The Gramm-Leach-Bliley Act (GLBA) was originally passed in 1999, so why is everyone talking about it now?
GLBA, also known as the Financial Services Modernization Act of 1999, regulates financial institutions and governs the security standards meant to protect customer data. In October of 2021, the Federal Trade Commission (FTC) published a final rule which amended the Standards for Safeguarding Customer Information (commonly referred to as Safeguards Rule) under GLBA. For many organizations, compliance with the FTC’s updated Safeguards Rule is required by December 6, 2022 – only a few short months away.
The updated rule broadens the definition of “financial institution,” increases accountability, and provides additional implementation guidance. Follow along as we break down key points you need to know about GLBA compliance.
One of the most impactful updates made to the GLBA Safeguards Rule is the broadening of the term “financial institution.” Financial Institution now includes entities engaged in activities the Federal Reserve Board determines to be incidental to financial activities. Companies that bring together buyers and sellers (also known as finders) into scope.
This expanded definition means that we are seeing many organizations facing GLBA compliance for the first time. Here are a few examples of organizations now included in GLBA compliance:
There are two additional categories the GLBA Safeguards Rule update to focus on: 1) increasing accountability and 2) providing additional implementation guidance. Let’s take a moment to review a few of these provisions:
Having a strong partner can ease the burden of GLBA compliance by developing policies, fulfilling assessment requirements, and performing continuous monitoring tasks. Do you need assistance becoming GLBA compliant or meeting certain requirements? We’re here to help. Book a meeting with our Principal Consultant, Mike Skinner, here.