Study notes. AI-assisted reference for NMLS SAFE exam prep — verify against primary sources (CFR, statute, CFPB) before relying on it. Not legal advice.

Gramm-Leach-Bliley Act (GLBA) and Regulation P

Updated 2026-05-17

regulationfederalcfrprivacyconsumer-protection

The Gramm Leach Bliley Act (GLBA), also known as the Financial Services Modernization Act of 1999, is a federal statute that repealed parts of the Glass-Steagall Act of 1933, allowing commercial banks, investment banks, securities firms, and insurance companies to consolidate. More importantly for mortgage loan originators (MLOs) and financial institutions, GLBA includes comprehensive provisions that protect consumers' personal financial information.

Regulation P (12 CFR Part 1016) implements the privacy provisions of the GLBA, detailing how financial institutions must protect the privacy of consumers' nonpublic personal information.

Key Provisions of the GLBA and Regulation P

The GLBA establishes several core requirements for financial institutions regarding consumer privacy, which are further detailed and enforced by Regulation P:

1. Financial Privacy Rule (GLBA Subtitle A)

This rule requires financial institutions to explain their information-sharing practices to customers and to safeguard sensitive data. Regulation P mandates the following:

Privacy Notices: Financial institutions must provide consumers with clear and conspicuous privacy notices. These notices must be provided at the time a customer relationship is established and annually thereafter. They must explain what information the institution collects, where it is shared, and how customers can opt out of certain sharing.
Opt-Out Right: Consumers must be given the opportunity to opt out of the sharing of their nonpublic personal information with nonaffiliated third parties.

2. Safeguards Rule (GLBA Subtitle B)

This rule requires financial institutions to develop, implement, and maintain a comprehensive information security program. This program must be designed to protect the security, confidentiality, and integrity of customer information through administrative, technical, and physical safeguards.

3. Pretexting Protection (GLBA Subtitle C)

This provision prohibits individuals from obtaining personal financial information under false pretenses, a practice known as "pretexting."

Compliance

Compliance with the GLBA and its implementing Regulation P is essential for MLOs and financial institutions to protect consumer privacy, maintain trust, and avoid legal penalties.

Statutory Citation: 15 U.S.C. §§ 6801 et seq. Regulatory Citation: 12 CFR Part 1016

Study the full exam sections

This page is reference detail. The five SAFE exam study guides put it in context.

MLO Activities Federal Laws General Knowledge Ethics Uniform State All wiki pages

MLO Mastery — NMLS SAFE exam reference wiki. AI-assisted study notes; verify against primary sources. For exam preparation only. Not legal advice.