<img height="1" width="1" alt="" style="display:none" src="https://www.facebook.com/tr?id=1549346735328577&amp;ev=PixelInitialized">

In a Nutshell: What is the Gramm Leach Bliley Act?

The Gramm Leach Bliley Act, or GLBA for short, repealed the Glass-Steagall Act, allowing commercial banks, investment banks, securities firms, and insurance companies to merger.

Because the legalization of these types of mergers meant that a single financial institution would have access to a vast amount of individuals’ personal information, such as mortgages and health records, the GLBA also included financial privacy provisions for the secure storage of, notification for the sharing policies of, and the ability to opt out of the sharing of personal information.

The GLBA went into effect on November 12, 1999. Businesses under regulation by the GLBA were required to be in full compliance by July 1, 2001. The GLBA is officially titled the Financial Services Modernization Act of 1999.

Why does the Gramm Leach Bliley Act exist?

To understand why the Gramm Leach Bliley Act exists, you need to know what the Glass-Steagall Act is.

The Glass-Steagall Act refers to four provisions - specifically sections 16, 20, 21, and 32 - of the U.S. Banking Act of 1933 that essentially separated commercial banks activities from investment bank activities. These provisions were included in the U.S. Banking Act of 1933 as a response to the U.S. stock market crash in 1929.

Much of the blame for the stock market crash was placed on commercial banks and their involvement stock market. The following sequence of events led to the stock market crash on October 29, 1929:

  1. Commercial banks were using their assets – i.e. depositors’ money – to buy and sell stocks on the stock market
  2. Commercial banks wanted a bigger reward from the stock market so they started taking on the risk of buying new issues of stock to sell to the public.
  3. In addition, commercial banks began issuing unsound loans to companies in which the banks had stock.
  4. Commercial banks encouraged their clients to then invest their money into those companies.
  5. Unsurprisingly, at a certain point, the amount of stocks being sold overtook the amount of stocks being bought.
  6. As the gap between the number of sellers and the number of buyers widened, stock holders grew increasingly nervous, prompting a bout of panic selling that started the week of October 21, 1929.
  7. The huge volumes of stocks being sold but not purchased eventually imploded on October 24, when the market lost 11% of its value.
  8. A group of Wall Street bankers along with Richard Whitney, the vice president of the New York Stock Exchange, decided to pool their resources to buy stocks from companies that were leaders in their industries at a price well above market price in order to quell the panic and stop the downward slide of the stock market. By the end of the day, on October 24, the panic seemed to have subsided.
  9. The quelling was incredibly short-lived. On October 28, the Dow Jones experienced a record loss of 13%. The following day, October 29, ‘Black Tuesday’, the amount of shares sold reached its peak at 16 million. To put it into further perspective just how dire of a situation it was, many stocks that day did not have even one buyer at any price.
  10. The stock market slowly attempted to recover, reaching its lowest point in the 21st century on July 8, 1932. Pre-stock market crash levels weren’t reached until November 23, 1954.

As you can see, there were long-lasting, devastating effects of the stock market crash, none of which government officials were eager to repeat.

And so, they set about creating legislation that would prevent commercial banks from participating in investment bank activities. They accomplished this with four provisions, collectively known as the Glass-Steagall Act, in the U.S. Banking Act of 1933.

The four provisions prohibited the following activities:

  • Commercial banks, since they held deposits and made loans, were prohibited from underwriting or dealing with (non-government) securities (aka stocks).
  • Conversely, investment banks, since they underwrote and dealt with securities, were prohibited from having close connections with commercial banks. Having an overlapping directorship is an example of a close connection.

In short, the Glass-Steagall Act made it illegal for commercial banks, investment banks, securities firms, and insurance companies to merge to form a singular financial institution that dealt with both commercial banking services as well as investment banking services.

Once the Glass-Steagall Act went into effect on June 16, 1933, banks and financial institutions were given a 1-year deadline to decide whether they wanted to be a commercial bank or an investment bank. For commercial banks, an exception was made so that they could at least have up to 10% of their income coming from securities.

Of course, something as catastrophic as the stock market crash would prompt legislators to attempt to pinpoint the cause and then pass legislation that prevent such an event from occurring again. In fact, there was a popular belief that separating commercial banks from investment banks could beneficial for inducing a healthier financial system. However, as even the co-author of the act, Senator Carter Glass, would soon admit that the passing of the act was an overreaction to the stock market crash.

Although its intentions were to prevent another stock market crash from occurring, the act had negative consequences on the abilities of financial institutions to provide competitive, needed financial services. The negative consequences became clearer in the 1960s as more and more commercial banks began to adopt a looser interpretation on the prohibitions created by the Glass-Steagall Act, in order to effectively compete with each other, by creating products and services that blurred the line between banking and securities.

In 1998, Citigroup, a commercial bank holding company, and Travelers Group, an insurance company, merged together to form Citigroup, which ended up combining banking, securities, and insurance services under one financial institution. Although this merger violated the Glass-Steagall Act, the Federal Reserve actually granted them a temporary waiver against the Glass Steagall Act.

At this point, it was clearly obvious that the Glass-Steagall Act was more repressive as opposed to beneficial for the modern financial landscape: when the economy is good, people tended to invest their money, but when the economy is bad, people tended to save their money in savings accounts. It just made sense that financial institutions be allowed to provide both types of services.

And so, legislators went to work the repeal the prohibitions enacted by the Glass-Steagall Act by enacting the Gramm Leach Bliley Act in 1999. In addition to rolling back the Glass-Steagall Act prohibitions, the Gramma Leach Bliley Act made mergers, like the Citigroup merger described above, legal.

It should be noted that the Gramm Leach Bliley Act is not without its own controversy; many believe that the repealing of the Glass-Steagall Act is what allowed the stock market crash of 2008 to occur.

The Details: The Gramm Leach Bliley Act Requirements & Compliance

Because the Gramm Leach Bliley Act allows for merging of commercial banks, investment banks, securities firms, and insurance companies, legislators realized that whenever there was a merge, a financial institution would have a vast amount of personal financial and health information on each customer who does business with the financial institution.

To protect customers and their personal information, the Gramm Leach Bliley Act included three regulations that financial institutions needed to follow to secure all this personal information:

  1. The Financial Privacy Rule is implemented and enforced by the Federal Trade Commission (FTC) and regulates the collection and disclosure of private, personal financial information, requiring financial institutions to provide a privacy notice to all customers, prior to entering an agreement to do business, and needs to detail:
    a. the personal information that will be collected
    b. with whom and where personal information will be shared
    c. how personal information will be used
    d. how personal information will be protected
    e. being able to opt out of sharing certain personal information with unaffiliated parties
    f. not being able to opt out of sharing personal information with affiliated parties, such as:
    • those providing priority service(s) to the financial institution
    • the marketing of products and services by the financial institution
    • those with whom the sharing of information is deemed legally required, such as law enforcement
  2. The Safeguard Rule regulates the implementation of security protocols that are needed to protect private, personal financial information; financial institutions are required to have a written information security plan that:
    a. describes how the institution is prepared to protect customers’ personal information by
    1. constructing and conducting a thorough risk analysis of any department within the institution that will be handing customers’ personal information
    2. developing, monitoring, and testing programs to secure the personal information
    b. describes how the institution is prepared to continue protecting customers’ personal information against future threats by changing programs as needed in terms of how personal information is collected, stored, and used
    c. denotes at least one employee to manage the security plan
  3. The Pretexting Provisions regulate the safeguards implemented by financial institutions to protect against pretexting. Pretexting, sometimes referred to as ‘social engineering’, is the act of attempting to gain access to personal information without the authority to do so by impersonating a customer in person, by phone, by mail, by email, or by phishing.

In essence, financial institutions comply with the Gramm Leach Bliley Act by:

  • Informing customers how their personal information will be collected, how it will be used/shared, and how it will be protected and giving customers the opportunity to opt out of sharing their personal information with unaffiliated parties
  • Developing a written security plan details how personal information is currently being protected, the steps being taken to make sure that the plan works, and the steps that will be undertaken to protect personal information against future threats
  • Taking the necessary steps to prevent pretexting as much as possible

How does the Gramm Leach Bliley Act affect your business?

If your business is a financial institution, the Gramm Leach Bliley Act does apply to your business, and therefore, is required to comply with the regulations described in the section above in order to comply.

A financial institution is a company that offers financial products or services to individuals, like loans, financial or investment advice, or insurance”; financial institutions include the following:

  • banks
  • non-bank mortgage lenders
  • real estate appraisers
  • loan brokers
  • financial or investment advisers
  • debt collectors
  • tax return preparers
  • real estate settlement service providers

If your business is not a financial institution, the Gramm Leach Bliley Act does not apply to your business, and therefore, you do not have to do anything in order to comply.

Gramm Leach Bliley Act Resources

Much of the Gramma Leach Bliley Act’s rules and regulations have been covered, but there are certain details that are too nuanced to sufficiently address here.

  • For more information about the GLBA and its requirements, please refer to this PDF on the Federal Deposit Insurance Corporation (FDIC) website


Learn more about:

Want to protect your business from fraud?

Our team of fraud prevention specialists is here to guide and provide support for all your fraud prevention needs!