Title: An act relating to financial fraud.

Brief Description: Authorizing fraud alert networks.

Sponsors: By House Committee on Insurance, Financial Services & Consumer Protection (originally sponsored by Representatives Roach, Ericks, Hurst, Kirby, Strow, Newhouse, Simpson, Williams, Haler, O'Brien, Moeller, Pearson, VanDeWege, McCune, Kenney, Rolfes and Morrell).

Brief History:

Insurance, Financial Services & Consumer Protection: 2/6/07, 2/8/07 [DPS].

Floor Activity:

Passed House: 2/13/08, 95-1.
Senate Amended.
Passed Senate: 3/6/08, 48-0.
House Refused to Concede.
Senate Amended.
Passed Senate: 3/12/08, 46-0

HOUSE COMMITTEE ON INSURANCE, FINANCIAL SERVICES & CONSUMER PROTECTION

Majority Report: The substitute bill be substituted therefor and the substitute bill do pass. Signed by 7 members: Representatives Kirby, Chair; Kelley, Vice Chair; Roach, Ranking Minority Member; Strow, Assistant Ranking Minority Member; Hurst, Rodne and Simpson.

Minority Report: Without recommendation. Signed by 1 member: Representative Santos.

Staff: Jon Hedegard (786-7127).

Background:

There is a host of federal and state laws regarding various crimes involving the use of another's personal information. There is also a number of laws providing protections or remedies for consumers.

Gramm-Leach-Blilely Act (GLBA)
Passed in 1999, the GLBA is a federal act that eliminates the long-standing legal barriers to the integration of banking, securities, and insurance firms, and generally overhauls the regulation of the financial services industry. The GLBA explicitly states that all financial institutions have a continuing obligation to consumers to protect the privacy and security of nonpublic personal information. Since July 1, 2001, financial institutions have been required to notify customers about their privacy practices and allow consumers to "opt out" of having their nonpublic personal information disclosed to nonaffiliated third parties. However, the GLBA carves out an exception to the prohibition against disclosing nonpublic personal information in the event such disclosure is necessary to protect against or prevent actual or potential fraud, unauthorized transactions, claims, or other liability.

Fair Credit Reporting Acts (Acts)
There are state and federal Acts. Both restrict the disclosure of consumer credit information by consumer reporting agencies. In general, the Acts prohibit consumer reporting agencies from disclosing such information except in relation to customer initiated credit transactions or other legitimate business needs in connection with a commercial transaction involving the consumer.

Disposal of Customer Information
Washington requires persons and entities engaged in a "trade, occupation, enterprise, governmental function, or similar activity" to take all reasonable steps to destroy, or arrange for the destruction of, personal financial and health information and personal identification numbers issued by government entities when the person or entity is disposing of records. Destruction means shredding, erasing, or modifying personal information to make the personal information unreadable or undecipherable through any reasonable means.

Summary of Second Substitute Bill:

Fraud Alert Network
The bill grants limited legal immunity to specified financial institutions and merchants with respect to the sharing of consumer information pursuant to participation in a statewide "fraud alert network." The phrase "fraud alert network" refers to a voluntary program of information sharing established by financial institutions and merchants for the purpose of preventing, detecting, and deterring financial crimes. The network may include a website where fraud-related consumer information may be posted and shared by authorized participants.

Financial Crimes
"Financial crimes" are defined very broadly to include forgery, identity theft, robbery, embezzlement, tax evasion, money laundering, various fraud-related crimes, and many other offenses. The definition requires that the offense be committed for financial gain and that it be "chargeable or indictable" as a violation of state or federal law, though it does not require that a charge or indictment actually be issued.

Network Standards
The fraud alert network must meet specified standards and requirements, including:

• participants must either be merchants or entities/persons meeting a very broad definition of "financial institutions;"
• access to the network must be limited to designated financial institutions or merchants;
• the sole purpose of the network must be for the sharing of information for the prevention, detection, and deterrence of financial crimes;
• information posted on the network must be accessible only to designated employees whose job-related duties are relevant to the use of such information for the prevention of financial crimes;
• network users must be informed that information cannot be used for routine business purposes related to credit evaluation or acquisition;
• information furnished to the network is limited to statements of fact that the provider reasonably believes to be true (subject to an exception for circumstances constituting an emergency); and
• the type of information provided to the network must fall under one of the specified categories of information allowed to be shared within the network.

Information Furnished to the Network
Information provided to the network must relate to suspected financial crimes and must be limited to statements of fact that the provider reasonably believes to be true. The bill also contains a detailed description of the broad categories of information that can be furnished to the network. Participants in the network are prohibited from furnishing information consisting of delinquent payment information or other information regarding credit history, except where such information forms an integral part of a body of information reasonably believed to be related to financial crime.

Immunity from Legal Liability
Financial institutions and merchants are granted broad legal immunity from civil liability stemming from their participation in the network, provided their participation is consistent with the requirements of the Acts. This immunity does not apply with respect to violations of Washington statutes.

Exceptions to Immunity Provisions
A participant will not be immune from legal liability if he or she:

• knowingly provides false information to the network;
• fails to maintain procedures to ensure that information provided to the network is reliable and current;
• fails to maintain procedures to ensure that only properly designated individuals have access to the information from the network;
• improperly uses the information for the purpose of evaluating a person's credit worthiness or other commercial purpose;
• uses information derived from the network for any purpose other than that related to the prevention, deterrence, or prosecution of financial crimes; and
• improperly shares or sells access to the network.

However, immunity from civil liability applies only if the provider of the information "reasonably believes" the information to be true, unless an emergency exists and the provider notes that the information may not be reliable.

Fair Credit Reporting Act
The bill states the intent that the provisions of the Act will not apply to the fraud alert network, provided the participants are in compliance with the other provisions of the bill.

EFFECT OF SENATE AMENDMENT(S):

Removed under the Senate amendment
The provisions authorizing the creation of a statewide "fraud alert network" to allow financial institutions and merchants to share information for the purpose of combating financial crime are removed. The standards for the provision of information to the fraud alert network are removed.
The provisions granting legal immunity to the financial institutions and merchants with respect to the statewide "fraud alert network" are removed.

Added under the Senate amendment
The Financial Fraud and Identity Theft Crimes Investigation and Prosecution Program (Program) is created in the Department of Community, Trade and Economic Development (DCTED). Two regional financial fraud and identity theft crime task forces are created. One task force includes King and Pierce counties and the second includes Spokane County. A representative of the Attorney General is a member of each task force. The DCTED must appoint members for each task force that represent local law enforcement, county prosecuting attorneys, and financial institutions. The task forces must: meet to discuss emerging trends and threats of local financial fraud and identity theft crimes; set priorities for the activities of the task forces; apply to the DCTED for funding to hire prosecutors and law enforcement personnel to investigate and prosecute financial fraud and identity theft crimes; establish performance measures; and report twice annually to the DCTED.

The Financial Fraud and Identity Theft Crimes Investigation and Prosecution Program Account (Account) is created in the State Treasury as an appropriated account. The Account may receive funds from appropriations, surcharges on certain filings by lenders with the Department of Licensing, federal funds, gifts, and grants. Expenditures from the Account may be used only to support the activities of the task forces and program expenses of the DCTED.

The surcharges on the lender filings are $8 on paper filings and $3 on electronic filings.

There is an appropriation for up to $488,000 from the Account to DCTED for the Program.

The Act expires on July 1, 2015.

Appropriation: None.

Fiscal Note: Preliminary fiscal note available.

Effective Date: The bill takes effect 90 days after adjournment of session in which bill is passed.

Staff Summary of Public Testimony:

(In support) Banks and merchants receive information related to fraud but are not able to share that information due to the fear of liability. This bill will help prevent fraud and also help catch criminals who have already perpetrated fraud. Identity theft is a huge problem today. This bill helps institutions share information with law enforcement. The current system has a number of weak links. This bill addresses some of those weak links. The bill could be strengthened. The network is allowed but it could be required. There is not enough consumer interaction in the bill. Consumers often don't receive much follow-up information from police after submitting information about crimes. Retailers lose about $36 billion nationwide due to theft. Retailers want to work with law enforcement and help catch and convict criminals. This bill is another tool against organized theft.

(Opposed) None.

Persons Testifying: Representative Roach, prime sponsor; Amy Fortier; and Vicky Marin, Washington Retail Association and Law Enforcement Group Against Identity Theft.

Persons Signed In To Testify But Not Testifying: None.