Statement on Auditing Standards No.

70
RESOURCE GUIDE
1-800-277-5415

The Gramm-Leach Bliley Act

The Gramm-Leach Bliley Act, commonly known as GLBA, was passed by the United States
Senate and the U.S. House of Representatives on November 4, 1999. Contained within the
act are privacy provisions to help protect consumer’s personal information being held by
financial institutions-known as the Financial Privacy Rule, Safeguards Rule and Pretexting
provisions. The term "financial institutions" is a rather broad term, which includes banks,
financial securities firms, insurance entities and a host of other providers and industries that
provide financial products and various services to consumers. Of the core privacy provisions
within GLBA, the Financial Privacy Rule and Safeguards Rule have garnered the most
attention from both consumers and financial institutions, primarily based on the growing
demands placed on information security and protection of sensitive, non-public information.

SAS 70 Effect on GLBA

The rapid growth in regulatory compliance laws and regulations has had a profound impact
on SAS 70 audits, resulting in many financial institutions requiring third party service
organizations to become SAS 70 Type II certified. Because of the requirements set forth in
GLBA, specifically within the Financial Privacy Rule and the Safeguards Rule, financial
institutions, from banks to many other entities and organizations identified as "financial
institutions", must ensure their outsourced providers are compliant within the framework of
the GLBA privacy provisions. Because of the continued growth in outsourcing, SAS 70 audits
will continue to be an important component of GLBA for purposes of compliance for financial
institutions and their third party outsourcers, commonly known as service organizations. As
a result, service organizations will be faced with additional regulatory compliance costs and
must take proactive measures in communicating with all parties (auditors, financial
institutions, and intended users of the SAS 70 report) in preparing and assisting with SAS
70 compliance for notable issues, such as cost, scope, and timeframe of the audit.

GLBA Timeline
Timeline of Gramm-Leach-Bliley Act
Senate Banking Committee approves the Financial Services
March 4, 1999
Modernization Act of 1999.
Senate Banking Committee formally files the Financial Services
April 28, 1999
Modernization Act in the Senate.
The Senate approves S. 900, Financial Services Modernization Act of
May 6, 1999
1999
July 1, 1999 The House of Representatives approves H.R. 10.
July 23, 1999 Senate Banking Committee's 20 Members named to conference.
July 30, 1999 House appoints members to conference.
August 3, 1999 Conference comittee holds first meeting.
October 12, 1999 Chairmen Gramm, Leach and Bliley release chairmen's mark.
Conference committee holds final meeting; names bill the Gramm-
October 22, 1999
Leach-Bliley Act.
November 2, 1999 Conference report signed by majority of conferees, clearing way for

http://www.sas70.us.com Provided by NDB, LLP

 Statement on Auditing Standards No. 70
RESOURCE GUIDE
1-800-277-5415
votes in House and Senate.
Gramm-Leach-Bliley Act passes the Senate 90-8 and the House 362-
November 4, 1999
57.

Source: http://banking.senate.gov/prel99/1105tme.htm

http://www.sas70.us.com Provided by NDB, LLP