Close this search box.

Table of Contents

Gramm-Leach-Bliley Act of 1999 (GLBA)


The Gramm-Leach-Bliley Act of 1999 (GLBA), also known as the Financial Services Modernization Act, is a federal law in the United States that allowed commercial banks, investment banks, securities firms and insurance companies to consolidate. Essentially, it repealed part of the Glass-Steagall Act of 1933, enabling banks to engage in additional business activities. The Act also included provisions to protect individuals’ personal financial information held by financial institutions.


The phonetic pronunciation of “Gramm-Leach-Bliley Act of 1999 (GLBA)” is:Gramm: /ɡræm/Leach: /liːtʃ/Bliley: /ˈblaɪli/Act of 1999: /ækt ɒv 1999/GLBA: /ˌdʒiː ˌel ˌbiː ˈeɪ/

Key Takeaways

  1. Privacy Requirements: The Gramm-Leach-Bliley Act introduces a set of requirements for financial institutions to inform customers about their privacy policies and practices. It mandates that these institutions must explain what personal customer information they collect, how this information is used, and how it is protected.
  2. Facilitates Mergers: The Act changes the regulations that previously prohibited the merger of a bank, a securities company and an insurance company into a single firm. By lifting this restriction, the GLBA enables financial conglomerates to offer a full and diversified range of financial services.
  3. Safeguarding Customer Information: GLBA includes provisions that require financial institutions to implement specific programs and practices designed to ensure the security and confidentiality of customer data. These institutions must be proactive in identifying potential risks to customer data and must regularly assess the sufficiency of their security, confidentiality, and integrity measures.


The Gramm-Leach-Bliley Act of 1999 (GLBA) is especially important because it significantly changed the landscape of the financial industry in the United States. It repealed parts of the Glass-Steagall Act of 1933, allowing banks, insurance companies, and investment firms to consolidate and offer a full range of services. This has facilitated a one-stop shop financial service model. Moreover, GLBA also includes important provisions to protect consumers’ personal financial information. It mandates financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data, which, in turn, has significant implications for consumer privacy and data security in the financial sector.


The Gramm-Leach-Bliley Act of 1999 (GLBA), also known as the Financial Services Modernization Act, was formulated with the main purpose of modernizing and bringing reforms to the financial services industry in the United States. The key aim was to promote competition and innovation within the industry and reduce the restrictions that stopped affiliations between banks and securities firms or insurance companies. This allowed these institutions to offer a broader range of services to their clients. The GLBA effectively repealed the Glass-Steagall Act of 1933, a piece of legislation that had been providing a regulatory framework for the financial services industry for many decades.The GLBA also introduced new requirements around the protection of consumer financial data. Financial institutions were now obligated by law to protect consumers’ private financial information by implementing several provisions in the act. These included the Financial Privacy Rule, which necessitates institutions to provide customers with their privacy policies and let them opt out if they do not want their information shared with non-affiliated third parties, and the Safeguards Rule that mandated the institutions to have a written security plan to protect the confidentiality and integrity of personal consumer information. Therefore, the GLBA was and still is used as a tool to create a competitive, innovative financial services industry, while also ensuring the protection and privacy of consumer financial data.


1. JPMorgan Chase & Co.: One of the largest banking institutions in the U.S required to comply with the Gramm-Leach-Bliley Act. Following the Act, the company was directly affected as it was required to increase privacy and security measures for its customers and their financial information, enhancing the way they communicate their privacy policies to clients. Meaning, they must make certain that personal information about their customers is kept secure and confidential. 2. MetLife Inc.: An insurance-based financial service company, MetLife must comply with GLBA as it deals with a large amount of non-public personal information. This includes policyholders’ names, addresses, social security numbers, and financial information. GLBA enabled MetLife to engage in banking services, significantly expanding its business operations. They are also required to provide privacy notice to their customers and ensure that their system is secure from potential threats.3. Wells Fargo: This banking and financial services company was largely affected by the Gramm-Leach-Bliley Act. Due to the Act, Wells Fargo took steps to ensure the privacy and safety of customer’s information, notifying customers about their right to opt-out if they do not want their personal financial information shared with non-affiliated third parties. They also continuously update their data security measures to ensure adherence to the GLBA’s requirements.

Frequently Asked Questions(FAQ)

What is the Gramm-Leach-Bliley Act of 1999 (GLBA)?

The Gramm-Leach-Bliley Act (GLBA) is a federal law in the United States that mandates financial institutions to explain how they share and protect their customers’ private information.

When was the GLBA implemented?

The Gramm-Leach-Bliley Act was signed into law on November 12, 1999.

Who does the GLBA apply to?

The GLBA applies to financial institutions, including banks, insurance companies, securities firms, and companies providing other financial products and services to consumers.

What are the key components of the GLBA?

The GLBA comprises of three main parts: the Financial Privacy Rule, which regulates the collection and disclosure of private financial information; the Safeguards Rule, requiring financial institutions to implement security programs to protect such information; and the Pretexting provisions, prohibiting individuals from accessing personal information using false pretenses.

How does the GLBA protect consumers?

The GLBA ensures consumers’ private financial information is protected. It grants consumers the right to opt-out of some sharing of their private information, and also mandates companies to provide details on how they protect sensitive data.

What are the penalties for non-compliance with GLBA?

Non-compliance with GLBA can result in stiff penalties, including fines and imprisonment for up to 5 years. Penalties can be imposed on both companies and individuals.

Can a consumer waive their rights under the GLBA?

No, a consumer cannot waive their rights under the GLBA. They can, however, choose to opt-out of certain disclosures of personal information to non-affiliated third parties.

How can a business ensure GLBA compliance?

Businesses can ensure compliance by implementing a written information security plan that describes how the company protects customer data, regular monitoring of operations and business partners, and adjustments of their plan when necessary. It’s also crucial to train all employees about the provisions and controls in place for GLBA compliance.

How does the GLBA affect information sharing between financial institutions?

The GLBA affects information sharing by requiring financial institutions to inform consumers about their information-sharing practices and to safeguard sensitive data.

Related Finance Terms

  • Financial Privacy Rule: A part of the GLBA that governs the collection and disclosure of customers’ personal financial information by financial institutions.
  • Safeguards Rule: Another part of the GLBA, it requires financial institutions to implement security measures to protect customer information.
  • Pretexting Provisions: These provisions under the GLBA make it illegal for individuals to access personal information using false pretenses.
  • Financial Institutions: These are companies that deal with monetary transactions, such as banks, insurance companies, and brokerage firms, which are heavily affected by the implementation of GLBA.
  • Federal Trade Commission (FTC): The FTC is the government agency that enforces the provisions and rules set forth under the GLBA.

Sources for More Information

About Due

Due makes it easier to retire on your terms. We give you a realistic view on exactly where you’re at financially so when you retire you know how much money you’ll get each month. Get started today.

Due Fact-Checking Standards and Processes

To ensure we’re putting out the highest content standards, we sought out the help of certified financial experts and accredited individuals to verify our advice. We also rely on them for the most up to date information and data to make sure our in-depth research has the facts right, for today… Not yesterday. Our financial expert review board allows our readers to not only trust the information they are reading but to act on it as well. Most of our authors are CFP (Certified Financial Planners) or CRPC (Chartered Retirement Planning Counselor) certified and all have college degrees. Learn more about annuities, retirement advice and take the correct steps towards financial freedom and knowing exactly where you stand today. Learn everything about our top-notch financial expert reviews below… Learn More