中文
 
  At the Bank of the Orient we are sensitive to your very legitimate concerns about the privacy and confidentiality of your personal and financial affairs. Our Bank-wide privacy notice is available on this same web site.

This Online Privacy Statement is limited to special electronic privacy issues. We wanted to take this opportunity to tell you about our Privacy Policy here at the Bank of the Orient and the steps we have taken to protect any and all information you share with us. This policy includes all information provided to us --- whether through our web site, through our ATMs, or over the telephone.

Our customer Privacy Policy is crafted around the following tenets:

Collection, Retention, and Use of Information Provided.

Bank of the Orient collects, retains and uses information about individual customers only where it is allowed by law and the Bank reasonably believes it is useful in administering the Bank's business, and in providing products, services and other opportunities to our customer.

Should you elect to communicate with us via e-mail, we retain both the text of your message and our response as well as the domain or the source of message. This is not much different than what we do now when you write us on a piece of paper and include your return address so we can get back to you with an answer.

We want you to understand that Bank of the Orient will not obtain information to identify visitors to our Web Site personally unless they choose to provide such information to us.

Information to Third Parties

In the ordinary course of business, if you have an account or loan with us or perform a transaction with us, we may disclose information to third parties about your account(s) or the transactions you make:

  • When it is necessary, helpful or customary for completing transactions to or from your account(s) or to resolve errors involving them;
  • To verify the existence and condition of your account(s) to a third party, such as a credit bureau or a merchant;
  • To comply with legal process, such as orders or subpoenas from government agencies or courts;
  • To third party processors who assist us in providing you with deposit or loan services {Such as our VISA credit card processor}.
  • If you give us written or electronic permission.
  • Otherwise as permitted by law.
Maintenance of Accurate Information.

It continues to be the goal of Bank of the Orient to maintain timely and accurate information about you, our valued clients. We have in place established procedures to investigate any reports of inaccuracies and to correct any information we find to be inaccurate in a timely manner.

Employee Access. At Bank of the Orient, we limit employee access to personally identifiable information to those individual employees with a legitimate business reason for knowing such information, and we require that each employee acknowledge in writing the need to protect the confidentiality of customer information.

Protecting Children's Privacy Online

From our web site, we do not knowingly collect or use personal information from children under 13 without obtaining verifiable consent from their parents. Should a child whom we know to be under 13 send personal information to us, we will only use that information to respond to that child, seek parental consent, or provide parental notice. We are not responsible for the data collection and use practices of non-affiliated third parties to which our web sites may link.

For more information about the Children's Online Privacy Protection Act (COPPA), please visit the FTC web site: www.ftc.gov.

Links to Non Bank of the Orient sites

We are not responsible for the information collection practices of the non-Bank of the Orient links you click to from our web page. We cannot guarantee how the third parties use cookies or whether they place on your computer cookies that may identify you personally. We urge you to review the privacy policies of each of the linked web sites you visit before you provide them with any personally identifiable information.

Changes in our Privacy Policies

At Bank of the Orient we view these stated privacy principles as a living document that we will modify and amend as necessary to maintain the confidentiality of the information you share with us. They apply to individuals only, and we reserve the right to change them as we deem necessary to meet that goal.

How to Contact Us

If you would like additional information, or have questions regarding Bank of the Orient's Privacy Policy, please telephone us at 1-800-881-2686 or send us an email. You may also write us, or stop by one of our many offices and discuss your questions with one of our staff.

 
  Security Statement

This Internet Banking System brings together a combination of industry-approved security technologies to protect data for the Bank and for you, our customer. It features password-controlled system entry, a VeriSign-issued Digital ID for the Bank's server, Secure Sockets Layer (SSL) protocol for data encryption, and a router loaded with a firewall to regulate the inflow and outflow of server traffic.

Secure Access and Verifying User Authenticity

To begin a session with the Bank's server the user must key in a Log-in ID, verify your image and phrase then enter your password. Our system, the Internet Banking System, uses a "3 strikes and you're out" lock-out mechanism to deter users from repeated login attempts. After three unsuccessful login attempts, the system locks the user out, requiring a phone call to the Bank at 1.800.881.2686 before re-entry into the system. Upon successful login, the Digital ID from VeriSign, the experts in digital identification certificates, authenticates the user's identity and establishes a secure session with that visitor.

Unsolicited E-Mail

Bank of the Orient does not send unsolicited e-mail messages or place pop-up advertisements that request personal borrower or depositor information such as your Bank of the Orient account number(s) or account password(s), or your social security number.

If you receive an e-mail requesting your personal information from someone claiming to be a representative of Bank of the Orient, and you did not originate the message, do not respond. If you see a pop-up advertisement for Bank of the Orient that requests personal information, do not click the advertisement. You need to call the Bank at 1.800.881.2686 immediately to report the contact.  

Keeping your account information safe
  • Your Login ID and Password are confidential and you should exercise care when using them. Don't make your password something easily determined by an unauthorized person.
  • Never lend your Login ID or Password to anyone and never write it on your PC or computer materials.
  • Never accept advice from strangers while you are using your Login ID and Password.
  • Beware of fraudulent request for your password by someone posing as a Bank employee. A Bank employee would never ask for this information!
  • Never use a "Save Password" feature if offered by your browser. (This is a feature available on Microsoft Explorer 5.0). This would allow anyone who opens your browser access to your account information without needing a password.
Secure Data Transfer

Once the server session is established, the user and the server are in a secured environment. Because the server has been certified as a 128-bit secure server by VeriSign, data traveling between the user and the server is encrypted with Secure Sockets Layer (SSL) protocol. With SSL, data that travels between the bank and customer is encrypted and can only be decrypted with the public and private key pair. In short, the Bank's server issues a public key to the end user's browser and creates a temporary private key. These two keys are the only combination possible for that session. When the session is complete, the keys expire and the whole process starts over when a new end user makes a server session.

Router and Firewall

Requests must filter through a router and firewall before they are permitted to reach the server. A router, a piece of hardware, works in conjunction with the firewall, a piece of software, to block and direct traffic coming to the server. The configuration begins by disallowing ALL traffic and then opens holes only when necessary to process acceptable data requests, such as retrieving web pages or sending customer requests to the bank. Using the above technologies, your Internet banking transactions are secure.

Unauthorized attempts to upload or change information on this web site are strictly prohibited and are subject to prosecution under the Computer Fraud and Abuse Act of 1986 and Title 18 U.S.C. Sec. 1001 and 1030.
 
     
  GRAMM-LEACH-BLILEY (REGULATION P)
CALIFORNIA FINANCIAL INFORMATION PRIVACY ACT (DIVISION 1.2)
PRIVACY POLICY AND PROCEDURES  
 
 
Preamble/Principles

Bank of the Orient's Board of Directors recognizes that in the financial services industry there is a common interest in protecting consumer data. The privacy of nonpublic information is a significant concern when assessing internal controls, procedures, and security programs of Bank of the Orient. To minimize privacy breaches, we ensure that consumers are aware of Bank of the Orient's privacy policies and practices and the general types of procedures used and that internal controls and practices are periodically audited. Senior Management and the Board of Directors have adopted a specific privacy notice to communicate the data sharing policies of the bank and to effectively meet specific regulatory requirements. The notice assists consumers and customers of our Bank with understanding the risks of information privacy. The specific privacy notice statement details our consumer's information protection principles and provides each consumer with insights on our data sharing methods, exclusively of what is permitted by law and/or regulation.

Through proper communication and by carefully monitoring all facets of transactions entered into, consumers, our customers and our institution will benefit. Our primary goal is to protect the privacy of consumers and, therefore, the integrity of the institution.

Bank of the Orient developed this privacy policy and its implementing procedural points based on the guidelines provided by the U. S. Banking Industry Privacy Principles (Industry Principles). These Industry Principles also reflect the requirements of federal law, including the privacy provisions of the Gramm-Leach-Bliley Act. As with all our policies and procedures, these are not static; they will be updated and revised as appropriate.

The seven Industry Principles are listed below. Following the principles we have stated our procedures for fulfilling our commitment to our customers' privacy. The privacy expectations of customers differ from individual to individual and from time to time. It is clear, however, that customers want and expect a substantial level of privacy concerning their nonpublic, personal information, and that personal information ranks high on the list of information that customers want to protect. Examples of nonpublic information are financial information and certain identification information.

Principle 1: We recognize and respect the privacy expectations of our customers and explain the principles of financial privacy to our customers in an appropriate fashion.

Principle 2: We collect, use, and retain information about individual customers only where we reasonably believe it would be useful and allowed by law to administer our business and to provide products, services, and other opportunities to our customers.

Principle 3: We have established procedures to help ensure that our customer financial information is accurate, current and complete in accordance with reasonable commercial standards. We respond to requests to correct inaccurate information in a timely manner.

Principle 4: Information on customers is generally available to the entire staff, however, as part of our education of employees, we have informed them that employees are to access personally identifiable customer information only when there is a business reason for knowing such information. Our employees have been educated so that they will understand the importance of confidentiality and customer privacy. Employees are aware that appropriate disciplinary measures will be taken to enforce employee privacy responsibilities.

Principle 5: Customer information must be secure from unauthorized access in keeping with the "Guidelines for Establishing Standards for Safeguarding Customer Information" issued by the federal banking agencies.

Principle 6: We do not reveal specific information about customer accounts (existing or closed) or other personally identifiable data to nonaffiliated third parties for their independent use except for the exchange of information with reputable information reporting agencies to maximize the accuracy and security of such information or in the performance of bona fide corporate due diligence, unless:
  • the information is provided to help complete a customer initiated transaction;
  • the customer requests it;
  • the disclosure is required by/or allowed by law (e.g., joint marketing with the Bank or providing services for the Bank, subpoena, investigation of fraudulent activity, etc.), (Federal law (Gramm-Leach-Bliley Act) permits the sharing of information for joint marketing with other financial institutions but California law makes such sharing subject to opt out or opt in. State law restrictions are discussed below under "California Financial Information Privacy Act."); or
  • the customer has been informed about the possibility of such disclosure for marketing or similar purposes through a prior communication and is given the opportunity to decline (i.e. opt-out).
Principle 7: If personally identifiable customer information is provided to a third party, Bank of the Orient insists that the third party adhere to similar privacy principles that provide for keeping such information confidential.

Procedures/Procedural Points

  • This issue of privacy is an important one and can only be satisfied with the full knowledge and support of the entire Bank. The Board of Directors of Bank of the Orient, in establishing the consumer data protection/privacy policy, has delegated to the Compliance Task Force Group, the authority to appoint an individual to serve as coordinator. Upon submission to and approval by the Compliance Task Force Group, the Group submits the proposed policy, related practices, sample notices, and related program elements to the Operations/Compliance Management Committee for review, discussion, and adoption.

    Upon Board's acceptance, the Consumer Privacy Coordinator has the authority and responsibility for instituting, monitoring, and reporting on all facets of consumer data protection and privacy in accordance with this policy. This responsibility includes monitoring the development of data privacy controls, instituting consumer privacy notices, reporting performance on implementation of privacy initiatives on a quarterly basis to the board of directors, detailing any privacy complaints or exceptions as part of the quarterly reporting package, and reviewing the consumer data protection/privacy policy at least annually to determine whether it is compatible with changing technological and bank conditions.
  • Nonpublic information such as an applicant's name and address, deposits, loans, income, debts, assets, unused line of credit, beneficiaries of funds transfers, investments, and certain identification information is collected only as necessary. The Bank collects necessary financial information and identification for credit transactions, and appropriate and necessary information for deposit accounts. Because of anti-money laundering statutes and other legal requirements, certain other information may be collected also in order to "Know our Customer". We control the information requested by means of existing established systems such as application taking and processing and Bankwide Know Your Customer requirements. These and other areas and procedures are tested periodically through internal and external audits, the results of which are reported to the Board of Directors. The Board of Directors, in turn, ensures appropriate attention is given to any deficiencies revealed in the audits.
  • As to retention of customer information, both public and nonpublic, the Bank follows industry and legal retention requirements. Tests of compliance with retention requirements are included in the audits mentioned above.
  • Accurate information goes to the very heart of banking. It is to our benefit and the customer's benefit to gather and maintain accurate information. Any inaccurate information is corrected promptly. There are mechanisms in place for verifying customer information (new deposit and loan verifications of various intensities), updating information, calling back information which the Bank enters to its computer application systems, and resolving customer problems and disputes. The principle of correcting inaccuracies in customer records is not a new burden in that the Bank has existing established systems to do just that. Individuals on both the operations and lending sides of the bank have been designated to handle inaccuracies in customer records as they are reported. Complaints are handled by the Compliance/Security Department and as appropriate investigated by department managers. An audit is performed annually as part of our external Compliance review.
  • The Bank limits its sharing of consumer information within the corporate family to experience or transaction information. "Experience and transaction information" is a concept under the Fair Credit Reporting Act ("FCRA"), and includes information solely relating to transactions or experiences between the consumer and the Bank, such as loan and deposit amounts, transactions and histories with the Bank, and other products or services purchased from the Bank. Experience and transaction information may be communicated freely within the corporate family under the FCRA. (It also may be communicated to third parties, subject to the limitations imposed by the Gramm-Leach-Bliley Act privacy regulations, which are discussed elsewhere in this policy.)
  • In contrast, so-called non-experience information (i) generally should not be shared with non-affiliated third parties except for limited purposes, such as routine processing of transactions and accounts, and (ii) can only be shared within the corporate family if the Bank has first given the consumer a special disclosure and opportunity to opt out, and the consumer has not opted out. FCRA Section 603(d)(2) non-experience information includes: consumer reports and credit scores; information taken from applications (such as assets, income, employment, marital status or age); and information obtained from others, such as deposit verifications. Sharing non-experience information other than as permitted by the FCRA risks causing the Bank to be characterized as a consumer reporting agency. If the Bank later decides to share non-experience information within the corporate family (for example, to create a master customer information file), this privacy policy and the Bank's privacy notice will first require extensive changes, including the giving of an opt out.

    In addition, under Section 624 of the FCRA as added by the Fair and Accurate Credit Transactions Act of 2003 the sharing of almost all consumer information with affiliates for purposes of marketing solicitations is potentially subject to opt out. The regulation was enacted on October 1, 2008. The rule applies to information obtained from the consumer's transactions or account relationships with an affiliate, from any application the consumer submitted to an affiliate, and from third-party sources, such as credit reports, if the information is to be used to end marketing solicitations. If the Bank later decides to share consumer information with its parent company for purposes of marketing solicitation, this privacy policy and the Bank's privacy notice will need to change, including the giving of an opt out notice.
  • As with other Bank policies, employees are educated to understand the importance of customer confidentiality and privacy. Employees violating the Bank's Privacy Policy are subject to disciplinary measures. Employee statements acknowledging their commitment to this Privacy Policy are on file.

    Fraud and theft are a constant concern in the banking business. It has long been the Bank's practice to extend all normal banking security standards to customer privacy, i.e., all documents containing customer information are protected from damage or theft by safeguards such as locked cabinets, vaults, and passwords. Our approved storage firms handle records stored off-site. We have security policies and procedures for electronic systems - see our Electronic Banking Security forms. At present, Bank of the Orient's systems are "hacked" annually by our security company to monitor and evaluate our existing security system. We continue to develop a robust electronic security system.

    As a further safeguard, information or software cannot be exchanged between the Bank and a third party until a written agreement has been signed and approved by the Chief Information Officer. The Chief Information Officer must approve all relationships with third parties involving the handling of sensitive Bank information.
  • As to nonaffiliated parties such as outside auditors, outside counsel, and computer consultants, nonpublic information is not released to these parties for their independent use. Outside parties are privy to Bank and customer information only in the performance of their assignments. The Bank has insisted that these third parties adhere to our privacy policy for customer information and keep Bank nonpublic information private and to use it only for the specific purpose for which it was provided.
  • For each nonaffiliated party (third party vendor) with whom Bank of the Orient does not currently have a written privacy agreement, or whose agreement does not include a commitment to bank and customer privacy, Bank of the Orient has a privacy agreement that is signed by nonaffiliated third party.
  • Those nonaffiliated third parties such as reputable credit reporting agencies or other financial institutions with which the Bank exchanges information in the course of legitimate business transactions or due diligence conduct themselves according to conventional industry standards of professionalism and confidentiality.
  • Finally, as disclosures are required or allowed by law (i.e., subpoena, investigation of fraudulent activity, etc.) information is released to third parties. This entire process falls into the area of legal requests. We have trained, designated staff who handle legal requests. The Bank does not respond to legal requests unless they are proper and legitimate.
  • As permitted by the federal privacy regulations, the Bank may use outside companies for marketing the Bank's products and services with which we share customer information. We also may enter into joint marketing arrangements to offer financial products or services to our customers with another company. If we do engage in an agreement for such services, we must advise the customer that the information will be shared and enter into an agreement with the contractor to maintain the confidentiality of the customer.

    State law restrictions on sharing information with other companies for joint marketing are discussed under "California Financial Information Privacy Act" below.
  • At the time a consumer approaches the Bank to obtain prequalifying information for a product or service, open an account, request a loan, transact a banking service, or reestablish a customer service, the initial consumer data protection/privacy notice will be provided.

    Method of Delivery


    The establishment of a customer relationship occurs when the Bank and consumer enter into a continuing relationship. Accordingly, many consumers establish an ongoing customer relationship with Bank of the Orient, and the initial notice also must be provided. The Bank, at that time, provides the required notice such that the consumer can reasonably be expected to receive annual notice in writing. Therefore, Bank of the Orient may reasonably expect a consumer has received annual notice of its privacy policies and procedures if the detailed notice describing the policies and practices is:
    • Handed in printed form to the consumer
    • Mailed to the consumer's last known address
    Time Requirements

    Initial notices, under certain circumstances, may be provided within a reasonable timeframe after the Bank has established a customer relationship if:
    • Establishing a customer relationship is not at the customer's election (e.g., we buy a person's loan); or
    • Providing the notice no later than when establishing a customer relationship would substantially delay the customer's transaction and the customer agrees to receive the notice at a later time (e.g., the bank and consumer orally agree via telephone to enter into a customer relationship and the consumer agrees to receive the notice thereafter.
    Providing Annual Customer Data Protection/Privacy Notice

    On an annual basis, no less than every 12 months (any period of 12 months during which the person is a customer), Bank of the Orient provides to those customers with a continuing customer relationship a customer data protection/privacy notice. This notice is provided in a clear, conspicuous manner to each customer. However, it is acceptable to provide a single notice for joint accountholders.

    The Consumer Privacy Coordinator, in cooperation with the Consumer Privacy Task Force Committee, is responsible for reviewing and approving the annual notice. The Consumer Privacy Task Force Committee reviews notices to ensure that specific procedures, practices, controls, and guidelines are in place to meet the requirements for the annual customer protection/privacy disclosures.
  • To fully evaluate all data security elements, the Chief Information Officer has responsibility for assessing the following:
    • Periodic assessment of monitoring controls

      A periodic review will be performed to evaluate the existing information security systems. The Consumer Privacy Coordinator coordinates with the Chief Information Officer.
    Management and staff, according to the existing information security policy, have been assigned password and identified codes that provide levels of information access. Employees of Bank of the Orient have a need to work with information but are not granted free access to all types of personal information outside the "need to know to do their job" requirements.
  • A periodic review is performed to evaluate each bank product, service for the existence of appropriate control.
The Consumer Privacy Coordinator coordinates with the department's Compliance Representative or designee.

Customer Data Protection/Privacy Notice (Initial and Annual) Content

As required by the federal privacy regulations, the privacy notice provided initially and in subsequent annual issuances will contain the following information:
  • Information regarding the information collected
  • Statement that we do not disclose any nonpublic personal information about consumers or our customer to any non-affiliated third parties, except as permitted by law.
  • Details regarding the bank's policies and practices with respect to protecting the confidentiality, security, and integrity of nonpublic personal information.
The Consumer Privacy Coordinator, in cooperation with the Consumer Privacy Task Force Committee, is responsible for reviewing and approving the annual notice.
  • In connection with our Web Site, our regular privacy disclosure statement is displayed. In addition, the Web Site privacy statement should specifically disclose (as a matter of customer service) the kind of information the Bank gathers on the site and the Bank's use of the information. If the Bank does not gather customer information directly or indirectly, it will so state. At present, Bank of the Orient does not gather customer information on its Web Site. When and if the Bank begins to do so, appropriate compliance and security actions will be taken.
California Financial Information Privacy Act (“Division 1.2")
Division 1.2 of the California Financial Code, beginning at Section 4050, is referred to as the California Financial Information Privacy Act or “Division 1.2." Division 1.2 attempted to tighten the GLBA restrictions as to California residents. Effective July 1, 2004, Division 1.2 made most sharing of information of California consumers for marketing purposes subject to opt out or opt in.
  • Division 1.2 did not eliminate any of the "Exceptions" allowed by the GLBA, as described above.
    • The Exceptions include, among others, sharing as necessary to affect, administer or enforce transactions requested by the consumer, sharing with the consumer's consent or direction, sharing as required by law, and many others.
  • However, sharing with nonaffiliated third parties for marketing purposes became subject to opt in (a requirement to have the consumer's explicit prior consent to the sharing), except as discussed below.
Like the GLBA, Division 1.2 only protects the information of consumers. “Consumer" is defined the same as under the GLBA, with certain additional exceptions relevant mainly to trust companies and fiduciaries. Nonetheless, Individual Retirement Accounts (IRA) and other accounts where the bank is acting as custodian or agent (but not trustees) for individuals will generally be covered by Division 1.2. In contrast, grantor trusts where the bank is trustee, custodial accounts for non-individuals, as well ads business purpose trusts, and employee benefit plan accounts are not covered by Division 1.2.
  • Affiliate sharing. Sharing of information for marketing purposes with affiliates became subject to a right to opt out. Opt out means giving a required statutory notice of right to opt out to consumers before their information is shared. Once the opt-out notices are given and a 45-day waiting period lapses, the consumers' information may be shared with the affiliates except as to any consumer who has opted out. Consumers may opt out at any time.
  • Joint marketing. Sharing of information with non-affiliated financial institutions for the purpose of jointly marketing financial products or services was also made subject to an opt-out requirement (as opposed to the stricter opt-in requirement). Certain conditions must be met to use this exception:
    • There must be a written agreement between the releasing institution and the receiving institution;
    • The financial product or service must be one that is provided by one of the institutions;
    • The financial product or service must be jointly offered, sponsored or endorsed by the institutions, and the disclosing and receiving institutions must be conspicuously identified;
    • There must be certain required confidentiality provisions in the agreement; and
    • The releasing institution must have given the opt-out notice under Division 1.2 and the consumer has not opted out.
  • Certain pre-2004 joint marketing arrangements with nonaffiliated third parties were grandfathered until the end of 2004. Information was able to be released under these agreements without the necessity of compliance with Division 1.2 through and including December 31, 2004.
  • Division 1.2 also permits sharing of information among certain wholly owned subsidiary financial institutions provided that they all are in the same line of business (such as banking), have the same functional regulator and share a common brand. This exception does not, for example, permit a California state bank to share information with an affiliated state-licensed insurance agency because California state banks and insurance companies do not have a common functional regulator.
  • Division 1.2 also permits certain sharing with affinity credit card issuers and related merchants, and other exceptions.
  • If management determines that it wishes to share consumer information with any nonaffiliated third party for marketing purposes (except for permissible financial joint marketing as discussed below) or any other way not permitted by one of the Exceptions under Division 1.2, management shall direct that the consumer's prior explicit written consent ("opt in") be obtained in the form provided by Division 1.2 before the consumer's information is shared.
  • If management determines that it wishes to share consumer information with (i) any affiliate for marketing purposes or (ii) with another financial institution for permissible joint marketing purposes, management shall direct that opt-out notices under Division 1.2 first be given to consumers as required by Division 1.2. If opt-out notices are given, management shall further take steps to assure that any elections by consumers to opt out are honored (that is, the information of opting out consumers is not shared outside of the Exceptions). Annual opt-out notices shall be given thereafter as required.
    • The Bank is no longer sharing certain consumer financial information to jointly offer, sponsor or endorse credit cards and other financial products with selected other financial institutions (“Joint Marketing Partners" or Partners").
    • If the Bank decides to resume in releasing any consumer nonpublic personal information to a Joint Marketing Partner, management shall assure that the following conditions are met:
      • A written agreement is in place between the Bank and the Partner.
      • The product or service to be offered is offered by either the Bank or the Partner
      • The product is jointly offered, sponsored or endorsed by the Bank and the Partner, and the related offering materials clearly and conspicuously identify the Bank and the Partner;
      • The agreement requires the Partner to maintain the confidentiality of the shared consumer information and prohibits the use or disclosure of the information for any purpose other than to carry out the agreed-to-joint offering;
      • The Bank shall have delivered “opt out" notices in the proper form required by Division 1.2 to all consumers of the Bank whose information may be released and allowed at least 45 calendar days to pass;
        • Opt-out notices are required to be given to all existing consumers of the Bank and to new consumers if their information may be released.
      • None of the consumers whose information is to be released shall have opted out (directed that their information not be shared); and
      • All other applicable requirements of Division 1.2 or other law shall have been met.
    • Bank management shall also assure that sufficient information and recordkeeping systems are in place before the information is released, to be able to record, retrieve and honor all opt-out requests.
    • Annual opt-out notices shall be given to all customers so long as the Bank expects to release information for the marketing purposes described above.
    Documentation and Records

    Supporting documentation detailing internal product and service review, internal monitoring and other institution activities to address customer data protection/privacy is referenced and maintained. As with other mass-mailed or distributed disclosure (e.g., ARM or Truth-in-Savings), individual copies need not be kept in consumer files. Instead, privacy disclosures are made a standard part of loan application or account opening packages, etc. to assure timely and regular distribution. If a complaint has been received or a request submitted by a customer to review account information for data integrity and/or privacy, the incident and resolution are documented and correlated to the specific account.

    Training

    Management and staff receive appropriate training to the initial implementation of the consumer protection/privacy policy. Annually, this training is provided as a refresher to all management and staff. It is critical that all new hires receive this training before having access to any consumer and customer information. Training schedules are established and monitored by the Compliance Officer.

    Audit and Internal Compliance

    Bank of the Orient's Audit Department is charged with responsibility for an annual in-depth review of all banking activities, related controls, internal reporting systems and management's follow-up on previously cited exceptions.

    Audit reports will be issued to the Consumer Privacy Coordinator, impacted functional departments, and the Audit Committee of Bank of the Orient's Board of Directors.

    CUSTOMER IDENTIFICATION PROGRAM

    Opening A New Account at Bank of the Orient

    To help the government fight the funding of terrorism and money laundering activities, Federal law requires all financial institutions to obtain, verify, and record information that identifies each person who opens an account.

    What this means for Bank of the Orient customers

    When you open an account, we will ask for your name, address, date of birth, and other information that will allow us to identify you. We may also ask to see your driver's license or other identifying documents.

    Thank you for your cooperation in this important matter.
FDIC and Equal Housing Logo