FYI

No. 83
Monday April 30, 2001 Page A-10
ISSN 1523-567X
Regulation, Law & Economics

PrivacyNew CFTC Rules Set Regime for Disclosing
Privacy Rules to Clients of Financial Entities

The Commodity Futures Trading Commission April 27 released new rules
establishing guidelines as to how futures commission merchants, commodity
trading advisors, and other similar financial institutions must inform
customers of their privacy rights.
The new rules, which are scheduled to go into effect June 21, will require
FCMs and CTAs, as well as commodity pool operators and introducing brokers,
to establish written guidelines informing their clients as to what type of
information can be disclosed to various third-parties, the CFTC said in a
Federal Register notice. The rules also provide that such an entity inform
its clients how to opt out of such data sharing.

Continuing Relationship

The entities will now be expected to provide the privacy guidelines at a time
"not later than the time it establishes a customer relationship" with the
client, and at least once a year thereafter.
The CFTC said it defines the beginning of such a period to be when the
institution and customer "enter into a continuing relationship," most likely
the time when the two enter into a contract. For customers in which no such
relationship has been established, the institution must provide notice of its
privacy policies before it releases personal information to a nonaffiliated
third party, the CFTC said.
In the notices, the institutions must inform customers about the category of
information it may collect as well as what it may disclose, the CFTC said. A
firm, for example, must tell clients that it can collect information
contained in their applications, credit reports, and transaction reports.
The firm must also state that it may disclose data pertaining to assets,
income and investment goals, personal-identifying information (name, address,
and Social Security number), account activity and balances, and credit
histories.
To minimize crossover, the CFTC said it would allow firms that are also
registered with the Securities and Exchange Commission or with a state
securities regulator to abide by either the SEC or Federal Trade Commission's
privacy rules

No Safe Harbor

The commission initially was not obliged to set out such rules, which became
mandatory for other agencies as part of the Gramm-Leach-Bliley Act of 1999.
Congress put the CFTC under the same rules in December, however, as part of
the Commodity Futures Modernization Act of 2000.
The commission said it decided not to exempt or create a safe harbor for
unregistered CTAs and CPOs, despite some lobbying from industry. The CFTC did
agree not to hold foreign unregistered entities to the rules, saying it would
be "impracticable" to do so.

Copyright , 2001 by The Bureau of National Affairs, Inc., Washington D.C.