Privacy of Consumer Financial Information - Gramm-Leach-Bliley Act (GLBA) examination procedures

Updated Oct. 28, 2016

Download Gramm-Leach-Bliley Act (GLBA) examination procedures | PDF

Summary

The Fixing America’s Surface Transportation Act (FAST Act) included a provision amending Section 503 of the Gramm-Leach-Bliley Act (GLBA) [15 USC 6803] to provide a new exception to GLBA’s annual privacy notice requirement. The effective date of the amendment was Dec. 4, 2015.

Examiners reviewing compliance with GLBA’s implementing Regulation P [12 CFR 1016] will now find that the revised examination procedures account for the new exception that a financial institution is no longer required to provide its customers annual privacy notices if it meets the following criteria:  

1. The financial institution provides nonpublic personal information to a nonaffiliated third party only in a manner:

  • Consistent with the exceptions in GLBA [15 USC 6802(b)(2)] and Regulation P [12 CFR 1016.13 and 1016.14]. These exceptions include disclosures to perform services for, or functions on behalf of, the financial institution, including marketing of the financial institution’s own products or services, or products or services offered pursuant to a joint agreement between two or more financial institutions; and/or
  • Consistent with the exceptions in GLBA [15 USC 6802(e)] and Regulation P [12 CFR 1016.15]. These exceptions include disclosures as necessary to, among other things, effect, administer, or enforce a transaction requested or authorized by the consumer, or in connection with servicing or processing a financial product or service requested or authorized by a consumer; and
2. The financial institution has not changed its practices and procedures with regard to disclosing nonpublic personal information from those that were most recently disclosed.