FTC Safeguards Rule Compliance
Protect customer financial data and meet your regulatory obligations under the updated FTC Safeguards Rule.
What is the FTC Safeguards Rule?
The FTC Safeguards Rule requires financial institutions to develop, implement, and maintain a comprehensive information security program. The updated rule, effective June 9, 2023, includes specific requirements for how companies must protect customer financial information.
The rule applies to businesses that are "financial institutions" under the FTC's jurisdiction, including mortgage lenders, payday lenders, finance companies, mortgage brokers, account servicers, check cashers, wire transferors, collection agencies, credit counselors, tax preparation firms, non-federally insured credit unions, and auto dealers.
Key Requirements
Qualified Individual
Designate a qualified individual to oversee your information security program.
Risk Assessment
Conduct periodic risk assessments to identify threats to customer information.
Access Controls
Implement and periodically review access controls for customer information.
Data Inventory
Know what customer information you have and where it is stored.
Encryption
Encrypt customer information in transit and at rest.
MFA
Implement multi-factor authentication for accessing customer information.
Monitoring
Implement continuous monitoring to detect unauthorized access or use.
Incident Response
Develop and maintain an incident response plan for security events.
Not Sure Where You Stand?
Take our free self-assessment questionnaire to evaluate your current compliance posture.
Take the AssessmentGet FTC Safeguards Compliant
Our experts will help you build and maintain a compliant information security program.
Schedule Consultation