Right to Financial Privacy Act
Exceptions to
Notice and Certification Requirements
In general, exceptions to the notice and certifica-
tion
requirements cover situations pertinent to
routine banking business, information
requested by
supervisory agencies, and
requests subject to
other statutory
requirements. Specific exceptions
include
records
• Submitted by financial institutions to any court or
agency when
perfecting a security interest,
proving a claim in
bankruptcy, or collecting a
debt for itself or a fiduciary
• Requested by a supervisory agency in connec-
tion with its
supervisory, regulatory, or monetary
functions (including
regular examinations and
any investigations
relating to consumer
complaints)
• Sought in accordance with procedures autho-
rized by the Internal Revenue Code
(records that
are intended to be accessed by procedures
authorized by the
Tax Reform Act of 1976)
• Required to be reported in accordance with any
federal statute (or rule promulgated
thereunder,
such as the Bank
Secrecy Act)
• Requested by the Government Accountability
Office for an authorized proceeding, investiga-
tion, examination, or audit
directed at a federal
agency
• Subject to a subpoena issued in conjunction with
proceedings
before a grand jury (with the
exception of cost
reimbursement and the
restricted use of grand jury information)
• Requested by a government authority subject to
a lawsuit involving the bank customer (The
records may be obtained under the Federal
Rules of Civil and Criminal
Procedure.)
The act also allows financial institutions to
• Release records that are not individually identifi-
able with a particular customer
• Notify law enforcement officials if it has informa-
tion
relevant to a violation of the law
Exceptions to Notice Requirements
But Not to Certification Requirements
In certain cases, the act does not require the
customer to be notified of the
request but still
requires the federal agency requesting the informa-
tion to certify in writing that it has complied with all
applicable provisions of the act. Exceptions to the
notice provisions include
• Instances in which a financial institution, rather
than a
customer, is being investigated
2 (1/06) • RFPA Consumer Compliance Handbook
• Requests for records incidental to the process-
ing of a government loan, loan
guaranty, loan
insurance
agreement, or default on a government-
guaranteed or
government-insured loan (In this
case, the federal agency must give the loan
applicant a notice of the government’s rights to
access financial
records when the customer
initially applies for the loan. The financial
institu-
tion is then
required to keep a record of all
disclosures made to government authorities, and
the customer is entitled to inspect this
record.)
• Instances in which the government is engaging
in authorized
foreign intelligence activities or the
Secret Service is carrying out its protective
functions
Although the Securities and Exchange Commis-
sion is
covered by the act, it can obtain customer
records from an institution without prior notice to the
customer by obtaining an
order from a U.S. district
court. The agency must,
however, provide the
certificate of compliance to the institution along
with the court
order prohibiting disclosure of the
fact that the documents have been obtained. The
court
order will set a delay-of-notification date, after
which the customer will be notified by the institution
that the SEC has obtained his or her
records.
Delayed-Notice Requirements
Under certain circumstances, a government entity
may
request a court order delaying the customer
notice for up to ninety days. This delay may be
granted if the court finds that earlier notice would
result in endangering the life or physical safety of
any person, flight from prosecution, destruction of
or tampering with evidence, or intimidation of
potential witnesses or would otherwise seriously
jeopardize or unduly delay an investigation, trial, or
official proceeding. Delayed notice of up to ninety
days is also allowed for
search warrants.
Civil Liability
A customer may collect civil penalties from any
government agency or department that obtains, or
any financial institution or employee of the
institu-
tion who discloses, information in violation of the
act. These penalties include (1) actual damages,
(2) $100, regardless of the volume of records
involved, (3) court costs and
reasonable attorney’s
fees, and (4) such punitive damages as the court
may allow for willful or intentional violations. An
action may be brought up to
three years after the
date of the violation or the date the violation was
discovered. A financial institution that relies in good
faith on a federal agency’s certification may not be
held liable to a customer for the
disclosure of
financial
records.