It is the policy of First Community Bancshares, Inc. (the “Company”) to comply with all federal, state, and local laws and regulations. The purpose of this policy is to set forth the responsibilities of the Board, Management and staff in order to establish acceptable levels of compliance with Regulation P and the Fair Credit Reporting Act (FCRA). Another purpose of this policy is to create a general framework to support, facilitate, and enforce reliable practices which are needed to establish a comprehensive privacy program. Additionally, it is the Company’s intention to allow its subsidiaries and affiliated companies to mutually share customer information for all customers not opting out of information and marketing sharing.
The scope of this Policy covers all of the companies in the First Community Bancshares, Inc. family. In this Policy, we refer to “our affiliates.” When we do, we mean one or more members of the First Community Bancshares, Inc. family of companies. At present, our affiliated companies are First Community Bank and Peoples Community Bank, a division of First Community Bank and First Community Insurance Services and GreenPoint Insurance Group. First Community Bank’s affiliate is First Community Wealth Management. When we use words such as “nonaffiliated” or “non-affiliates,” we mean companies that are not part of the First Community Bancshares, Inc. family of companies. In addition, “we,” “our,” or “us” refers to First Community Bancshares, Inc., First Community Bank and People’s Community Bank, a division of First Community Bank First Community Wealth Management an affiliate of First Community Bank and First Community Insurance Services and GreenPoint Insurance Group.
STATEMENT OF NEED AND DEFINITION
The scope of this policy is intended to address the privacy matters pertaining to employees of First Community Bancshares, Inc. (the Company) and, as appropriate, its wholly owned subsidiaries including First Community Bank (the Bank) its affiliate First Community Wealth Management and People’s Community Bank, a division of First Community Bank and First Community Insurance Services and GreenPoint Insurance Group as they discharge their customer confidentiality responsibilities.
In order to have an effective privacy program, the following concepts are to provide general guidance for the Board of Directors, Management, Privacy Officer and staff of the Company:
The privacy program shall be managed and designed to protect the Company from financial and reputation risk;
The privacy program shall be managed and designed in a cost effective manner that encourages sound business practices;
The privacy program and operational systems shall be implemented in a manner that will cause employees to comply with laws and regulations; and
The privacy program will be an integral part of the way we do business and not a barrier to providing excellent customer service.
The Board of Directors is responsible for general oversight of compliance programs including the privacy program to ensure safe and sound operation of the Company through Management. The Board of Directors ensures that capable management and sufficient resources are in place to administer compliance programs required by various regulatory agencies. It is the duty of the Board of Directors to review and adopt policies and programs that achieve adequate compliance with the privacy laws and regulations.
Management is considered to be those officers who are authorized to administer the overall operation of the affiliated companies and communicate with the Board of Directors. Management is responsible for enforcement of privacy policies adopted by the Board of Directors through formation of adequate frameworks, procedures and support systems. In addition, Management is to ensure competent expertise is available to interpret and control privacy compliance initiatives. Management is to develop and institute efficient and practical means for the Company to meet privacy standards and guidelines. Management will assign staff specific privacy compliance responsibilities (ownership) to make certain policies and procedures are administered sufficiently.
Specific Management or Employee Responsibilities
The Board of Directors and Management maintain an Audit, Compliance and Enterprise Risk Committee (“Committee”) which oversees the compliance program and framework and keeps abreast of compliance matters affecting the Company. The Director of Compliance & Enterprise Risk Management will be responsible for reporting activities related to privacy compliance to the Committee on an ongoing basis.
DIRECTOR, COMPLIANCE & ENTERPRISE RISK MANAGEMENT
Management will designate a Privacy Officer to administer and coordinate the Company’s privacy program. More specifically, the Privacy Officer is responsible for coordinating the privacy framework and assessing its performance through effective means. This Officer serves as regulation owner on matters relating to privacy compliance and assists the Director of Compliance & Enterprise Risk Management in developing and implementing adequate policies, procedures and systems.
Marketing and Advertising
The Privacy Officer will coordinate with the Company’s Marketing Department to ensure advertising and customer communications are conducted within privacy and FCRA guidelines. The Company’s Marketing Department will be responsible for coordinating with the Privacy Officer to develop and deliver appropriate annual privacy disclosure updates.
The Privacy Officer will report to the Director of Compliance & Enterprise Risk Management. Privacy program matters involving violations of law and regulation are to be reported to the Director of Compliance & Enterprise Risk Management on a regular basis.
Quarterly, or more frequently, if needed, the Privacy Officer shall prepare a report to Management and the Committee regarding the Company’s privacy program, and in particular, detailing any changes that have been made to the program or any changes in the underlying regulations and any suggestions for changes in the Company’s privacy policies and procedures. The Committee shall evaluate and recommend any changes to Management and the Board of Directors as deemed necessary.
Monitoring and Audit
The Director of Compliance & Enterprise Risk Management is responsible for establishing monitoring mechanisms that assess the effectiveness of the privacy program. Compliance monitoring mechanisms are structured in a manner which evaluates functionality of policy and procedure relative to fulfillment of regulatory requirements. Compliance monitoring is performed independently from the Internal Audit Department’s efforts in determining the adequacy of the Company’s privacy program.
It will be the responsibility of the Director of Compliance & Enterprise Risk Management with input from Management and the Privacy Officer to evaluate privacy compliance risk. The risk evaluation process shall gauge the potential for particular violation(s), the likelihood and frequency of such violation(s), and the estimated damages to the Company if such violation(s) should occur. Taking these risk evaluations into consideration, Management will be required to assign regulatory ownership in relation to applicable policies, procedures, and business practices.
It will be the responsibility of the Privacy Officer to stay abreast of any pending laws or regulations or amendments to existing laws or regulations related to privacy that may impact the Company. The Privacy Officer in conjunction with the Director of Compliance & Enterprise Risk Management shall make preparations and implement compliance frameworks and systems to address regulatory changes and meet regulatory standards.
It is the intention of the Board of Directors, Management, and staff to operate the Company successfully within the many regulatory guidelines that govern the financial services business. By adopting this policy, the Board of Directors demonstrates its strong commitment to that end. Management will be relied upon to administer and execute steps necessary to maintain an acceptable privacy program. In addition, Management will employ appropriate checks and balances to ensure the tenets of this policy are met.
Approved by First Community Bancshares, Inc. Board of Directors: July 26, 2016
Internet Privacy Notice
At First Community Bank, we want to offer you the best in products and services. We also want to protect your right to privacy. As such, we utilize current encryption technology, firewalls, routers, third-party verification procedures and other security software and hardware to help prevent unauthorized access to our site and to your personally identifying information. This Internet Privacy Notice explains how we will use and protect information received at our site.
Information We Collect
When you visit First Community Bank’s website, you are anonymous unless you log in to our Online Banking service. We do not collect personally identifying information about you when you visit our site, but we do collect non-identifying information about you, such as the date, time and pages you visited on our site, the IP address (a numeric address given to servers connected to the Internet) of your computer, the Web browser you used and your city, state, and country. We use this information to measure the number of visitors to the different areas of our site and to help make our site more useful to you.
Cookies are small files placed on your computer by the Web server to help us understand how you use our Website and what areas of our site are most popular or may need improvement. Cookies do not collect or reveal personal information about you. The cookies that we use do not log your keystrokes, mine data or track your Web browser.
We use “session level” cookies that are temporarily stored in your computer’s memory to allow the web server to log the pages you use within the site and to determine if you have visited the site before.
If you do disable cookies on your computer, please be aware that some website features may not function properly or may not be available to you.
Email is a common tool used frequently to send information; however, unless it is encrypted, email is not a secure way to send personally identifying information such as your social security number. We will never ask you to send personally identifying information to us in an email.
Email that you receive from us will be clearly identified as coming from First Community Bank or our affiliates and will not ask you for information relating to your social security number, account numbers, user id’s or passwords.
If you are concerned that an email that you have received from First Community Bank or our affiliates may be fraudulent, please call our Enterprise Risk Management Division at 304-323-6300 Monday through Friday between 8:30 AM and 5:00 PM before responding to the email.
Third Party Websites
First Community Bank is dedicated to the protection of your privacy. This is especially true when it comes to the privacy of your children. This website is not structured to attract children under the age of 13. Parental consent is required for children under 13 to provide personally identifiable information via this website. If you are the parent of a child under the age of 13, your child is protected by the Children’s Online Privacy Protection Act (COPPA). To learn more about COPPA, you can visit the following link to the Federal Trade Commission’s website Children’s Online Privacy Act.