ENSURE COMPLIANCE AGAINST
CURRENT RISKS & BEST PRACTICES
Cybercriminals are hoping you stop at compliance. They’re counting on your organization conducting a bare minimum GLBA or NCUA audit. This gives malicious actors a fairly easy “in” to breach your environment, steal customers’ non-public personal information (NPI), and sully your hard-earned community reputation.
This is why BAI’s IT General Controls Audit goes far beyond just verifying your policies and procedures against regulatory compliance. We go the extra mile to examine your protocols in light of present-day best practices in IT security and emerging hacking methods that could compromise your environment. This is what we call BAI’s Compliance-PLUS Protection.
The Gramm-Leach-Bliley Act is a U.S. federal law created to control how financial institutions deal with a consumer’s non-public personal information (NPI). This is information that a financial institution collects when providing a financial product or service that can identify an individual and that isn’t otherwise publicly available.
- The Privacy Rule, which regulates the collection and use of NPI
- The Safeguards Rule, which requires financial institutions to implement a security program to protect NPI
- Pretexting provisions, which prohibits access to NPI under false pretense
- Ensuring the security and confidentiality of NPI
- Protecting against unauthorized access which could cause substantial harm or inconvenience to any customer
- Protecting against any threats which might affect the security or integrity of NPI
GLBA calls for severe civil and criminal penalties for noncompliance, including fines and imprisonment. If a financial institution violates GLBA, the following penalties may be issued:
- The institution will be subject to a civil penalty of not more than $100,000 for each violation.
- Officers and directors of the institution will be subject to, and personally liable for, a civil penalty of not more than $10,000 for each violation.
- The institution and its officers and directors will also be subject to fines in accordance with Title 18 of the United States Code or imprisonment for not more than five years, or both.