Key Points:
Financial institutions under the jurisdiction of the FTC Safeguards Rule must implement new security controls to protect customer’s financial information. The rule took effect in 2003 but was amended in 2021 after public comment to ensure the rule keeps pace with current technology.
After revision, FTC imposed a deadline of December 9, 2022, with a penalty of $45,000 for violating the rule. The regulations may be news for non-banking financial institutions that are first-time subject to the FTC Safeguards Rule.
The FTC Safeguards Rule outlines data security guidelines for financial institutions under its jurisdiction to protect customers’ information and ensure organizations keep pace with current technology.
The rule is part of the more significant 1999 Financial Modernization Act, which first required financial institutions to document how they handle sensitive customer information. After almost two decades, it’s safe to say the technology and data security rules have become ancient.
Following public comment, the FTC updated the Safeguard Rule in 2021 to offer better guidance for organizations. The affected financial organizations have to go over the updates of the FTC Safeguards Rule to ensure they remain compliant with the outlined expectation before the December 9, 2022, deadline.
According to FTC, the rule applies to all financial institutions under FTC’s jurisdiction. The official FTC site defines a financial institution as any organization that engages in activities that are financial in nature or are incidental to such financial activities.
Some financial institutions that FTC gives as examples include:
The FTC safeguards rule doesn’t apply to banks, federal credit unions, and savings and loan institutions.
FTC Safeguards requires organizations under its jurisdiction to comply with several requirements. The regulator outlines three elements for every information security program of financial institutions. Your security program must:
The FTC Safeguards Rule outlines nine requirements for compliant security infrastructure. For an organization to be compliant, it must:
The new amendments have many new requirements, including:
The technical requirements call for cybersecurity solutions that are FTC-compliant. Your organization needs to implement a security program with the following:
FTC says that you must implement a security solution that monitors when authorized users are accessing customer information on your system and detects any unauthorized or suspicious access to customer data.
One way to implement the requirement is to adopt a solution that collects, centralizes, and automatically analyzes your log data for users’ activities. The solution should detect unauthorized access, alert you in real-time, provide the next steps to respond, and allow easy access to historical log reports of user activity for investigations and audits.
Financial institutions under FTC should get into compliance the quickest way possible. While the new FTC Safeguards Rule demands a lot from your organization to be compliant, it’s for a good reason. The spike in security threats is concerning, and for every stakeholder in your organization, you need to do your part in managing risks.
My experience with Schilling IT has always been excellent. For the most part, Cirro Ramos has been the person to assist me. Cirro is consistently pleasant, knowledgeable, and patient. He never stops until my problem is resolved. I am so grateful that our organization has Schilling IT to help us with our needs!
~ Angela HarrisSchilling IT provides a personalized, expert solution for all our IT needs and even more. They have never avoided helping us with anything related to technology even if it may fall outside their typical course of business. They have been the complete solution for anything relating to computers, technology, and IT. Their response time has always been fast.
~ VJ DamasiusSchilling IT and all of their employees are excellent!!! They always take care of any issues we have in a timely manner and I would recommend them to anyone!!
~ ShannonGreat customer service, and quick!!! Total professionalism on appearance and demeanor. Completely satisfied with the work we had performed.
~ Kerry drakeSchilling IT is professional and quick to resolve your IT problems. I highly recommend their team!
~ Jorie Jones-Prather