The Financial Modernization Act of 1999 also known

The Financial Modernization Act of 1999, also known as the Gramm-Leach-Bliley Act (GLBA) UNDERSTANDING AND DEVELOPING A STRATEGIC PLAN TO BECOME COMPLIANT WITH THE GLBA

WHAT IS THE GRAMM-LEACH-BLILEY ACT? The Financial Modernization Act of 1999, also known as the Gramm-Leach. Bliley Act, includes provisions to protect consumers’ personal financial information held by institutions or businesses. The Gramm-Leach-Bliley Act modernizes the nation's financial services industry by allowing diversified financial institutions to offer customers more choices and better services with greater efficiency at lower costs. For the first time in many years, banks, insurance companies and brokerage firms will be able to affiliate and diversify. The act enables affiliates of the same firm to share consumer information among themselves, provided they inform their customers of their financial-sharing policies. The Gramm-Leach-Bliley Act became effective on November 12, 2000. However, mandatory compliance was not required until July 1, 2001.

WHAT IS THE PURPOSE OF THE GRAMM-LEACHBLILEY MODERNIZATION ACT? The purpose of the Act is to promote further competition and allow companies and customers to take full advantage of emerging technology. Much focus has been placed on ensuring the integrity of the customer information because of the legal ramifications and liability resulting from noncompliance, such as identity theft. The Act provides for a comprehensive set of consumer privacy protections at the federal level, including: ØFinancial services companies are required to adopt and disclose privacy policies. ØConsumers are given the choice to "opt out" of having their information shared with third parties for marketing purposes ØThe practice of obtaining or disclosing an individual's financial information under false pretenses will be illegal.

ARE THERE ANY DOWN-SIDES OF THE GLB MODERNIZATION ACT OF 1999? Ø The Federal Trade Commission reports that 1 in 8 Americans has suffered an identity theft loss. Ø According to the Consumer Counseling Report, the cost of fighting identity theft averages $15, 000 per case and 175 man hours. Ø The cost to society is approximately $53 billion per year and may be even higher according to a recent study by the FTC. Ø According to a 1999 report by Computer Economics Inc. , computer viruses, Trojan horse programs, and denial of service attacks, cost Americans a total of $12. 1 billion. Ø The American Banking Association reports identity fraud cost members approximately $1 billion per year and that credit card companies absorb approximately $1. 5 billion in losses per year.

WHAT IS YOUR RESPONSIBILITY IN THE GLB MODERNIZATION ACT? New FTC rules require most companies that record customer financial information such as social security numbers to: ”have a comprehensive information security program that is written in one or more readily accessible parts and contains administrative, technical, and physical safeguards…The information security program must identify reasonably foreseeable internal and external risks …. And assess the sufficiency of any safeguards in place to control these risks. … Non-compliance with FTC information security rules can result in fines up to $11, 000 per day/per incidence since May 23, 2003.

36493 Federal Register/Vol. 67, No. 100/May 23, 2002/Rules and Regulations § 314. 3 Standards for safeguarding customer information (a) Information security program. You shall *develop, implement, and maintain a comprehensive information security program that is written* § 314. 4 Elements. In order to develop, implement, and maintain your information security program, you shall: (a) Designate* an employee or employees to coordinate your information security program. (b) Identify* reasonably foreseeable internal and external risks to the security, confidentiality, and integrity of customer information… …At a minimum, such a risk assessment* should include consideration of risks in each relevant area of your operations… (c) Design and implement information safeguards* to control the risks you identify through risk assessment*, and regularly test… (d) Oversee service providers*, by: (1) Taking reasonable steps to select and retain service providers that are capable of maintaining appropriate safeguards for the customer information at issue… (e) Evaluate and adjust* your information security program… *Note - emphasis added Under the GLBA what is the definition of a financial institution?

THE GRAMM-LEACH-BLILEY ACT INFLUENCES NEARLY EVERY TYPE OF FINANCIAL INSTITUTION: Gramm-Leach-Bliley Act influences nearly every type of financial institution including national banks, federal branches, federal agencies of foreign banks, savings associations, FDIC-insured banks, federally insured credit unions, brokers, investment companies, investment advisors and insurance companies as well as: Ø Ø Ø Auto Dealerships RV Dealerships Motorcycle Dealers Boat Dealerships Auto Leasing Companies Ø Ø Ø Mortgage Bankers Insurance Agencies Travel Agencies Furniture Stores (issue credit) CPA/Tax Accountants How do I secure my customer’s information while following the FTC’s guidelines to become GLB compliant?

HOW TO BECOME GLBA COMPLIANT? Ø Hire a law firm to research and answer the laws in writing addressing the GLBA (cost $10, 000+). Ø Hire a CPA firm to research and answer the law in writing (cost $5, 000+). Ø Hire an IT security consultant to research your network and answer the law (cost $7, 500+). Ø Hire an HR firm to research and answer the law in writing addressing the GLBA concerns with employee hiring and terminations (cost $3, 000+). Ø Hire a compliance consultant and have them review and approve all the written information put together above and compile it in a manual (cost $10, 000+). Ø INVEST IN A COMPLIANCE COMPANY WHO SPECIALIZES IN GLBA COMPLIANCY AND HAS ALREADY RESEARCHED, ADDRESSED AND DEVELOPED A TURN-KEY APPROACH TO ASSIST YOU WITH BECOMING GLBA COMPLIANT