GLBA Delivery Remediation

Intervention management to address regulatory enforcement actions

Business Situation

A large US bank embarks on a 3 year programme to design, build and implement Non-Public Personal Information (NPPI) controls across the bank and resolve non-compliance issues related to the Gramm–Leach–Bliley Act (GLBA) in Information Security, Records Management, Vendor Management, Data Protection, Business Continuity, Physical Security, Risk Assessment and Governance.

Project Overview

Ruota Consulting was engaged to project manage, resolve and remediate significant GLBA programme issues, including technical and non-technical project quality issues and delivery delays.  In addition, there was a need to understand whether GLBA requirements were fully understood and incorporated into project delivery plans across all programme areas. 

  • Designed, developed and implemented a programme management delivery structure to ensure all GLBA projects were governed and controlled in a consistent manner and that Executive reporting was able to articulate status, challenges and escalated decision requirements.
  • Provided project management capability for areas requiring remediation and ongoing management
  • Created an End-to End Roadmap demonstrating the journey to GLBA remediation and ongoing sustainability
  • Defined ongoing sustainability requirements for the bank to help lift the unsatisfactory ratings from the Federal Deposit Insurance Corporation (FDIC) and Office of the Comptroller of the Currency (OCC)
  • Provided ongoing management and reporting post remediation to ensure ongoing sustainability requirements where proactively monitored and governed, getting the bank to ‘business as usual’
  • Assured GLBA deliverables were satisfactory for executive and regulatory review
  • Ensured the bank was able to lift their ‘unsatisfactory’ rating from the FDIC and OCC to ‘satisfactory’, thereby meeting regulatory compliance requirements
  • Provided control and direction across multiple projects being delivered in silos – projects delivered on time and to the correct level of quality
  • Proactive and timely resolution of critical issues to address FDIC and OCC requirements minimising unnecessary regulatory involvement