Compliance

The Gramm-Leach-Bliley Act (GLBA): Compliance Guide for Financial Institutions

While the GLBA fostered competition and innovation, it also introduced a robust framework for consumer privacy and data security. For compliance professionals, understanding GLBA’s structure, requirements, and enforcement mechanisms is essential to safeguarding both institutional integrity and consumer trust.
Quick Links:
No items found.
No items found.

The Gramm-Leach-Bliley Act (GLBA), also known as the Financial Services Modernization Act of 1999, transformed the U.S. financial landscape by repealing key provisions of the Glass-Steagall Act and enabling affiliations among banks, securities firms, and insurance companies. While the Act fostered competition and innovation, it also introduced a robust framework for consumer privacy and data security. For compliance professionals, understanding GLBA’s structure, requirements, and enforcement mechanisms is essential to safeguarding both institutional integrity and consumer trust.

NETBankAudit experts have over 25 years of experience in GLBA audits and compliance. If you have any questions after reading this guide, please reach out to our team.

GLBA’s Legislative Background and Structure

Enacted on November 12, 1999, the GLBA marked a pivotal shift in financial regulation. By repealing the Glass-Steagall Act’s restrictions, it allowed financial institutions to consolidate and offer a broader range of services. The Act is organized into several key titles, each addressing a different aspect of financial modernization and consumer protection.

Title Main Focus
Title I Facilitating affiliations among banks, securities firms, and insurance companies; introduction of financial holding companies
Title II Functional regulation and clarification of regulatory authority among agencies
Title V Privacy and data security requirements for consumer information

This structure not only modernized the industry but also established a foundation for the privacy and security obligations that are central to today’s compliance environment.

Expanded Definitions and Scope of GLBA

GLBA defines “financial institution” broadly, encompassing a wide array of entities that provide financial products or services to consumers. This includes not only traditional banks and credit unions, but also insurance companies, securities firms, investment advisers, and even consumer reporting agencies. The Act’s reach is intentionally expansive to ensure that privacy and security standards apply across the financial sector.

Institutions covered by GLBA must comply with its privacy and data security provisions if they maintain credit, deposit, trust, or other financial accounts or relationships with consumers. This broad definition ensures that nearly all organizations handling sensitive financial data are subject to the Act’s requirements.

Privacy and Data Security: The Heart of GLBA

Title V of GLBA is perhaps its most influential component for compliance professionals. It establishes strict requirements for the protection of nonpublic personal information (NPI) and mandates transparency in how consumer data is collected, used, and shared. The privacy and data security provisions are designed to give consumers control over their information while holding institutions accountable for safeguarding it.

Privacy Notice Obligations

Financial institutions must provide clear and conspicuous privacy notices to consumers at the start of a customer relationship and annually thereafter. These notices must explain the institution’s policies regarding the collection, use, and disclosure of NPI, as well as the consumer’s right to opt out of certain information sharing with nonaffiliated third parties.

A model privacy form, developed by federal regulators, helps standardize these disclosures. However, the form has limitations, as it covers only a subset of the personal information types and collection methods identified in Regulation P. Compliance professionals should ensure that their institution’s privacy notices are both accurate and comprehensive, going beyond the minimum requirements when necessary.

Information Security Program Requirements

GLBA requires financial institutions to develop, implement, and maintain a comprehensive information security program. This program must include administrative, technical, and physical safeguards to protect customer records and information from unauthorized access, anticipated threats, and hazards. The FTC Safeguards Rule further clarifies these obligations, requiring regular monitoring and testing of security measures.

  • Administrative safeguards: Policies, procedures, and training to manage information security risks.
  • Technical safeguards: Use of technology such as encryption, firewalls, and secure access controls.
  • Physical safeguards: Measures to protect physical access to sensitive data, such as locked facilities and secure disposal of records.

Institutions must regularly review and update their security programs to address emerging threats and vulnerabilities.

Limitations on Information Sharing and Opt-Out Rights

GLBA places strict limitations on the sharing of NPI with nonaffiliated third parties. Consumers must be given the opportunity to opt out of such sharing, except in cases where disclosure is necessary to process transactions, prevent fraud, comply with legal requirements, or respond to judicial processes. Notably, financial institutions are prohibited from disclosing account numbers or similar access codes to nonaffiliated third parties for marketing purposes.

The opt-out process must be easy for consumers to understand and exercise. Institutions should clearly explain the categories of information collected, the types of third parties with whom information may be shared, and the consumer’s right to limit this sharing.

Prohibition of Pretexting and Social Engineering

GLBA explicitly prohibits “pretexting”—the practice of obtaining customer information through false pretenses or deception. This provision is a direct response to the growing threat of social engineering and phishing scams targeting financial institutions. Compliance professionals must ensure that employees are trained to recognize and prevent such attempts.

Effective anti-pretexting measures include:

  • Employee education on common social engineering tactics.
  • Verification procedures for customer requests involving sensitive information.
  • Incident response protocols for suspected pretexting attempts.

Regulatory Authority, Coordination, and Enforcement

GLBA’s enforcement framework is notable for its coordination among multiple federal and state agencies. The Federal Trade Commission (FTC), Office of the Comptroller of the Currency (OCC), Federal Reserve Board, Federal Deposit Insurance Corporation (FDIC), National Credit Union Administration (NCUA), and Securities and Exchange Commission (SEC) all play roles in enforcing GLBA provisions. The Dodd-Frank Act further transferred rulemaking authority for most privacy provisions to the Consumer Financial Protection Bureau (CFPB), except for securities and futures-related companies and certain motor vehicle dealers.

The table below summarizes the primary enforcement responsibilities:

Safeguard Type Description
Administrative safeguards Policies, procedures, and training to manage information security risks
Technical safeguards Use of technology such as encryption, firewalls, and secure access controls
Physical safeguards Measures to protect physical access to sensitive data, such as locked facilities and secure disposal of records

Violations of GLBA can result in enforcement actions, including injunctive relief, monetary penalties, and requirements for corrective action. Institutions should be prepared for rigorous examinations and audits by their primary regulators.

Recent Developments: FTC Safeguards Rule Amendments

Expanded and Updated FTC Safeguards Rule

The Federal Trade Commission’s Safeguards Rule, which implements the GLBA’s data security requirements for non-bank financial institutions, has undergone significant updates in recent years. Originally effective in 2003, the Rule was amended in 2021 to provide more concrete, prescriptive guidance for information security programs. The amendments require covered financial institutions to implement a written information security program that is appropriate to the size and complexity of the business, the nature and scope of its activities, and the sensitivity of the customer information at issue.

Key requirements now include:

  • Designation of a Qualified Individual to oversee the information security program.
  • Written risk assessments that identify and evaluate internal and external risks to customer information.
  • Implementation and regular review of access controls, encryption of customer information both in transit and at rest (or use of effective alternative controls), and periodic inventory of data and systems.
  • Development of a written incident response plan that covers goals, internal processes, roles and responsibilities, communications, remediation, documentation, and post-incident review.
  • Ongoing monitoring and periodic reassessment of service providers, including contractual requirements for security and regular performance reviews.
  • Annual written reports by the Qualified Individual to the Board of Directors or governing body, covering the overall status of the information security program, risk assessments, test results, security events, and recommendations for program changes.

2024 Breach Notification Requirements

A major new provision took effect in May 2024: covered financial institutions must notify the FTC as soon as possible, and no later than 30 days after discovery, of any “notification event.” A notification event is defined as the unauthorized acquisition of unencrypted customer information of at least 500 consumers. This includes situations where encrypted data is compromised along with its encryption key.

The breach notification must be submitted via the FTC’s online reporting form and include basic information such as the company name, event dates, number of affected customers, types of information involved, and a brief summary of the incident. If details are incomplete at the time of reporting, updates must be submitted as more information becomes available. The FTC may make these reports public, and law enforcement delay is available if requested.

NETBankAudit Logo PNG

THE GOLD STANDARD IN
Cybersecurity and Regulatory Compliance

Request For ProposalAsk a Question

State-Level Changes: Montana and Connecticut Narrow GLBA Exemptions

Montana SB 297: Narrowing the GLBA Exemption

Montana’s 2025 legislative session brought a significant change to the state’s data privacy landscape. SB 297, effective October 1, 2025, eliminates the broad entity-level GLBA exemption from the Montana Consumer Data Privacy Act (MCDPA). Now, most financial institutions and their affiliates are subject to the MCDPA unless they qualify for a narrow exemption.

  • The law retains a data-level exemption for personal data collected, processed, sold, or disclosed in accordance with Title V of GLBA.
  • Specific entity-level exemptions remain for state or federally chartered banks and credit unions (and their affiliates/subsidiaries), as well as insurers, insurance providers, and third-party administrators.

This means that while GLBA-regulated data is still exempt, financial institutions operating in Montana must carefully assess whether their activities or data fall outside the scope of Title V and are thus subject to state privacy requirements.

Connecticut SB 1295: Changes to the Connecticut Data Privacy Act

Connecticut’s SB 1295, effective July 1, 2026, similarly removes the entity-level GLBA exemption from the Connecticut Data Privacy Act (CTDPA). GLBA-covered entities are no longer categorically exempt; instead, only data that is specifically regulated by GLBA (Title V) is exempt.

  • Entity-level exemptions are now limited to state/federally chartered banks, credit unions, insurers, broker-dealers, investment advisers, and their agents.
  • All other financial institutions must comply with the CTDPA for data and activities not expressly covered by GLBA.

This change requires financial institutions in Connecticut to conduct a detailed review of their data processing activities to determine which are subject to state privacy law and which remain under the federal GLBA framework.

Compliance Implications for Financial Institutions

The narrowing of GLBA exemptions at the state level in Montana and Connecticut signals a growing trend: financial institutions can no longer rely on broad federal preemption to avoid state privacy laws. Instead, they must:

  • Map and classify all personal data to determine whether it is covered by GLBA, state law, or both.
  • Update privacy notices, policies, and procedures to reflect overlapping federal and state requirements.
  • Train staff on the distinctions between GLBA-covered data and data subject to state privacy laws.
  • Monitor legislative developments in other states, as similar changes may be adopted elsewhere.

Institutions should work closely with legal and compliance experts to ensure that their privacy and data security programs are robust, up-to-date, and responsive to this evolving regulatory environment.

Compliance Examination Procedures and Best Practices

GLBA compliance is not a one-time event but an ongoing process that requires continuous attention and adaptation. Examiners will assess the adequacy of an institution’s training programs, audit procedures, and management oversight. They will also evaluate how well the institution identifies and addresses risks associated with information sharing and data security.

Best practices for GLBA compliance include:

  1. Conducting regular risk assessments to identify vulnerabilities in information handling and sharing.
  2. Implementing comprehensive training programs for all employees, with a focus on privacy, security, and anti-pretexting measures.
  3. Maintaining detailed records of compliance activities, including privacy notices, opt-out requests, and incident response actions.
  4. Promptly correcting any deficiencies identified during audits or examinations.
  5. Reviewing and updating privacy and security policies to reflect changes in regulations and emerging threats.

Institutions must also ensure that third parties receiving consumer information comply with GLBA’s restrictions on reuse and redisclosure.

Annual Reporting and Model Privacy Form

GLBA requires insured depository institutions and certain affiliates to submit annual reports to their federal banking agencies. These reports must detail payments, fees, loans, and services provided under covered agreements, as well as itemized fund usage by nongovernmental entities. This reporting promotes transparency and accountability in financial relationships.

To assist with privacy notice compliance, federal regulators have developed a model privacy form. While widely adopted, the form has limitations, as it covers only a subset of the personal information types and collection methods identified in Regulation P. Compliance professionals should ensure that their institution’s privacy notices are both accurate and comprehensive, going beyond the minimum requirements when necessary.

GLBA’s Relationship to Other Laws

GLBA’s privacy provisions complement the Fair Credit Reporting Act (FCRA), which governs the sharing of consumer report information with affiliates. Financial institutions must integrate GLBA disclosures into their privacy policies and ensure continued compliance with FCRA requirements. The interplay between these laws underscores the importance of a holistic approach to privacy and data security compliance.

Why GLBA Compliance Matters for Financial Institutions

GLBA compliance is not just a regulatory requirement—it is a critical component of consumer trust and institutional reputation. Non-compliance can result in significant financial penalties, legal exposure, and reputational harm. Conversely, a strong compliance program can enhance consumer confidence, reduce the risk of enforcement actions, and support long-term business growth.

  • Protects consumer privacy and data security.
  • Reduces risk of regulatory penalties and litigation.
  • Supports positive customer relationships and institutional reputation.

Partner with NETBankAudit for GLBA Compliance Excellence

Navigating the complexities of GLBA can be challenging, but you don’t have to do it alone. NETBankAudit offers specialized GLBA audit and compliance services tailored to the unique needs of financial institutions. Our team brings over 25 years of experience, deep regulatory expertise, and a commitment to helping clients achieve and maintain compliance with confidence.

Whether you need a GLBA compliance review, targeted audit support, or ongoing advisory services, NETBankAudit delivers actionable insights and practical solutions. Contact us today to learn how we can help your institution strengthen its compliance program and protect both your customers and your business.

 
class SampleComponent extends React.Component { 
  // using the experimental public class field syntax below. We can also attach  
  // the contextType to the current class 
  static contextType = ColorContext; 
  render() { 
    return <Button color={this.color} /> 
  } 
}
Table of Contents
This is also a heading
This is also a heading
This is a heading

Mitigate Risks with Comprehensive Audits & Assessments

Request For Proposal
NEWS & ARTICLES

Explore Our Learning Center

View All Articles
Compliance
The Gramm-Leach-Bliley Act (GLBA): Compliance Guide for Financial Institutions
While the GLBA fostered competition and innovation, it also introduced a robust framework for consumer privacy and data security. For compliance professionals, understanding GLBA’s structure, requirements, and enforcement mechanisms is essential to safeguarding both institutional integrity and consumer trust.
Read more
Compliance
The Truth in Lending Act (TILA): 2025 Compliance Guide for Financial Institutions
Since its enactment in 1968, TILA has evolved to address new risks, market practices, and regulatory priorities. Recent regulatory changes, especially those effective in 2024 and 2025, require compliance professionals to update their programs and stay vigilant for further developments.
Read more
Compliance
Community Reinvestment Act (CRA) Compliance Guide: Current Rules, Examination Procedures, and Rescinded 2023 Changes
This guide provides a detailed overview of the CRA, the 2023 proposed modernization and its subsequent rescission, and a thorough breakdown of examination procedures for large institutions, intermediate small banks, and small banks.
Read more
Industry News
Ransomware Response for Banks: Key Audit Decisions, Compliance Triggers & Regulatory Risks
Prepare for and respond to ransomware attacks with guidance on audit considerations, incident response planning, regulatory notification requirements, cyber insurance pitfalls, and emerging threat trends facing financial institutions.
Read more
Industry News
Reexamining Regulator Cybersecurity: Data Risks and Oversight Gaps in the Financial System
Recent cyber breaches at the OCC and U.S. Treasury have exposed gaps in federal data handling practices. This article from NETBankAudit explores the risks centralized supervisory data poses to financial institutions, highlights oversight inconsistencies, and outlines key audit actions to mitigate exposure.
Read more
Industry News
OCC Rejects Call to Rescind Preemption Rule: What It Means for the Dual Banking System
Understand the OCC’s reaffirmation of federal preemption and its impact on the dual banking system, including legal context, industry response, and audit implications for financial institutions navigating federal and state oversight.
Read more
Industry News
Insights From BSA Coalition’s AI and Fraud Webinar
Explore key takeaways from the BSA Coalition’s AI and Fraud webinar, including deepfake risks, synthetic ID fraud, governance gaps, and practical strategies for financial institutions to stay secure and compliant.
Read more
Industry News
NETBankAudit Announces Elaine Rudolph-Carter as Regulatory Oversight and BSA Specialist
NETBankAudit welcomes Elaine Rudolph-Carter as Regulatory Oversight and BSA Specialist. With decades of experience at the Federal Reserve and as a BSA Coalition co-founder, Elaine enhances our compliance and audit expertise.
Read more
Cybersecurity
Social Engineering Testing: Safeguarding Financial Institutions from Human-Centric Cyber Threats
Discover how financial institutions can protect against social engineering attacks through phishing, vishing, pretexting, and more. Learn the value of internal and third-party testing to strengthen employee awareness and regulatory compliance.
Read more
Compliance
Flood Disaster Protection Act: Lender Compliance, Insurance Requirements, and Regulatory Oversight
Understand lender obligations under the Flood Disaster Protection Act, including flood insurance purchase requirements, force placement, escrow management, and private policy acceptance. Essential guidance for financial institutions.
Read more
Compliance
Regulation B – Equal Credit Opportunity Act: Practical Guide for Fair Lending Compliance
Explore key requirements of Regulation B and the Equal Credit Opportunity Act, including fair lending rules, prohibited practices, application standards, and recent enforcement actions. Essential for compliance professionals in financial services.
Read more
Compliance
Right to Financial Privacy Act: Safeguarding Customer Financial Records from Unwarranted Government Access
Learn how the Right to Financial Privacy Act (RFPA) protects customer financial records from unwarranted government access. This guide explains RFPA procedures, exceptions, enforcement actions, and how financial institutions can stay compliant.
Read more
Risk Assessments
Independent Network Testing Requirements And Recommendations
Explore essential network testing protocols and best practices to ensure optimal performance, reliability, and compliance in modern IT infrastructures.
Read more
Cybersecurity
Assessing It Department Performance And Staffing
Learn how to evaluate IT department efficiency and staffing needs using key performance indicators and strategic assessment methodologies.
Read more
Cybersecurity
Artificial Intelligence: Opportunities And Threats for Financial Institutions
Understand the risks and benefits of AI in financial institutions, with actionable strategies to ensure ethical use, regulatory compliance, and resilience.
Read more
Compliance
Regulatory Landscape Shift: What is the Status of CFPB and Other Regulatory Agencies?
Stay ahead of U.S. regulatory changes impacting financial institutions, including CFPB restructuring, OCC priorities, and Basel III Endgame considerations.
Read more
Cybersecurity
Vulnerability & Patch Management in Financial Institutions
Discover a compliance-first approach to vulnerability and patch management, minimizing security risks within financial organizations.
Read more
Compliance
Understanding Customer Identification Program (CIP) Requirements
Gain insights into CIP mandates for financial institutions, ensuring compliance with KYC regulations and enhancing customer verification processes.
Read more
Cybersecurity
Ransomware in 2025: A Persistent Threat in a Shifting Landscape
Analyze the diminishing influence of ransomware groups and understand the factors contributing to their reduced impact in the cybersecurity landscape.
Read more
Cybersecurity
Generative AI Controls and Risk Assessments for Financial Institutions 
Uncover potential risks of generative AI, including ethical, legal, and operational challenges, and learn strategies to mitigate them effectively.
Read more
Risk Assessments
Enhanced Due Diligence: A Practical Guide for Compliance Officers in Financial Institutions
Explore how Enhanced Due Diligence protects financial institutions from high-risk clients by meeting FATF, FinCEN, and FFIEC compliance expectations.
Read more
Risk Assessments
The CRI Cyber Profile: A Guide for Financial Institutions
Learn how the CRI Cyber Profile helps financial institutions meet FFIEC standards through scalable risk assessments and enhanced regulatory alignment.
Read more
Compliance
Protecting Elderly Customers: NETBankAudit's Elder Fraud (EFE) Audit Services
NETBankAudit offers specialized Elder Fraud Audit Services designed to help financial institutions detect, prevent, and respond effectively to EFE, ensuring compliance with regulatory standards and reinforcing trust with their customers.
Read more
Compliance
Key Findings from NETBankAudit’s 2024 BSA/AML Audits and MIS Verification Audits
View results of over 30 Bank Secrecy Act (BSA) Compliance Audits across community banks, credit unions, and other financial institutions in 2024.
Read more
Compliance
Guide to Currency Transaction Reports (CTRs): Strategies and Best Practices
Currency Transaction Reports (CTRs) serve as critical tools in the fight against money laundering, terrorist financing, and other financial crimes.
Read more
Compliance
Enhancing Transaction Monitoring and Suspicious Activity Reporting: Strategies for Effective Compliance
Learn about Transaction Monitoring and Suspicious Activity Reporting best practices for Financial Institutions.
Read more
Compliance
Risk Assessment Best Practices for BSA/AML/CFT and OFAC Compliance
Fortify your institution’s BSA AML risk assessment processes by weaving together best practices, real-world examples, and authoritative guidance from global regulatory entities.
Read more
Compliance
Emerging Threats to BSA/AML/CFT and OFAC Compliance: Navigating AI, Cryptocurrency, and Machine Learning Risks
Understand the impact of emerging technologies such as AI, Machine Learning, Crypto and more on BSA, AML and CFT compliance.
Read more
Industry News
Key Cybersecurity Deadlines and New DFS Requirements Coming in 2025
Updates on The New York Department of Financial Services (DFS) new requirements under its amended Cybersecurity Regulation (23 NYCRR Part 500).
Read more
Industry News
FFIEC CAT Sunset Prep: A Guide to NIST CSF 2.0, CRI Cyber Profile & CIS Controls
With the Federal Financial Institutions Examination Council (FFIEC) announcing the sunset of the Cybersecurity Assessment Tool (CAT) by August 31, 2025, financial institutions must pivot to new resources to manage cybersecurity risks effectively.
Read more
Compliance
FCA Final Rule on Cyber Risk Management: The 2025 Guide for Financial Institutions
The Farm Credit Administration (FCA) has issued a groundbreaking final rule on Cyber Risk Management, reshaping how institutions within the Farm Credit System (FCS) address cybersecurity.
Read more
Cybersecurity
Farm Credit Administration Guidance on Navigating AI and Emerging Cybersecurity Risks
Discover how the Farm Credit Administration's guidance helps financial institutions navigate AI integration and emerging cybersecurity risks. Learn key strategies for compliance and effective risk management.
Read more
Industry News
2024 Annual Audit and Exam Issues: Insights from NETBankAudit
A 2024 survey of examination and audit issues collected from over 250 audit engagements to assist our clients in identifying commonly reported examination and audit issues.
Read more
Compliance
Understanding Placement, Layering, and Integration: The Core Stages of Money Laundering
This guide delves into each stage of money laundering—Placement, Layering, and Integration— highlighting common methods, red flags, and the challenges inherent in detection.
Read more
Compliance
Structuring and Smurfing Explained: Strengthening AML Compliance
This guide delves into the definitions, methods, legal implications, real-world examples, and best practices associated with structuring and smurfing, providing actionable insights to bolster compliance programs.
Read more
Compliance
Circular Transactions & Funnel Accounts: Unveiling Money Laundering Tactics
This guide delves into the methodologies of circular transactions and funnel accounts, highlights red flags for their identification, and provides actionable best practices for robust compliance.
Read more
Compliance
Navigating BSA, AML, CFT and OFAC: An Overview of Finance Regulations
This guide provides an overview of the Bank Secrecy Act (BSA), Anti-Money Laundering (AML) protocols, and Office of Foreign Assets Control (OFAC) regulations.
Read more
Cybersecurity
Elder Financial Exploitation and Fraud: What You Need to Know
This article delves into the scope, trends, and impacts of elder fraud, highlighting red flags and strategies to protect one of society’s most vulnerable groups.
Read more
Risk Assessments
Understanding Gift Card Scams: Regulations, Risks, and Tips for Safe Usage
Learn about gift card scams including essential regulations, common risks, and actionable tips to ensure you can use gift cards wisely and securely.
Read more
Risk Assessments
FFIEC Development, Acquisition, and Maintenance (DA&M) Booklet: What You Need to Know
Understand the FFIEC's Development, Acquisition, and Maintenance (DA&M) Booklet including key updates and their implications on financial entities.
Read more
Cybersecurity
Phishing in Financial Services: Protecting Your Institution Against Cyber Threats
Phishing Attacks on financial institutions are increasing in frequency and complexity. We explain the tactics, regulations and strategies to protect your institution from cyber threats.
Read more
Cybersecurity
Penetration Testing Methodology and Procedures for Financial Institutions
Learn the process, methodologies, tools, and best practices for conducting effective penetration tests in financial institutions.
Read more
Cybersecurity
IT Governance: Aligning Technology with Business Strategy for Optimal Performance
Explore how financial institutions can implement effective IT governance frameworks to align their technology initiatives with business objectives, manage risks, and ensure regulatory compliance.
Read more
Cybersecurity
Common Cybersecurity Attacks and Penetration Testing Solutions For Financial Institutions
Understand common cybersecurity attacks and penetration testing solutions to mitigate risk in an increasingly sophisticated environment.
Read more
Industry News
Bank-Fintech Partnerships: Analysis of the Federal Reserve Board's 2024 Guidance
Analysis of bank-fintech partnerships, risks, and regulatory programs with a focus on the Federal Reserve Board's 2024 guidance.
Read more
Industry News
Risks and Strategies for AI Cybersecurity Risks: Key Takeaways from NY DFS Letter
Learn key AI cybersecurity risks and controls from the October 2024 letter from New York Department of Financial Services
Read more
Cybersecurity
IT Risk Management Solutions for Financial Services: Safeguarding Your Digital Assets
This article explores key IT risk management solutions for the financial sector, offering practical insights to help institutions protect their digital assets and maintain regulatory compliance.
Read more
Cybersecurity
IT Business Continuity Plans for Financial Institutions
This article explores the essential components of IT business continuity planning, emphasizing the unique needs of financial institutions drawing from FFIEC guidance.
Read more
Cybersecurity
IT Change Management for Financial Services
This guide covers IT change management for financial services, providing insights, best practices, and strategies for successfully navigating the complexities of managing IT changes.
Read more
Cybersecurity
Data Assurance in Financial Services: Ensuring Integrity of Financial Information
This guide delves into the critical aspects of data assurance in financial services, offering insights, best practices, and forward-looking perspectives to help you navigate this complex field.
Read more
Cybersecurity
IT Crisis Management Guide for Financial Services: Protecting Your Institution
This guide explores the critical aspects of IT crisis management in financial services, offering insights and strategies to help financial institutions navigate through disasters.
Read more
Industry News
2023 Annual Audit and Exam Issues: Insights from NETBankAudit
Read NETBankAudit's insights from the 2023 audit season, based on over 250 audit and over 750 technical testing engagements with financial institutions.
Read more
Compliance
Customer Due Diligence (CDD) Guide for Financial Institutions
Learn best practices for of Customer Due Diligence (CDD) for financial institutions, designed to prevent money laundering, terrorist financing, and other financial crimes.
Read more
Risk Assessments
Ransomware Assessment Facilitation for Financial Institutions
Get an in-depth look at ransomware assessment facilitation, focusing on the tools and strategies available to financial institutions to protect themselves against this pervasive threat.
Read more
Risk Assessments
URSIT Analysis – A Six Part Whitepaper Series
Learn about the the Uniform Rating System for Information Technology (URSIT) and the importance for financial services risk management.
Read more
Compliance
CECL Model and Validation: Ensuring Compliance with Regulatory Requirements
Learn about the Current Expected Credit Loss (CECL) model, introduced by the Financial Accounting Standards Board (FASB) with best practices for model validation.
Read more
Cybersecurity
IT Network Security Management: Protecting Your Digital Assets
Explore the key components of IT network security management, best practices for implementation, and emerging trends that are shaping the future of cybersecurity.
Read more
Cybersecurity
IT Security Incident Reporting: A Guide for Financial Institutions
Explore the critical aspects of IT security incident reporting, tailored specifically for smaller financial institutions.
Read more
Cybersecurity
Guide to Cybersecurity Assessments for Financial Institutions
A guide to cybersecurity assessments for financial institutions including guidance for the discontinuation of the CAT in 2025 and the shift to NIST 2.0 and CISA CPGs.
Read more
NETBankAudit Logo PNG
2024 NETBankAudit. All Rights Reserved.
Privacy PolicyTerms of Service
Ask a Question
Thank you! We will email you the answer to your question shortly!
Oops! Something went wrong while submitting the form.
By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.
PreferencesDenyAccept