Financial Services Modernization Act of 1999 - An Excerpt:
Subtitle B--Fraudulent Access to Financial Information
SEC. 521. PRIVACY PROTECTION FOR CUSTOMER INFORMATION OF FINANCIAL INSTITUTIONS.
(a) PROHIBITION ON OBTAINING CUSTOMER INFORMATION BY FALSE PRETENSES- It shall be a violation of this subtitle for any person to obtain or
attempt to obtain, or cause to be disclosed or attempt to cause to be disclosed
to any person, customer information of a financial institution relating to
(1) by making a false, fictitious, or fraudulent statement or representation to
an officer, employee, or agent of a financial institution;
(2) by making a false, fictitious, or fraudulent statement or representation to
a customer of a financial institution; or
(3) by providing any document to an officer, employee, or agent of a financial
institution, knowing that the document is forged, counterfeit, lost, or stolen,
was fraudulently obtained, or contains a false, fictitious, or fraudulent
statement or representation.
(b) PROHIBITION ON SOLICITATION OF A PERSON TO OBTAIN CUSTOMER INFORMATION FROM
FINANCIAL INSTITUTION UNDER FALSE PRETENSES - It shall be a violation of this
subtitle to request a person to obtain customer information of a financial
institution, knowing that the person will obtain, or attempt to obtain, the
information from the institution in any manner described in subsection (a).
(c) NONAPPLICABILITY TO LAW ENFORCEMENT AGENCIES- No provision of this section
shall be construed so as to prevent any action by a law enforcement agency, or
any officer, employee, or agent of such agency, to obtain customer information
of a financial institution in connection with the performance of the official
duties of the agency.
(d) NONAPPLICABILITY TO FINANCIAL INSTITUTIONS IN CERTAIN CASES - No provision
of this section shall be construed so as to prevent any financial institution,
or any officer, employee, or agent of a financial institution, from obtaining
customer information of such financial institution in the course of--
(1) testing the security procedures or systems of such institution for
maintaining the confidentiality of customer information;
(2) investigating allegations of misconduct or negligence on the part of any
officer, employee, or agent of the financial institution; or
(3) recovering customer information of the financial institution which was
obtained or received by another person in any manner described in subsection (a)
(e) NONAPPLICABILITY TO INSURANCE INSTITUTIONS FOR INVESTIGATION OF INSURANCE
FRAUD - No provision of this section shall be construed so as to prevent any
insurance institution, or any officer, employee, or agency of an insurance
institution, from obtaining information as part of an insurance investigation
into criminal activity, fraud, material misrepresentation, or material
nondisclosure that is authorized for such institution under State law,
regulation, interpretation, or order.
(f) NONAPPLICABILITY TO CERTAIN TYPES OF CUSTOMER INFORMATION OF FINANCIAL
INSTITUTIONS- No provision of this section shall be construed so as to prevent
any person from obtaining customer information of a financial institution that
otherwise is available as a public record filed pursuant to the securities laws
(as defined in section 3(a)(47) of the Securities Exchange Act of 1934).
(g) NONAPPLICABILITY TO COLLECTION OF CHILD SUPPORT JUDGMENTS - No provision of
this section shall be construed to prevent any State-licensed private
investigator, or any officer, employee, or agent of such private investigator,
from obtaining customer information of a financial institution, to the extent
reasonably necessary to collect child support from a person adjudged to have
been delinquent in his or her obligations by a Federal or State court, and to
the extent that such action by a State-licensed private investigator is not
unlawful under any other Federal or State law or regulation, and has been
authorized by an order or judgment of a court of competent jurisdiction.
SEC. 522. ADMINISTRATIVE ENFORCEMENT.
(a) ENFORCEMENT BY FEDERAL TRADE COMMISSION- Except as provided in subsection
(b), compliance with this subtitle shall be enforced by the Federal Trade
Commission in the same manner and with the same power and authority as the
Commission has under the Fair Debt Collection Practices Act to enforce
compliance with such Act.
(b) ENFORCEMENT BY OTHER AGENCIES IN CERTAIN CASES-
(1) IN GENERAL- Compliance with this subtitle shall be enforced under--
(A) section 8 of the Federal Deposit Insurance Act, in the case of--
(i) national banks, and Federal branches and Federal agencies of foreign banks,
by the Office of the Comptroller of the Currency;
(ii) member banks of the Federal Reserve System (other than national
banks), branches and agencies of foreign banks (other than Federal
branches, Federal agencies, and insured State branches of foreign banks),
commercial lending companies owned or controlled by foreign banks, and
organizations operating under section 25 or 25A of the Federal Reserve Act, by
(iii) banks insured by the Federal Deposit Insurance Corporation (other
than members of the Federal Reserve System and national nonmember banks) and
insured State branches of foreign banks, by the Board of Directors of the
Federal Deposit Insurance Corporation; and
(iv) savings associations the deposits of
which are insured by the Federal Deposit Insurance Corporation, by the Director
of the Office of Thrift Supervision; and
(B) the Federal Credit Union Act, by the Administrator of the National Credit
Union Administration with respect to any Federal credit union.
(2) VIOLATIONS OF THIS SUBTITLE TREATED AS VIOLATIONS OF
OTHER LAWS- For the purpose of the exercise by any agency referred to in
paragraph (1) of its powers under any Act referred to in that paragraph, a
violation of this subtitle shall be deemed to be a violation of a requirement
imposed under that Act. In addition to its powers under any provision of law
specifically referred to in paragraph (1), each of the agencies referred to in
that paragraph may exercise, for the purpose of enforcing compliance with this
subtitle, any other authority conferred on such agency by law.
SEC. 523. CRIMINAL PENALTY.
(a) IN GENERAL- Whoever knowingly and intentionally violates, or knowingly and
intentionally attempts to violate, section 521 shall be fined in accordance with
title 18, United States Code, or imprisoned for not more than 5 years, or both.
(b) ENHANCED PENALTY FOR AGGRAVATED CASES- Whoever violates, or attempts to
violate, section 521 while violating another law of the United States or as part
of a pattern of any illegal activity involving more than $100,000 in a 12-month
period shall be fined twice the amount provided in subsection (b)(3) or (c)(3)
(as the case may be) of section 3571 of title 18, United States Code, imprisoned
for not more than 10 years, or both.
SEC. 524. RELATION TO STATE LAWS.
(a) IN GENERAL- This subtitle shall not be construed as superseding, altering,
or affecting the statutes, regulations, orders, or interpretations in effect in
any State, except to the extent that such statutes, regulations, orders, or
interpretations are inconsistent with the provisions of this subtitle, and then
only to the extent of the inconsistency.
(b) GREATER PROTECTION UNDER STATE LAW- For purposes of this section, a State
statute, regulation, order, or interpretation is not inconsistent with the
provisions of this subtitle if the protection such statute, regulation, order,
or interpretation affords any person is greater than the protection provided
under this subtitle as determined by the Federal Trade Commission, after
consultation with the agency or authority with jurisdiction under section 522 of
either the person that initiated the complaint or that is the subject of the
complaint, on its own motion or upon the petition of any interested party.
SEC. 525. AGENCY GUIDANCE.
In furtherance of the objectives of this subtitle, each Federal banking agency
(as defined in section 3(z) of the Federal Deposit Insurance Act), the National
Credit Union Administration, and the Securities and Exchange Commission or
self-regulatory organizations, as appropriate, shall review regulations and
guidelines applicable to financial institutions under their respective
jurisdictions and shall prescribe such revisions to such regulations and
guidelines as may be necessary to ensure that such financial institutions have
policies, procedures, and controls in place to prevent the unauthorized
disclosure of customer financial information and to deter and detect activities
proscribed under section 521.
SEC. 526. REPORTS.
(a) REPORT TO THE CONGRESS- Before the end of the 18-month period beginning on
the date of the enactment of this Act, the Comptroller General, in consultation
with the Federal Trade Commission, Federal banking agencies, the National Credit
Union Administration, the Securities and Exchange Commission, appropriate
Federal law enforcement agencies, and appropriate State insurance regulators,
shall submit to the Congress a report on the following:
(1) The efficacy and adequacy of the remedies provided in this subtitle in
addressing attempts to obtain financial information by fraudulent means or by
(2) Any recommendations for additional legislative or regulatory action to
address threats to the privacy of financial information created by attempts to
obtain information by fraudulent means or false pretenses.
(b) ANNUAL REPORT BY ADMINISTERING AGENCIES- The Federal Trade Commission and
the Attorney General shall submit to Congress an annual report on number and
disposition of all enforcement actions taken pursuant to this subtitle.
SEC. 527. DEFINITIONS.
For purposes of this subtitle, the following definitions shall apply:
(1) CUSTOMER- The term `customer' means, with respect to a financial
institution, any person (or authorized representative of a person) to whom the
financial institution provides a product or service, including that of acting as
(2) CUSTOMER INFORMATION OF A FINANCIAL INSTITUTION- The term `customer
information of a financial institution' means any information maintained by or
for a financial institution which is derived from the relationship between the
financial institution and a customer of the financial institution and is
identified with the customer.
(3) DOCUMENT- The term `document' means any information in any form.
(4) FINANCIAL INSTITUTION-
(A) IN GENERAL- The term `financial institution' means any institution engaged
in the business of providing financial services to customers who maintain a
credit, deposit, trust, or other financial account or relationship with the
(B) CERTAIN FINANCIAL INSTITUTIONS SPECIFICALLY
INCLUDED- The term `financial institution' includes any depository institution
(as defined in section 19(b)(1)(A) of the Federal Reserve Act), any broker or
dealer, any investment adviser or investment company, any insurance company, any
loan or finance company, any credit card issuer or operator of a credit card
system, and any consumer reporting agency that compiles and maintains files on
consumers on a nationwide basis (as defined in section 603(p) of the Consumer
Credit Protection Act).
(C) SECURITIES INSTITUTIONS- For purposes of subparagraph (B)--
(i) the terms `broker' and `dealer' have the same meanings as given in section 3
of the Securities Exchange Act of 1934 (15 U.S.C. 78c);
(ii) the term `investment adviser' has the same meaning as given in section
202(a)(11) of the Investment Advisers Act of 1940 (15 U.S.C.
(iii) the term `investment company' has the same meaning as given in
section 3 of the Investment Company Act of 1940 (15 U.S.C. 80a-3).
(D) CERTAIN PERSONS AND ENTITIES SPECIFICALLY EXCLUDED-
The term `financial institution' does not include any person or entity with
respect to any financial activity that is subject to the jurisdiction of the
Commodity Futures Trading Commission under the Commodity Exchange Act and does
not include the Federal Agricultural Mortgage Corporation or any entity
chartered and operating under the Farm Credit Act of 1971.
(E) FURTHER DEFINITION BY REGULATION- The Federal Trade
Commission, after consultation with Federal banking agencies and the Securities
and Exchange Commission, may prescribe regulations clarifying or describing the
types of institutions which shall be treated as financial institutions for
purposes of this subtitle.