The Gramm-Leach-Bliley Act (GLBA) of 1999 first established a requirement to protect consumer financial information. Financial services regulations on information security, initiated by the GLBA, require financial institutions in the United States to create an information security program.
The Federal Financial Institutions Examination Council (FFIEC) supports this mission by providing extensive, evolving guidelines for compliance. The FFIEC is charged with providing specific guidelines for evaluating institutions for compliance with GLBA, among other things. Enforcement falls to five agencies: the Federal Reserve System (FRB), the Federal Deposit Insurance Corporation (FDIC), the National Credit Union Administration (NCUA), the Office of the Comptroller of the Currency (OCC), and the Office of Thrift Supervision (OTS). In collaboration, these agencies have developed a series of topical handbooks that provide guidance, address significant technology changes and incorporate a risk-based approach for IT practices in the financial industry.