Print

Gramm Leach Bliley Act  (GLBA)

In recognition of the importance of protecting personal financial information, the GLBA was signed into law on November 12, 1999.    The act dictates that financial institutions must, under 15 USC 6801 Section 501, 505(b) and 507, establish appropriate standards for the financial institutions subject to their jurisdiction relating to administrative, physical and technical safeguards.  GLBA further states that "it is the policy of the Congress (and now the United States) that each financial institution has an affirmative and continuing obligation to respect the privacy of its customers and to protect the security and confidentiality of those customers’ nonpublic personal information."   These safeguards must be sufficient to:
These general compliance objectives have been further refined by financial institution regulatory agencies in subsequent guidelines.   Information Risk Group has developed specific work programs to assist financial institutions in achieving GLBA compliance per each agencies policies.  Please contact IRG if you have questions about what steps are required for your institution.

Compliance Dates

The effective date for implementing these guidelines is dependent upon which government agency is responsible for regulating your financial institution.  See the chart below for a further explanation:

Regulatory
Agency
Financial Institutions Regulates Implemetation
Compliance Date
Outsourced Technical
Services
Compliance Date
FDIC Primary federal regulator of state-chartered "nonmember" banks--commercial and savings banks that are not members of the Federal Reserve System. July 1, 2001 July 1, 2003
OTS Primary regulator of all federal and many state-chartered thrift institutions, which include savings banks and savings and loan associations. July 1, 2001 July 1, 2003
OCC Charters, regulates, and supervises all national banks. Also supervises the federal branches and agencies of foreign banks. July 1, 2001 July 1, 2003
FTC
  • Mortgage lender or broker
  • Check casher
  • Pay-day lender
  • Professional Tax Preparers, Tax Planners
  • Credit counseling service
  • Financial Advisors
  • Retailer that issues its own credit card
  • Personal Property or Real Estate Appraisers
  • Auto dealers that lease and/or finance
  • Collection Agency Services
  • Medical-services provider that establishes for a significant number of its patients long-term payment plans that involve interest charges
  • Government entities that provide financial products such as student loans or mortgages
May 23, 2003 May 23, 2006

(To conform third-party
service contracts entered into before July 24, 2002)
FRB Primary federal regulator for state-chartered banks that are members of the Federal Reserve System, as well as for all bank and financial holding companies and certain operations of foreign banking organizations. July 1, 2001 July 1, 2003
NCUA Charters and supervises federal credit unions and insures the deposits in all federal and many state-chartered credit unions. July 1, 2001 July 1, 2003
State
Banks
Supervise state-chartered banks, savings institutions, and credit unions. July 1, 2001 July 1, 2003
State Insurance Authorities Insurance companies are regulated at the state level. varies by state varies by state



How can Information Risk Group assist your company in complying with these guidelines?

Regardless of size all financial institution must take specific actions to comply with GLBA.  The steps that must be taken vary slightly by regulating agency; however, each agency has based its guidelines around a common set of information security principles.

Each financial institution must develop a written information security plan that includes:
  1. designate one or more employees to coordinate the safeguards
  2. identify and assess the risks to customer information in each relevant area of the company's operation, and evaluate the effectiveness of the current safeguards for controlling these risks
  3. design and implement a safeguards program, and regularly monitor and test it
  4. select appropriate service providers and contract with them to implement safeguards
  5. evaluate and adjust the program in light of relevant circumstances, including changes in the firm's business arrangements or operations, or the results of testing and monitoring of safeguards.
Information Risk Group has developed several specific offerings to aid financial institutions in complying with the requirements of  GLBA.  Our methodologies are based on years of experience as technical auditors with large financial firms and the major accounting agencies.   IRG reviews are performed in an efficient and timely manner in order to minimize any impact from our assessment on your company and its personnel.  Our present offerings with respect to GLBA are as follows:

Contact IRG today for further information on how we can help you comply with GLBA.

Info Risk Group LLC
3220 Henderson Blvd.
Tampa, FL 33609

E-mail: This email address is being protected from spambots. You need JavaScript enabled to view it.

Offering information security and risk management services to companies throughout the Americas.