FTC Finalizes Safeguard Rules for Non-Bank Financial Institutions

Sheppard Mullin Richter & Hampton LLP
Contact

Sheppard Mullin Richter & Hampton LLP

On October 27, the FTC announced a final rule amending the Standards for Safeguarding Customer Information, known as “the Safeguards Rule,” under the Gramm-Leach-Bliley Act, which is applicable to a broad range of non-banking financial institutions, such as check-cashing businesses, payday lenders, mortgage brokers, nonbank lenders, personal property or real estate appraisers, professional tax preparers, courier services, and credit reporting agencies to develop, implement, and maintain a comprehensive security system to keep their customers’ information secure.

Key amendments include the following:

  • Adds provisions designed to provide covered financial institutions with more guidance on how to develop and implement specific aspects of an overall information security program, such as access controls, authentication, and encryption.
  • Adds provisions designed to improve the accountability of financial institutions’ information security programs, such as designating a single qualified individual to oversee their information security program and by requiring periodic reports to boards of directors.
  • Requires a written risk assessment, incident response plan, and periodic assessments of service providers.
  • Expands the definition of “financial institution” to include entities engaged in activities that the Federal Reserve Board determines to be incidental to financial activities. This change adds “finders”– companies that bring together buyers and sellers of a product or service – within the scope of the Rule.

Provisions of the final rule are effective one year after the date of publication in the Federal Register. The remainder of the provisions are effective 30 days following publication.

Putting It Into Practice:  This update comes in the wake of “widespread data breaches and cyberattacks” that, according to the FTC, have resulted in “monetary loss, identity theft, and other forms of financial distress.”  Financial institutions should carefully review the new Safeguards Rule to ensure compliance in light of the heightened scrutiny by the FTC.  In particular, financial institutions may wish to refresh existing information security programs to ensure the confidentiality, integrity, and availability of sensitive customer information consistent with regulatory expectations.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Sheppard Mullin Richter & Hampton LLP | Attorney Advertising

Written by:

Sheppard Mullin Richter & Hampton LLP
Contact
more
less

Sheppard Mullin Richter & Hampton LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.