Financial Services Legislation Signed; Includes Privacy Provisions

Washington, DC, November 19, 1999 - On November 12, 1999, President Clinton signed into law the "Gramm-Leach-Bliley Act." Among other things, the statute repeals various restrictions on affiliations among commercial banks, securities firms, and insurance companies. The act includes several amendments to the Investment Company Act and the Investment Advisers Act that are intended to ensure that the SEC has full authority over investment companies that are affiliated with banks. The SEC is required to consult with, and consider the views of, the federal banking agencies in promulgating related rules. The act also establishes new obligations for financial institutions (including investment companies and investment advisers) regarding the privacy of customer information, whether or not these institutions are affiliated with a bank.

Disclosure. The act expands the prohibition in the Investment Company Act against representing or implying that shares of an investment company are guaranteed by the federal government. It adds explicit prohibitions against implying that the shares are insured by the FDIC or that they are obligations of, or guaranteed by, a bank. In addition, it requires persons selling investment company securities advised by or sold through a bank to disclose that the securities are not insured by the FDIC or any other government agency. The SEC is authorized to adopt rules prescribing the manner in which this disclosure should be given, after consulting with and taking into consideration the views of the federal banking agencies.

Independent Directors. The act also changes the definition of "interested person" in the Investment Company Act in certain respects. Currently, Section 2(a)(19) deems all persons affiliated with a broker or dealer to be "interested persons" of a fund (and its investment adviser and principal underwriter); as a result, these persons cannot serve as independent directors. (Rule 2a19-1 under the Investment Company Act provides a conditional exception to this.) Section 213 replaces this broad standard with a more limited one. Persons affiliated with firms that have engaged in certain specified securities transactions, or who have loaned money or other property to, (i) the fund in question, (ii) other funds with the same adviser or that are held out as being related funds, or (iii) other accounts over which the fund's adviser has discretion, are considered "interested persons," provided the transactions in question occurred during the preceding six months.

In addition, Section 213 amends Section 10(c) of the Investment Company Act to provide that no fund can have a majority of its directors affiliated with any single bank or bank holding company, including their affiliates and subsidiaries. Previously, Section 10(c) simply prohibited a fund from having a majority of its directors affiliated with a single bank.

Limits on Authority of Banking Regulators
The regulatory structure established under the act generally assigns to the Federal Reserve Board primary oversight of financial holding companies (which can own commercial banks, securities firms, insurance companies, and other entities engaged in financial activities). However, the act imposes certain limits on the ability of the Board to directly or indirectly regulate "functionally regulated subsidiaries," which are defined as holding company subsidiaries that are subject to regulation by the SEC under the securities laws, such as registered investment companies and investment advisers (as well as entities subject to regulation by state insurance regulators or the CFTC). As was recently noted by Federal Reserve Board Chairman Greenspan, these limits are designed to prevent the spread of bank-like regulation to these entities, which could limit innovation and flexibility. The other banking agencies are subjected to similar limitations.

Privacy Provisions
Title V of the act imposes new requirements on all companies that engage in financial activities, whether or not they are affiliated with banks ("financial institutions"), with respect to protecting the privacy of their customers. The privacy provisions in Title V generally take effect six months after enactment (or May 12, 2000). Section 501 of the act declares that all financial institutions have an "affirmative and continuing obligation" to respect the privacy of their customers and to protect the security and confidentiality of customers' nonpublic personal information. Nonpublic personal information is defined in Section 509 as "personally identifiable financial information" that is provided by a customer to a financial institution, that results from a transaction with the customer, or that is otherwise obtained by the financial institution (although it does not include publicly available information). The term also includes lists of customers derived from nonpublic personal information.

Sharing Information with Affiliates. The act takes a disclosure-based approach to regulating the sharing of customer information by a financial institution with its affiliates. All financial institutions will have to disclose to customers their policies with respect to protecting the confidentiality and security of nonpublic personal information and sharing such information with affiliates and others. These disclosures will have to be made at the time a customer relationship is established and at least annually thereafter. The disclosures must be in accordance with regulations prescribed by the appropriate regulator, which, in the case of investment companies and investment advisers, is the SEC.

Sharing Information with Non-Affiliates. Section 502 of the act provides that, in the case of sharing nonpublic personal information with non-affiliates, in addition to disclosing their policies, financial institutions generally must give their customers the opportunity to direct that such sharing not occur (i.e., an "opt-out"). There are numerous exceptions to this requirement, including where sharing information with a non-affiliate is necessary to effect a transaction or to maintain or service an account, or in connection with a business combination. There are special restrictions on sharing account numbers and similar information.

Rulemaking Relating to Security of Information. Section 501 of the act directs each of several federal financial regulators to adopt rules applicable to financial institutions under their jurisdiction relating to administrative, technical, and physical safeguards to protect the security and confidentiality of customer records and information and to protect against unauthorized access to or use of such records or information.

State Law; Study. Section 507 of the act expressly provides that the privacy provisions of the act do not supersede state laws that offer greater protection to customers. Section 508 directs the Treasury Department to conduct a study of information sharing between financial institutions and their affiliates. Among other things, the study will cover the feasibility of "opt-in" requirements (where a customer must give affirmative consent before information sharing can occur). The report is due January 1, 2002. President Clinton has stated that he believes that the privacy protections in the act do not go far enough and has directed the Administration to develop additional legislative proposals in this area. Bills also have been introduced in both Houses of Congress to strengthen the privacy provisions in the act.