Brief Description: Creating the financial fraud alert act.

Sponsors: Representatives Schual-Berke, Benson, Lovick, Bush, Simpson, Morrell and McIntire.

Hearing Date: 2/19/03.

Staff: Thamas Osborn (786-7129).

Background:

Gramm-Leach-Blilely Act: Passed in 1999, the Gramm-Leach-Blilely Act (GLBA) is a federal act that eliminates the long-standing legal barriers to the integration of banking, securities, and insurance firms, and generally overhauls the regulation of the financial services industry. The GLBA explicitly states that all financial institutions have a continuing obligation to consumers to protect the privacy and security of nonpublic personal information. Beginning on July 1, 2001, financial institutions are required to notify customers about their privacy practices and allow consumers to ‟opt out” of having their nonpublic personal information disclosed to nonaffiliated third parties. However, the GLBA carves out an exception to the prohibition against disclosing nonpublic personal information in the event such disclosure is necessary to protect against or prevent actual or potential fraud, unauthorized transactions, claims, or other liability.

Fair Credit Reporting Act: Washington's Fair Credit Reporting Act restricts the disclosure of consumer credit information by consumer reporting agencies. In general, the act prohibits consumer reporting agencies from disclosing such information except in relation to customer initiated credit transactions or other legitimate business needs in connection with a commercial transaction involving the consumer.

Summary of Bill:

Fraud alert network: The bill grants limited legal immunity to specified financial institutions and merchants with respect to the sharing of consumer information pursuant to participation in a statewide ‟fraud alert network.” The phrase ‟fraud alert network” refers to a voluntary program of information-sharing established by financial institutions and merchants for the purpose of preventing, detecting, and deterring financial crimes. The network may include a website where fraud-related consumer information may be posted and shared by authorized participants.

Network standards: The fraud alert network must meet specified standards and requirements, including:

•    participants must either be merchants or entities/persons meeting a very broad definition of ‟financial institutions”;

•    access to the network must be limited to designated financial institutions or merchants;

•    the sole purpose of the network must be for the sharing of information for the prevention, detection, and deterrence of financial crimes;

•    information posted on the network must be accessible only to designated employees whose job-related duties are relevant to the use of such information for the prevention of financial crimes;

•    network users must be informed that information cannot be used for routine business purposes related to credit evaluation or acquisition;

•    information furnished to the network is limited to statements of fact that the provider reasonably believes to be true (subject to an exception for circumstances constituting an emergency); and

•    the type of information provided to the network must fall under one of the specified categories of information allowed to be shared within the network.

Information furnished to the network: Information provided to the network must relate to suspected financial crimes and must be limited to statements of fact that the provider reasonably believes to be true. The bill also contains a detailed description of the broad categories of information that can be furnished to the network.

Immunity from legal liability: Financial institutions and merchants are granted broad immunity from civil and criminal liability stemming from their participation in the network, provided their participation is consistent with the requirements of the act. The grant includes immunity from liability for slander and libel, as well as general civil liability.

Exceptions to immunity provisions: A participant will not be immune from legal liability if he or she:

•    knowingly provides false information to the network;

•    fails to maintain procedures to ensure that information furnished to the network is reliable and current;

•    fails to maintain procedures to ensure that only properly designated individuals have access to the information from the network;

•    improperly uses the information for the purpose of evaluating a persons creditworthiness or other commercial purpose;

•    uses information derived from the network for any purpose other than that related to the prevention, deterrence, or prosecution of financial crimes; and

•    improperly shares or sells access to the network.

Applicability of other state and federal laws: The fraud alert network is ‟intended” to be exempt from Washington's Fair Credit Reporting Act and from the information privacy requirements of the GLBA. Also, information shared by the fraud alert network is exempt from the Public Disclosure Act.

Appropriation: None.

Fiscal Note: Not Requested.

Effective Date: The bill contains an emergency clause and takes effect immediately.