Bank of America shares your financial data with nonaffiliated third parties for standard banking operations such as transaction processing and credit bureau reporting, and you cannot opt out of this sharing.
This analysis describes what Bank of America's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This provision establishes the operational scope of data sharing necessary for core banking functions and regulatory obligations. The non-limitability of this sharing category reflects statutory requirements under the Gramm-Leach-Bliley Act for information sharing tied to transaction processing and legal compliance.
Your payment history, account balances, and transaction data are shared with external companies including credit bureaus as part of standard banking operations, and no opt-out is available for these disclosures.
Cross-platform context
See how other platforms handle Sharing for Everyday Business Purposes with Nonaffiliates and similar clauses.
Compare across platforms →Monitoring
Bank of America has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"Reasons we can share your personal information: For our everyday business purposes — such as to process your transactions, maintain your account(s), respond to court orders and legal investigations, or report to credit bureaus. Does Bank of America share? Yes. Can you limit this sharing? No.— Excerpt from Bank of America's Bank of America Privacy Notice
REGULATORY LANDSCAPE: Sharing with nonaffiliated third parties for everyday business purposes is permitted under GLBA's service provider and joint marketing exceptions, provided those parties are contractually restricted from using the information for other purposes. Credit bureau reporting is also governed by the Fair Credit Reporting Act (FCRA), enforced by the CFPB and FTC. Disclosure to law enforcement and in response to court orders is governed by applicable legal process requirements. GOVERNANCE EXPOSURE: Medium. This sharing category encompasses the widest operational scope and the most third-party recipients, including service providers, processors, and credit bureaus. Regulation P requires that service providers receiving data under this exception be contractually restricted in their use of that data, and compliance programs should audit these agreements. JURISDICTION FLAGS: California's CCPA may impose notice and transparency requirements regarding the categories of third parties receiving consumer data, even where sharing is for business purposes. CCPA's definition of 'sale' and 'sharing' should be evaluated to determine whether any of these third-party data flows require California-specific disclosures or opt-out mechanisms. CONTRACT AND VENDOR IMPLICATIONS: Service provider and processor contracts must include data use restrictions limiting processing to the specified business purpose, consistent with GLBA Regulation P requirements. Procurement teams should maintain a current vendor inventory mapping each vendor to the data types received and the contractual restrictions in place. COMPLIANCE CONSIDERATIONS: Compliance teams should review service provider agreements annually to confirm that data use restrictions are current, that vendors are not repurposing shared data, and that credit bureau reporting practices comply with FCRA accuracy and dispute resolution requirements.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This provision establishes the operational scope of data sharing necessary for core banking functions and regulatory obligations. The non-limitability of this sharing category reflects statutory requirements under the Gramm-Leach-Bliley Act for information sharing tied to transaction processing and legal compliance.
Your payment history, account balances, and transaction data are shared with external companies including credit bureaus as part of standard banking operations, and no opt-out is available for these disclosures.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Bank of America.