Staying compliant with GLBA

No one is really in love with the idea of strangers handling your personal information, so most of us can agree with the intentions of The Gramm-Leach-Bliley Act (GLBA). Passed in 1999, it governs how US-based financial institutions collect and share information about their customers. For credit providers, it means that you have to keep borrowers’ personal information secure and can’t share it with outside parties.

But GLBA is fairly complex at first glance, since it touches on plenty of areas not relevant to credit providers. Before you and your legal team pore through the details, let’s walk through the purpose of the GLBA’s privacy rules, what it requires of credit providers, and how LoanPro can help you stay compliant.

How GLBA aims to protect personal information

The overarching purpose of the GLBA is to safeguard consumers’ nonpublic personal information (NPI). The act identifies several different types of information that could count as NPI under their definition:

  • Any information given for a financial product or service, including name, address, income, SSN, or any other information that might be on an application.
  • Any information gained from a transaction involving a financial product or service, including your relationship with the individual, account numbers, payment history, balances, or purchases.
  • Any information obtained about an individual in connection with providing a financial product or service, such as information from a consumer report or court records.

In other words, any personally identifiable financial information obtained by a financial institution would qualify as NPI, and thus be subject to the requirements of GLBA.

GLBA’s requirements and LoanPro’s solutions

The GLBA is a multi-faceted regulation. The sections of the Act that apply to lenders are broken up into three rules: the Privacy Rule, the Safeguards Rule, and the Pretexting Rule.

And as always when discussing compliance, you should work with your own legal team and compliance officers to make sure you’re following the law. LoanPro’s tools help streamline and simplify GLBA compliance, but we can’t guarantee that every aspect of your operation is in line with this law or other state and local regulations.

Financial privacy rule

The financial privacy rule regulates how creditors collect and disclose borrower information. Notably, it requires financial institutions to give ‘clear and conspicuous notice’ of their privacy policies as well as opt-out options if they share or sell NPI.

GLBA requirementLoanPro solution
Financial institutions, including lenders, need to provide privacy notices and opt-out notices to all of their customers, regarding the security and use of customers’ NPI.We’ve built out template communications that align with the GLBA’s requirements, which can be personalized with borrower-specific details. We can also build automations so those notices go out without any necessary input from your agents.
There are firm restrictions on reusing and redisclosing the NPI received from other financial institutions. Additionally, they cannot share account numbers for marketing purposes.Our real-time replicated database puts all data in a single source of truth, giving you strict control over access to NPI and account data.

Safeguards rule

The safeguards rule requires that financial institutions have administrative, physical, and technical protections for handling customer information. They need to implement easily accessible written policies and procedures detailing how they comply with more specific aspects of the regulation.

GLBA requirementLoanPro solution
Every lender needs to implement an information security program for handling customer information that takes into account administrative, physical, and technical protections.We maintain a SOC 2 Type 2 security certification and a PCI-DSS Level-One AOC. What’s more, our comprehensive audit trail automatically records the who, what, and when for all actions in the software.
Creditors must safeguard customer information with encryption, access controls, incident response plans, and more.LoanPro encrypts data in transit and at rest, including data associated with customers and payment cards.
The GLBA requires every financial institution to designate a single qualified individual to oversee their information security program in its entirety.LoanPro includes user role restrictions so access to NPI is only granted as needed.

Pretexting rule

The pretexting rule prohibits creditors from using false pretenses to gather customer information. The rule gives more specific examples, but it really boils down to you can’t lie to get data.

GLBA requirementLoanPro solution
Financial institutions are prohibited from accessing, collecting, or using customer information under false pretenses.With LoanPro’s customizable communication templates, you can be sure your messages to borrowers adhere to GLBA (as well as other communication laws, like TCPA and FDCPA).

Other relevant regulations

GLBA, of course, isn’t the only regulation credit providers need to take into account. Other laws intersect with the requirements of GLBA, but with LoanPro’s Compliance Guardrails in place, these regulations can all become a default part of your processes.

For example, GLBA’s financial privacy rule states that credit providers need to give their borrowers disclosures relating to what data they’re collecting and inform them that they have the right to opt out. These disclosures can overlap with those required by the Fair Credit Reporting Act (FCRA) and Truth in Lending Act (TILA). LoanPro can provide you with standardized templates that comply with each act and automatically send them out to new borrowers.

Similarly, the Dodd-Frank Act outlines and forbids specific Unfair, Deceptive, or Abusive Acts or Practices (UDAAP). Rather than relying on individual agents to understand these requirements, servicing and collections managers need a system that helps walk agents through compliant actions. Just like LoanPro’s guided agent UI helps prevent breaking the GLBA’s pretexting rule, it can also help prevent the unfair practices that Dodd-Frank prohibits.

If you’re interested in learning more about how LoanPro’s Compliance Guardrails can make compliance your default, reach out and we’ll set up a demo.

Recommended blog posts for you

Repossession, and how to avoid it
Industry Insights
Repossession, and how to avoid it

The real challenge in automotive finance is not so much giving a vehicle to a stranger, but getting that stranger to pay you back later. Unfortunately, many platforms are frontloaded with origination tools but offer minimal support during servicing and collections.

Driving growth in automotive origination
Industry Insights
Driving growth in automotive origination

We might talk about consumers ‘shopping for loans’, but whatever credit product they pick, it’s always incidental to the actual goods and services they’ll use it to purchase. Consumers don’t value money in a vacuum; no one is taking out a loan so they can stare at a big pile of cash like Scrooge McDuck.

Building sustainably with a modern credit platform
Industry Insights
Building sustainably with a modern credit platform

When credit platforms fail or go out of business, the providers who use them pay the price not just in fines, but also in a loss of trust from their customers. Providers need a system built on both reliable technology and sustainable business practices, ensuring that the platform will remain operational consistently and continuously into the future.