GLBA Compliance

Gramm-Leach-Bliley Act (GLBA) Compliance

What is the Gramm-Leach-Bliley Act (GLBA)?

The Gramm-Leach-Bliley Act (GLB Act or GLBA), also known as the Financial Modernization Act of 1999, is a federal law enacted in the United States to control the ways that financial institutions deal with the private information of individuals. The Act also requires financial institutions to give customers written privacy notices that explain their information-sharing practices. The Act consists of three sections:

  • The Financial Privacy Rule: which regulates the collection and disclosure of private financial information.
  • The Safeguards Rule: which stipulates that financial institutions must implement security programs to protect such information.
  • The Pretexting provisions: which prohibit the practice of pretexting (accessing private information using false pretenses).

LuitBiz DMS can help in meeting Financial Privacy Rule whereas the responsibility of other two rules lies solely on the firms’ shoulders.


To which companies does the GLBA Rules apply?

The GLBA's privacy protections only regulate financial institutions engaged in banking, insuring, stocks and bonds, financial advice & investing.

What are the benefits of GLBA compliance?

Complying with the GLBA puts financial institutions at lower risk of penalties or reputational damage caused by unauthorized sharing or loss of private customer data. There are also several privacy and security benefits required by the GLBA Safeguards Rule for customers, some of which include:

  • Private information must be secured against unauthorized access.
  • Customers must be notified of private information sharing between financial institutions and third parties and have the ability to opt out of private information sharing.
  • User activity must be tracked, including any attempts to access protected records.

The GLBA requires that financial institutions act to ensure the confidentiality and security of customers’ “nonpublic personal information,” or NPI. Compliance with the GLBA protects consumer and customer records and will therefore help to build and strengthen consumer reliability and trust. Customers gain assurance that their information will be kept secure by the institution; safety and security cultivate customer loyalty, resulting in a boost in reputation, repeat business, and other benefits for financial institutions.


What is a document management system and how can it help with GLBA compliance?

A document management system stores, retrieves, manages and tracks electronic documents and electronic images of scanned paper-based information, tracks document lifecycle and audit trail and ensures timely approval of documents via automated document workflows. A document management software ultimately controls and organizes documents throughout an organization.

With the increased use of technology, many financial institutions are turning to paperless software as a solution for maintaining regulatory compliance standards with internal documents. If you choose a wrong document management solution, the non-compliance costs can be catastrophic.

Let’s find out in detail how LuitBiz DMS can help you achieve GLBA compliance through its document control process by asking you the following questions:

  1. Do you have controlled access to all your important financial documents?
  2. Do you receive real time alerts whenever an unauthorized person tries to access your documents?
  3. Are you confident that the integrity of your documents have been maintained?
  4. Do you know who has performed what operation on your documents and when?
  5. Do you have a version control system in place that ensures that you are working with the most recent version of the document?
  6. Are you easily at risk of a security breach?

If your answer to the above questions is a "NO", you definitely need a document management system to manage your business documents and ensure GLBA Compliance. If you do not manage your documents now, you will end up in the risk of paying huge fines for non-compliance.

LuitBiz DMS can help comply with GLBA that are pertain to document and records management. Let’s take a look at some of the key elements of the GLBA regulations and how LuitBiz DMS addresses them:

Rule What it means How LuitBiz DMS helps
Data Security Access must be controlled to protected financial data via means like unique user-rolls and user-based permissions. All points of access to data, (database, file, folder, etc.), must be appropriately restricted to only provide access to those that are permitted. All documents and records are access controlled. Access in controlled at the folder level and users without access to a particular folder cannot even know about the existence of that folder in the system.
Privacy Notice Notifications The Financial Privacy Rule (“Privacy Rule”) requires financial institutions to provide each consumer with a privacy notice at the time the customer relationship is established and annually thereafter. The privacy notice must explain the information collected about the consumer, where and with whom that information is shared, how that information is used, and how that information is protected. LuitBiz DMS allows users to send email notifications to customers about their documents and maintains a log of all the emails sent to the customers. Additionally, email notification alerts are sent to responsible persons whenever some sensitive documents are modified or deleted in case an authorized user tries to breach the security system. This protects data even further.
NPI Collection Nonpublic Personal Information (NPI) like name, address, phone number, Social Security Number, account balances, etc must be collected and it should be mentioned clearly with whom – an affiliated third-party or a non-affiliated third-party the NPI will be shared. The document tagging templates of LuitBiz DMS allows group leaders to define NPI data collection templates that need to be filled out and attached to customer documents. These can contain all the NPI related data as well as the guidance on how and with whom the NPI data must be shared.