I think that it is time for the government to provide some sort of tax break to financial institutions for all of the added costs incurred to comply with the GLBA and the USA Patriot Act.
I don't know about how much other institutions are having to dole out for compliance with these issues, but for a small bank the costs are beginning to get overwhelming. Just today I received an industry newsletter on examination practices where banks were being criticized for performing AML monitoring manually (i.e., Excel worksheets), yet at this bank's prior exam they had been commended for their efforts. Basically it stated that if you perform monitoring manually you may be subject to "Needing to Improve" your BSA/AML programs.
We have put so much money into additional security features for the Information Security provisions of GLBA (New employee to understand and oversee this function, new cabinets, new locks....). We have had to purchase a monitoring software for OFAC, the manpower it is taking to stay on top of these requirements is becoming huge.
Anyway, sorry for the rant but when I read this post I just get frustrated that we can't get a step ahead in this process.