Approved April 9, 2007
The Federal Right to Financial Privacy Act of 1978 was enacted to protect customer financial records from improper disclosure to federal agencies and officials. While Metro Bank is to respond to subpoenas and appropriately file suspicious activity reports, it will do so with prior consideration of applicable privacy law restrictions. Further, Metro Bank has a duty to report suspected criminal activity to the appropriate authorities. At the same time the bank recognizes that its customers are entitled to a right of privacy with regard to their financial affairs. The Gramm-Leach-Bliley Act required that each financial institution comply with requirements of the federal regulatory agencies to disclose privacy policies in the form of appropriate notices beginning with mandatory requirements effective July 1, 2001 and Metro Bank has taken steps to be in compliance with these requirements.
Metro Bank acknowledges the importance of the privacy, security and accuracy of customer financial information and will make every effort to protect customers’ financial privacy through compliance with the Federal Right to Financial Privacy Act and other laws directed at protecting customer information (e.g., the Fair Credit Reporting Act and the Electronic Fund Transfer Act). The bank will consider both paper-based customer information, as well as information obtained and maintained through electronic means.
The bank will endeavor to provide appropriate customer notification of subpoenas, summonses, written requests for information, and oral inquires with respect to a customer’s financial information.
Normally Metro Bank does not release customer information to any third parties, whether a government authority or other party, without receipt of an appropriate subpoena or other order, a legal requirement to do so, or the written authorization of the customer. However, the bank reserves the right to use or release such information, at its discretion, within the confines of the legal parameters previously noted. Consideration of customer financial privacy rights will be given when filing suspicious activity reports or otherwise notifying authorities with regard to suspicious activity.
Any breach of confidentiality or variation from Metro Bank’s Privacy, Suspicious Activity Reports, and Subpoenas or Audit Procedures will be considered a serious violation of an officer or employee’s terms of employment and may be grounds for termination. Officers and employees will report all breaches of confidentiality to the Internal Auditor for further investigation.
Use and Sharing of Customer Information
Before collecting information from customers, Metro Bank will advise customers of the intended use of their personal information, through written notice where appropriate, and will obtain the customer’s consent to make releases of their information in the normal course of business and to obtain customer credit reports.
In the event Metro Bank intends to share customer information beyond its own experience with affiliates, the bank will disclose in writing to customers that the bank may share customer information with affiliates and will give customers the opportunity to “opt out” of having the information shared with affiliates, in accordance with the requirements of the Fair Credit Reporting Act.
Security of Customer Information
Senior management oversees the maintenance of appropriate internal controls to address the security of customer information in both paper and electronic form. These procedures address access, storage, and disposal of confidential customer information. Metro Bank will make best efforts to ensure that third party service providers, under outsourcing arrangements with the bank, protect the security and accuracy of customer information. Senior management will be kept advised of any breaches of these procedures or any detected deficiencies, and changes in procedures will be made in an expeditious manner as needed to protect customer information.
Delay of Customer Notification
Metro Bank customers will normally be notified by the bank upon receipt of any subpoena or other written or oral order or request for information; however, the bank will delay such customer notification when presented with an appropriate court order to delay notice with respect to federal subpoenas or pursuant to certain other types of federal limitations or official inquiries (a “Gag Order”).
Grand Jury Subpoenas
Irrespective of the bank’s commitment to customer notification regarding requests for information, the bank will not provide notification to the customer of certain grand jury subpoenas. No one, including a customer, named in a federal grand jury subpoena will be notified of the existence of or information disclosed pursuant to a federal grand jury subpoena, in the event the subpoena is issued in connection with an investigation relating to a possible crime against any financial institution or certain regulatory agencies, or a conspiracy to commit such a crime and certain other crimes.
Suspicious Activity Reports
It is possible that Metro Bank personnel may become aware of or suspect criminal activity by bank customers or employees. Any such suspicious are to be reported promptly to the Chief Executive Officer.
Where circumstances require the bank to report criminal activity to its primary federal regulatory agency, the Financial Crimes Enforcement Network (FinCEN), or federal law enforcement officials, such steps will be taken expeditiously and in accordance with the customer’s privacy rights. Where circumstances allow the bank to report suspected illegal customer activity to federal authorities, it is the bank’s policy to give due consideration to a customer’s privacy rights prior to filing reports. Reports will be filed when there is suspicion that a crime has occurred, is occurring or may occur in accordance with proper procedures. Directors, officers, employees or agents of the bank will not notify persons involved in the reported transaction that a Suspicious Activity Report (SAR) has been or will be filed or that any other report of suspicious activity has been or will be made. Further, it is the policy of Metro Bank that the directors, officers, employees or agents of the bank will not disclose to anyone that a SAR has been or may be prepared, the existence of a SAR, that a SAR has been filed, the contents of a SAR, or that any other report of suspicious activity has been made.
Any filing of a SAR will be reported to the Board of Directors or an appropriate committee thereof.
If the bank or any employee, officer, director or agent of the bank is subpoenaed or otherwise requested to disclose a SAR or the information contained in a SAR, the bank or any person will decline to produce the SAR or to provide any information that would disclose that a SAR has been prepared or filed, citing the appropriate federal laws and regulations and will notify FinCEN and the FDIC of the subpoena or request. The duty to notify the agencies of the request or subpoena does not apply when the disclosure is request by FinCen, an appropriate law enforcement agency, or the FDIC.
Training and Auditing
The Compliance Officer is responsible for conducting or arranging for ongoing training of bank personnel with respect to bank policies and procedures. A record of individuals trained and the dates of training will be maintained by the Compliance Officer. Periodic audits will be performed by the Internal Auditor for compliance with policies and procedures that will be reported to the Audit Committee of the BOD.
Metro Bank will maintain a record and file of all requests for customer financial information, including a copy of the request and of the information released. The record will contain a summary of each request for customer financial information and the disposition of the request, including, at a minimum, a description of the specific information requested, the date of customer notification, whether a Gag Order or Notification Prohibition exists which prevented or delayed customer notification, the identity of the state of federal government authority requesting the information, the date of receipt of a Certification of Compliance from a federal government authority, the date of disclosure of the information, if applicable, and any other pertinent information. The record may be made available to the customer upon request, at the discretion of bank management, unless the bank has received a Gag Order, or circumstances for a Notification Prohibition exist. Neither copies of SARs nor a reference to the existence of such reports will be made available to bank customers or any other individuals involved in the reported transactions.
The bank will retain copies of SARs and the original or business record equivalent of any supporting documentation for a period of not less than five years from the date of filing.
Metro Bank will take appropriate steps to ensure that the bank web site is operated in a safe, sound and secure manner.
Pretext Phone Calling and Identity Theft
To prevent pretext callers from using pieces of personal information to impersonate account holders in order to gain access to their account information, audit procedures addressing the pretext phone call and identity theft will be implemented to address regulatory guidelines and control access to customer information.
Collection, Retention and Use of Information
Metro Bank collects, retains and uses information concerning its customer base only where we reasonably believe that it will help administer our business services, provide products, and other opportunities. We collect and retain information about customers only for specific business purposes – and we will disclose to customers why we are collecting and retaining such information before requesting it. We will use information to administer and protect these records, accounts, and funds; to comply with certain laws and regulations; to help design or improve our products and services; and to better understand financial needs.
Metro Bank will collect nonpublic information about its customers from some or all of the following sources:
- Information that is provided by customers on applications or other forms, such as name, address, Social Security Number, assets and income.
- Other information comes from our experience of doing business with customers, such as account usage or payment history.
- Information we receive from a consumer-porting agency, such as customer creditworthiness and credit history.
Confidentiality and Security
We limit access to nonpublic personal information about customers to those employees who need to know that information to provide products or services. We use physical, electronic, and procedural security measures and procedures that comply with federal standards to guard nonpublic personal information.
Information Sharing Among Our Affiliates
We may share information about customers with other Metro Bank affiliates in order to serve more efficiently and conveniently and to provide the best level of banking services. However, Metro Bank will share information about our customers only to the extent that is allowable by law.
Restrictions on the Disclosure of Account Information to Outside Parties
Metro Bank will not reveal customer account numbers or other personally identifiable information to parties outside of our organization for their independent use unless: 1) the bank has been requested or authorized to do so by the account owner; 2) the information is provided to help complete a customer initiated transaction; 3) the information is provided to a reputable credit bureau or similar information reporting agency; or 4) the disclosure is required by/or allowed by law.
Maintaining Customer Privacy in Business Relationships with Third Parties
Sometimes it is necessary to provide personally identifiable information about you to a third party, such as a vendor or service company that we contract to provide support or services for one or more of our products. We insist that third parties whom we disclose appropriate information also share our commitment to confidentiality, privacy and trust.
We do not share our customer information with outside marketers or other companies at allow them to independently solicit our customer base for their products or services.
Maintenance of Accurate Information
Metro Bank strives to maintain accurate, current and complete information about our customers. We also respond to requests to correct inaccurate information in a timely manner. To do this, we request that our customers notify the bank immediately if they receive information regarding our relationship that they believe to be inaccurate or if any personal information (such as name, address, telephone number or employment) changes.
Ending Customer Relationships
When the customer ends any or all relationships with Metro Bank or the bank ends any or all account relationships with the customer, the bank will treat the information on record will the same standards of privacy as if the customer relationship had not ended.
When Metro Bank receives e-mails, we may retain the content of the message, the e-mail address and the bank’s response in order to facilitate communication and better serve our customers. However, the customer’s e-mail address will never be shared or sold outside of Metro Bank and its affiliates.
E-mail is generally not a secure means of communication. Typical e-mail systems currently used do not include data encryption for the protection of personal information. Therefore, Metro Bank does not solicit information of a sensitive nature such as account numbers, Social Security Numbers, etc. from its customers. Customers will be asked to contact the bank by phone, mail, or come inside the bank to convey such personal information.
Back to the top