Page : 1/19

Inside TRC

First Page    Prev. Page    Next Page    Last Page

Wednesday, 19 Nov 2014

Now is a good time to review your website offerings that may be directed at children like savings games and more importantly to review your third-party vendor relationships that may be collecting consumer information, to make sure they are complying with the requirements of COPPA.

Take a lesson from Yelp. It applies to you too. Yelp is an online service where people can read and create reviews about businesses and connect with others online and at local events. Many users post profiles with photos and detailed information about themselves. Yelp's "check in" feature lets users announce their presence at a certain business. The problem with Yelp apps is how the age-screening mechanism works – or more accurately, doesn’t work. People who registered on the app were asked for a date of birth, but regardless of what they entered, the Yelp app allowed them to sign up and gave them full access to all features.

Yelp also collected certain information automatically from the phones of registered Yelp users. For example, to get metrics about its mobile user base, Yelp grabbed their Mobile Device ID, the unique identifier assigned to each phone. Furthermore, if people let Yelp offer them location-based services, the company used the device’s GPS to collect the user’s precise location. Given the flaw in the app’s age-screening mechanism, that meant Yelp was collecting personal information from users who said they were under 13 without parental notice and consent. According to the FTC, that went on from April 2009 to April 2013 on both the iOS and Android versions of the Yelp app – and in violation of the COPPA Rule.

The FTC’s complaint charges that Yelp failed to comply with COPPA even though it knew, based on registrants’ birth dates, that kids under 13 were registering via the company’s mobile apps. The lawsuit also alleges that Yelp didn’t adequately test its apps to ensure that users under the age of 13 were prohibited from registering

The settlement imposes a $450,000 civil penalty, requires the company to comply with COPPA in the future, and mandates a report to the FTC a year from now describing what Yelp is doing to comply. In addition, Yelp has to delete information it collected from consumers who said they were under 13 years when they registered.

Keeping your financial institution up to date on regulatory issues and your employees educated can be a daunting task. TRC can help. To learn more, contact us at or (800) 222-9909. The COPPA rules are covered in TRC Interactive’s Information Security course along with other important privacy and security information of which every financial institution needs to be aware.

Wednesday, 5 Nov 2014

The CFPB released an updated mortgage rules Readiness Guide which includes the new TILA-RESPA Integrated Disclosure rule. The Readiness Guide can be accessed here and offers guidance on how to evaluate readiness for complying with the mortgage rule changes.

The updated guide incorporates changes made to Regulation Z, the implementing regulation for the Truth in Lending Act (TILA), and to Regulation X, the implementing regulation for the Real Estate Settlement Procedures Act (RESPA).

Now is the time to begin preparing for The TILA-RESPA Integrated Disclosure rule because it will require significant preparation for the implementation date. TRC anticipates releasing updated TILA and RESPA courses in the second quarter of 2015 to help prepare your staff for the upcoming changes.

Keeping your financial institution up to date on regulatory issues and your employees educated can be a daunting task. TRC can help. To learn more, contact us at or (800) 222-9909.

Monday, 27 Oct 2014

The Consumer Financial Protection Bureau (CFPB) finalized a rule where certain institutions can post their notices online instead of mailing them!

Generally, the Gramm-Leach-Bliley Act (GLBA) requires that financial institutions send annual privacy notices to customers. However the new rule, which was proposed in May, allows financial institutions to post privacy notices online instead of distributing an annual paper copy, if they satisfy certain conditions such as not sharing data in ways that would trigger consumers’ opt-out rights. The new rule applies to both banks and those non-banks that are within the CFPB’s jurisdiction under the GLBA. Institutions that choose to rely on this new method of delivering privacy notices will be required to use the model disclosure form developed by federal regulatory agencies in 2009.

Also, if an institution qualifies for and wants to rely on the online disclosure method, it will have to inform consumers annually about the availability of the disclosures. Previously, institutions were required to send consumers a separate communication about privacy disclosures. The new rule allows institutions to include a notice on a regular consumer communication, such as a monthly billing statement for a credit card, letting consumers know that the annual privacy notice is available online and in paper by request at a provided telephone number. If an institution chooses not to use the new disclosure method, it will need to continue to deliver annual privacy notices to its customers using other delivery methods.

The Bureau is finalizing the rule largely as it was proposed in May, with a number of technical, clarifying, and minor revisions. The rule will be effective immediately upon publication in the Federal Register.

To stay up to date on regulatory trends and news, frequently visit our blog. TRC Interactive also offers online, interactive training on various compliance related topics. To learn more, contact us at or (800) 222-9909.

The final rule is available at:

Tuesday, 7 Oct 2014

The Internal Revenue Service issued a fraud alert for international financial institutions complying with the Foreign Account Tax Compliance Act (FATCA). Scam artists posing as the IRS have fraudulently solicited financial institutions seeking account holder identity and financial account information.

The IRS does not require financial institutions to provide specific account holder identity information or financial account information over the phone or by fax or email. Further, the IRS does not solicit FATCA registration passwords or similar confidential account access information.

“Tax scams using the IRS name can take many forms and they are not limited by national borders,” said IRS Commissioner John Koskinen. “People should always be cautious before sending sensitive information to anyone.”

Financial institutions directly registered to comply with FATCA and those in jurisdictions that are treated as having in effect intergovernmental agreements (IGAs) to implement FATCA through intergovernmental cooperation have been approached by persons representing themselves as the IRS. The IRS has reports of incidents from multiple countries and continents.

These fraudulent solicitations are known as “phishing” scams. These types of scams are typically carried out through the use of unsolicited emails and/or websites that pose as legitimate contacts in order to deceptively obtain personal or financial information.

Financial institutions or their representatives that suspect they are the subject of a “phishing” scam should report the matter to the Treasury Inspector General for Tax Administration (TIGTA) at 800-366-4484, or through TIGTA’s secure website. Any suspicious emails that contain attachments or links in the message should not be opened, and the email should be forwarded to

Keeping your financial institution up to date on regulatory issues and your employees educated can be a daunting task. TRC can help. To learn more, contact us at or 800-222-9909.

Thursday, 18 Sep 2014

Have you heard about “Pass it On” from the Federal Trade Commission (FTC)? The Federal Trade Commission’s mission is to prevent business practices that are anti-competitive or deceptive, or unfair to consumers; to enhance informed consumer choice and public understanding of the competitive process; and to accomplish this without unduly burdening legitimate business activity.

In an effort to further their mission, the FTC has created “Pass it On” which provides articles, presentations, video and activities—directed at arming consumers with the knowledge they need to protect themselves and their friends and families. So how does the word get out?

The website contains free publications, such as bookmarks, your staff can hand to their customers to start the conversation. The free presentation materials include subjects such as:

• Identity Theft
• Imposter Scams
• Charity Fraud
• Health Care Scams
• Paying Too Much
• “You’ve Won” Scams

TRC can help you create an informed and knowledgeable staff with products such as First Line of Defense and The Fraud Prevention Series, and the Federal Trade Commission free publications can help you take that message to your customers…for free!

First Page    Prev. Page    Next Page    Last Page