The Gramm-Leach-Bliley Act (GLBA) requires financial institutions – companies that offer consumers financial products or services like loans, financial or investment advice, or insurance – to explain their information sharing practices to their customers and to safeguard sensitive data.
The Safeguards Rule for GLBA was implemented in 2003 and amended in 2021 and requires financial institutions to develop and implement a cybersecurity program that protects customer information. Section 314.4 of the Safeguards Rule identifies the elements that a financial institution must:
- Designate a Qualified Individual to implement and supervise your company’s information security program.
- Conduct a risk assessment
- Design and implement safeguards to control risks
- Continually monitor and test safeguard effectiveness
- Train Personnel
- Monitor service providers
- Continually review and update the security program
- Develop an Incident Response Plan
- Report to the Board of Directors, at least annually
GAI Cyber has provided GLBA compliance services to financial institutions ranging from small credit unions to multi-national banks. Our team can provide a program readiness review and gap analysis, as well as assist in the development and maturing of your existing security program. We help identify issues before the Regulators do – avoid Matters Requiring Attention (MRAs)!