GLBA Compliance

What is GLBA?

The Gramm-Leach-Bliley Act requires financial institutions – companies that offer consumers financial products or services like loans, financial or investment advice, or insurance – to explain their information-sharing practices to their customers and to safeguard sensitive data. More detailed information from the Federal Trade Commission can be found here.

Who Does GLBA Impact?

GLBA compliance applies to financial institutions, or any business offering financial products and services to individuals. This includes loans, debt collection, financial advice, investment advice, or insurance. The FTC includes a wide range of organizations considered to be financial institutions for the purposes of GLBA compliance. These include:

ATM operators Banks Car Rental Companies Check-cashing Businesses
Consumer Credit Reporting Agencies Credit Counseling Services Courier Services Credit Card Companies
Credit Reporting Agencies Credit Unions Debt Collection Agencies Educational Institutions*
Financial Advisory Firms Hedge Funds Insurance Advisors Loan Brokers
Mortgage Brokers Mortgage Lenders Non-Bank Lenders Non-Bank Mortgage Lenders
Property Appraisers Real Estate Firms Real Estate Settlement Service Providers Investment Advisers
Stockbrokers Tax Preparation Services

Additionally, if an organization receives data from financial institutions, they must also adhere to GLBA compliance requirements. Financial institutions are responsible for ensuring that these organizations implement safeguards to ensure non-public customer information in their care is protected.

Penalties for Non-Compliance with GLBA

Failure to meet GLBA compliance requirements can result in fines and time in prison. GLBA compliance violations carry penalties not just for financial institutions, but also for individuals. Financial institutions who intentionally disregard GLBA compliance requirements, along with their owners and directors, can face criminal prosecution in a federal district court with criminal fines and imprisonment.

Penalties for failure to meet GLBA compliance requirements include:

  • Fines of $100,000 for each violation for financial institutions found in violation of GLBA compliance
  • Fines of $10,000 for each violation for officers and directors in charge of institutions found to be in violation of GLBA compliance
  • Up to 5 years in prison for officers and directors in charge of institutions found in violation of GLBA compliance

A cyber risk assessment is the first step. Schedule yours today.