Gramm Leach Bliley Act (GLBA)
CUInfoSecurity.com - Information Security News, Regulations, & Education  

Username:
Password:
Agencies
Anti-Money Laundering
Business Continuity & Disaster Recovery
Compliance
Emerging Technology
Governance and Standards
Identity Theft
Leadership Management
Physical Security
Risk Management
Training & Education
Webinar Calendar
Vendor Directory
Content Library
Products
Events
About Us
Resources
 

Gramm-Leach-Bliley Act (GLBA)

< Back

 Interagency Proposal for Model Privacy Form under the Gramm-Leach-Bliley Act

The OCC, Board, FDIC, OTS, NCUA, FTC, CFTC, and SEC (the Agencies) are proposing amendments to their rules that implement the privacy provisions of the Gramm-Leach-Bliley Act (GLB Act), Title V, Subtitle A. These rules require financial institutions to provide initial and annual privacy notices to their customers. As required under Section 728 of the Financial Services Regulatory Relief Act of 2006 (Regulatory Relief Act or Act), the Agencies are proposing a safe harbor model privacy form that financial institutions may use to provide disclosures under the privacy rules.

> Read entire regulation (log in required - registration is free) TOP



 Agencies Release Revised Bank Secrecy Act/Anti-Money Laundering Examination Manual

The Federal Financial Institutions Examination Council (FFIEC) today released the revised Bank Secrecy Act/Anti-Money Laundering (BSA/AML) Examination Manual (manual). The revised manual reflects the ongoing commitment of the federal banking agencies and the Financial Crimes Enforcement Network (FinCEN) to provide current and consistent guidance on risk-based policies, procedures, and processes for banking organizations to comply with the BSA and safeguard operations from money laundering and terrorist financing. The manual has been updated to further clarify supervisory expectations and incorporate regulatory changes since the manual's 2005 release. The revisions also draw upon feedback from the banking industry and examination staff.

> Read entire regulation (log in required - registration is free) TOP



 Key Federal Privacy Laws Do Not Require Information Resellers to Safeguard All Sensitve Data

Why GAO Did This Study
The growth of information resellers-companies that collect and resell publicly available and private information on individuals-has raised privacy and security concerns about this industry. These companies collectively maintain large amounts of detailed personal information on nearly all American consumers, and some have experienced security breaches in recent years.

GAO was asked to examine (1) financial institutions' use of resellers; (2) federal privacy and security laws applicable to resellers; (3) federal regulators' oversight of resellers; and (4) regulators' oversight of financial institution compliance with privacy and data security laws. To address these objectives, GAO analyzed documents and interviewed representatives from 10 information resellers, 14 financial institutions, 11 regulators, industry and consumer groups, and others.

> Read entire regulation (log in required - registration is free) TOP



 Board Action Memorandum - NCUA - Gramm-Leach-Bliley Act Appendix A

In 2001, NCUA amended 12 CFR Part 748 to fulfill a requirement in Section 501 of the Gramm-Leach-Bliley Act (Pub. L. No. 106-102) (GLBA), in which Congressdirected both NCUA and the other Federal Financial Institution Examination Council (FFIEC ) agencies, including the Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation, the Office of the Comptroller of the Currency, and the Office of Thrift Supervision (collectively, the “Banking Agencies”) to establish standards for financial institutions relating to administrative, technical, and physical safeguards to: (1) insure the security and confidentiality of customer records and information; (2) protect against any anticipated threats or hazards to the security or integrity of such records; and (3) protect against unauthorized access to or use of such records or information that could result in substantial harm or inconvenience to any customer.

Although NCUA worked with the Banking Agencies to develop the standards described above, the Banking Agencies issued their standards as guidelines under the authority of Section 39 of the Federal Deposit Insurance Act.

Since Section 39 of the Federal Deposit Insurance Act does not apply to NCUA, the NCUA Board determined that it could best meet the congressional directive to prescribe standards through an amendment to its existing regulation governing security programs for federally insured credit unions and by providing guidanceto credit unions, substantially identical to the guidelines issued by the Banking Agencies, in an appendix to the regulation. 12 CFR Part 748, Appendix A; 66 FR 8152 (January 30, 2001). The preamble to the final rule discusses the different regulatory framework under which the Banking Agencies issued their guidelines. The final regulation requires each federally insured credit union to establish and maintain a security program implementing the safeguards required by GLBA.

> Read entire regulation (log in required - registration is free) TOP



 Gramm-Leach-Bliley Act

FACILITATING AFFILIATION AMONG BANKS, SECURITIES FIRMS, AND INSURANCE COMPANIES

  • Repeals the restrictions on banks affiliating with securities firms contained in sections 20 and 32 of the Glass-Steagall Act.
  • Creates a new "financial holding company" under section 4 of the Bank Holding Company Act. Such holding company can engage in a statutorily provided list of financial activities, including insurance and securities underwriting and agency activities, merchant banking and insurance company portfolio investment activities. Activities that are "complementary" to financial activities also are authorized. The nonfinancial activities of firms predominantly engaged in financial activities (at least 85% financial) are grandfathered for at least 10 years, with a possibility for a five year extension.
  • The Federal Reserve may not permit a company to form a financial holding company if any of its insured depository institution subsidiaries are not well capitalized and well managed, or did not receive at least a satisfactory rating in their most recent CRA exam.
  • If any insured depository institution or insured depository institution affiliate of a financial holding company received less than a satisfactory rating in its most recent CRA exam, the appropriate Federal banking agency may not approve any additional new activities or acquisitions under the authorities granted under the Act.
  • Provides for State regulation of insurance, subject to a standard that no State may discriminate against persons affiliated with a bank.
  • Provides that bank holding companies organized as a mutual holding companies will be regulated on terms comparable to other bank holding companies.
  • Lifts some restrictions governing nonbank banks.


> Read entire regulation (log in required - registration is free) TOP


 NCUA : Guidance on Response Programs for Unauthorized Access to Member Information and Member Notice

In 2001, NCUA amended 12 CFR Part 748 to fulfill a requirement in Section 501 of the Gramm-Leach-Bliley Act (Pub. L. No. 106-102) (GLBA), in which Congress directed both NCUA and the other Federal Financial Institution Examination Council (FFIEC ) agencies, including the Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation, the Office of the Comptroller of the Currency, and the Office of Thrift Supervision (collectively, the “Banking Agencies”) to establish standards for financial institutions relating to administrative, technical, and physical safeguards to...

> Read entire regulation (log in required - registration is free) TOP



 Information Security Program

On January 17, 2001, the banking regulatory agencies adopted guidelines implementing Section 501 of the Gramm-Leach-Bliley Act (GLBA). The guidelines require financial institutions to establish a comprehensive and coordinated information security program, appropriate to the size of the bank and the complexity of its operations.

The guidelines require financial institutions to establish an information security program to: (1) identify and assess the risks that may threaten customer information; (2) develop a written plan containing policies and procedures to manage and control these risks; (3) implement and test the plan; and (4) adjust the plan on a continuing basis to account for changes in technology, the sensitivity of customer information, and internal or external threats to information security. Each institution may implement a security program appropriate to its size and complexity and the nature and scope of its operations.

> Read entire regulation (log in required - registration is free) TOP






Terms of Service | Advertise | Archive | Site Map | Contact | Credit Union Information Security RSS Syndication RSS Syndication
Copyright © 2007 CUInfoSecurity.com