Www.melissa.com



The following document intended to provide guidance on compliance issues related to onboarding clients (“End Users”) who wish to license services and data that fall under Gramm-Leach-Bliley Act’s Financial Privacy and Safeguarding Rules, FTC Disposal Rule and other related federal and state laws and regulations. Such services are referred below as “reference services” and such data is referred below as “consumer information.” (Further, such consumer information is non-public, personally identifiable consumer information specifically regulated under the GLBA.)1. Prohibited Uses Marketing Purposes: All End Users are prohibited from using the reference services for marketing purposes.No sale to End User for purposes of further resale, licensing or release to third parties: No sale directly to consumers: End User cannot be the consumer themselves (ie. the subject of the personally identifiable consumer information). Unauthorized Business Types:Adult entertainment service of any kind Bail Bondsman, unless licensed by the state in which they are operating Child location service – Company that locates missing children Credit counseling, whether for-profit or not-for-profit credit counselors Credit repair Dating service Financial counseling, except a registered securities broker dealer Foreign company or foreign agency (Any company or agency not basedin the United States) Genealogical or heir research firm Direct Marketing Massage service News agency or journalist Pawn shop Private detective, detective agency or investigative company Asset Location Services/Repossession company Subscriptions (magazines, book clubs, record clubs, etc.) Tattoo service Time Shares - Company seeking information in connection with time shares (exception: financers of time shares) Weapons dealer, seller or distributorTaking of adverse action against consumer: Reference services cannot be used by End User in any way to establish an individual’s credit worthiness or eligibility for:Credit or insurance decisioning; orEmployment 2. Permitted UsesStandard Industries/Types of End Users: identity verification firms, government agencies, including law enforcement, attorneys and law firms, banking, collections, asset location, insurance, financial services, retail, automotive, telecommunications, utilities, and healthcare.Permitted Purposes: purpose of use MUST fit into at least one category:As necessary to effect, administer, or enforce a transaction requested or authorized by the consumer, or in connection with servicing or processing a financial product or service requested or authorized by the consumer;As necessary to effect, administer, or enforce a transaction requested or authorized by the consumer, or in connection with maintaining or servicing the consumer’s account with End User and End User is a financial institution;With the consent or at the direction of the consumer;To protect the confidentiality or security of End User’s records pertaining to the consumer, service, product or the transaction therein and End User is a financial institution;To protect against or prevent actual or potential fraud, unauthorized transactions, claims, or other liability;For required institutional risk control or for resolving consumer disputes or inquiries;For use solely in conjunction with a legal or beneficial interest held by End User and relating to the consumer;For use solely in End User’s fiduciary or representative capacity on behalf of the consumer;To the extent specifically permitted or required under other provisions of law and in accordance with the Right to Financial Privacy Act of 1978 (12 U.S.C. 3401 et seq.), to law enforcement agencies (including a federal functional regulator, the Secretary of the Treasury, with respect to 31 U.S.C. Chapter 53, Subchapter II (Records and Reports on Monetary Instruments and Transactions) and 12 U.S.C. Chapter 21 (Financial Recordkeeping), a State insurance authority, with respect to any person domiciled in that insurance authority’s State that is engaged in providing insurance, and the Federal Trade Commission), self-regulatory organizations, or for an investigation on a matter related to public safety;To comply with Federal, State or local laws, rules and other applicable legal requirements.3. End User VerificationsMembership Application: Provided as a separate document and must be filled out by End User after the initial checks in Steps 1 and 2 have been cleared. Shall contain the following information:Full name and address of end user (including all DBAs)Nature of End User’s businessThe specific purpose(s) for which licensed reference services and consumer data will be usedInformation regarding the classification of the end user’s business (sole propriertorship, partnership, public/private corporation) Identification of the owner(s) (if applicable, including home address(es), social security number(s)), inclusion g End User website address(es)/URLsStatement of Intent from End User: The Statement of Intent must be signed by an officer, owner or authorized manager of the company. It must be on the End User’s company letterhead, and should include the following type of information (preferably in the End User’s own words):The nature of its businessIts intended use for the servicesIts anticipated monthly volumeIntent as to whether it anticipates its access to be primarily local, regional, or nationalItems C through F below can be done concurrently or in no specific order:Business Type/Identity Verification: Confirm, via a business telephone directory such as the Yellow Pages (printed or electronic) whether the End User is listed under any Unauthorized Business Type (listed in Part 1.d)End User Website Verification: When the End User has a website, the reviewer must review the website and print and maintain copies of the site’s home page in its membership files. The reviewer must review all information available on the website to ensure the data is consistent with that which was provided by the End User in its Letter of Intent and Membership Application. Any contradictory information found will require further inquiry to resolve the inconsistencies. If the web page indicates that the End User applicant performs, promotes or encourages credit repair, or any other Unauthorized Type of Business, the application must be denied.Business License: If End User operates in a geographic location or industry subject to licensing requirements, a copy of the End User applicant’s business license, Federal Tax ID/Employer Identification Number and/or Articles of Incorporation must be secured. In the alternative, verifications of the same from the websites of the authorized issuer of the license (e.g. local city websites, Secretary of State, Dept. of Corporations, Dept. of Motor Vehicles, Dept. of Commerce or Finance) may be printed and maintained.Business Banking and Credit Verification: Revier must obtain consent to verify the End User’s business bank accounts with a financial institution and credit accounts with a financial institution or business vendor (provided such vendor is published within a reputable business directory or phone listing) and conduct such verification. Verifications shall include:The length of relationship between the financial institution/business vendor and the End User; Type of account(s); and The End User’s name and address on record with the financial institution/business vendor. All verifications must be documented and maintained. Phone numbers used to contact the End User’s financial institution must be verified with a reputable directory or phone listing. Any financial institution not listed with a reputable directory or phone listing may not be used for purposes of business banking or credit verifications.As an alternative to Business Banking and Credit Verification, reviewer may obtain one of the following:A listing with a reputable industry listing or rating, such as A.M. Best’s, Moody’s, Standard and Poor’s, FDIC or NCUA. A copy of such listing must be retained in the membership file; ORA copy of the prospective End User’s Annual Report published within the last twelve (12) months, which has been certified by a certified public accounting firmNew Business: If End User has been in business for one (1) year or less, TWO of the following items must be secured:Copy of utility or telephone bill in the business name for service at the principal place of businessCopy of lease or proof of property ownership by business of the principal place of business of End UserCopy of bank statement addressed to the End User at its principal place of businessProof of commercial insurance under the business name shown on the applicationSole Proprietorship or Partnership: If the End User is a sole proprietor or partnership, reviewer must obtain written consent to secure a copy of the owner’s or partners’ personal credit report(s). Reviewer shall also obtain a copy of the owner’s or partners’ government issued photo identification, and confirm that the name, address and date of birth on the identification card match the information supplied on the written consent form, prior to requesting a credit report. Licensee must then obtain a credit report on such owner or partner, including a fraud risk evaluation tool such as TransUnion’s High Risk Fraud Alert, and an additional authentication service such as TransUnion’s SSN Search. Reviewer must review these reports to determine whether the individual credit report is consistent with the individual’s age and business experience, whether the social security number provided is associated with any other individual or whether any other indicia of identity fraud are apparent. If sole proprietors or partners refuse to consent to having their personal credit reports accessed for this purpose, reviewer must deny the application.Due to complexity or potential expense of arranging a site inspection, Site Inspection should be arranged closer to the end of the verification process, unless this verification step is anticipated to be completed through one of the applicable exceptions: Site Inspection or Confirmation Exceptions: A site inspection must be performed at the principal place of business of all End Users, unless one of the applicable exception conditions is met. Site inspection may be performed by a third party vendor.The purpose of the inspection is to ensure that the End User’s business facility is commensurate with the size and purported type of business listed on the application and/or Letter of Intent, and the identification and certifications made by the End User.An End User operating from a home office may be approved by only if each of the following conditions are met: (1) site inspection must confirm physical separation of the business from the living quarters; and (2) End User is listed in either the appropriate category of a reputable/public business telephone directory (e.g., Yellow Pages, , ) or a national or state trade association or a current copy of the End User’s telephone bill reflects the same company name and address as the End User’s application for membership and the bill reflects commercial rate charges. Reviewer must maintain a copy of the above-referenced listing(s) or telephone bill in its membership files.All site inspections must be documented, must demonstrate when and by whom the physical inspection was conducted, and must reflect the inspector’s findings. A separate available document containing the applicable checklist must be completed during the inspection. Such documentation must also bear the signature of the End User's owner/officer/authorized manager who was present at the site inspection.Site Inspections are not required for End Users that meet any of the following conditions:End User is a publicly held company under the regulatory authority of the US Securities and Exchange Commission. Reviewer must secure printed documentation of the listing from edgarEnd User is subject to the regulatory authority of any agency listed in Section 621(b) of the FCRA, 15 U.S.C § 1681s(b) and End User address must be an exact match to agency’s listing.If the physical address listed with the agency is not an exact match, Licensee must either a.) perform a site visit or b.) verify directly with the regulatory authority that they have received an address correction notice from the end user and retain documentation to show the date/name/position and phone number of the associate at the agency who verified receipt of the address change. Reviewer must secure printed documentation from the appropriate federal agency’s websiteEnd User is a licensed insurance company. Reviewer must secure a copy of the applicant’s insurance license or printed verification from AM BestEnd User has been approved by the Internal Revenue Service as a tax-exempt organization pursuant to Section 501(c)(3) of the Internal Revenue Code, 26 U.S.C. § 501(c)(3). Licensee must secure and retain a copy of the tax-exemption certificateNOTE: For this classification of End Users, Licensee shall truncate the following data, unless the data was first provided in full to the Licensee by the End User:Social Security numbersDriver’s license numbers andCredit card, debit card, bank account, and other financial account numbersEnd User has been certified by the Small Business Administration for participation in an SBA- administered program, such as the Section 8(a) Business Development program and the Small Disadvantaged Business Program, 13 C.F.R. part 124, or the Historically Underutilized Business (“HUBZone”) program, 13 C.F.R. parts 121, 125, and 126. Reviewer must secure written documentation from the applicable federal agency to support this itemEnd User has been certified by the Department of Transportation forparticipation in the Department of Transportation’s Disadvantaged Business Enterprise Program, 49 C.F.R. part 26. Reviewer must secure written documentation from the applicable federal agency to support this itemEnd User has been verified to be, and has certified it is, a federal, state or local government agency or department.4. License Agreement Addendum (Special Terms) End Users that have completed the verification process will have to sign an additional Addendum containing specific terms, including: the type of business, permitted purpose of use, and the nature of End User’s business. The required terms will be set out in a separate document and are outlined below.End User certifies that End User shall use the References Services solely for End User’s exclusive one-time use and shall hold such Reference Services in strict confidence. End User shall not request, obtain or distribute Reference Services for any other purpose including, but not limited to, for the purpose of selling, leasing, renting or otherwise providing information obtained under this Agreement to any other party, whether alone, in conjunction with End User’s own data, or otherwise in any service which is derived from the Reference Services. The Reference Services shall be requested by, and disclosed by End User only to End User’s designated and authorized employees having a need to know and only to the extent necessary to enable End User to use the Reference Services in accordance with this Agreement. End User shall ensure that such designated and authorized employees shall not attempt to obtain any Reference Services on themselves, associates, or any other person except in the exercise of their official duties.End User will maintain copies of all written authorizations for a minimum of five (5) years from the date of inquiry.With just cause, such as violation of the terms of the End User’s contract or a legal requirement, or a material change in existing legal requirements that adversely affects the End User’s agreement, Licensee may, upon its election, discontinue serving the End User and cancel the agreement immediately.End User is a [Insert type of business] and certifies it is obtaining CRD-Reference Services for the following purpose as being encompassed by Section (6802)(e) of the Gramm-Leach-Bliley Act, Title V, Subtitle A, Financial Privacy (15 U.S.C. § 6801-6809) (“GLB”) and the United States Federal Trade Commission rules promulgated thereunder and no other purpose. End User certifies its purpose(s) as:As necessary to effect, administer, or enforce a transaction requested or authorized by the consumer, or in connection with servicing or processing a financial product or service requested or authorized by the consumerAs necessary to effect, administer, or enforce a transaction requested or authorized by the consumer, or in connection with maintaining or servicing the consumer’s account with End User and End User is a financial institutionWith the consent or at the direction of the consumerTo protect the confidentiality or security of End User’s records pertaining to the consumer, service, product or the transaction therein and End User is a financial institutionTo protect against or prevent actual or potential fraud, unauthorized transactions, claims, or other liabilityFor required institutional risk control or for resolving consumer disputes or inquiriesFor use solely in conjunction with a legal or beneficial interest held by End User and relating to the consumerFor use solely in End User’s fiduciary or representative capacity on behalf of the consumer.To the extent specifically permitted or required under other provisions of law and in accordance with the Right to Financial Privacy Act of 1978 (12 U.S.C. 3401 et seq.), to law enforcement agencies (including a federal functional regulator, the Secretary of the Treasury, with respect to 31 U.S.C. Chapter 53, Subchapter II (Records and Reports on Monetary Instruments and Transactions) and 12U.S.C. Chapter 21 (Financial Recordkeeping), a State insurance authority, with respect to any person domiciled in that insurance authority’s State that is engaged in providing insurance, and the Federal Trade Commission), self-regulatory organizations, or for an investigation on a matter related to public safetyTo comply with Federal, State or local laws, rules and other applicable legal requirements.End User further represents that:The nature of End User’s business is [Insert from End User Statement of Intent]End User shall use information obtained from each individual request for Licensed Materials only one time. End User shall hold the Licensed Materials in confidence, using no less than a reasonable degree of care, and shall not disclose the Licensed Materials to any third party. End User shall not disassemble, decompile, or in any way reverse engineer the Licensed Materials. End User shall use the Licensed Materials: (a) solely for End User's certified Permitted Use as set forth above in this Agreement and shall not request, obtain or use Licensed Materials for any other purpose including, but not limited to, for the purpose of selling, leasing, renting or otherwise providing Licensed Materials to any other party, whether alone, in conjunction with End User’s own data, or otherwise in any service which is derived from the Licensed Materials; and (b) subject to the terms and conditions under which End User is being provided Licensed Materials. Licensed Materials shall be requested by, and disclosed by End User to, only the End User's designated and authorized employees having a need to know and only to the extent necessary to enable End User to use the Licensed Materials in accordance with this Agreement. End User shall ensure that such End User designated and authorized employees shall not attempt to obtain any Licensed Materials on themselves, associates, or any other person except in the exercise of their official duties.End User shall not request, obtain or use such Licensed Materials for any other purpose including, but not limited to, in whole or in part, as a factor in establishing an individual’s creditworthiness or eligibility for (i) credit or insurance, or (ii) employment, nor for any other purpose under the Fair Credit Reporting Act (15 U.S.C. §1681 et seq.) (“FCRA”). Moreover, End User shall not take any adverse action, which is based in whole or in part on the Licensed Materials, against any consumer. For the purposes of this Agreement, the terms “adverse action” and “consumer” shall have the same respective meaning as those terms are defined in the FCRA.Audit Rights and Changes to End User Verification. Licensor shall be entitled to perform periodic audits of End User in roder to verify that the basic company information on the End User has not changed and that the company name, location, ownership, nature of business and permissible purpose/intended use of data is the same as certified on the original documentation. If the End User is a partnership or sole proprietor and the ownership changes, the End User must be re-credentialed in accordance with previous requirements. If the nature of business changes, additional credentialing must be performed to verify the new business of the existing End User.Any changes in the End User’s nature of business and/or permitted use must be consistent with End User’s License Agreement and may require a new License Agreement. The proposed new business and new use(s) of the data must be consistent with the types of business for which the reference service and consumer information can be licensed. ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download