Regulation P

What Is Regulation P?

Regulation P (Privacy of Consumer Financial Information) is one of the regulations set forth by the Federal Reserve, the central banking system of the U.S, that governs the treatment of a consumer's private and personal information by banks and other financial institutions.

Understanding Regulation P

Under Regulation P, financial institutions are required to give their customers notice of privacy practices and policies affecting them. These notices are intended to help consumers understand how their financial institutions are using their private information. Regulation P also provides consumers the right to opt-out of the disclosure of their private information, preventing the financial institutions from disclosing their financial information without their permission. Regulation P applies only to the U.S. offices of financial institutions and banks under its supervisory authority. Regulation P was first enacted in 1999 and it does not apply to publicly available information.

Financial institutions subject to Regulation P may include, but are not limited to:

• Banks, savings associations, and credit unions
• Non-bank mortgage lenders
• Businesses that extend credit or service loans
• Insurance underwriters and agents
• Mortgage brokers
• Personal property and real estate appraisers
• Tax preparers
• Providers of real estate settlement services
• Businesses that provide check cashing or wire transfer services
• Debt collectors

Regulation P Compliance

In order to be compliant with Regulation P, a financial institution’s annual privacy notice must include:

• Information on whether the financial institution shares its customers’ private information, and if it does, how it does so;
• A description of how the institution protects its customers’ private, non-public information; and
• Information on the customer’s right to opt-out of some types of sharing of private information.

Regulation P says that if a financial institution discloses its customers’ private information in a manner inconsistent with the policies and practices described in its annual privacy notice, it must issue a revised notice. There aren’t any specific penalties listed under the regulation for violations made by financial institutions. However, violators may find themselves subject to monetary penalties, court actions, and exposure for “unfair or deceptive acts or practices” under applicable Federal Trade Commission (FTC) statutes.

In 2015, changes were made to Regulation P via amendments to the consumer privacy protections afforded under the Gramm-Leach-Bliley Act. The amendments were made to implement exemptions from sending annual privacy notices if financial institutions had met certain requirements. They were written to help ease the burden on financial institutions that were acting ethically and to help reduce the risk of confusion in the consumers.

Special Considerations

Under the new Regulation P rules, a financial institution may be exempt from the requirement to provide its customers with an annual notice of privacy policies if it meets two conditions:

1. The first condition is that it must disclose the private information of its customers only in ways that do not require the customers’ consent under Regulation P.
2. The second condition is that the financial institution cannot have changed its privacy policies and practices from those disclosed in the most recent annual notice. If the institution changes its privacy policies or practices, it must issue a revised notice under Regulation P. These exemptions were part of the 2015 amendments to the regulation. 

Unless the financial institution has met these two requirements, they will typically send out an annual privacy notice each year via mail, email, or secure message. It is always a good idea to read through them as they come in so that you are aware of any changes.