Balancing Act: How FleetBoston Stays on Top of Privacy
Cocheo, Steve, ABA Banking Journal
When you're talking about the nation's seventh-largest financial holding company, complying with financial privacy laws means a beck of a lot more than printing and mailing a bunch of privacy notices once a year. For FleetBoston Financial--and Agnes Bundy Scanlan in particular--privacy represents a year-round challenge.
Bundy Scanlan, an attorney, is FleetBoston's chief privacy officer and its chief compliance officer, and carries the corporate rank of managing director. She came to FleetBoston from the U.S. Senate staff in 1994.
Privacy represents a major balancing act for FleetBoston, and Bundy Scanla, is right at the fulcrum of the issue. On one side of the see-saw is FleetBoston's legal, ethical, and moral obligations to comply with and respect customers' assorted rights to privacy and information security. On the other side is the bank's need to market products aggressively and competitively. Bundy Scanlan notes that FleetBoston has been working intensively on a major cross-selling effort.
Bundy Scanlan, speaking during a privacy session at ABA's Regulatory Compliance Conference earlier this year, gave bankers a glimpse at how her $190 billion-assets organization manages to monitor and balance privacy issues in a network that involves 65 business lines. FleetBoston has already been through two privacy compliance examinations, a broad one in 2001 and a more-targeted effort in 2002.
Structuring for the challenge
At the top of the privacy coordination hierarchy at FleetBoston is the Privacy Executive Council, a high-ranking group that meets monthly to monitor the overall range of privacy issues and their impact on FleetBoston. A "hands on" body, the Privacy Working Task Force is comprised of middle managers who meet biweekly.
Tackling more specialized aspects of privacy are other groups. These include the bank's USA Patriot Act Council, another group tasked with dealing with the recently passed California privacy legislation, and a working group that has been handling the privacy implications of HIPAA--the Health Insurance Portability and Accountability Act of 1996. Bundy Scanlan's compliance staff includes five employees dedicated to privacy full-time, and there are other bankers within FleetBoston who have dotted-line involvement with her area. An intelligence unit that is part of the bank's compliance department handles privacy aspects of the Bank Secrecy Act and Patriot Act and other anti-money-laundering requirements.
FCRA as the centerpiece
There are many issues dealing just with the laws that are already, on the books. However, there are also pending matters in Congress and various state legislatures. The top federal issue for the industry, of course, is what happens with the Fair Credit Reporting Act in Congress this year. Key parts of the act that place a limited restriction on state financial privacy laws expire at the end of 2003, with information sharing with affiliates of particular concern to many bankers.
As an organization doing business nationwide, FleetBoston considers FCRA its prime privacy issue right now. If Congress fails to extend the act before yearend, FleetBoston's business model will be upset by potential, unexpected limitations on cross-selling ability. …