Tap any paragraph to write a margin note. Your notes collect in the Desk below the text and file under cases with @. The side-by-side margin rail opens on a larger screen.

§
Marginalia
Code · CFR · Title 12 — Banks and Banking · Part 1033 — Personal Financial Data Rights · § 1033.441

§ 1033.441. Policies and procedures for third party record retention.

272 words·~1 min read·/us/cfr/t12/s§ 1033.441·

A research copy — for the controlling text, always check the official state or federal source. Not legal advice.

(a)General requirement. A third party that is a covered person or service provider, as defined in 12 U.S.C. 5481(6) and (26), must establish and maintain written policies and procedures that are reasonably designed to ensure retention of records that are evidence of compliance with the requirements of subpart D of this part.
(b)Retention period. Records required under paragraph
(a)of this section must be retained for a reasonable period of time, not less than three years after a third party obtains the consumer's most recent authorization under § 1033.401(a).
(c)Flexibility. A third party covered under paragraph
(a)of this section has flexibility to determine its policies and procedures in light of the size, nature, and complexity of its activities.
(d)Periodic review. A third party covered under paragraph
(a)of this section must periodically review its policies and procedures and update them as appropriate to ensure their continued effectiveness to evidence compliance with the requirements of subpart D of this part.
(e)Certain records retained pursuant to policies and procedures. Records retained pursuant to policies and procedures required under this section must include, without limitation:
(1)A copy of the authorization disclosure that is signed by the consumer electronically or in writing and reflects the date of the consumer's signature and a record of actions taken by the consumer, including actions taken through a data provider or another third party, to revoke the third party's authorization; and
(2)With respect to a data aggregator covered under paragraph
(a)of this section, a copy of any data aggregator certification statement that was provided to the consumer pursuant to § 1033.431(c)(2).
Connectionstraces to 1
Traces to 1 document
Citation graph
cites case law
§ 1033.441
Policies and procedures for third party record retention.
U.S.C.§ 5481
Cites 1Cited by 0 across 0 sources
★   the supreme law of the land   ★
Don't Tread on Me
E Pluribus Unum — out of many, one

"If you don't know your rights, you don't have any."

Marginalia · a citizen's law index
A research desk, not legal advice. Always read the cited source before relying on a summary.
Questions or an issue? support@self-law.org
disclaimerMarginalia is a research index, not a law firm. Nothing on this site is legal, tax, or financial advice and no attorney–client relationship is formed by using it. Statutes, regulations, and case law change; summaries, search results, AI output, and member posts may be incomplete, out of date, or wrong. Any interpretation drawn from material on this site should be validated by a licensed attorney in your jurisdiction before you act on it.