The Gramm–Leach–Bliley Act (GLBA), also known as the Financial Services Modernization Act of 1999, () is an act of the 106th United States Congress (1999–2001). It repealed part of the Glass–Steagall Act of 1933, removing barriers in the market among

bank A bank is a financial institution that accepts deposits from the public and creates a demand deposit while simultaneously making loans. Lending activities can be directly performed by the bank or indirectly through capital markets. Because ...

ing companies,

securities A security is a tradable financial asset. The term commonly refers to any form of financial instrument, but its legal definition varies by jurisdiction. In some countries and languages people commonly use the term "security" to refer to any for ...

companies, and

insurance Insurance is a means of protection from financial loss in which, in exchange for a fee, a party agrees to compensate another party in the event of a certain loss, damage, or injury. It is a form of risk management, primarily used to hedge ...

companies that prohibited any one institution from acting as any combination of an

investment bank Investment is the dedication of money to purchase of an asset to attain an increase in value over a period of time. Investment requires a sacrifice of some present asset, such as time, money, or effort. In finance, the purpose of investing i ...

, a

commercial bank A commercial bank is a financial institution which accepts deposits from the public and gives loans for the purposes of consumption and investment to make profit. It can also refer to a bank, or a division of a large bank, which deals with co ...

, and an

insurance company Insurance is a means of protection from financial loss in which, in exchange for a fee, a party agrees to compensate another party in the event of a certain loss, damage, or injury. It is a form of risk management, primarily used to hedge ...

. With the passage of the Gramm–

Leach Leach may refer to: * Leach (surname) * Leach, Oklahoma, an unincorporated community, United States * Leach, Tennessee, an unincorporated community, United States * Leach Highway, Western Australia * Leach orchid * Leach phenotype, a mutation in ...

– Bliley Act, commercial banks, investment banks, securities firms, and insurance companies were allowed to consolidate. Furthermore, it failed to give to the SEC or any other financial regulatory agency the authority to regulate large investment bank holding companies. The legislation was signed into law by President

Bill Clinton William Jefferson Clinton ( né Blythe III; born August 19, 1946) is an American politician who served as the 42nd president of the United States from 1993 to 2001. He previously served as governor of Arkansas from 1979 to 1981 and agai ...

. A year before the law was passed,

Citicorp Citigroup Inc. or Citi (stylized as citi) is an American multinational investment bank and financial services corporation headquartered in New York City. The company was formed by the merger of banking giant Citicorp and financial conglomer ...

, a commercial bank

holding company A holding company is a company whose primary business is holding a controlling interest in the securities of other companies. A holding company usually does not produce goods or services itself. Its purpose is to own shares of other companies ...

, merged with the insurance company

Travelers Group The Travelers Companies, Inc., commonly known as Travelers, is an American insurance company. It is the second-largest writer of U.S. commercial property casualty insurance, and the sixth-largest writer of U.S. personal insurance through indepen ...

in 1998 to form the conglomerate Citigroup, a corporation combining banking, securities and insurance services under a house of brands that included Citibank,

Smith Barney Morgan Stanley Wealth Management is an American multinational financial services corporation specializing in retail brokerage. It is the wealth & asset management division of Morgan Stanley. On January 13, 2009, Morgan Stanley and Citigroup an ...

Primerica Primerica, Inc. (NYSE: PRI) is a company that provides insurance, investment and financial services to middle income families in the United States and Canada. Primerica is the parent company of National Benefit Life Insurance Company, Prime ...

, and Travelers. Because this merger was a violation of the Glass–Steagall Act and the

Bank Holding Company Act of 1956 The Bank Holding Company Act of 1956 (, ''et seq.'') is a United States Act of Congress that regulates the actions of bank holding companies. The original law (subsequently amended), specified that the Federal Reserve Board of Governors must appr ...

, the

Federal Reserve The Federal Reserve System (often shortened to the Federal Reserve, or simply the Fed) is the central banking system of the United States of America. It was created on December 23, 1913, with the enactment of the Federal Reserve Act, after a ...

gave Citigroup a temporary waiver in September 1998. Less than a year later, GLBA was passed to legalize these types of mergers on a permanent basis. The law also repealed Glass–Steagall's conflict of interest prohibitions "against simultaneous service by any officer, director, or employee of a securities firm as an officer, director, or employee of any member bank".

Legislative history

The banking industry had been seeking the repeal of the 1933 Glass–Steagall Act since the 1980s, if not earlier. In 1987 the

Congressional Research Service The Congressional Research Service (CRS) is a public policy research institute of the United States Congress. Operating within the Library of Congress, it works primarily and directly for members of Congress and their committees and staff on a ...

prepared a report that explored the cases for and against preserving the Glass–Steagall act. Respective versions of the Financial Services Act were introduced in the

U.S. Senate The United States Senate is the upper chamber of the United States Congress, with the House of Representatives being the lower chamber. Together they compose the national bicameral legislature of the United States. The composition and pow ...

by Phil Gramm (

Republican Republican can refer to: Political ideology * An advocate of a republic, a type of government that is not a monarchy or dictatorship, and is usually associated with the rule of law. ** Republicanism, the ideology in support of republics or agains ...

of Texas) and in the

U.S. House of Representatives The United States House of Representatives, often referred to as the House of Representatives, the U.S. House, or simply the House, is the lower chamber of the United States Congress, with the Senate being the upper chamber. Together they ...

Jim Leach James Albert Smith Leach (born October 15, 1942) is an American academic and former politician. He served as ninth Chair of the National Endowment for the Humanities from 2009 to 2013 Pogrebin, Robin"Rocco Landesman Confirmed as Chairman of the N ...

(R-Iowa). The third lawmaker associated with the bill was Rep. Thomas J. Bliley, Jr. (R-Virginia), Chairman of the

House Commerce Committee The Committee on Energy and Commerce is one of the oldest standing committees of the United States House of Representatives. Established in 1795, it has operated continuously—with various name changes and jurisdictional changes—for more tha ...

from 1995 to 2001. During debate in the

House of Representatives House of Representatives is the name of legislative bodies in many countries and sub-national entitles. In many countries, the House of Representatives is the lower house of a bicameral legislature, with the corresponding upper house often c ...

, Rep.

John Dingell John David Dingell Jr. (July 8, 1926 – February 7, 2019) was an American politician who served as a member of the United States House of Representatives from 1955 until 2015. A member of the Democratic Party, he holds the record for longes ...

(

Democrat Democrat, Democrats, or Democratic may refer to: Politics *A proponent of democracy, or democratic government; a form of government involving rule by the people. *A member of a Democratic Party: **Democratic Party (United States) (D) **Democratic ...

of Michigan) argued that the bill would result in banks becoming "too big to fail." Dingell further argued that this would necessarily result in a bailout by the Federal Government. The House passed its version of the ''Financial Services Act of 1999'' on July 1, 1999, by a bipartisan vote of 343–86 (Republicans 205–16; Democrats 138–69;

Independent Independent or Independents may refer to: Arts, entertainment, and media Artist groups * Independents (artist group), a group of modernist painters based in the New Hope, Pennsylvania, area of the United States during the early 1930s * Independ ...

0–1),H.R.10: Financial Services Act of 1999, ''EH''
, July 1, 1999, ''Engrossed as Agreed to or Passed by House'',

Library of Congress The Library of Congress (LOC) is the research library that officially serves the United States Congress and is the ''de facto'' national library of the United States. It is the oldest federal cultural institution in the country. The library ...

Consideration of H.R.10: Financial Services Act of 1999
, ''All Congressional Actions & Reports of H.R.10'', '' Congressional Record'' two months after the Senate had already passed its version of the bill on May 6 by a much narrower 54–44 vote along basically partisan lines (53 Republicans and 1 Democrat in favor; 44 Democrats opposed).S.900: Financial Services Modernization Act of 1999, ''ES''
, May 6, 1999, ''Engrossed as Agreed to or Passed by Senate'', Library of CongressConsideration of S.900: Financial Services Modernization Act of 1999
, ''All Congressional Actions & Reports of S.900'', ''Congressional Record''Congressional roll-call a
S.900 as amended: Financial Services Modernization Act of 1999, Record Vote No: 105
, May 6, 1999, U.S. Senate Roll Call Votes.Sen.

Fritz Hollings Ernest Frederick "Fritz" Hollings (January 1, 1922April 6, 2019) was an American politician who served as a United States senator from South Carolina from 1966 to 2005. A conservative Democrat, he was also the 106th governor of South Carolina, ...

(D-S. Carolina) voted in favor, Sen. Peter Fitzgerald (R-Illinois) voted "present" and Sen.

James Inhofe James Mountain Inhofe ( ; born November 17, 1934) is an American politician serving as the senior United States senator from Oklahoma, a seat he was first elected to in 1994. A member of the Republican Party, he chaired the U.S. Senate Committe ...

(R-Oklahoma) did not vote. A table with members' full names, sortable by vote, state, region and party, may be found at S.900 as amended: Gramm–Leach–Bliley Act, roll call 105, 106th Congress, 1st session. Votes Database at ''

The Washington Post ''The Washington Post'' (also known as the ''Post'' and, informally, ''WaPo'') is an American daily newspaper published in Washington, D.C. It is the most widely circulated newspaper within the Washington metropolitan area and has a large nati ...

''. Retrieved on 2008-10-09 from . When the two chambers could not agree on a joint version of the bill, the House voted on July 30 by a vote of 241–132 (R 58–131; D 182–1; Ind. 1–0) to instruct its negotiators to work for a law which ensured that consumers enjoyed medical and financial privacy as well as "robust competition and equal and non-discriminatory access to financial services and economic opportunities in their communities" (i.e., protection against exclusionary redlining). The bill then moved to a joint

conference committee A committee or commission is a body of one or more persons subordinate to a deliberative assembly. A committee is not itself considered to be a form of assembly. Usually, the assembly sends matters into a committee as a way to explore them more ...

to work out the differences between the Senate and House versions. Democrats agreed to support the bill after Republicans agreed to strengthen provisions of the anti-redlining

Community Reinvestment Act The Community Reinvestment Act (CRA, P.L. 95-128, 91 Stat. 1147, title VIII of the Housing and Community Development Act of 1977, ''et seq.'') is a United States federal law designed to encourage commercial banks and savings associations to hel ...

and address certain privacy concerns; the conference committee then finished its work by the beginning of November."Republicans' Revised Banking Bill Greeted With Veto Promise"
, Washington Post, October 13, 1999, p.E03
Cincotta, National Housing Institute, 1999 On November 4, the final bill resolving the differences was passed by the Senate 90–8,Congressional roll-call
S.900 as reported by conferees: Financial Services Act of 1999, Record Vote No: 354
, November 4, 1999, Clerk of the Senate. Sortable unofficial table
On Agreeing to the Conference Report, S.900 Gramm–Bliley–Leach Act, roll call 354, 106th Congress, 1st session
Votes Database at ''

'', retrieved on October 9, 200852 Republicans and 38 Democrats voted for the bill. Sen. Richard Shelby of Alabama (Republican, formerly a Democrat) voted against it, as did 7 Democratic Senators: Barbara Boxer (Calif.),

Richard Bryan Richard Hudson Bryan (born July 16, 1937) is an American attorney and politician who served as a United States Senator from Nevada from 1989 to 2001. A Democrat, Bryan served as the 25th Governor of Nevada from 1983 to 1989, and before that serv ...

(Nevada),

Byron Dorgan Byron Leslie Dorgan (born May 14, 1942) is an American author, businessman and former politician who served as a United States Representative (1981–1992) and United States Senator (1992–2011) from North Dakota. He is member of the Democratic ...

(N. Dakota),

Russell Feingold Russell Dana Feingold ( ; born March 2, 1953) is an American lawyer and politician who served as a United States Senator from Wisconsin from 1993 to 2011. A member of the Democratic Party, he was its nominee in the 2016 election for the same U. ...

(Wisc.),

Tom Harkin Thomas Richard Harkin (born November 19, 1939) is an American lawyer, author, and politician who served as a United States senator from Iowa from 1985 to 2015. A member of the Democratic Party, he previously was the U.S. representative for Io ...

(Iowa),

Barbara Mikulski Barbara Ann Mikulski ( ; born July 20, 1936) is an American politician and social worker who served as a United States senator from Maryland from 1987 to 2017. A member of the Democratic Party, she also served in the United States House of Repr ...

(Maryland) and

Paul Wellstone Paul David Wellstone (July 21, 1944 – October 25, 2002) was an American academic, author, and politician who represented Minnesota in the United States Senate from 1991 until he was killed in a plane crash near Eveleth, Minnesota, in 2002. A ...

(Minn.) Sen. Peter Fitzgerald (R-Illinois) again voted "present", while Sen. John McCain (R-Arizona) did not vote. and by the House 362–57.Congressional roll-call
On the passage of S.900: Financial Services Act of 1999, Record Vote No: 570
, November 4, 1999, Clerk of the U.S. House. Sortable unofficial table
On Agreeing to the Conference Report, S. 900 Financial Services Modernization Act, roll call 570, 106th Congress, 1st session
Votes Database at ''

'', retrieved on October 9, 2008Republicans voted 207–5 in favor with 10 not voting. Democrats voted 155–51 in favor, with 5 not voting. Independent Rep. Bernie Sanders of Vermont voted no. The legislation was signed into law by President

on November 12, 1999.

Changes caused by the Act

Many of the largest banks, brokerages, and insurance companies desired the Act at the time. The justification was that individuals usually put more money into investments when the economy is doing well, but they put most of their money into

savings account A savings account is a bank account at a retail bank. Common features include a limited number of withdrawals, a lack of cheque and linked debit card facilities, limited transfer options and the inability to be overdrawn. Traditionally, transa ...

s when the economy turns bad. With the new Act, they would be able to do both 'savings' and 'investment' at the same financial institution, which would be able to do well in both good and bad economic times. Prior to the Act, most financial services companies were already offering both saving and investment opportunities to their customers. On the retail/consumer side, a bank called

Norwest Corporation Norwest Corporation was a banking and financial services company based in Minneapolis, Minnesota, United States. In 1998, it merged with Wells Fargo & Co. and since that time has operated under the Wells Fargo name. History Early formation Th ...

, which would later merge with

Wells Fargo Bank Wells Fargo & Company is an American multinational financial services company with corporate headquarters in San Francisco, San Francisco, California; operational headquarters in Manhattan; and managerial offices throughout the United St ...

, led the charge in offering all types of financial services products in 1986. American Express attempted to own participants in almost every field of financial business (although there was little synergy among them). Things culminated in 1998 when Citibank merged with

The Travelers Companies The Travelers Companies, Inc., commonly known as Travelers, is an American insurance company. It is the second-largest writer of U.S. commercial property casualty insurance, and the sixth-largest writer of U.S. personal insurance through indepen ...

, creating Citigroup. The merger violated the

Bank Holding Company Act The Bank Holding Company Act of 1956 (, ''et seq.'') is a United States Act of Congress that regulates the actions of bank holding companies. The original law (subsequently amended), specified that the Federal Reserve Board of Governors must appr ...

(BHCA), but Citibank was given a two-year forbearance that was based on an assumption that they would be able to force a change in the law. The Gramm–Leach–Bliley Act passed in November 1999, repealing portions of the BHCA and the Glass–Steagall Act, allowing banks, brokerages, and insurance companies to merge, thus making the CitiCorp/Travelers Group merger legal. Also prior to the passage of the Act, there were many relaxations to the ''Glass–Steagall Act''. For example, a few years earlier, commercial Banks were allowed to pursue investment banking, and before that banks were also allowed to begin stock and insurance brokerage. Insurance underwriting was the only main operation they weren't allowed to do, something rarely done by banks even after the passage of the Act. The Act further enacted three provisions that allow for bank holding companies to engage in physical commodity activities. Prior to the enactment of the Act those activities were limited to those that were so closely related to banking to be considered incidental to it. Under GLBA depending on the provision the institution falls into, bank holding companies can engage in physical commodity trading, energy tolling, energy management services, and merchant banking activities. Much consolidation occurred in the financial services industry since, but not at the scale some had expected. Retail banks, for example, do not tend to buy insurance underwriters, as they seek to engage in a more profitable business of insurance brokerage by selling products of other insurance companies. Other retail banks were slow to market investments and insurance products and package those products in a convincing way. Brokerage companies had a hard time getting into banking, because they do not have a large branch and backshop footprint. Banks have recently tended to buy other banks, such as the 2004

Bank of America The Bank of America Corporation (often abbreviated BofA or BoA) is an American multinational investment bank and financial services holding company headquartered at the Bank of America Corporate Center in Charlotte, North Carolina. The bank ...

and Fleet Boston merger, yet they have had less success integrating with investment and insurance companies. Many banks have expanded into investment banking, but have found it hard to package it with their banking services, without resorting to questionable tie-ins which caused scandals at

Remaining restrictions

Crucial to the passing of this Act was an amendment made to the GLBA, stating that no merger may go ahead if any of the financial holding institutions, or affiliates thereof, received a "less than satisfactory rating at its most recent CRA exam", essentially meaning that any merger may only go ahead with the strict approval of the regulatory bodies responsible for the

(CRA).Community Reinvestment Act Amendments in the Gramm–Leach Act
, additional text. This was an issue of hot contention, and the Clinton Administration stressed that it "would veto any legislation that would scale back minority-lending requirements." GLBA also did not remove the restrictions on banks placed by the

which prevented financial institutions from owning non-financial corporations. It conversely prohibits corporations outside of the banking or finance industry from entering retail and/or commercial banking. Many assume

Wal-Mart Walmart Inc. (; formerly Wal-Mart Stores, Inc.) is an American multinational retail corporation that operates a chain of hypermarkets (also called supercenters), discount department stores, and grocery stores from the United States, headquarter ...

's desire to convert its industrial bank to a commercial/retail bank ultimately drove the banking industry to back the GLBA restrictions. Some restrictions remain to provide some amount of separation between the investment and commercial banking operations of a company. For example,

licensed A license (or licence) is an official permission or permit to do, use, or own something (as well as the document of that permission or permit). A license is granted by a party (licensor) to another party (licensee) as an element of an agreeme ...

bankers must have separate business cards, e.g., "Personal Banker, Wells Fargo Bank" and "Investment Consultant, Wells Fargo Private Client Services". Much of the debate about

financial privacy Banking secrecy, alternately known as financial privacy, banking discretion, or bank safety,Guex (2000), p. 240 is a conditional agreement between a bank and its clients that all foregoing activities remain secure, confidential, and private. Mos ...

is specifically centered around allowing or preventing the banking, brokerage, and insurances divisions of a company from working together. In terms of compliance, the key rules under the Act include ''The Financial Privacy Rule'' which governs the collection and disclosure of customers' personal financial information by financial institutions. It also applies to companies, regardless of whether they are financial institutions, that receive such information. ''The Safeguards Rule'' requires all financial institutions to design, implement and maintain safeguards to protect customer information. The Safeguards Rule applies not only to financial institutions that collect information from their own customers, but also to financial institutions – such as credit reporting agencies, appraisers, and mortgage brokers – that receive customer information from other financial institutions.

Privacy

* GLBA compliance is mandatory; whether a financial institution discloses nonpublic information or not, there must be a policy in place to protect the information from foreseeable threats in security and data integrity. * Major components put into place to govern the collection, disclosure, and protection of consumers' nonpublic personal information; or personally identifiable information include: ** Financial Privacy Rule ** Safeguards Rule ** Pretexting Protection

Financial Privacy Rule

(Subtitle A: Disclosure of Nonpublic Personal Information, codified at ) The Financial Privacy Rule requires financial institutions to provide each consumer with a privacy notice at the time the consumer relationship is established and annually thereafter. The privacy notice must explain the information collected about the consumer, where that information is shared, how that information is used, and how that information is protected. The notice must also identify the consumer's right to opt out of the information being shared with unaffiliated parties pursuant to the provisions of the

Fair Credit Reporting Act The Fair Credit Reporting Act (FCRA), 15 U.S.C. § 1681 ''et seq'', is U.S. Federal Government legislation enacted to promote the accuracy, fairness, and privacy of consumer information contained in the files of consumer reporting agencies. It ...

. Should the privacy policy change at any point in time, the consumer must be notified again for acceptance. Each time the privacy notice is reestablished, the consumer has the right to opt out again. The unaffiliated parties receiving the nonpublic information are held to the acceptance terms of the consumer under the original relationship agreement. In summary, the financial privacy rule provides for a

privacy policy A privacy policy is a statement or legal document (in privacy law) that discloses some or all of the ways a party gathers, uses, discloses, and manages a customer or client's data. Personal information can be anything that can be used to identify ...

agreement between the company and the consumer pertaining to the protection of the consumer's personal nonpublic information. On November 17, 2009, eight federal regulatory agencies released the final version of
model privacy notice form
to make it easier for consumers to understand how financial institutions collect and share information about consumers.

Financial institutions

GLBA defines financial institutions as: "companies that offer financial products or services to individuals, like loans, financial or investment advice, or insurance". The Federal Trade Commission (FTC) has jurisdiction over financial institutions similar to, and including, these: * Non-bank mortgage lenders, * Real estate appraisers, * Loan brokers, * Some financial or investment advisers, * Debt collectors, * Tax return preparers, * Banks, and * Real estate settlement service providers. These companies must also be considered significantly engaged in the financial service or production that defines them as a "financial institution". Insurance has jurisdiction first by the state, provided the state law at minimum complies with the GLB. State law can require greater compliance, but not less than what is otherwise required by the GLB.

Consumer vs. customer defined

The ''Gramm–Leach–Bliley Act'' defines a "consumer" as :"an individual who obtains, from a financial institution, financial products or services which are to be used primarily for personal, family, or household purposes, and also means the legal representative of such an individual." (See .) A customer is a consumer that has developed a relationship with privacy rights protected under the ''GLB''. A customer is not someone using an automated teller machine (ATM) or having a check cashed at a cash advance business. These are not ongoing relationships like a customer might have—i.e., a

mortgage loan A mortgage loan or simply mortgage (), in civil law jurisdicions known also as a hypothec loan, is a loan used either by purchasers of real property to raise funds to buy real estate, or by existing property owners to raise funds for any ...

, tax advising, or credit financing. A business is not an individual with personal nonpublic information, so a business cannot be a customer under the ''GLB''. A business, however, may be liable for compliance to the ''GLB'' depending upon the type of business and the activities utilizing individual's personal nonpublic information.

Consumer/client privacy rights

Under the ''GLB'', financial institutions must provide their clients a privacy notice that explains what information the company gathers about the client, where this information is shared, and how the company safeguards that information. This privacy notice must be given to the client prior to entering into an agreement to do business. There are exceptions to this when the client accepts a delayed receipt of the notice in order to complete a transaction on a timely basis. This has been somewhat mitigated due to online acknowledgement agreements requiring the client to read or scroll through the notice and check a box to accept terms. The privacy notice must also explain to the customer the opportunity to 'opt out'. Opting out means that the client can say "no" to allowing their information to be shared with nonaffiliated third parties. The ''

'' is responsible for the 'opt-out' opportunity, but the privacy notice must inform the customer of this right under the GLB. The client cannot opt out of: * Information shared with those providing priority service to the financial institution * Marketing of products or services for the financial institution * When the information is deemed legally required. * When entering into a financial transaction, the institution providing said transaction must provide the customer a secure room with the ability to close in order to better protect the clients personal information.

Receipt of GLBA notices by consumers

= ¶ Service of notice requirements

= Notice requirements may vary. In most cases, service of a GLBA notice is not necessary unless the entity serving the notice intends to "share" customer information, which the FTC defines as, "non-public personal information (NPI)", of customers required to be protected under ''GLBA''.

=¶ Response to receipt of a GLBA notice

= A consumer may react to service of a ''GLBA'' notice by: * Not responding * Indicating, on an acknowledgment form that notice was not provided (typically for in-person signed documents) * Responding according to format suggested in the GLBA Notice * Responding with a prepared letter (alone or in addition to the form)

Synergy between GLBA and GDPR

The European Union's General Data Protection Regulation (GDPR) became enforceable on 25 May 2018. As applies to consumers, the

GDPR The General Data Protection Regulation (GDPR) is a European Union regulation on data protection and privacy in the EU and the European Economic Area (EEA). The GDPR is an important component of EU privacy law and of human rights law, in parti ...

includes provision on scope of data collection, but also includes right of access, right to erasure, right to restriction of processing and right to data portability. Due to the multinational nature of some transactions, including data and internet transactions, and the possible implementation of corresponding regulations in some US states, it is likely that business and other entities will comply with the

as well as US ''GLBA'' requirements. Individualized requests for privacy under the ''GLBA'' are likely to include provisions guaranteed by the

European Union The European Union (EU) is a supranational political and economic union of member states that are located primarily in Europe. The union has a total area of and an estimated total population of about 447million. The EU has often been de ...

Safeguards Rule

(Subtitle A: Disclosure of Nonpublic Personal Information, codified at ) The Safeguards Rule implements data security requirements from the GLBA and requires financial institutions to develop a written information security plan that describes how the company is prepared for, and plans to continue to protect its clients' nonpublic personal information. The Safeguards Rule applies to information of any consumer's past or present regarding the financial institution's products or services. The written plan must include: * Denoting at least one employee to manage the safeguards * Constructing a thorough risk analysis on each department handling the nonpublic information * Develop, monitor, and test a program to secure the information * Adapting the safeguards as needed with contemporary changes in how information is collected, stored, and used The Safeguards Rule forces financial institutions to take a closer look at how they manage private data and to do a risk analysis on their current processes. The Federal Register features approaches for risk assessments such as evaluating the likelihood of magnitudes of harm that result from threats and errors and safeguards are commensurate with the risks they address. No process is perfect, so this has meant that every financial institution has had to make some effort to comply with the ''GLBA''. In December 2021, the Safeguards Rule was updated, amid some controversy, by the FTC to include specific criteria requiring financial institutions to introduce new security controls and to increase the accountability of

boards of directors A board of directors (commonly referred simply as the board) is an executive committee that jointly supervises the activities of an organization, which can be either a for-profit or a nonprofit organization such as a business, nonprofit organi ...

, with a six-month compliance extension, from January to June 2023, granted for some types of institutions in November 2022."FTC Delays Safeguards Rule Implementation for Certain Financial Institutions"
Mercedes Kelley Tunstall ''

The National Law Review ''The National Law Review'' is an American law journal, daily legal news website and legal analysis content-aggregating database. In both 2020 and 2021, the National Law Review published over 20,000 legal news articles and experienced an uptick ...

'' Volume XII, Number 331, November 23, 2022. Retrieved November 30, 2022.

Pretexting protection

(Subtitle B: Fraudulent Access to Financial Information, codified at )

Pretexting Pretexting is a type of social engineering attack that involves a situation, or pretext, created by an attacker in order to lure a victim into a vulnerable situation and to trick them into giving private information, specifically information that t ...

(sometimes referred to as "social engineering") occurs when someone tries to gain access to personal nonpublic information without proper authority to do so. This may entail requesting private information while impersonating the account holder, by telephone, by mail, by e-mail, or even by "

phishing Phishing is a type of social engineering where an attacker sends a fraudulent (e.g., spoofed, fake, or otherwise deceptive) message designed to trick a person into revealing sensitive information to the attacker or to deploy malicious softwa ...

" (i.e., using a phony website or email to collect data). GLBA encourages the organizations covered by GLBA to implement safeguards against pretexting. For example, a well-written plan designed to meet GLB's Safeguards Rule ("develop, monitor, and test a program to secure the information") would likely include a section on training employees to recognize and deflect inquiries made under pretext. In fact, the evaluation of the effectiveness of such employee training probably should include a follow-up program of random spot checks, "outside the classroom", after completion of the nitialemployee training, in order to check on the resistance of a given (randomly chosen) student to various types of "social engineering"—perhaps even designed to focus attention on any new wrinkle that might have arisen ''after'' the nitialeffort to "develop" the curriculum for such employee training. Under United States law, pretexting by individuals is punishable as a

common law In law, common law (also known as judicial precedent, judge-made law, or case law) is the body of law created by judges and similar quasi-judicial tribunals by virtue of being stated in written opinions."The common law is not a brooding omnipres ...

crime of

false pretenses In criminal law, property is obtained by false pretenses when the acquisition results from the intentional misrepresentation of a past or existing fact. Elements The elements of false pretenses are: *a false representation *of a material pa ...

Effect on usury law

Section 731 of the GLB, codified as subsection (f) of , contains a unique provision aimed at

Arkansas Arkansas ( ) is a landlocked state in the South Central United States. It is bordered by Missouri to the north, Tennessee and Mississippi to the east, Louisiana to the south, and Texas and Oklahoma to the west. Its name is from the O ...

, whose

usury Usury () is the practice of making unethical or immoral monetary loans that unfairly enrich the lender. The term may be used in a moral sense—condemning taking advantage of others' misfortunes—or in a legal sense, where an interest rate is c ...

limit was set at five percent above the Federal Reserve discount rate by the Arkansas Constitution and could not be changed by the Arkansas General Assembly. When the

Office of the Comptroller of the Currency The Office of the Comptroller of the Currency (OCC) is an independent bureau within the United States Department of the Treasury that was established by the National Currency Act of 1863 and serves to charter, regulate, and supervise all natio ...

ruled that interstate banks established under the

Riegle-Neal Interstate Banking and Branching Efficiency Act of 1994 The Riegle-Neal Interstate Banking and Branching Efficiency Act of 1994 BBEAamended the laws governing federally chartered banks in order to restore the laws' competitiveness with the recently relaxed laws governing ''state''-chartered banks. The g ...

could use their home state's usury law for all branches nationwide with minimal restrictions, Arkansas-based banks were placed at a severe competitive disadvantage to Arkansas branches of interstate banks; this led to out-of-state takeovers of several Arkansas banks, including the sale of First Commercial Bank (then Arkansas' largest bank) to Regions Financial Corporation in 1998. Under Section 731, all banks headquartered in a state covered by that law may charge up to the highest usury limit of any state that is headquarters to an interstate bank which has branches in the covered state. Therefore, since Arkansas has branches of banks based in

Alabama (We dare defend our rights) , anthem = "Alabama" , image_map = Alabama in United States.svg , seat = Montgomery , LargestCity = Huntsville , LargestCounty = Baldwin County , LargestMetro = Greater Birmingham , area_total_km2 = 135,765 ...

Georgia Georgia most commonly refers to: * Georgia (country), a country in the Caucasus region of Eurasia * Georgia (U.S. state), a state in the Southeast United States Georgia may also refer to: Places Historical states and entities * Related to the ...

Mississippi Mississippi () is a state in the Southeastern region of the United States, bordered to the north by Tennessee; to the east by Alabama; to the south by the Gulf of Mexico; to the southwest by Louisiana; and to the northwest by Arkansas. Miss ...

Missouri Missouri is a state in the Midwestern region of the United States. Ranking 21st in land area, it is bordered by eight states (tied for the most with Tennessee): Iowa to the north, Illinois, Kentucky and Tennessee to the east, Arkansas t ...

North Carolina North Carolina () is a state in the Southeastern region of the United States. The state is the 28th largest and 9th-most populous of the United States. It is bordered by Virginia to the north, the Atlantic Ocean to the east, Georgia and ...

Ohio Ohio () is a state in the Midwestern region of the United States. Of the fifty U.S. states, it is the 34th-largest by area, and with a population of nearly 11.8 million, is the seventh-most populous and tenth-most densely populated. The sta ...

, and

Texas Texas (, ; Spanish: ''Texas'', ''Tejas'') is a state in the South Central region of the United States. At 268,596 square miles (695,662 km2), and with more than 29.1 million residents in 2020, it is the second-largest U.S. state by ...

, any loan that is legal under the usury laws of any of those states may be made by an Arkansas-based bank under Section 731. The section does not apply to interstate banks with branches in the covered state, but headquartered elsewhere; however, Arkansas-based interstate banks like

Arvest Bank Arvest Bank is a bank headquartered in Bentonville, Arkansas, with branches in Arkansas, Kansas, Oklahoma, and Missouri. It is the oldest bank in Arkansas and is on the list of largest banks in the United States. It is almost entirely owned by ...

may export their Section 731 limits to other states. Due to Section 731, it is generally regarded that Arkansas-based banks now have no usury limit for

credit card A credit card is a payment card issued to users (cardholders) to enable the cardholder to pay a merchant for goods and services based on the cardholder's accrued debt (i.e., promise to the card issuer to pay them for the amounts plus the o ...

s or for any loan of greater than $2,000 (since Alabama, Regions' home state, has no limits on those loans), with a limit of 18% (the minimum usury limit in Texas) or more on all other loans. However, once

Wells Fargo Wells Fargo & Company is an American multinational financial services company with corporate headquarters in San Francisco, California; operational headquarters in Manhattan; and managerial offices throughout the United States and intern ...

fully completed its purchase of Century Bank (a Texas bank with Arkansas branches), Section 731 did away with all usury limits for Arkansas-based banks since Wells Fargo's main bank charter is based in

South Dakota South Dakota (; Sioux: , ) is a U.S. state in the North Central region of the United States. It is also part of the Great Plains. South Dakota is named after the Lakota and Dakota Sioux Native American tribes, who comprise a large porti ...

, which repealed its usury laws many years ago. Though designed for Arkansas, Section 731 may also apply to

Alaska Alaska ( ; russian: Аляска, Alyaska; ale, Alax̂sxax̂; ; ems, Alas'kaaq; Yup'ik: ''Alaskaq''; tli, Anáaski) is a state located in the Western United States on the northwest extremity of North America. A semi-exclave of the U.S. ...

and

California California is a state in the Western United States, located along the Pacific Coast. With nearly 39.2million residents across a total area of approximately , it is the most populous U.S. state and the 3rd largest by area. It is also the m ...

whose constitutions provide for the same basic usury limit, though unlike Arkansas their legislatures can (and generally do) set different limits. If Section 731 applies to those states, then all their usury limits are inapplicable to banks based in those states, since Wells Fargo has branches in both states.

Controversy

Criticisms

The act is often cited as a cause of the

2007 subprime mortgage financial crisis The United States subprime mortgage crisis was a multinational financial crisis that occurred between 2007 and 2010 that contributed to the Financial crisis of 2007–2008, 2007–2008 global financial crisis. It was triggered by a large decline ...

"even by some of its onetime supporters." Former President Barack Obama has stated that GLBA led to deregulation that, among other things, allowed for the creation of giant financial supermarkets that could own investment banks, commercial banks and insurance firms, something banned since the Great Depression. Its passage, critics also say, cleared the way for companies that were too big and intertwined to fail. Economist Joseph Stiglitz has also argued that the Act increased risk-taking leading up to the crisis, stating "the culture of investment banks was conveyed to commercial banks and everyone got involved in the high-risk gambling mentality". In an article in ''

The Nation ''The Nation'' is an American liberal biweekly magazine that covers political and cultural news, opinion, and analysis. It was founded on July 6, 1865, as a successor to William Lloyd Garrison's '' The Liberator'', an abolitionist newspaper t ...

'', Mark Sumner asserted that the Gramm–Leach–Bliley Act was responsible for the creation of entities that took on more risk due to their being considered "

too big to fail "Too big to fail" (TBTF) and "too big to jail" is a theory in banking and finance that asserts that certain corporations, particularly financial institutions, are so large and so interconnected that their failure would be disastrous to the great ...

Defenses

According to a 2009 policy report from the

Cato Institute The Cato Institute is an American libertarian think tank headquartered in Washington, D.C. It was founded in 1977 by Ed Crane, Murray Rothbard, and Charles Koch, chairman of the board and chief executive officer of Koch Industries.Koch Ind ...

authored by one of the institute's directors, Mark A. Calabria, critics of the legislation feared that, with the allowance for mergers between investment and commercial banks, GLBA allowed the newly-merged banks to take on riskier investments while at the same time removing any requirements to maintain enough equity, exposing the assets of its banking customers. Calabria claimed that, prior to the passage of GLBA in 1999, investment banks were already capable of holding and trading the very financial assets claimed to be the cause of the mortgage crisis, and were also already able to keep their books as they had. He concluded that greater access to investment capital as many investment banks went public on the market explains the shift in their holdings to trading portfolios. Calabria noted that after GLBA passed, most investment banks did not merge with depository commercial banks, and that in fact, the few banks that did merge weathered the crisis better than those that did not. In February 2009, one of the act's co-authors, former Senator Phil Gramm, also defended his bill:

, as well as economists

Brad DeLong James Bradford "Brad" DeLong (born June 24, 1960) is an economic historian who is a professor of economics at the University of California, Berkeley. DeLong served as Deputy Assistant Secretary of the U.S. Department of the Treasury in the Clin ...

and

Tyler Cowen Tyler Cowen (; born January 21, 1962) is an American economist, columnist and blogger. He is a professor at George Mason University, where he holds the Holbert L. Harris chair in the economics department. He hosts the economics blog ''Marginal R ...

have all argued that the Gramm–Leach–Bliley Act softened the impact of the crisis. '' Atlantic Monthly'' columnist Megan McArdle has argued that if the act was "part of the problem, it would be the commercial banks, not the investment banks, that were in trouble" and repeal would not have helped the situation. An article in the

conservative Conservatism is a cultural, social, and political philosophy that seeks to promote and to preserve traditional institutions, practices, and values. The central tenets of conservatism may vary in relation to the culture and civilization in ...

publication ''

National Review ''National Review'' is an American conservative editorial magazine, focusing on news and commentary pieces on political, social, and cultural affairs. The magazine was founded by the author William F. Buckley Jr. in 1955. Its editor-in-chief ...

'' has made the same argument, calling allegations about the Act " folk economics." A ''

New York Times ''The New York Times'' (''the Times'', ''NYT'', or the Gray Lady) is a daily newspaper based in New York City with a worldwide readership reported in 2020 to comprise a declining 840,000 paid print subscribers, and a growing 6 million paid ...

'' financial columnist and occasional critic of GLBA

Andrew Ross Sorkin Andrew Ross Sorkin (born February 19, 1977) is an American journalist and author. He is a financial columnist for ''The New York Times'' and a co-anchor of CNBC's ''Squawk Box.'' He is also the founder and editor of DealBook, a financial news s ...

stated that he believes GLBA had little to do with the failed institutions.

Amendments

Proposed

National Association of Registered Agents and Brokers Reform Act of 2013 (H.R. 1155; 113th Congress) The National Association of Registered Agents and Brokers Reform Act of 2013 () is a bill that was introduced into the United States House of Representatives during the 113th United States Congress. The bill ultimately failed to be enacted. The ...

() is a bill meant to reduce the regulatory costs of complying with multiple states' requirements for insurance companies, making it easier for the same company to operate in multiple states. The bill would amend the Gramm–Leach–Bliley Act to repeal the contingent conditions under which the National Association of Registered Agents and Brokers (NARAB) shall not be established. The bill would transform the National Association of Registered Agents and Brokers (NARAB) into a clearing house that set up its own standards that insurance companies would be required to meet in order to do business in other states. In this new system, however, the insurance company would only have to meet the requirements of their home state and the NARAB (only two entities), not their home state and every other state they wished to operate in (multiple entities). Proponents of the bill argued that it would help lower costs for insurance companies and make insurance cheaper for people to buy.

Notes

References

Sources

*
Financial Privacy: The Gramm–Leach–Bliley Act
Federal Trade Commission, 1999
Gramm–Leach–Bliley Act,15 USC, Subchapter I, Sec. 6801–6809, Disclosure of Nonpublic Personal Information
FTC, 1999 *Mike Chapple

November 18, 2003 *Robert H. Ledig

* ttp://www.ftc.gov/privacy/privacyinitiatives/financial_rule.html The Gramm–Leach–Bliley Act: The Financial Privacy Rule Federal Trade Commission
In Brief: The Financial Privacy Requirements of the Gramm–Leach–Bliley Act
Federal Trade Commission
The Gramm–Leach–Bliley Act — "History of the GLBA"

Electronic Privacy Information Center Electronic Privacy Information Center (EPIC) is an independent nonprofit research center in Washington, D.C. EPIC's mission is to focus public attention on emerging privacy and related human rights issues. EPIC works to protect privacy, freedom ...

Financial Institution Privacy Protection Act of 2003 — 108th CONGRESS, 1st Session, S. 1458, "To amend the Gramm–Leach–Bliley Act to provide for enhanced protection of nonpublic personal information, including health information, and for other purposes."
, In the Senate of the United States; July 25 (legislative day, JULY 21), 2003,

Testimony of (Federal Reserve) Governor Laurence H. Meyer: Merchant banking

Federal Reserve Bank A Federal Reserve Bank is a regional bank of the Federal Reserve System, the central banking system of the United States. There are twelve in total, one for each of the twelve Federal Reserve Districts that were created by the Federal Reserve ...

* Martin McLaughlin
Clinton, Republicans agree to deregulation of US financial system
World Socialist Web Site, November 1, 1999, retrieved on October 9, 2008

External links

Gramm-Leach-Bliley ActPDFdetails
as amended in the

GPO GPO may refer to: Government and politics * General Post Office, Dublin * General Post Office, in Britain * Social Security Government Pension Offset, a provision reducing benefits * Government Pharmaceutical Organization, a Thai state enterpris ...

br>Statute Compilations collection

Gramm-Leach-Bliley Act
as enacted in the US Statutes at Large

Compliance information

Gramm–Leach–Bliley Act, 15 USC, Subchapter I, Sec. 6801–6809 – Disclosure of Nonpublic Personal Information

Consumer/client rights information

What Can You Do To Protect Your Privacy

History of the GLB

History of the GLBA

Congressional voting records on Gramm–Leach–Bliley Act

Senate Vote #354 (Nov. 4, 1999) On the Conference Report (S.900 Conference Report )

House Vote #570 (Nov. 4, 1999) On Agreeing to the Conference Report: S 900 (106th) Financial Services Modernization Act
{{DEFAULTSORT:Gramm-Leach-Bliley Act United States federal banking legislation United States federal privacy legislation United States federal computing legislation Acts of the 106th United States Congress Separation of investment and retail banking 1999 in economics