Staying compliant with GLBA
No one is really in love with the idea of strangers handling your personal information, so most of us can agree with the intentions of The Gramm-Leach-Bliley Act (GLBA). Passed in 1999, it governs how US-based financial institutions collect and share information about their customers. For credit providers, it means that you have to keep borrowers’ personal information secure and can’t share it with outside parties.
But GLBA is fairly complex at first glance, since it touches on plenty of areas not relevant to credit providers. Before you and your legal team pore through the details, let’s walk through the purpose of the GLBA’s privacy rules, what it requires of credit providers, and how LoanPro can help you stay compliant.
How GLBA aims to protect personal information
The overarching purpose of the GLBA is to safeguard consumers’ nonpublic personal information (NPI). The act identifies several different types of information that could count as NPI under their definition:
- Any information given for a financial product or service, including name, address, income, SSN, or any other information that might be on an application.
- Any information gained from a transaction involving a financial product or service, including your relationship with the individual, account numbers, payment history, balances, or purchases.
- Any information obtained about an individual in connection with providing a financial product or service, such as information from a consumer report or court records.
In other words, any personally identifiable financial information obtained by a financial institution would qualify as NPI, and thus be subject to the requirements of GLBA.
GLBA’s requirements and LoanPro’s solutions
The GLBA is a multi-faceted regulation. The sections of the Act that apply to lenders are broken up into three rules: the Privacy Rule, the Safeguards Rule, and the Pretexting Rule.
And as always when discussing compliance, you should work with your own legal team and compliance officers to make sure you’re following the law. LoanPro’s tools help streamline and simplify GLBA compliance, but we can’t guarantee that every aspect of your operation is in line with this law or other state and local regulations.
Financial privacy rule
The financial privacy rule regulates how creditors collect and disclose borrower information. Notably, it requires financial institutions to give ‘clear and conspicuous notice’ of their privacy policies as well as opt-out options if they share or sell NPI.
| GLBA requirement | LoanPro solution |
| Financial institutions, including lenders, need to provide privacy notices and opt-out notices to all of their customers, regarding the security and use of customers’ NPI. | We’ve built out template communications that align with the GLBA’s requirements, which can be personalized with borrower-specific details. We can also build automations so those notices go out without any necessary input from your agents. |
| There are firm restrictions on reusing and redisclosing the NPI received from other financial institutions. Additionally, they cannot share account numbers for marketing purposes. | Our real-time replicated database puts all data in a single source of truth, giving you strict control over access to NPI and account data. |
Safeguards rule
The safeguards rule requires that financial institutions have administrative, physical, and technical protections for handling customer information. They need to implement easily accessible written policies and procedures detailing how they comply with more specific aspects of the regulation.
| GLBA requirement | LoanPro solution |
| Every lender needs to implement an information security program for handling customer information that takes into account administrative, physical, and technical protections. | We maintain a SOC 2 Type 2 security certification and a PCI-DSS Level-One AOC. What’s more, our comprehensive audit trail automatically records the who, what, and when for all actions in the software. |
| Creditors must safeguard customer information with encryption, access controls, incident response plans, and more. | LoanPro encrypts data in transit and at rest, including data associated with customers and payment cards. |
| The GLBA requires every financial institution to designate a single qualified individual to oversee their information security program in its entirety. | LoanPro includes user role restrictions so access to NPI is only granted as needed. |
Pretexting rule
The pretexting rule prohibits creditors from using false pretenses to gather customer information. The rule gives more specific examples, but it really boils down to you can’t lie to get data.
| GLBA requirement | LoanPro solution |
| Financial institutions are prohibited from accessing, collecting, or using customer information under false pretenses. | With LoanPro’s customizable communication templates, you can be sure your messages to borrowers adhere to GLBA (as well as other communication laws, like TCPA and FDCPA). |
Other relevant regulations
GLBA, of course, isn’t the only regulation credit providers need to take into account. Other laws intersect with the requirements of GLBA, but with LoanPro’s Compliance Guardrails in place, these regulations can all become a default part of your processes.
For example, GLBA’s financial privacy rule states that credit providers need to give their borrowers disclosures relating to what data they’re collecting and inform them that they have the right to opt out. These disclosures can overlap with those required by the Fair Credit Reporting Act (FCRA) and Truth in Lending Act (TILA). LoanPro can provide you with standardized templates that comply with each act and automatically send them out to new borrowers.
Similarly, the Dodd-Frank Act outlines and forbids specific Unfair, Deceptive, or Abusive Acts or Practices (UDAAP). Rather than relying on individual agents to understand these requirements, servicing and collections managers need a system that helps walk agents through compliant actions. Just like LoanPro’s guided agent UI helps prevent breaking the GLBA’s pretexting rule, it can also help prevent the unfair practices that Dodd-Frank prohibits.
If you’re interested in learning more about how LoanPro’s Compliance Guardrails can make compliance your default, reach out and we’ll set up a demo.
