GLBA Audit & Assessment Services | GLBA Compliance Auditing Services | Banking Controls Audit Internal and Compliance Audit

BAI Security’s Banking Controls Audit and Assessment

Our GLBA Controls Audit verifies your institution’s existing controls against GLBA regulatory standards and banking best practice guidelines.

As part of our Controls Audit process, BAI Security’s team of experts review the following key areas:

  • Management and IT Governance (Including Cybersecurity Preparedness)
  • Development and Acquisition
  • Information Technology Operations
  • Electronic Payment Systems/Hosted and Managed Applications (Including eBanking)
  • 3rd Party Vendor Management
  • Business Continuity and Disaster Recovery (Including Appendix J)

We set ourselves apart with our exceptional, in-depth auditing, dedicated security focus, ongoing support, and best-in-class deliverables.

For more information or a quote, use the Contact Us form on the right or call us at (847) 410-8180.

Download our Controls Audit Brochure

More About GLBA

What is the Gramm-Leach-Bliley Act (GLBA)?

  The Gramm-Leach-Bliley Act is a U.S. federal law created to control how financial institutions deal with a consumer’s non-public personal information (NPI). This is information that a financial institution collects when providing a financial product or service that can identify an individual and that isn’t otherwise publicly available.

The GLBA Act has three main elements:

  1. The Privacy Rule, which regulates the collection and use of NPI
  2. The Safeguards Rule, which requires financial institutions to implement a security program to protect NPI
  3. Pretexting provisions, which prohibits access to NPI under false pretence

From a compliance point of view, the principles that need to be met are:

  • Ensuring the security and confidentiality of NPI
  • Protecting against unauthorized access which could cause substantial harm or inconvenience to any customer
  • Protecting against any threats which might affect the security or integrity of NPI

How does BAI Security help my institution with GLBA compliance?

BAI Security takes the anxiety out of the controls audit by evaluating current policies and procedures, and by performing a readiness assessment to see if your organization has met the standards of the GLBA.  We identify internal controls and policies to see if they work effectively to keep nonpublic information safe and secure. In addition, we provide a gap analysis to identify issues, and provide guidance on how your organization can become GLBA compliant.

How Will My Organization Benefit From A GLBA Audit?

With a comprehensive controls audit from BAI Security, you can implement the necessary changes to your information security programs and policies to keep customer and consumer information private.  We can provide guidance and gap analysis so you can reach Gramm-Leach-Bliley Act compliance standards and have a written information security plan in place that adequately protects customer and consumer records. By abiding by the Safeguards Rule, your organization can build trust and reliability with customers as they are assured that your organization will keep their information secure.

Who Must Comply With GLBA?

GLBA applies to all businesses, regardless of size, that are “significantly engaged” in providing financial products or services to consumers. This includes many companies not traditionally considered to be a financial institution such as check-cashing businesses, payday lenders, mortgage brokers, nonbank lenders, personal property or real estate appraisers, retailers that issue branded credit cards, professional tax preparers, and courier services. The law also applies to companies like credit reporting agencies and ATM operators that receive information about customers of other financial institutions.  GLBA compliance is mandatory. Whether or not a financial institution discloses NPI, there must be a policy in place to protect the information from foreseeable threats in security and data integrity.

The Penalties for Non-compliance with GLBA

GLBA calls for severe civil and criminal penalties for noncompliance, including fines and imprisonment. If a financial institution violates GLBA:
  • The institution will be subject to a civil penalty of not more than $100,000 for each violation
  • Officers and directors of the institution will be subject to, and personally liable for, a civil penalty of not more than $10,000 for each violation
  • The institution and its officers and directors will also be subject to fines in accordance with Title 18 of the United States Code or imprisonment for not more than five years, or both.

You can count on BAI Security to keep your organization safe and secure.

For more information or a quote, use the Contact Us form on the right or call us at (847) 410-8180.

What Our Clients Say

BAI Security has been our security consultant since 2007. They have worked with our company to ensure we are compliant and secure in areas of our network infrastructure, vulnerability management, best practices and social engineering. The BAI Security team has been professional, interactive with our teams and positively impacting to our growth. We highly recommend them.

Executive VP, IT Services Company

BAI is a very valuable resource, they have exceptional skills in security, and not only have I used their resources, but I have recommended him to many of my associates. They have a wonderful way of taking care of their clients, as well as communicating with people on a personal level.

President, Community Bank