Answer:
Your question is timely and on point. The banking regulators have already begun to examine for compliance and will continue to ensure institutions maintain compliance continuously. A recently released FDIC survey on how financial institutions have fared during initial GLBA audits determined "almost all information security programs examined were found to have some deficiencies relating to board involvement, testing, and/or staff training."Other areas of confusion and risk are also emerging around the requirements for a formal risk assessment, oversight of service providers, and monitoring and adjusting the information security program.