The Gramm-Leach-Bliley Act (GLBA), or The Financial Services Modernization Act, requires financial institutions to have a security program in place to safeguard the confidential information of their customers; as well as to determine the general risk levels of their third parties. GLBA broadly defines financial institutions to include credit unions, banks, savings and loans, investment and insurance firms and possibly retail merchants; granted they provide their own credit solution.
To help support the GLBA efforts, the Federal Financial Institutions Examination Council (FFIEC) developed the FFIEC IT Examination Handbook in concert with multiple agencies; for example: Federal Reserve System (FRB), the Federal Deposit Insurance Corporation (FDIC), the National Credit Union Administration (NCUA), the Office of the Comptroller of the Currency (OCC), and the Consumer Financial Protection Bureau* (CFPB). Each agency may have additional controls outside the FFIEC. GLBA requires financial institutions to understand the risks within their organization by implementing a formal risk management program that identifies, quantifies, and employs controls to mitigate risks where appropriate.
* Provisions of the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010 (the Dodd-Frank Act) the Director of the newly created Consumer Financial Protection Bureau joins the membership of the Council, replacing the Director of the former Office of Thrift Supervision
Additionally, GLBA requires financial institutions to perform due diligence (e.g., 3rd party GLBA assessments) to ensure third parties have appropriate controls. This risk based approach consists of a vendor management program that includes surveys and on-site assessments.
- Compliance with GLBA Safeguards and Privacy Rules
- Identification of non-compliant areas and understanding of what actions are needed to comply with GLBA Safeguards and Privacy Rules
- Proper 3rd party objective demonstration of GLBA compliance
- Avoidance of fines that could result of a failing a GLBA Audit
- Reduction of the cost, confusion, and complexity of GLBA compliance
SecureState’s Audit & Compliance consultants are experts in understanding both the technical aspects as well as the business aspects of your organization. SecureState’s experience and knowledge, developed while working with some of the top Fortune 500 financial institutions in the country and a governing body, provides your organization with a true picture of your compliance with GLBA.