Gramm-Leach-Bliley Financial Services Modernization Act of l999
A press release from the Senate Banking Committee on April 28, l999 stating that the Financial Services Modernization Act was formally file in the Senate would initiate major changes in several areas of the financial industry. Senator filed the bill
Phil Gramm, chairman of the Senate Committee on Banking, Housing and Urban Affairs, and passed on March 4th by the Banking Committee. (banking.senate.gov) On
November 12, l999, President Clinton signed the bill into law, formally named the Gramm-Leach-Bliley Act (GLBA), subsequently known as the Financial Services Modernization Act of l999.
In an effort to minimize confusion and maximize essential content, I have divided the explanation of the GLBA in two sections; the first will cover the “competition”
portion of the act and the second, the “privacy.”
Competition Among the Financial Industry:
The Gramm-Leach-Bliley Act repealed the Glass-Steagall act of l933, which was written in reaction to the economic problems following the Great Depression. The Act
was comprised of two separate laws; the first took the United States off the “gold standard,” (a monetary system) and considerably increasing the ability of the Federal
Reserve to influence the money supply. The second law enacted, was to make banking safer and less prone to speculation, separated the activities of commercial banks and
other financial institutions and introduced the Federal Deposit Insurance Corporation (FDIC). (wikipedia)
Reshaping the financial services industry would necessitate removing barriers between banks, insurance companies, loan companies, credit card issuers, credit bureaus and investment firms to enhance competition and create a healthier economy. The Act
provides these entities with flexibility, functional regulators; the banks would be regulated by banking regulators, the insurance companies by insurance regulators, etc., and a conventional means for synchronization between the Federal Reserve and the Secretary of Treasurer concerning approval of new financial activities. (library.findlaw)
The GBLA provides a prudent, uncomplicated route to “financial integration.” It
authorized a financial holding company (FHC), which is a primary entity, linking commercial banks with securities firms, insurance companies, and depository banks.
Examples of integration is, with this act, a commercial bank and depository bank can offer insurance products; investment companies can offer retail services (ex. checking and savings accounts), banks can offer investment services (ex. mutual funds); and credit card companies, like American Express, can offer insurance and depository products.
Establishing the framework allowing banks to affiliate with varied financial services firms was a significant expansion for competition. The Federal Reserve still closely regulates banking activity, and serves as a conduit to protect banks form any unwarranted exposure to risk from other affiliates. These new products could be done within the bank, but in the beginning a vast amount were sent out to holding companies or bank subsidiaries, however recent times have seen “all” services under one “roof” for
customer convenience. (frbsf.org)
Many thought the GLBA would create a surplus of “universal banks, “with mega profits for financial institutions and immense savings for customers. According to a
recent article in the Regional economist, the main benefit the act allows is for banks to utilize the revenue “efficiencies and cost savings,” that come from offering a myriad of financial products. The article compares this situation to a grocery store that houses a
pharmacy and video rental department. The stores profits multiply because the shopper,
buying the groceries, finds it expedient to also get their medicine and a video at the same time. Similarly, customers can go to their bank, cash a check, buy life insurance and apply for a loan all at the same time. (Regional Economist)
The GLBA does provide some restrictions to separate between investment and commercial banking operations. One item is that licensed bankers must have separate
business cards, for example, “Personal Banker, Wells Fargo,” and “Investment
Consultant, Wells Fargo Private Client Services.” (wikipedia)
Supporters of the GLBA claimed the act would save consumers billions, but
some analysts said there would be only a “minor effect” on the financial services
industry, because gains and cost savings from a universal bank are minimal. Several years have passed since the GLBA was enacted and the statistics suggest “the effects of the law have been modest; consequently, banking customers should not expect significant price reductions for their primary financial services.” (Regional Economist)
The correlation of financial services industry was slower than expected. Retail banks tended not to buy insurance underwriters, but engaged in the more profitable business of insurance brokerage, selling products of other insurance companies. Brokerage companies had a difficult time delving into banking; they did not have the space. It seems like banks are, for the most part, offering the same products they did before the GLBA.
Taking full advantage of the law would necessitate the institutions becoming financial holding companies. The banks that have complied to becoming a holding company are the large “money-center” banks, like Citigroup, Bank of America and JP Morgan Chase. One reason smaller banks are not becoming holding companies is because the ones that did, only showed diffident revenue changes. The GLBA “is a further step in the evolutionary process of financial deregulation,” any progressive step
shows a positive impact emanating from the Financial Services Modernization Act. (Regional Economist)
Protecting the privacy of customer’s information held by “financial institutions” is
the foundation of the financial privacy provisions of the Gramm-Leach-Bliley Act.
Companies are required, by law, to give consumers a privacy notice that implicitly reveals the institutions “information-sharing practices.” (ftc.gov) The information collected about the consumer, such as, where the information will be shared, how the information is will be used and how the information is protected. The notice must identify the consumer’s right to “opt-out” of the information being shared under the Fair Credit Reporting Act. The GLBA, also has a no opt-out provision for several situations,
for example, a financial institution shares information with companies that provide data
processing or servicing accounts, disclosure is legally required; and financial institute
shares data with outside service provider that market the financial company’s products
alternatively, services. Financial institutions are prohibited from disclosing their customer’s account numbers to non-affiliated companies for telemarketing, direct mail marketing,
in addition, marketing through emails. (ftc.gov)
Enforcing the law falls on the Federal Trade Commission for “financial institutions,” which includes loan brokers, investment advisors and debt collectors, check cashers,
advisors and debt collectors, check cashers, and finance companies that are not covered by the federal banking agencies, Securities and Exchange Commission, the Commodity Futures Trading Commission and state insurance authorities.
The GLBA consists of three privacy sections: The Financial Privacy Rule, which
regulates the collections and disclosure of private financial information; the Safeguards
Rule, which stipulates that financial institutions must execute security programs to
protect such information; and the Pretexing provisions, which disallow the practice of
pretexing (using false pretenses to access private information). (searchcio)
with you under whom you provide a financial product or service.” (ftc.gov) Business’ and individuals who obtain financial products for business purposes are not deemed
a consumer or a customer under the Financial Privacy Rule.
Distinguishing consumers from customers is relevant because the responsibilities
to provide notices differ in several instances:
* All customers must receive initial privacy notices.
* Initial notices to consumers must be given, who are not your customer only if you
intend to disclose nonpublic, personal information to a third party.
* Annual privacy notices must be given to all customers as long as they remain your
* You are never required to send annual notices to consumers who are not your
The Federal Trade Commission, as part of the GLBA, issued the Safeguards Rule,
effective May 23, 2003. This Rule requires financial institutions, within the FTC’s jurisdiction, to secure customer records and information. All businesses that are “significantly engaged” in providing financial products or services must comply. The companies are also responsible for their affiliates and service providers to safeguard their customer’s information. A comprehensive, written, security program must be in
that describes, in detail, the financial institution’s plan to safeguard customer’s information. The plan must be pertinent to the financial institution’s size and complexity, scope of their activities, and sensitivity of the customer’s information it handles.
The company’s plan must:
* Designate one or more employees to co-ordinate the safeguards.
* Identify and assess the risks to customer information in each area of operation,
evaluate the effectiveness of the current safeguards for controlling these risks.
* Design and implement a safeguard program and regularly monitor and test it.
* Select appropriate service providers and contract with them to implement
* Evaluate and adjust the program, if any company circumstances change.
The Safeguards Rule is intended to do what most businesses should already be doing,
“protect their client.” (wikipedia) The Rule simply forces the financial institution to
look closer at how they manage private data and essential risk management.
When developing their information security plan, the financial institution should
look at its impact in all areas of operations, including employee training, internal information systems and managing systems failures. To assist in complying to their
plan, they may want to do the following:
* Complete background checks on employees who handle information.
* Have employees sign agreements stating they will follow the security information
* Password protection on computers, changing passwords routinely.
* Limit access to customer information to only authorized personnel.
* Secure all documents when unattended. (recall.com)
Pretexing is “the act of creating and using an invented scenerio (the pretex)
to persuade a target to release personal information, often used to trick a business
into disclosing customer information.” (wikipedia) The Gramm-Leach-Bliley
Act purposely addresses pretexing as an illegal act punishable under federal statues. The law requires financial institutions to take every precaution necessary to protect and preserve consumers and associated their nonpublic information. The pretexing provision of the GLBA does not only apply if the pretexer is getting “financial information,” it states that getting any personal, nonpublic information from a financial institution or the consumer, by pretexing, would be in violation of the law. (documents.bmc)
The GLBA states that it is illegal for anyone to:
* Use false, fictitious or fraudulent statements or documents to get customer
information from a financial institution or directly for a customer of a fiancial
* Use forged, counterfeit, lost or stolen documents to get customer information
from a financial institution or directly from a customer of a financial institution.
* Ask another person to get someone else’s customer information using false,
fictitious or fraudulent statements or using false, fictitious or fraudulent
documents or forged, counterfeit, lost or stolen documents. (the-bank)
Non-compliance of the GLBA may result in a civil action brought by the Attorney General. Penalties for the financial institution is a fine of up to $100,000
for each violation. In addition, “the officers and directors of the financial institute
shall be subject to, and shall be personally liable for, a civil penalty of not more than $10,000 for each such violation.” Criminal penalties may include up to five years in
Privacy advocates and industry groups have lobbyed for changes to the GBLA
to guarantee further protection and consumer security. Some of the changes are:
* Financial institutes should implement an opt-in approach to the use of personal
information, this would minimize any unwanted disclosure of information.
* Financial institutes should include in their privacy reports what information is
going to be used.
* Expand enforcement authority, to give state concurrent jurisdiction in order to
ensure a more efficient enforcement program.
* Individuals shoud have the right to protect their privacy under the GLBA, which,
as it currently stands, there is no private right of action.
* Give individuals the right to review information that is disclosed. (epic.org)
banking.senate.gov, News from the Senate Banking Committee, 28 April 1999,
U.S. Senate Committee on Banking, Housing, and Urban Affairs website is an excellent source for government and economic papers. The newsroom was especially useful and fascinating.
documents.bmc, BMC Software, Safeguarding Financial Privacy with Enterprise Single Sign-On, January 2005, documents.bmc.com/products.
This was creating with Adobe pdf. It had excellent information, very detailed, but a lot of it was directly from the Federal Reserve guidelines.
epic.org, Electronic Privacy Information Center, “The Gramm-Leach-Bliley Act,”
21 January 2005, epic.org/privacy/glba
This was the most comprehensive, accurate site used for this report. It is a public interest research center, focusing attention on civil liberty issues, and protecting privacy.
The site is exceptionally easy to navigate.
frbsf.org, FRBSF Economic Letter, 31 March 2000, Federal Reserve Bank of SanFransisco, frbsf.org/econrsch/wklyltr/2000
This site was similar to the Regional economist. The articles vary from banking to educational issues, and are very informative.
Work Cited, Con’t
ftc.gov, “In Brief: The Financial Privacy Requirements of the GLBA
The Federal Trade Commission website is amazingly interesting. You can attain
information from its articles, news, forums and offices.
library.findlaw, Congress Passes Financial Services Modernization Act of l999,
Find Law is the best site for personal and educational legal issues. The information
revealed through articles, case studies and news is immense and fascinating.
live office.com, GLBA, 2007, liveoffice.com/regulations/gram-leach-bliley.asp,
Live Office is a managed messaging service with an excellent archival section. The
company assists organizations in complying with statues, regulations legal and industry
nacua.org, Financial Institutes and Customer Data, nacua.org/macular/docs
This was a site generated by the Federal Trade Commission, a pdf. recall.com, Maintaining Compliance with the GLBA, O 18 October 2005, recall.com/Recall/North America
Recall is an excellent source for major industry research. It is actually a leader
Work Cited, Con’t
in document management solutions. The website has a vast database of useful documents.
Regional Economist, Harshman, E, “The Doors are Opened, but Banks Are Slow to Enter Insurance and Investment Areas,” stlouisfed.org
Regional Economist is a quarterly review of business and economic conditions. The review has information on banking, education, community and consumer areas. Articles are extremely informative and entertaining.
Searchcio, GLBA 10 December 2006, searchcio.tectarget.com
Search CIO is a website and magazine for CIO’s and information technology professionals. You can access the magazine and website free and the information is literally endless.
the-bank.com, Pretexing: Your Personal Information Revealed, the-bank.com/pdf
wikipedia.org, GBLA 26 April 2007. Wikipedia, online encyclopedia is by far the best source for research on the internet. The website is user- friendly, current and easy to navigate. If only one source was needed for any research paper, I would recommend Wikipedia and know, all the information would be readily available.