Annual Privacy of Consumer Financial Information Compliance Reviews would satisfy the federal requirements of Regulation P to ensure compliance with the Regulation’s policy and procedure requirements.  Specific components of the Privacy compliance review would include, as applicable:

·  A review of the Bank’s or Credit Union's written policy and procedures, including:

• Privacy Policy
• Initial and Annual Privacy Policy delivery procedures
• Information Security Policy
• Security Administration Procedures
• Customer inquiry Policy
• Conflict of Interest Policy
• Employee Training

·       A review of the institution's internal controls and procedures for monitoring compliance with the privacy regulation.

·     Random testing of information shared with non-affiliated third parties within the exceptions stated in Section 14 and 15 of the regulation.

·      Random pretext calls performed to determine employee’s adherence to the customer inquiry policy.

·      A review of third party contracts with non-affiliated third parties that perform services for the institution.  

·       A review of the institution's compliance with the privacy regulation, specifically in meeting the following requirements:  

• Providing privacy notices that are timely, accurate, clear and conspicuous, and are delivered so that each customer can reasonably be expected to receive the notice;
• Lawfully using or disclosing nonpublic personal information received from a non-affiliated financial institution;
• Determining if the institution is required to provide an opt out notice to it’s customers, and, if applicable, all requirements of the opt out provision have been met.
• Disclosing account numbers according to the limits in the regulation.