For Expert help and assignment handling,
1
CRCM Self Study Questions and Answers
(100% Correct Answers) Already Graded A+
ABC Bank does NOT operate a Web site or online service and has no
presence on the Internet. What are ABC Bank's obligations under the
Children's Online Privacy Protection Act? Ans: a. It has no compliance
obligations under the Children's Online Protection Act.
© 2026 Assignment Expert
If the bank is not an operator under the act (no web site) the law does
not apply.
DEF Bank operates a general audience Web site with many pages
Guru01 - Stuvia
describing its product and services. As part of this Website, it has a Kid's
Bank on one of the pages for the purpose of opening accounts for
children. Where must the link to the bank's disclosure of information -
sharing practices with regard to children be displayed? Ans: b. Only the
kid's home page.
State National Bank operates an informational Web site. The site has
descriptions of all the bank's accounts, including its children's savings
account. The account is simply listed along with all other accounts; the
bank makes no attempt to market the account to children on the Web
site itself. The bank does not open accounts online, but the Web site
does have an online reply form that consumers can use to request
account-opening documents. The bank does not intend for children to
send in any information via its Web site. However, it is possible for a child
to request account opening documents through the reply form. What is
State National required to do to comply with COPPA? Ans: c. Post a
notice on the reply form that the bank will not accepts requests from
persons under 18 years of age.
,For Expert help and assignment handling,
2
The bank is not targeting its site to children, so it does not have a
responsibility to notify parents and post the disclosures. The bank should,
however, make sure it is not collecting information from children through
its reply form.
ACME Bank is reviewing its security program for safeguarding customer
information. All but one of the following functions should be included in
its review. Which one need NOT be included? Ans: d. The bank's printed
marketing and promotional materials.
© 2026 Assignment Expert
State national Bank's security officer is preparing for the bank's annual
information security review. Which of the following steps is NOT required
for this review? Ans: d. A review of all outside windows to check for
physical security.
Guru01 - Stuvia
Item d is not a requirement of safeguarding customer information. It is,
however, a security procedure related to the Bank Protection Act.
Which of the following actions is NOT a requirement of the bank's
directors in implementing an information security program? Ans: c.
Physically audit the bank's online banking system.
This is not a requirement for the bank's board of directors.
Acme Bank does NOT disclose any nonpublic personal information
about its customers except to its computer processor, its attorneys for
loan documentation, and to a national credit reporting agency. What
privacy notices is Acme required to give? Ans: b. Initial and annual
notices to customers.
These activities are all exceptions that do not require initial or opt-out
notices.
,For Expert help and assignment handling,
3
ACME Bank has a joint marketing agreement with Friendly Company
whereby ACME and Friendly agree to jointly market certain financial
products. ACME would like to refer customers to Friendly by providing the
Friendly brokerage offer with names of ACME customer show might be
interested in the financial products Friendly offers. Friendly has signed an
agreement with ACME promising to disclose any information about
ACME's customer to others. What type of responsibility does ACME have
to its customers under the Privacy Regulation? Ans: c. ACME must give
customers a notice that it provides information to companies with which
it has joint marketing agreements.
© 2026 Assignment Expert
National Bank generally discloses information only to affiliated parties.
However, in the following circumstances it will disclose information to
nonaffiliated partners.
Guru01 - Stuvia
- It shares information with its service provider for the purpose of
completing a transaction.
- It sends details of loan transactions to its lawyers so that documentation
can be drawn.
- It allows its external auditors to see transactions.
- From time to time for business development purposes, it shares full loan
files with affiliated finance company that is owned by its holding
company.
Does National Bank have any responsibility to provide customers an opt-
out option? Ans: d. Yes. The bank must give a Fair Credit Reporting Act
opt-out for the information even for sharing with an affiliate.
, For Expert help and assignment handling,
4
All of the information sharing listed falls within the exceptions of the
privacy regulation. However, even sharing credit information with an
affiliate triggers a Fair Credit Reporting Act opt-out requirement. If the
bank was sharing only its own experience, it would not need to give the
notice.
The following accounts are at State Bank:
- John Doe
© 2026 Assignment Expert
- John Doe and Joe Smith
- Mary Smith and Joe Smith
Guru01 - Stuvia
- Fred Richards and Mary Smith
What is the maximum number of initial privacy noties the bank must
give? Ans: b. Four
The bank should give at least one notice per account.
What should a compliance manage do FIRST to implement the third-
party joint marketing agreement as required by the Privacy of Consumer
Financial Information regulations? Ans: c. Review the requirements for
third-party joint marketing agreements and make certain the
requirements are included.
This step is necessary before having the board approve an agreement,
or requesting information from the third party.
1
CRCM Self Study Questions and Answers
(100% Correct Answers) Already Graded A+
ABC Bank does NOT operate a Web site or online service and has no
presence on the Internet. What are ABC Bank's obligations under the
Children's Online Privacy Protection Act? Ans: a. It has no compliance
obligations under the Children's Online Protection Act.
© 2026 Assignment Expert
If the bank is not an operator under the act (no web site) the law does
not apply.
DEF Bank operates a general audience Web site with many pages
Guru01 - Stuvia
describing its product and services. As part of this Website, it has a Kid's
Bank on one of the pages for the purpose of opening accounts for
children. Where must the link to the bank's disclosure of information -
sharing practices with regard to children be displayed? Ans: b. Only the
kid's home page.
State National Bank operates an informational Web site. The site has
descriptions of all the bank's accounts, including its children's savings
account. The account is simply listed along with all other accounts; the
bank makes no attempt to market the account to children on the Web
site itself. The bank does not open accounts online, but the Web site
does have an online reply form that consumers can use to request
account-opening documents. The bank does not intend for children to
send in any information via its Web site. However, it is possible for a child
to request account opening documents through the reply form. What is
State National required to do to comply with COPPA? Ans: c. Post a
notice on the reply form that the bank will not accepts requests from
persons under 18 years of age.
,For Expert help and assignment handling,
2
The bank is not targeting its site to children, so it does not have a
responsibility to notify parents and post the disclosures. The bank should,
however, make sure it is not collecting information from children through
its reply form.
ACME Bank is reviewing its security program for safeguarding customer
information. All but one of the following functions should be included in
its review. Which one need NOT be included? Ans: d. The bank's printed
marketing and promotional materials.
© 2026 Assignment Expert
State national Bank's security officer is preparing for the bank's annual
information security review. Which of the following steps is NOT required
for this review? Ans: d. A review of all outside windows to check for
physical security.
Guru01 - Stuvia
Item d is not a requirement of safeguarding customer information. It is,
however, a security procedure related to the Bank Protection Act.
Which of the following actions is NOT a requirement of the bank's
directors in implementing an information security program? Ans: c.
Physically audit the bank's online banking system.
This is not a requirement for the bank's board of directors.
Acme Bank does NOT disclose any nonpublic personal information
about its customers except to its computer processor, its attorneys for
loan documentation, and to a national credit reporting agency. What
privacy notices is Acme required to give? Ans: b. Initial and annual
notices to customers.
These activities are all exceptions that do not require initial or opt-out
notices.
,For Expert help and assignment handling,
3
ACME Bank has a joint marketing agreement with Friendly Company
whereby ACME and Friendly agree to jointly market certain financial
products. ACME would like to refer customers to Friendly by providing the
Friendly brokerage offer with names of ACME customer show might be
interested in the financial products Friendly offers. Friendly has signed an
agreement with ACME promising to disclose any information about
ACME's customer to others. What type of responsibility does ACME have
to its customers under the Privacy Regulation? Ans: c. ACME must give
customers a notice that it provides information to companies with which
it has joint marketing agreements.
© 2026 Assignment Expert
National Bank generally discloses information only to affiliated parties.
However, in the following circumstances it will disclose information to
nonaffiliated partners.
Guru01 - Stuvia
- It shares information with its service provider for the purpose of
completing a transaction.
- It sends details of loan transactions to its lawyers so that documentation
can be drawn.
- It allows its external auditors to see transactions.
- From time to time for business development purposes, it shares full loan
files with affiliated finance company that is owned by its holding
company.
Does National Bank have any responsibility to provide customers an opt-
out option? Ans: d. Yes. The bank must give a Fair Credit Reporting Act
opt-out for the information even for sharing with an affiliate.
, For Expert help and assignment handling,
4
All of the information sharing listed falls within the exceptions of the
privacy regulation. However, even sharing credit information with an
affiliate triggers a Fair Credit Reporting Act opt-out requirement. If the
bank was sharing only its own experience, it would not need to give the
notice.
The following accounts are at State Bank:
- John Doe
© 2026 Assignment Expert
- John Doe and Joe Smith
- Mary Smith and Joe Smith
Guru01 - Stuvia
- Fred Richards and Mary Smith
What is the maximum number of initial privacy noties the bank must
give? Ans: b. Four
The bank should give at least one notice per account.
What should a compliance manage do FIRST to implement the third-
party joint marketing agreement as required by the Privacy of Consumer
Financial Information regulations? Ans: c. Review the requirements for
third-party joint marketing agreements and make certain the
requirements are included.
This step is necessary before having the board approve an agreement,
or requesting information from the third party.
