The Policy shall accomplish the following:
The standards set out in this Policy represent minimum requirements for compliance with federal consumer protection laws based on applicable legal and regulatory guidance.
The Gramm-Leach-Bliley Act, also known as the Financial Services Modernization Act of 1999, Pub.L. 106–102, 113 Stat. 1338, (the “Act”) and the Federal Trade Commission’s Privacy Rule, 16 CFR Part 313, govern the treatment of a customer’s NPI by “financial institutions”. A broad range of companies and institutions fall under the Act’s definition of “a financial institution”, as the term encompasses entities deemed to be significantly engaged in financial activities including, but not limited to, companies that originate residential and commercial loans, broker such loans, service such loans, and participate in debt collection.
A financial institution’s obligations under the Act, depends, in part, on whether its clients are “customers” or “consumers.” The Act defines a “consumer” as an individual (or that individual’s legal representative) who obtains or has obtained a financial product or service that is used primarily for personal, family, or household purposes from the institution. Examples of consumer relationships include making a wire transfer or applying for a loan (whether or not the individual actually obtains the loan). Meanwhile, “customers” are a subclass of consumers that maintain a continuing relationship with the institution whereby the institution provides them with one or more financial products or services, which are used primarily for personal, family, or household purposes. For example, a customer relationship may be established when a consumer maintains a deposit, investment or credit card account with the institution or obtains a loan from the institution. However, there is a special rule for with regard to loans; when a financial institution sells the servicing rights to a loan to another financial institution, the customer relationship transfers with the servicing rights. Any information on the borrower retained by the institution that sells the servicing rights must be accorded the protections due any consumer though.
In general, the Act prohibits “financial institutions” from disclosing NPI about their customers to nonaffiliated third parties, unless the institution satisfies various notice and opt-out requirements, and the customer has not elected to opt-out of the disclosure. Consumers who are not customers are only entitled to an initial privacy and opt-out notice if their financial institution wants to share their NPI with nonaffiliated third parties outside of some outlined exceptions.
NPI consists of:
NPI does not include information that is “publically available”. Information is publicly available if an institution has a reasonable basis to believe that the information is lawfully made available to the general public from government records, widely distributed media, or legally required disclosures in the public domain (i.e., information in a telephone book or a publicly recorded document, such as a mortgage or securities filing).
Safeguarding our customer’s financial information and maintaining customer privacy is of utmost importance to American Financial Network Inc. Our policy is to recognize and respect our customers’ expectation that their personal and financial information will be kept confidential. Each customer has the right to expect that his or her information will be protected and only used in an appropriate business manner.
We collect, retain, and use information about individual customers only when and to the extent we believe the information would be useful (and allowed by law) to administer our business and provide products, services, and other opportunities to our customers.
The Company collects NPI about its customers from the following sources:
We only use the NPI collected to handle the customer’s request for specific services. We do not collect information about customers from third parties without a valid reason. In some cases, we gather information to comply with laws and regulations governing our industry. For example, federal regulations require us to obtain a tax identification number (generally a social security number) for some loans, so that we can report interest paid.
We also use some of the data we collect to maintain the security of customer account(s) and to protect the privacy of the financial information. We must be able to positively identify our customers and prevent access by unauthorized individuals.
Because we value your privacy we have taken the necessary precautions to be in compliance with the California Online Privacy Protection Act. We therefore will not distribute your personal information to outside parties without your consent. Children's Online Privacy Protection Act Compliance. We are in compliance with the requirements of COPPA (Children's Online Privacy Protection Act), we do not collect any information from anyone under 13 years of age. Our website, products and services are all directed to people who are at least 13 years old or older.
The Company will attempt to keep customer files complete, up-to-date, and accurate in accordance with reasonable commercial standards. We will tell our customers how and where to conveniently access their account information (except when prohibited by law) and how to notify us about errors. We will quickly respond to any request that we correct inaccurate information. We will take prompt action to make the appropriate corrections and to notify anyone with whom we may have shared inaccurate information.
When conducting business, employees may obtain access to confidential information about the Company and its customers. We limit employee access to personally identifiable information to those employees with a business reason for knowing the information. Employees who possess such confidential and/or proprietary information must understand that it has been given to them for an expressed, permissible business purpose, and may only be disclosed on a need-to-know basis and for that business purpose. Discretion must be used when disclosing confidential information – it must never be disseminated to unauthorized persons including employees that do not have a need-to-know basis for the information.
We regularly conduct training sessions and otherwise educate our employees so they understand the importance of confidentiality and customer privacy. We maintain physical, electronic and procedural safeguards that comply with federal regulations to guard your nonpublic personal information, including but not limited to, requiring all documents containing NPI to be secured in locked cabinets or file drawers when not in use, utilizing shredders and/or confidentiality bins for disposal of NPI when no longer needed, and conducting periodic sweeps of work areas to ensure compliance with the Policy.
Misuse of confidential information may result in civil or criminal liability, or in sanctions or penalties against both the Company and the individual responsible for the misuse of such information. The Company will take disciplinary measures to enforce our employees’ privacy responsibilities.
The Company does not disclose any NPI about customers or former customers to anyone, except as permitted by law. For example, we are required to share financial information with parties named in a lawsuit or administrative action when we are served with a subpoena or court order and with federal or state regulatory authorities, such as banking examiners or the Internal Revenue Service, as authorized by federal or state law. Consistent with the practice of other institutions, we also share information with reputable credit reporting agencies as authorized under federal law and with others who may receive certain information from us under particular circumstances, but only as lawfully permitted or required.
We require our third party service providers to disclose and detail their electronic security measures for review and as part of our vendor compliance procedures. The service providers acting on our behalf and with exposure to customers’ NPI are contractually obligated to keep the information we provide to them confidential, and only use such information to provide the services we request from them.
The Company utilizes the model privacy form located in the Appendix to Regulation P, 12 CFR, Part 1016, Privacy of Consumer Financial Information. In regard to completing this form the Company will ensure the following:
The Company is committed to the security of its customers’ financial and personal information. All of our operational and data processing systems are in a secure environment that protects account information from being accessed by third parties. We maintain and grant access to customer information only in accordance with our internal security standards.
This is the Policy of American Financial Network Inc. All employees must conduct themselves in compliance with this Policy and any guidance or procedures instituted to further this Policy. The Company requires its personnel to be vigilant to ensure that the law is complied with and that any suggestions of wrongdoing or improper disclosure of information be immediately reported to Management through the appropriate channels, which are provided to an employee at hire as part of the Employee Handbook.
American Financial Network Inc., DBA Orion Lending
Effective Date: July 1, 2019