Internal credit reporting procedures used by some banks could be the first step in new initiatives aimed at protecting consumer financial privacy, according to an advisory released to institutions by the Office of the Comptroller of the Currency last week.

The advisory is notable because rather than providing clear, enforceable rules, the "guidelines" are meant only as a general map for how banks should proceed in providing financial information to affiliates to use in cross-marketing of products, according to several industry lawyers. The issue is white-hot, with Democrats in both the House and Senate introducing legislation to deal with it.

And, last October, three Republican members of the House Banking Committee, Reps. Doug Bereuter, Neb., Bill McCollum, Fla., and Richard Baker, La., wrote a letter to acting Comptroller of the Currency Julie Williams asking the agency to "go slowly" before amending its rules. The three had proposed legislation several years ago that would limit the ability of the government to restrict use of financial data.

One industry lawyer said the industry is "particularly pleased" that the new advisory doesn’t take the form of any mandatory directive, nor does it impose any new credit reporting burdens on banks. "There is no question that this issue will be tacked on to financial modernization legislation this year. It lends itself to being a political football."

The advisory interprets the 1996 amendments to the Fair Credit Reporting Act (FCRA), which made it easier for banks to exchange customer data with affiliates, including payment history and length of time the customers have held the credit cards. The only restrictions imposed under the 1996 law are that companies clearly and conspicuously disclose to customers that such information may be shared among affiliates, and customers are given the opportunity to "opt out" of the information sharing.

The OCC’s advisory letter is intended to help national banks develop privacy programs by providing specific examples of how other banks are effectively implementing an opt-out program. The advisory letter emphasizes that the examples provided are not examination standards, nor are they the only examples of how a bank can comply with FCRA