Brief Description: Creating the financial fraud alert act.

Sponsors: Senate Committee on Financial Services, Insurance & Housing (originally sponsored by Senators Benton, Prentice, Winsley and Oke).

Hearing Date: 4/1/03.

Staff: Thamas Osborn (786-7129).

Background:

Gramm-Leach-Blilely Act. Passed in 1999, the Gramm-Leach-Blilely Act (GLBA) is a federal act that eliminates the long-standing legal barriers to the integration of banking, securities, and insurance firms, and generally overhauls the regulation of the financial services industry. The GLBA explicitly states that all financial institutions have a continuing obligation to consumers to protect the privacy and security of nonpublic personal information. Beginning on July 1, 2001, financial institutions are required to notify customers about their privacy practices and allow consumers to "opt out" of having their nonpublic personal information disclosed to nonaffiliated third parties. However, the GLBA carves out an exception to the prohibition against disclosing nonpublic personal information in the event such disclosure is necessary to protect against or prevent actual or potential fraud, unauthorized transactions, claims, or other liability.

Fair Credit Reporting Act (Act). Washington's Fair Credit Reporting Act restricts the disclosure of consumer credit information by consumer reporting agencies. In general, the Act prohibits consumer reporting agencies from disclosing such information except in relation to customer initiated credit transactions or other legitimate business needs in connection with a commercial transaction involving the consumer.

Summary of Bill:

Fraud alert network. The bill grants limited legal immunity to specified financial institutions and merchants with respect to the sharing of consumer information pursuant to participation in a statewide "fraud alert network." The phrase "fraud alert network" refers to a voluntary program of information-sharing established by financial institutions and merchants for the purpose of preventing, detecting, and deterring financial crimes. The network may include a website where fraud-related consumer information may be posted and shared by authorized participants.

Financial crimes. "Financial crimes" are defined very broadly to include forgery, identity theft, robbery, embezzlement, tax evasion, money laundering, various fraud-related crimes, and many other offenses. The definition requires that the offense be committed for financial gain and that it be "chargeable or indictable" as a violation of state or federal law, though it does not require that a charge or indictment actually be issued.

Network standards. The fraud alert network must meet specified standards and requirements, including:

•    Participants must either be merchants or entities/persons meeting a very broad definition of "financial institutions";

•    Access to the network must be limited to designated financial institutions or merchants;

•    The sole purpose of the network must be for the sharing of information for the prevention, detection, and deterrence of financial crimes;

•    Information posted on the network must be accessible only to designated employees whose job-related duties are relevant to the use of such information for the prevention of financial crimes;

•    Network users must be informed that information cannot be used for routine business purposes related to credit evaluation or acquisition;

•    Information furnished to the network is limited to statements of fact that the provider reasonably believes to be true (subject to an exception for circumstances constituting an emergency); and

•    The type of information provided to the network must fall under one of the specified categories of information allowed to be shared within the network.

Information furnished to the network. Information provided to the network must relate to suspected financial crimes and must be limited to statements of fact that the provider reasonably believes to be true. The bill also contains a detailed description of the broad categories of information that can be furnished to the network.

Participants in the network are prohibited from furnishing information consisting of delinquent payment information or other information regarding credit history, except where such information forms an integral part of a body of information reasonably believed to be related to financial crime.

Network operator. The fraud alert network must have an "operator" responsible for (1) ensuring the accuracy of the information on the network, (2) limiting access to authorized entities, and (3) denying access to entities who fail to comply with applicable regulations regarding access and use of the network.

Immunity from legal liability. Financial institutions and merchants are granted broad legal immunity from civil liability stemming from their participation in the network, provided their participation is consistent with the requirements of the act. This immunity does not apply with respect to violations of Washington statutes.

Exceptions to immunity provisions. A participant will not be immune from legal liability if he or she:

•    knowingly provides false information to the network;

•    fails to maintain procedures to ensure that information furnished to the network is reliable and current;

•    fails to maintain procedures to ensure that only properly designated individuals have access to the information from the network;

•    improperly uses the information for the purpose of evaluating a person’s creditworthiness or other commercial purpose;

•    uses information derived from the network for any purpose other than that related to the prevention, deterrence, or prosecution of financial crimes; and

•    improperly shares or sells access to the network.

However, immunity from civil liability applies only if the provider of the information "reasonably believes" the information to be true, unless an emergency exists and the provider notes that the information may not be reliable.

Fair Credit Reporting Act. The bill states the intent that the provisions of the state Fair Credit Reporting Act will not apply to the fraud alert network, provided the participants are in compliance with the other provisions of the bill.

Gramm-Leach-Blilely Act (GLBA). The bill states the intent that the privacy disclosure requirements of the GLBA do not apply to the fraud alert network.

Public Disclosure Act exemption. Information provided to law enforcement agencies by the fraud alert network is exempt from public disclosure under the Public Disclosure Act.

Appropriation: None.

Fiscal Note: Not Requested.

Effective Date: The bill contains an emergency clause and takes effect immediately.