Section 501(b) of the Gramm-Leach-Bliley Act (GLBA) required the Federal Deposit Insurance Corporation (FDIC), the Board of Governors of the Federal Reserve System, the Office of the Comptroller of the Currency, and the Office of Thrift Supervision to establish financial institution standards for protecting the security and confidentiality of financial institution customers' non-public personal information. The effective date of the Section 501(b) provisions was July 1, 2001. (Refer to FIL-22-2001, dated March 14, 2001, for the interagency guidelines establishing standards for safeguarding customer information.)

The standards' objectives are to:

• ensure the security and confidentiality of customer information;
• protect against any anticipated threats or hazards to the security or integrity of such information; and
• protect against unauthorized access to or use of customer information that could result in substantial harm or inconvenience to any customer.

The attached examination procedures have been developed to assist examiners in evaluating an institution's compliance with the customer safeguards and to ensure that the established standards are applied consistently. Financial institutions are being provided the examination procedures to assist them in their compliance efforts.

The examination procedures were designed to be sufficiently broad to accommodate all financial institutions. As such, certain procedures may not apply to small or non-complex institutions. Examiners will take these factors into consideration during their evaluations.

For more information, please contact your Division of Supervision Regional Office.

Attachment: Examination Procedures to Evaluate Compliance with the Guidelines to Safeguard Customer Information

Distribution: FDIC-Supervised Banks (Commercial and Savings)

NOTE: Paper copies of FDIC financial institution letters may be obtained through the FDIC's Public Information Center, 801 17th Street, NW, Room 100, Washington, DC 20434 (800-276-6003 or (703) 562-2200).