 |
ARIZONA STATE SENATE
Fifty-Sixth Legislature, First Regular Session
banks; financial institutions; personal information
Purpose
Requires a bank or financial institution to destroy all personal information belonging to a former customer or client within 10 years after the business relationship ends, with exceptions.
Background
Statute authorizes and outlines the regulation and operation of banks and financial institutions in Arizona and the Department of Insurance and Financial Institutions oversees the operation of state-chartered banks and financial institutions. The federal Bank Secrecy Act establishes program, recordkeeping and reporting requirements for national banks and financial institutions (A.R.S. Title 6; 31 U.S.C. § 5311 et seq.).
In Arizona, each bank must retain its business records in accordance with the regulations of the Deputy Director of DIFI. The regulations must prescribe the minimum preservation period for each record. DIFI's rules outline a detailed retention schedule and allow banks to comply with a preemptive federal regulation, even if the retention period is shorter than the state-required minimum (A.R.S. § 6-242; A.A.C. R20-4-214).
Federal law requires banks, savings associations, credit unions and certain non-federally regulated banks to implement a written Customer Identification Program which requires customer identifying information obtained in the account opening process to be retained for five years after the account is closed, or in the case of credit card accounts, five years after the account is closed or becomes dormant (FDIC and FFIEC).
There is no anticipated fiscal impact to the state General Fund associated with this legislation.
Provisions
2. Becomes effective on the general effective date.
House Action
COM 2/7/23 DPA 10-0-0-0
3rd Read 2/20/23 55-1-4
Prepared by Senate Research
March 2, 2023
MG/ZS/sr