Skip to main content
U.S. flag
An official website of the United States government
Dot gov
The .gov means it’s official. 
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.
Https
The site is secure. 
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.
INACTIVE
This page is no longer active. Its content has expired or been rescinded by the FDIC.

501(b) EXAMINATION GUIDANCE

Information Technology / Cybersecurity
August 24, 2001


TO: CHIEF EXECUTIVE OFFICER
SUBJECT: Examination Procedures to Evaluate Customer Information Safeguards

Section 501(b) of the Gramm-Leach-Bliley Act (GLBA) required the Federal Deposit Insurance Corporation (FDIC), the Board of Governors of the Federal Reserve System, the Office of the Comptroller of the Currency, and the Office of Thrift Supervision to establish financial institution standards for protecting the security and confidentiality of financial institution customers' non-public personal information. The effective date of the Section 501(b) provisions was July 1, 2001. (Refer to FIL-22-2001, dated March 14, 2001, for the interagency guidelines establishing standards for safeguarding customer information.)

The standards' objectives are to:

  • ensure the security and confidentiality of customer information;
  • protect against any anticipated threats or hazards to the security or integrity of such information; and
  • protect against unauthorized access to or use of customer information that could result in substantial harm or inconvenience to any customer.

The attached examination procedures have been developed to assist examiners in evaluating an institution's compliance with the customer safeguards and to ensure that the established standards are applied consistently. Financial institutions are being provided the examination procedures to assist them in their compliance efforts.

The examination procedures were designed to be sufficiently broad to accommodate all financial institutions. As such, certain procedures may not apply to small or non-complex institutions. Examiners will take these factors into consideration during their evaluations.

For more information, please contact your Division of Supervision Regional Office.

Michael J. Zamorski
Acting Director

Attachment: Examination Procedures to Evaluate Compliance with the Guidelines to Safeguard Customer Information

Distribution: FDIC-Supervised Banks (Commercial and Savings)

NOTE: Paper copies of FDIC financial institution letters may be obtained through the FDIC's Public Information Center, 801 17th Street, NW, Room 100, Washington, DC 20434 (800-276-6003 or (703) 562-2200).


FIL-68-2001

Last Updated: August 24, 2001