Skip to content
BOL Conferences
Forums · Active Threads · Forum Rules · Mark All Read · Log In
BankersOnline.com Forums Banker Forums eBanking / Technology GLBA Annual Board Report.
Thread Options
#679782 - 02/05/07 06:17 PM GLBA Annual Board Report.
complianceman Offline
Platinum Poster
complianceman
Joined: Mar 2005
Posts: 687
New Albany, IN
Could someone please provide me with some guidance or direction as to what an Annual GLBA Board Report would contain?

I need to do one of these for two separate entities and want to ensure that I have sufficient information to apprise the Board as well as make the examination staff happy as well.
_________________________
The opinion stated here is what it is, My Opinion.

Return to Top
eBanking / Technology
#679812 - 02/05/07 06:45 PM Re: GLBA Annual Board Report. complianceman
BrendaC Offline
Power Poster
BrendaC
Joined: Sep 2001
Posts: 6,029
Sweet Home AL
I sent you something, check your PMs.
_________________________
Life without Jesus is like an unsharpened pencil - it has no point.

Return to Top
#681580 - 02/07/07 01:14 PM Re: GLBA Annual Board Report. BrendaC
FraudHorn Offline
Member
FraudHorn
Joined: Dec 2005
Posts: 60
Maine
Oh! Oh! Me too. Please, please, please.
_________________________
The cannons don't thunder there's nothin' to plunder.

Return to Top
#681999 - 02/07/07 06:36 PM Re: GLBA Annual Board Report. FraudHorn
RR Joker Offline
10K Club
RR Joker
Joined: Nov 2002
Posts: 20,656
The Swamp
I don't have any help for you really, but I will tell you what we do in lieu of an annual report and the examiner's have been happy with it. We have a formal GLBA committee that meets quarterly. We send the minutes of that meeting to the board of directors quarterly and they stand for our "annual report". In this way, the board is informed of information on a much more timely basis and the coverage is more complete. (IMHO)
_________________________
My opinion only. Not legal advice.

Say you'll haunt me - Stone Sour

Return to Top
#684697 - 02/09/07 10:28 PM Re: GLBA Annual Board Report. RR Joker
Andy_Z Offline
10K Club
Andy_Z
Joined: Oct 2000
Posts: 27,750
On the Net
If you mean the annual IT report, your infosec program must:

• Be approved and overseen by the Board of directors
• Be adjusted, as appropriate, for changes in the bank’s (or
servicer’s) processing environment or systems.
• Include an annual report to the board (or committee) describing the overall status of the program and bank’s compliance with the Guidelines.
_________________________
AndyZ CRCM
My opinions are not necessarily my employers.
R+R-R=R+R
Rules and Regs minus Relationships equals Resentment and Rebellion. John Maxwell

Return to Top
#685485 - 02/12/07 08:51 PM Re: GLBA Annual Board Report. Andy_Z
CRL Offline
Platinum Poster
CRL
Joined: Sep 2003
Posts: 579
In the FFIEC IT Handbook, look at the Booklet: Information Security, Section: Security Process. Go to http://www.ffiec.gov/ffiecinfobase/html_pages/infosec_book_frame.htm

It states: The board should approve written information security policies and the written report on the effectiveness of the information security program at least annually. At a minimum, the report should address:

1) the results of the risk assessment process;
2) risk management and control decisions;
3) service provider arrangements;
4) results of security monitoring and testing;
5) security breaches or violations and management’s responses; and
6) recommendations for changes to the information security program.

The annual approval should consider the results of management assessments and reviews, internal and external audit activity related to information security, third-party reviews of the information security program and information security measures, and other internal or external reviews designed to assess the adequacy of information security controls.

I have a memo that touches each of the above, and make sure it's in the board packet and approved in the board minutes.

Return to Top

Moderator:  Andy_Z