Question: For the bank’s Privacy Notice, is the bank’s holding company considered an affiliate?
Answer: Reg P defines an affiliate as follows:
“(1) Affiliate means any company that controls, is controlled by, or is under common control with another company.” https://www.consumerfinance.gov/rules-policy/regulations/1016/3/#a-1
Since the holding company has “control,” they are an affiliate. This said, you’d only need to list the affiliate (including holding companies) with whom you’re sharing information. If you do not share information with the holding company, then they do not need to be listed, but if you are sharing with them then they should be listed on your privacy notice.
Compliance Alliance offers a comprehensive suite of compliance management solutions. To learn how to put them to work for your bank, call (888) 353-3933 or email firstname.lastname@example.org and ask for our Membership Team.