Skip to main content

Search

Consumer Credit Regulation: 11.5.4.2 Vehicle Protection Products

Dealers market “vehicle protection products” such as window etching as deterring theft or making it easier to identify and recover a stolen vehicle. Dealers’ markups of vehicle protection products can be enormous. An NCLC study showed markups for this product as high as 1000% or even more.350

Consumer Credit Regulation: 11.5.4.3 Credit Insurance

The sale of credit insurance is common in retail installment sales and offers significant opportunities for abuse. Credit insurance is usually grossly overpriced, with a large portion of the premium going to the dealer in the form of a commission and very little being paid in benefits to consumers.359

Consumer Credit Regulation: 11.5.4.5.1 General

Vendor’s single interest (VSI) insurance as used in this subsection refers to insurance sold at the origination of the financing and commonly costs under $500. This must be distinguished from force-placed vendor’s single interest insurance. When a consumer does not retain physical damage insurance, the creditor has the option to purchase and charge the consumer what is called force-placed insurance.

Consumer Credit Regulation: 11.5.4.5.2 Application of the Truth in Lending Act

Vehicle dealers typically include the VSI premium assessed at origination in the disclosed amount financed. If TILA requires this instead to be included in the finance charge, there will be a TILA violation for mis-disclosure of the finance charge and APR, leading to statutory and actual damages and attorney fees. Whether it should be included in the finance charge is a complicated question.

Consumer Credit Regulation: 11.5.4.5.3 State RISA application

Many RISAs and other consumer finance laws provide an exclusive list of the charges that are permissible in a consumer credit transaction. If VSI insurance sold at origination does not fall within one of the definitions of permissible charges, it may violate the statute to charge the consumer for the insurance, even if it is properly disclosed.383 If the VSI insurance is in fact “credit loss insurance,” it is particularly unlikely that the state consumer finance law will allow the creditor to impose the charge separately on borrowers.

Fair Credit Reporting: G.3.1 Introduction

Even after the Dodd-Frank Wall Street Reform and Consumer Protection Act, the banking agencies continue to have responsibility for issuing regulations to implement the data safeguard provisions of sections 6801 and 6805(b) of the GLBA, an area over which the CFPB expressly has no authority. These regulations are set forth below according to agency.

Fair Credit Reporting: TABLE OF CONTENTS

I. Introduction

A. Scope

B. Preservation of Existing Authority

C. Definitions

II. Standards for Information Security

A. Information Security Program

B. Objectives

III. Development and Implementation of Customer Information Security Program

A. Involve the Board of Directors

B. Assess Risk

C. Manage and Control Risk

D. Oversee Service Provider Arrangements

E. Adjust the Program

F. Report to the Board

G. Implement the Standards

Fair Credit Reporting: I. INTRODUCTION

The Interagency Guidelines Establishing Information Security Standards (Guidelines) set forth standards pursuant to section 39 of the Federal Deposit Insurance Act (section 39, codified at 12 U.S.C. 1831p-1), and sections 501 and 505(b), codified at 15 U.S.C. 6801 and 6805(b) of the Gramm-Leach Bliley Act. These Guidelines address standards for developing and implementing administrative, technical, and physical safeguards to protect the security, confidentiality, and integrity of customer information.

Fair Credit Reporting: II. STANDARDS FOR INFORMATION SECURITY

A. Information Security Program. Each national bank or Federal savings association shall implement a comprehensive written information security program that includes administrative, technical, and physical safeguards appropriate to the size and complexity of the national bank or Federal savings association and the nature and scope of its activities. While all parts of the national bank or Federal savings association are not required to implement a uniform set of policies, all elements of the information security program must be coordinated.

Fair Credit Reporting: I. BACKGROUND

This Guidance10 interprets section 501(b) of the Gramm-Leach-Bliley Act (“GLBA”) and the Interagency Guidelines Establishing Information Security Standards (the “Security Guidelines”)11 and describes response programs, including customer notification procedures, that a financial institution should develop and implement to address unauthorized access to or use of customer information that could result in substantial harm or inconvenience to a customer.

Fair Credit Reporting: II. RESPONSE PROGRAM

Millions of Americans, throughout the country, have been victims of identity theft.16 Identity thieves misuse personal information they obtain from a number of sources, including financial institutions, to perpetrate identity theft. Therefore, financial institutions should take preventative measures to safeguard customer information against attempts to gain unauthorized access to the information.

Fair Credit Reporting: III. CUSTOMER NOTICE

Financial institutions have an affirmative duty to protect their customers’ information against unauthorized access or use. Notifying customers of a security incident involving the unauthorized access or use of the customer’s information in accordance with the standard set forth below is a key part of that duty. Timely notification of customers is important to manage an institution’s reputation risk.

Fair Credit Reporting: Amendment History

[66 Fed. Reg. 8633 (Feb. 1, 2001), as amended at 69 Fed. Reg. 77,616 (Dec. 28, 2004); 70 Fed. Reg. 15,753 (Mar. 29, 2005); 71 Fed. Reg. 5780 (Feb. 3, 2006); 79 Fed. Reg. 54,544 (Sept. 11, 2014)]

Fair Credit Reporting: TABLE OF CONTENTS

I. Introduction

A. Scope

B. Preservation of Existing Authority

C. Definitions

II. Standards for Safeguarding Customer Information

A. Information Security Program

B. Objectives

III. Development and Implementation of Customer Information Security Program

A. Involve the Board of Directors

B. Assess Risk

C. Manage and Control Risk

D. Oversee Service Provider Arrangements

E. Adjust the Program

F. Report to the Board

G. Implement the Standards

Fair Credit Reporting: I. INTRODUCTION

These Interagency Guidelines Establishing Standards for Safeguarding Customer Information (Guidelines) set forth standards pursuant to sections 501 and 505 of the Gramm-Leach-Bliley Act (15 U.S.C. 6801 and 6805), in the same manner, to the extent practicable, as standards prescribed pursuant to section 39 of the Federal Deposit Insurance Act (12 U.S.C. 1831p-1). These Guidelines address standards for developing and implementing administrative, technical, and physical safeguards to protect the security, confidentiality, and integrity of customer information.

Fair Credit Reporting: II. STANDARDS FOR INFORMATION SECURITY

A. Information Security Program. Each bank shall implement a comprehensive written information security program that includes administrative, technical, and physical safeguards appropriate to the size and complexity of the bank and the nature and scope of its activities. While all parts of the bank are not required to implement a uniform set of policies, all elements of the information security program must be coordinated. A bank also shall ensure that each of its subsidiaries is subject to a comprehensive information security program.

Fair Credit Reporting: III. DEVELOPMENT AND IMPLEMENTATION OF INFORMATION SECURITY PROGRAM

A. Involve the Board of Directors. The board of directors or an appropriate committee of the board of each bank shall:

1. Approve the bank’s written information security program; and

2. Oversee the development, implementation, and maintenance of the bank’s information security program, including assigning specific responsibility for its implementation and reviewing reports from management.

B. Assess Risk. Each bank shall:

Fair Credit Reporting: Amendment History

[63 Fed. Reg. 55,484 (Oct. 15, 1998); 64 Fed. Reg. 66,705 (Nov. 29, 1999); 66 Fed. Reg. 8634 (Feb. 1, 2001); 69 Fed. Reg. 77,617 (Dec. 28, 2004); 70 Fed. Reg. 15,753 (Mar. 29, 2005); 71 Fed. Reg. 5780 (Feb. 3, 2006); 79 Fed. Reg. 37,166 (July 1, 2014)]

Fair Credit Reporting: I. BACKGROUND

This Guidance25 interprets section 501(b) of the Gramm-Leach-Bliley Act (“GLBA”) and the Interagency Guidelines Establishing Information Security Standards (the “Security Guidelines”)26 and describes response programs, including customer notification procedures, that a financial institution should develop and implement to address unauthorized access to or use of customer information that could result in substantial harm or inconvenience to a customer.

Fair Credit Reporting: II. RESPONSE PROGRAM

Millions of Americans, throughout the country, have been victims of identity theft.31 Identity thieves misuse personal information they obtain from a number of sources, including financial institutions, to perpetrate identity theft. Therefore, financial institutions should take preventative measures to safeguard customer information against attempts to gain unauthorized access to the information.