Contact Treasury

Privacy Policy — Western Alliance Bank Business

This privacy policy describes how Western Alliance Bank Business collects, uses, shares, and protects personal information about customers and website visitors. It covers our obligations under the Gramm-Leach-Bliley Act (GLBA) for financial institutions, the California Consumer Privacy Act (CCPA) for California residents, the Fair Credit Reporting Act (FCRA) for credit-bureau interactions, and other state and federal privacy laws that apply to commercial banking relationships. This page, effective April 15, 2026, is the current version; prior versions are archived and available on request.

Western Alliance Bank Business is a federally-chartered commercial banking division operating under Office of the Comptroller of the Currency supervision with FDIC-insured deposits. Questions or privacy rights requests should go to the privacy officer at +1-800-444-7441 or through the business portal secure messaging. We verify identity before fulfilling any information access, deletion, or correction request.

Contact Privacy Officer Security Practices
Western Alliance Bank Business privacy policy page describing GLBA, CCPA, and FCRA compliance

Privacy Policy Quick Reference

  • GLBA compliance governs financial-institution customer information handling
  • CCPA grants California residents access, deletion, correction, and opt-out rights
  • FCRA governs our credit-bureau reporting and credit-related interactions
  • We do not sell personal information; we do not share for cross-context advertising
  • Essential cookies maintain sessions; analytics cookies measure aggregate usage
  • Retention: seven years minimum for banking records; longer for regulatory purposes
  • Privacy officer: +1-800-444-7441 or business portal secure messaging

Information We Collect

Categories collected, sources, and uses.

Information You Provide

Identity information (name, SSN/EIN, date of birth, residential address) collected at account opening under BSA/AML Customer Identification Program rules. Entity information (articles, operating agreement, beneficial ownership). Financial information (tax returns, bank statements, financial statements) collected during lending applications. Contact information (email, phone) for account communication. Authentication information (password hashes, MFA device registrations) for portal access.

Information We Generate

Transaction information (deposits, payments, transfers, loan activity) generated as you use our services. Authentication logs (sign-ins, MFA challenges, device registrations, IP addresses). Risk and fraud scoring (computed from transaction patterns and authentication signals). Relationship notes captured by your relationship manager. Correspondence records from phone, secure messaging, and email interactions.

Information From Third Parties

Credit bureau information from Equifax, Experian, TransUnion, and Dun & Bradstreet for credit decisions under FCRA. Identity verification data from CIP vendors. Public records and regulatory data (OFAC lists, state corporation filings). Payment network data (ACH returns, wire confirmations) from Federal Reserve and SWIFT.

Website Technical Data

Browser and device information (user agent, screen resolution, IP address) captured during website visits. Session cookies maintain authentication. Analytics cookies measure aggregate performance. We do not use cookies for cross-context behavioral advertising. We do not sell cookie data.

How We Use and Share Information

Purposes, categories of recipients, and legal bases.

To Service Your Accounts

Opening accounts, processing payments, servicing loans, issuing statements, providing customer support, performing analytics on our services to improve them. Internal use across Western Alliance Bank affiliates as needed.

To Comply With Law

BSA/AML reporting, OFAC screening, SAR filings, tax reporting (1099, 1098), court orders, subpoenas, regulatory examinations by OCC, FDIC, and state regulators. Credit bureau reporting under FCRA.

To Prevent Fraud

Fraud scoring, cross-bank fraud sharing under safe harbor provisions, law enforcement referrals for confirmed fraud, security incident response. Information used solely for fraud prevention is not used for marketing.

With Service Providers

Technology vendors, identity verification providers, statement printers, and other service providers operating under written contracts requiring confidentiality and limited use. Service providers cannot repurpose information.

With Affiliates

Western Alliance Bancorporation and its subsidiaries for joint marketing (opt-out available), joint product development, and coordinated relationship management. Affiliate sharing complies with GLBA Section 603 rules.

We Do Not Sell

We do not sell personal information to third parties for marketing purposes. We do not share personal information for cross-context behavioral advertising. CCPA opt-outs for sale or sharing are not applicable because no such activity occurs.

California Residents Rights (CCPA)

Access, deletion, correction, opt-out, and non-discrimination.

Your Rights

Right to Know. Request the categories and specific pieces of personal information we have collected about you in the past 12 months, the sources, the purposes, and the categories of recipients. Right to Delete. Request deletion of personal information, subject to GLBA and regulatory retention exceptions. Right to Correct. Request correction of inaccurate personal information. Right to Opt-Out. Opt out of sale or sharing (not applicable — we do none). Right to Non-Discrimination. We do not retaliate or deny service for exercising these rights.

How to Exercise Rights

Submit requests by calling +1-800-444-7441 or writing to the privacy officer at the Western Alliance Bank Business address. Through the authenticated business portal, send a secure message to the privacy officer for audit-logged submission. We verify identity through questions about your relationship, and for higher-sensitivity requests (deletion), we request additional authentication. Response timelines: 45 days from verified request, with a 45-day extension available when complex. Requests are free unless manifestly unfounded or excessive; we notify you before any fee.

Cookies, Retention, and Security

Website technical practices and data lifecycle.

Cookies

Essential cookies (session, CSRF token, MFA continuity) required for authenticated portal access. Analytics cookies (aggregated traffic measurement) can be disabled in browser. No third-party advertising cookies. No cross-site tracking.

Retention

Banking records: seven years minimum per OCC and FDIC examination standards. Credit application records: 25 months per Regulation B. BSA/AML records: five years. Customer correspondence: seven years. Longer retention where required by ongoing litigation holds or regulatory requests.

Security

256-bit TLS in transit, AES-256 at rest. MFA on authentication. Role-based access. Immutable audit logs. Independent penetration testing and SSAE-18 SOC 2 Type II audits. See Security for the complete program description and threat model.

Credit Reporting and FCRA

How credit bureau interactions work.

Western Alliance Bank FCRA credit reporting workflow for business owners and principals

Credit Bureau Reporting

For commercial loans where individuals (owners, guarantors) carry personal guarantees, we report loan activity to consumer credit bureaus (Equifax, Experian, TransUnion) as required by Fair Credit Reporting Act data furnisher obligations. For entity-level reporting, we report to Dun & Bradstreet and similar commercial bureaus. Borrowers have the right to dispute inaccurate information directly with us; disputes must be investigated and corrected within 30 days under FCRA.

Adverse action notices are issued in writing when a credit application is declined or when credit terms are less favorable than applied for — per FCRA and Equal Credit Opportunity Act (ECOA) requirements. Notices include the principal reasons, the credit bureau used (if applicable), and your rights. Review Consumer Financial Protection Bureau resources for additional consumer education on FCRA rights.

Questions or Rights Requests

Contact the privacy officer at +1-800-444-7441 Monday through Friday 7:00 AM to 8:00 PM Mountain Time, or through the authenticated business portal secure messaging. We verify identity before fulfilling any access, deletion, or correction request. Response within regulatory timelines; complex requests may invoke the 45-day extension permitted under CCPA.

Contact Privacy Officer Security Program

Privacy Policy FAQ

Sharing, California rights, and cookies.

Do you share my information?

Only as permitted under GLBA, CCPA, FCRA, and related law: to service accounts, comply with law, prevent fraud, report to credit bureaus under FCRA, and with contractually-bound service providers. We do not sell personal information and do not share for cross-context advertising.

How do California residents exercise CCPA rights?

Call +1-800-444-7441 or use the business portal secure messaging. Rights include know, delete, correct, opt-out (we don't sell so not applicable), and non-discrimination. 45-day response.

What cookies do you use?

Essential cookies for authenticated sessions and MFA. Analytics cookies for aggregate performance measurement. No third-party advertising cookies. No sale of cookie data.