Sponsors: Senate Committee on Financial Services, Insurance & Housing (originally sponsored by Senators Benton, Prentice, Winsley and Oke).

Brief Summary of Substitute Bill

(As Amended by House Committee)

• Authorizes the creation of a statewide "fraud alert network" to allow financial institutions and merchants to share information for the purpose of combating financial crime.

• Grants qualified legal immunity to merchants and financial institutions that participate in the fraud alert network.

• Creates specified standards and requirements for the fraud alert network that must be met before the grant of legal immunity is applicable.

• Requires the fraud alert network to meet specified public notice requirements in order to notify the public of its existence and to explain how it functions.

• Requires the fraud alert network to provide comprehensive, written reports to the Legislature in 2004 and 2005 regarding the functioning of the network and the implementation of the act.

Majority Report: Do pass as amended. Signed by 10 members: Representatives Schual-Berke, Chair; Simpson, Vice Chair; Benson, Ranking Minority Member; Newhouse, Assistant Ranking Minority Member; Cairnes, Carrell, Cooper, Hatfield, Hunter and Roach.

Gramm-Leach-Blilely Act. Passed in 1999, the Gramm-Leach-Blilely Act (GLBA) is a federal act that eliminates the long-standing legal barriers to the integration of banking, securities, and insurance firms, and generally overhauls the regulation of the financial services industry. The GLBA explicitly states that all financial institutions have a continuing obligation to consumers to protect the privacy and security of nonpublic personal information. Beginning on July 1, 2001, financial institutions are required to notify customers about their privacy practices and allow consumers to "opt out" of having their nonpublic personal information disclosed to nonaffiliated third parties. However, the GLBA carves out an exception to the prohibition against disclosing nonpublic personal information in the event such disclosure is necessary to protect against or prevent actual or potential fraud, unauthorized transactions, claims, or other liability.

Fair Credit Reporting Act (Act). Washington's Fair Credit Reporting Act restricts the disclosure of consumer credit information by consumer reporting agencies. In general, the Act prohibits consumer reporting agencies from disclosing such information except in relation to customer initiated credit transactions or other legitimate business needs in connection with a commercial transaction involving the consumer.

Fraud alert network. The bill grants limited legal immunity to specified financial institutions and merchants with respect to the sharing of consumer information pursuant to participation in a statewide "fraud alert network." The phrase "fraud alert network" refers to a voluntary program of information sharing established by financial institutions and merchants for the purpose of preventing, detecting, and deterring financial crimes. The network may include a website where fraud-related consumer information may be posted and shared by authorized participants.

Financial crimes. "Financial crimes" are defined very broadly to include forgery, identity theft, robbery, embezzlement, tax evasion, money laundering, various fraud-related crimes, and many other offenses. The definition requires that the offense be committed for financial gain and that it be "chargeable or indictable" as a violation of state or federal law, though it does not require that a charge or indictment actually be issued.

Network standards. The fraud alert network must meet specified standards and requirements, including:

• Participants must either be merchants or entities/persons meeting a very broad definition of "financial institutions";

• Access to the network must be limited to designated financial institutions or merchants;

• The sole purpose of the network must be for the sharing of information for the prevention, detection, and deterrence of financial crimes;

• Information posted on the network must be accessible only to designated employees whose job-related duties are relevant to the use of such information for the prevention of financial crimes;

• Network users must be informed that information cannot be used for routine business purposes related to credit evaluation or acquisition;

• Information furnished to the network is limited to statements of fact that the provider reasonably believes to be true (subject to an exception for circumstances constituting an emergency); and

• The type of information provided to the network must fall under one of the specified categories of information allowed to be shared within the network.

Information furnished to the network. Information provided to the network must relate to suspected financial crimes and must be limited to statements of fact that the provider reasonably believes to be true. The bill also contains a detailed description of the broad categories of information that can be furnished to the network.

Participants in the network are prohibited from furnishing information consisting of delinquent payment information or other information regarding credit history, except where such information forms an integral part of a body of information reasonably believed to be related to financial crime.

Network operator. The fraud alert network must have an "operator" responsible for (1) ensuring the accuracy of the information on the network, (2) limiting access to authorized entities, and (3) denying access to entities who fail to comply with applicable regulations regarding access and use of the network.

Immunity from legal liability. Financial institutions and merchants are granted broad legal immunity from civil liability stemming from their participation in the network, provided their participation is consistent with the requirements of the act. This immunity does not apply with respect to violations of Washington statutes.

Exceptions to immunity provisions. A participant will not be immune from legal liability if he or she:

• fails to maintain procedures to ensure that information furnished to the network is reliable and current;

• fails to maintain procedures to ensure that only properly designated individuals have access to the information from the network;

• improperly uses the information for the purpose of evaluating a person’s creditworthiness or other commercial purpose;

• uses information derived from the network for any purpose other than that related to the prevention, deterrence, or prosecution of financial crimes; and

However, immunity from civil liability applies only if the provider of the information "reasonably believes" the information to be true, unless an emergency exists and the provider notes that the information may not be reliable.

Public disclosure requirement. The fraud alert network is required to meet specified public notice requirements in order to notify the public of its existence and to explain how it functions.

Report to the Legislature. The fraud alert network is required to provide comprehensive, written reports to the Legislature in 2004 and 2005 regarding the functioning of the network and the implementation of the act.

Fair Credit Reporting Act. The bill states the intent that the provisions of the state Fair Credit Reporting Act will not apply to the fraud alert network, provided the participants are in compliance with the other provisions of the bill.

• Creates specific public notice requirements that must be followed by the network and its participants.

• Requires that the network provide comprehensive reports to the Legislature in 2004 and 2005 regarding the functioning of the network and the implementation of the act.

• Deletes the section exempting law enforcement agencies from the requirements of the Public Disclosure Act with respect to information received from the fraud alert network.

• Deletes the section stating the intent to exempt the network from the privacy disclosure requirements of the Gramm-Leach-Blilely Act.

• Deletes the emergency clause that would have made the act effective immediately upon passage by the Legislature.

Effective Date of Amended Bill: The bill takes effect 90 days after adjournment of session in which bill is passed.

Testimony For: (Original bill) The Senate's Financial Fraud Task Force, convened in 2002, determined that a significant amount of financial fraud is perpetrated by organized crime rings that move from place to place on an interstate basis. The bill was designed to create a network that will enable commercial entities to assemble a database that would serve as a means of alerting both businesses and law enforcement agencies of individuals engaged in financial fraud. Several states already have such networks, although none have the statutory authority that would be created by this bill. In addition, no other states have passed legislation that grants civil legal immunity to those involved in financial fraud networks. This lack of immunity has not hindered the operation of those networks. The immunity provisions apply only if network participants adhere to the requirements of the bill, which gives participants a strong incentive to make sure that the information provided to the network is accurate. The bill is designed to insulate network participants against defamation actions by consumers. The Attorney General's Office supports the bill because it will be beneficial to consumers. The bill represents good public policy and will assist small institutions who otherwise could not afford access to information regarding the perpetrators of fraud.

The database would be very secure and would be administered by the Washington Bankers' Association (WBA). The WBA will utilize the computer system of the Florida Bankers' Association in order to run the system. It is hoped that the network will expand so that it operates on an interstate basis.

Testified: Denny Eliason and Peter Muckleshoot, Washington Banker’s Association; and Dave Horn, Office of the Attorney General.