3-1572.2

PRIVACY—Interagency Guidance on Privacy Laws and Reporting Financial Abuse of Older Adults

Purpose

The Board of Governors of the Federal Reserve System (Federal Reserve), the Commodity Futures Trading Commission (CFTC),¹ the Consumer Financial Protection Bureau (CFPB), the Federal Deposit Insurance Corporation (FDIC), the Federal Trade Commission (FTC), the National Credit Union Administration (NCUA), the Office of the Comptroller of the Currency (OCC), and the Securities and Exchange Commission (SEC) are issuing this guidance to financial institutions to clarify the applicability of privacy provisions of the Gramm-Leach-Bliley Act (GLBA) to reporting suspected financial exploitation of older adults.

Employees of depository institutions and other financial service providers that constitute “financial institutions” for purposes of the GLBA may observe signs of possible financial exploitation of an older adult. Various federal and state authorities either require or encourage reporting of this type of information to the appropriate agency. This guidance clarifies that reporting suspected financial abuse of older adults to appropriate local, state, or federal agencies does not, in general, violate the privacy provisions of the GLBA or its implementing regulations.² In fact, specific privacy provisions of the GLBA and its implementing regulations permit the sharing of this type of information under appropriate circumstances without complying with notice and opt-out requirements.³

Background

Elder abuse includes the illegal or improper use of an older adult’s funds, property, or assets.⁴ Recent studies suggest that financial exploitation is the most common form of elder abuse and that only a small fraction of incidents are reported.⁵ Older adults can become targets of financial exploitation by family members, caregivers, scam artists, financial advisers, home repair contractors, fiduciaries (such as agents under power of attorney and guardians), and others. Older adults are attractive targets because they may have significant assets or equity in their homes. They may be especially vulnerable due to isolation, cognitive decline, physical disability, health problems, and/or the recent loss of a partner, family member, or friend.

Financial institutions can play a key role in preventing and detecting elder financial exploitation. A financial institution’s familiarity with older adults it encounters may enable it to spot irregular transactions, account activity,or behavior.⁶ Prompt reporting of suspected financial exploitation to adult protective services, law enforcement,⁷ and/or long-term care ombudsmen⁸ can trigger appropriate intervention, prevention of financial losses, and other remedies.

Discussion of Privacy Protections

The GLBA establishes a general rule that a financial institution may not disclose any nonpublic personal information about a consumer to any nonaffiliated third party unless the financial institution first provides the consumer with a notice that describes the disclosure (as well as other aspects of its privacy policies and practices) and a reasonable opportunity to opt out of the disclosure, and the consumer does not opt out. However, section 502(e) of the GLBA provides a variety of exceptions to this general rule that permit a financial institution to disclose information to nonaffiliated third parties without first complying with notice and opt-out requirements. Generally, disclosure of nonpublic personal information about consumers to local, state, or federal agencies for the purpose of reporting suspected financial abuse of older adults will fall within one or more of the exceptions.⁹ These disclosures of information may be made either at the agency’s request or on the financial institution’s initiative.

The following are specific exceptions to the GLBA’s notice and opt-out requirement that, to the extent applicable, would permit sharing of nonpublic personal information about consumers with local, state, or federal agencies for the purpose of reporting suspected financial abuse of older adults without the consumer’s authorization and without violating the GLBA:

A financial institution may disclose nonpublic personal information to comply with federal, state, or local laws, rules, and other applicable legal requirements, such as state laws that require reporting by financial institutions of suspected abuse. (15 U.S.C. 6802(e)(8) and implementing regulations at
.15(a)(7)(i)).¹⁰
A financial institution may disclose nonpublic personal information to respond to a properly authorized civil, criminal, or regulatory investigation, or subpoena or summons by federal, state, or local authorities or to respond to judicial process or government regulatory authorities having jurisdiction for examination, compliance, or other purposes as authorized by law. (15 U.S.C. 6802(e)(8) and implementing regulations at
.15(a)(7)(ii)-(iii)).
A financial institution may disclose nonpublic personal information to protect against or prevent actual or potential fraud, unauthorized transactions, claims, or other liability. (15 U.S.C. 6802(e)(3)(B) and implementing regulations at
.15(a)(2)(ii)). For example, this exception generally would allow a financial institution to disclose to appropriate authorities nonpublic personal information in order to:
- report incidents that result in taking an older adult’s funds without actual consent, or
- report incidents of obtaining an older adult’s consent to sign over assets through misrepresentation of the intent of the transaction.
To the extent specifically permitted or required under other provisions of law and in accordance with the Right to Financial Privacy Act of 1978 (12 U.S.C. 3401 et seq.), a financial institution may disclose nonpublic personal information to law enforcement agencies (including the CFPB, the federal functional regulators, and the FTC), self-regulatory organizations, or for an investigation on a matter related to public safety. (15 U.S.C. 6802(e)(5) and implementing regulations at
.15(a)(4)).

In addition, a financial institution may disclose nonpublic personal information with the consumer’s consent or consent of the consumer’s legal representative. (15 U.S.C. 6802(e)(2) and implementing regulations at

.15(a)(1)).

Possible Signs of Financial Abuse of Older Adults

The Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) published an advisory in February 2011 that describes potential signs of elder financial exploitation that might trigger the filing of a Suspicious Activity Report (SAR).¹¹ As described in the advisory, among the possible signs of abuse are:

Erratic or unusual banking transactions, or changes in banking patterns:
- Frequent large withdrawals, including daily maximum currency withdrawals from an ATM;
- Sudden non-sufficient fund activity;
- Uncharacteristic nonpayment for services, which may indicate a loss of funds or access to funds;
- Debit transactions that are inconsistent for the older adult;
- Uncharacteristic attempts to wire large sums of money; or
- Closing of CDs or accounts without regard to penalties.
Interactions with older adults or caregivers:¹²
- A caregiver or other individual shows excessive interest in the older adult’s finances or assets, does not allow the older adult to speak for himself, or is reluctant to leave the older adult’s side during conversations;
- The older adult shows an unusual degree of fear or submissiveness toward a caregiver, or expresses a fear of eviction or nursing home placement if money is not given to a caretaker;
- The financial institution is unable to speak directly with the older adult, despite repeated attempts to contact him or her;
- A new caretaker, relative, or friend suddenly begins conducting financial transactions on behalf of the older adult without proper documentation;
- The older adult moves away from existing relationships and toward new associations with other “friends” or strangers;
- The older adult’s financial management changes suddenly, such as through a change of power of attorney to a different family member or a new individual; or
- The older adult lacks knowledge about his or her financial status, or shows a sudden reluctance to discuss financial matters.

Further information about the use of Suspicious Activity Reports to report suspected elder financial exploitation is available in FinCEN’s “The SAR Activity Review” published in May 2013.¹³ In addition, if financial institutions or other organizations are interested in raising public awareness among older adults and their caregivers about preventing, identifying, and responding to elder financial exploitation, Money Smart for Older Adults, a financial resource tool, serves as a helpful source of training and information.¹⁴

Interagency guidance of Sept. 24, 2013.

The CFTC is issuing this document as staff guidance.

While this guidance discusses when reporting is allowed under the GLBA, it does not address any other federal or state laws that may regulate such reporting. Also, the guidance does not specifically address risk-management expectations for financial institutions related to the reporting of elder abuse.

This guidance’s analysis of the GLBA’s privacy provisions builds on joint guidance issued by several federal agencies in 2002 that specifically addressed disclosures to the Michigan Family Independence Agency. See Letter to Hon. Debbie Stabenow, July 3, 2002, available at www. americanbar.org/content/dam/aba/administrative/law_aging/2011/2011_aging_ea_bank_rptg_op_ltr.authcheckdam.pdf.

⁴

See the National Center on Elder Abuse definitions, available at www.ncea.aoa.gov/FAQ/Type_Abuse/index.aspx. The Older Americans Act, as amended by the Elder Justice Act of 2009, defines exploitation as “the fraudulent or otherwise illegal, unauthorized, or improper act or process of an individual, including a caregiver or fiduciary, that uses the resources of an elder for monetary or personal benefit, profit, or gain, or that results in depriving an elder of rightful access to, or use of, benefits, resources, belongings, or assets.” 42 U.S.C. 1397j(8).

⁵

Acierno, R., M. A. Hernandez, A. B. Amstadter, H. S. Resnick, K. Steve, W. Muzzy, and D. G. Kilpatrick, “Prevalence and Correlates of Emotional, Physical, Sexual, and Financial Abuse and Potential Neglect in the United States: The National Elder Mistreatment Study,” American Journal of Public Health 100, no. 2 (Feb. 2010): 292-297; Lifespan of Greater Rochester, Inc., et al., Under the Radar: New York State Elder Abuse Prevention Study (Rochester, NY: Lifespan of Greater Rochester, Inc., May 2011).

⁶

Treasury Department rules require recipients of federal nontax payments to receive payment by electronic funds transfer, with an allowance for certain waivers from the requirement. The rule applies to recipients of Social Security, Veterans Affairs, Supplemental Security Income, Railroad Retirement Board, Department of Labor, and Office of Personnel Management benefit payments. Benefit recipients may have payments directly deposited to an account at a financial institution or to a Direct Express debit card account. See 75 Fed. Reg. 80315 (Dec. 22, 2010).

⁷

Financial institutions file “Suspicious Activity Reports” with the Financial Crimes Enforcement Network (FinCEN), a Bureau of the U.S. Department of the Treasury, involving money laundering and terrorist financing as well as activities related to elder abuse and other consumer fraud. The reports assist law enforcement in identifying individuals and organizations involved in financial crime. See FinCEN, Advisory to Financial Institutions on Filing Suspicious Activity Reports Regarding Elder Financial Exploitation, FIN-2011-A003 (Feb. 22, 2011), available at www.fincen.gov/statutes_regs/guidance/pdf/fin-2011-a003.pdf.

⁸

Long-Term Care Ombudsmen are advocates for residents of nursing homes, board and care homes, assisted living facilities, and similar adult care facilities. Under the federal Older Americans Act, each state has an Office of the State Long-Term Care Ombudsman that addresses complaints and advocates for improvements in the long-term care system. Local ombudsman staff and volunteers work to resolve problems of individual residents. For more information, see www.aoa.gov/AoARoot/AoA_Programs/Elder_Rights/Ombudsman/index.aspx. To find your local ombudsman program, search by location at www.eldercare.gov.

⁹

See section 502(e) of the GLBA (15 U.S.C. 6802(e)) [at 6-7378].

¹⁰

The CFPB’s, FTC’s, CFTC’s, and SEC’s implementing regulations are contained in 12 CFR part 1016, 16 CFR part 313, 17 CFR part 160, and 17 CFR part 248, respectively. For ease of reference, this discussion uses the shared numerical suffix of each of these agencies’ regulations.

¹¹

See footnote 6 above.

¹²

References to “caregiver” or “caretaker” also may apply to other individuals who may be involved in transactions of the type described in the FinCEN advisory.

¹³

See “The SAR Activity Review: Trends Tips & Issues,” Issue 23, May 2013, available at www.fincen.gov/news_room/rp/files/sar_tti_23.pdf.

¹⁴

Money Smart for Older Adults (June 2013), available at www.fdic.gov or www.consumerfinance.gov.