Skip to main content
U.S. flag
An official website of the United States government
Dot gov
The .gov means it’s official. 
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.
Https
The site is secure. 
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.
Federal Register Publications

FDIC Federal Register Citations



Home > Regulation & Examinations > Laws & Regulations > FDIC Federal Register Citations




FDIC Federal Register Citations

From: Bankexpert@cs.com [mailto:Bankexpert@cs.com]
Sent: Tuesday, June 08, 2004 5:48 PM
To: Comments
Subject: FDIC RIN 3064-AC77 - Disposal of Consumer Information

Dear FDIC Staff:

Thank you very much for the opportunity to comment on this important issue.

Financial institutions have already been charged with the responsibility for properly disposing of sensitive materials by the February 1, 2001, guidelines, yet significant problems remain with the means chosen by many of them to address this responsibility. While I generally favor less rather than more regulation, it appears that this relatively simple problem needs to be addressed more definitively.

Rather than debate words and terms used in the rules and proposed rules, for this discussion, let me simply group all of the credit-related contents of a loan file together as "sensitive financial information," and state my belief that this information should be adequately disposed of for a customer or an applicant who did not meet the requirements to become a customer.

In my role as a banking consultant, I have been called on by numerous financial institution defendants and consumer plaintiffs who have encountered serious problems due to the inability of a financial institution to adequately dispose of sensitive financial information. Credit fraud and identity theft, in all of their forms, can result from the improper disposal of sensitive financial information. The fraud that can result from the improper disposal of this sensitive financial information can cause severe personal hardships and financial losses.

The basic problem here is very simple to solve yet is compounded by faulty thinking on the part of some financial institutions. After all, what we are dealing with here is how to throw away the trash.

I have observed that many financial institutions contract out the disposal of sensitive financial information. This is an unnecessary step that adds cost and increases the risk that employees of the disposal company can lose or steal a file and use its information to commit fraud. It is unreasonable to expect that garbage-men will be adequately trained in the handling of sensitive financial information whereas all bank personnel are well aware of the importance of this matter.

Holders of sensitive financial information should be required to dispose of their sensitive financial information promptly and in-house by whatever personnel is involved in physically terminating a loan file when it is due to be disposed of according to the record retention policy. This destroys the sensitive financial information as soon as possible, and does not send it outside the financial institution in a usable form.

Holders of sensitive financial information should be required to dispose of it as soon as practical after the expiration of the required record retention period. In some cases I have seen, sensitive financial information is retained for several months beyond its required record retention period so that it can be disposed of in a "batch" of records covering a specified time bracket. For example, the financial institution will collect and hold closed-out loan files awaiting the arrival of the document destruction company truck. This additional time creates additional and unnecessary risk that the documents might be misused.

This vigilance should extend to all users and handlers of sensitive financial information including not only all financial institutions but also credit reporting agencies, mortgage lenders and brokers, mortgage bankers, investors who purchase mortgage loans as an investment, credit companies, retailers, car dealers, and anyone else who handles sensitive financial information at any point along its physical life.

My viewpoints on these matters are based upon my thirty years in the financial institutions, lending, and consulting businesses. As a banker, I served as Executive Vice President and manager of lending and mortgage banking, as a Board member, and other capacities at several large institutions. Institutions for which I have been employed include Citigroup, Ford Motor Credit, and entities that are now JP Morgan Chase, Bank One, Bank of America, AmSouth, and Wells Fargo. Plus, I served as a governmental financial institution regulator for over two years. As a consultant, I have consulted for six of the top ten banks in the country, the FDIC, RTC, IRS, USAID, the World Bank, several foreign banks, other domestic and foreign governmental agencies, major corporations such as IBM, Cisco Systems, and Kawasaki, and as an expert banking consultant and witness to many leading law firms on over 190 cases nationwide.

Best regards,


Don Coker
Banking, Management & Economic Consultant
1600 Sugar Creek Drive, East
Mobile, AL 36695-2728 USA

Last Updated 06/10/2004 regs@fdic.gov

Last Updated: August 4, 2024