has been notified
that the plan is terminated, and you no longer
provide any statements or notices to the customer
concerning that relationship;
• 4. In the case of mortgage or vehicle loan brokering
services, your customer has obtained a loan through
you (and you no longer provide any statements or
notices to the customer concerning that
relationship), or has ceased using your services for
such purposes;
Annual Privacy Notice.

• 5. In the case of tax preparation services, you have

provided and received payment for the service and
no longer provide any statements or notices to the
customer concerning that relationship;
• 6. In the case of providing real estate settlement
services, at the time the customer completes
execution of all documents related to the real estate
closing, you have received payment, or you have
completed all of your responsibilities with respect to
the settlement, including filing documents on the
public record, whichever is later.
Annual Privacy Notice.

• 7. In cases where there is no definitive time at

which the customer relationship has
terminated, you have not communicated with
the customer about the relationship for a
period of 12 consecutive months, other than
to provide annual privacy notices or
promotional material.
Content of a Privacy Notice.

• The initial, annual, and revised privacy notices

must include the following information that
applies:
• 1. The categories of nonpublic personal
information that you collect;
• 2. The categories of nonpublic personal
information that you disclose;
• 3. The categories of affiliates and nonaffiliated
third parties to whom you disclose nonpublic
personal information, other than those
parties to whom you disclose information
under 16 C.F.R. 313.14 and 313.15;
Content of a Privacy Notice.

• 4. The categories of nonpublic personal

information about your former customers that
you disclose and the categories of affiliates
and nonaffiliated third parties to whom you
disclose nonpublic personal information
about your former customers, other than
those parties to whom you disclose
information under 16 C.F.R. 313.14 and
313.15;
Content of a Privacy Notice.

• 5. If you disclose nonpublic personal

information to a nonaffiliated third party
under 16 C.F.R. 313.13 (and no exception
under 16 C.F.R. 313.14 or 313.15 applies to
that disclosure), a separate statement of the
categories of information you disclose and
the categories of third parties with whom you
have contracted;
Content of a Privacy Notice.

• 6. An explanation of the consumer's right under 16

C.F.R 313.10(a) to opt out of the disclosure of
nonpublic personal information to nonaffiliated third
parties, including the method by which the consumer
may exercise that right at that time;
• 7. Any disclosures that you make under the Fair
Credit Reporting Act;
• 8. Your policies and practices with respect to protecting
the confidentiality and security of nonpublic personal
information; and
• 9. Disclosure related to nonaffiliated third parties
subject to exceptions.
Delivery of Privacy Notices.

• You must provide any privacy notices and opt

out notices, including short-form initial notices
so that each consumer can reasonably be
expected to receive actual notice in writing or, if
the consumer agrees, electronically. You may
reasonably expect that a consumer will receive
actual notice if you:
• 1. Hand-deliver a printed copy of the notice to
the consumer;
• 2. Mail a printed copy of the notice to the last
known address of the consumer;
Delivery of Privacy Notices.

• 3. For the consumer who conducts transactions

electronically, clearly and conspicuously post
the notice on the electronic site and require
the consumer to acknowledge receipt of the
notice as a necessary step to obtaining a
particular financial product or service;
• 4. For an isolated transaction with the
consumer, such as an ATM transaction, post
the notice on the ATM screen and require
the consumer to acknowledge receipt of the
notice as a necessary step to obtaining the
particular financial product or service.
Delivery of Privacy Notices.

• You may not, however, reasonably expect that a

consumer will receive actual notice of your
privacy policies and practices if you:
• 1. Only post a sign in your branch or office or
generally publish advertisements of your
privacy policies and practices;
• 2. Send the notice via electronic mail to a
consumer who does not obtain a financial
product or service from you electronically.
Delivery of Annual Privacy Notice.

• You may reasonably expect that a customer will

receive actual notice of your annual privacy
notice if:

• 1. The customer uses your web site to access

financial products and services electronically
and agrees to receive notices at the web site
and you post your current privacy notice
continuously in a clear and conspicuous
manner on the web site; or
Delivery of Annual Privacy Notice.

• 2. The customer has requested that you refrain

from sending any information regarding the
customer relationship, and your current
privacy notice remains available to the
customer upon request.

• You may not provide any notice solely by orally

explaining the notice, either in person or over
the telephone.
Limitations on Information Sharing.

• You may not, except in accordance with the Privacy

Regulations, directly or through any affiliate, disclose any
nonpublic personal information about a consumer to a
nonaffiliated third party unless:
• 1. You have provided to the consumer an initial notice;
• 2. You have provided to the consumer an opt out
notice;
• 3. You have given the consumer a reasonable
opportunity, before you disclose the information to
the nonaffiliated third party, to opt out of the
disclosure; and
• 4. The consumer does not opt out.
Limitations on Sharing Account Numbers.

• You must not, directly or through an affiliate, disclose, other than to

a consumer reporting agency, an account number or similar form of
access number or access code for a consumer's credit card
account, deposit account, or transaction account to any nonaffiliated
third party for use in telemarketing, direct mail marketing, or other
marketing through electronic mail to the consumer, except:
• 1. To your agent or service provider solely in order to perform
marketing for your own products or services, as long as the
agent or service provider is not authorized to directly initiate
charges to the account; or
• 2. To a participant in a private label credit card program or an
affinity or similar program where the participants in the program
are identified to the customer when the customer enters into
the program.
Relation to State Law.

• The Privacy Regulations shall not be construed

as superseding, altering, or affecting any statute,
regulation, order, or interpretation in effect in any
State, except to the extent that such State
statute, regulation, order, or interpretation is
inconsistent with the provisions of this part, and
then only to the extent of the inconsistency.
• A State statute, regulation, order, or
interpretation is not inconsistent if the protection
such statute, regulation, order, or interpretation
affords any consumer is greater than the
protection provided in the Privacy Regulations.