Gramm-Leach-Bliley Act (GLBA)
GLBA compliance, which is mandatory for financial institutions, is focused on the protection of consumer financial privacy.
Audit Peak will help you identify the internal and external risks, and the gaps and strengths in your GLBA compliance posture.
Improve Security Posture
Protecting consumer financial privacy
Audit Peak will perform a thorough review of your organization’s administrative, technical, and physical safeguards in place to protect the security, confidentiality, and integrity of customer information. We will provide you with a detailed gap assessment outlining the current controls in place that would satisfy the GLBA compliance requirements. The deliverable will also include any identified deficiencies/gaps along with best practices for remediating the deficiencies/gaps and any key control gaps that require immediate remediation.
Many organizations collect personally identifiable information (PII) and financial information from their customers and in the regular course of business share it with their affiliates and other business partners. GLBA requires any business that is “significantly engaged” in providing financial products or services to customers, to ensure the security and confidentiality of this type of information and to explain their information-sharing practices to their customers. The list of businesses that falls under “significantly engaged” is broad and includes but is not limited to companies that offer consumers financial products or services like loans, financial or investment advice, or insurance and companies such as credit unions, mortgage brokers, payday lenders, debt collectors, ATM operators, credit reporting agencies, real estate appraisers, automobile dealers, and even higher education institutions.
GLBA compliance helps protect consumer and customer records, builds trust and bolsters reputations, provides assurance to customers, and puts companies at lower risk of penalties or reputational damage caused by unauthorized sharing or loss of private customer data.