The Federal Right to Financial Privacy Act (RFPA)

Generally, the RFPA restricts federal government access to customer financial records held by a financial institution. It requires that the federal government follow certain procedures before obtaining these records, or copies of such records, or even information contained in these records. The RFPA also prohibits financial institutions from releasing the records or allowing the federal government access to the records until the federal government supplies the financial institution with a certificate stating that the government has complied with the requirements of the RFPA. The RFPA also restricts the uses to which the government can put information obtained under the RFPA, and limits the transferring of the information from one government agency to another.

The RFPA is somewhat limited in coverage, since it applies only to requests by the federal government (not state government) and it only applies to requests for certain customers’ records. Also, the RFPA has exceptions for many government requests that fit within the general coverage of the RFPA.

The RFPA provides for liability of both the federal government and the financial institution to the customer for failure to comply with the RFPA. But, the RFPA also shields the financial institution from liability to the customer when the institution releases records in accordance with the RFPA.

Finally, the RFPA provides for reimbursement to financial institutions for the costs of producing records in response to a federal government request that is subject to the RFPA.

This chapter will look at most of the elements of the RFPA. First, we will go over the general coverage of the RFPA and list the obligations of both the government and the financial institution when the government makes a request for records in circumstances where the RFPA applies. Second, we will review the exceptions, or situations that are within the general coverage of the RFPA, but that the RFPA explicitly exempts from all or some of its requirements. Next, we will study the liability provisions of the RFPA (provisions establishing liability of both the government and the financial institution for violations of the RFPA and shielding the financial institution from liability for disclosures made in reliance on a government agency’s certificate of compliance). Finally, we will spell out the rules for cost reimbursement to the financial institution for complying with records requests.

We will not go over the restrictions on government use of information obtained under the RFPA. Those restrictions are not of much concern to financial institutions and, due to their complexity, would needlessly complicate this chapter. Also, we will only briefly be mentioning what the government must do when requesting records in order to comply with the RFPA (e.g., notify the customer). Again, those rules are of little interest to financial institutions, but a brief look at them helps put the relevant rules in context.

We are now ready to look at the general coverage and procedures of the RFPA.