Your Guide to Navigating the New FTC Safeguards Rule

IT for Financial

As cybersecurity has become an increasingly discussed issue in our world, we are becoming more and more aware of our need for certain regulations, especially in the financial district. From complex phishing scams to data breaches, sensitive information needs to be protected—and now, the Federal Trade Commission (FTC) is here to help. 

As of last November, the FTC announced its intentions to extend the deadline for a new financial data security rule.

What is the Safeguards Rule?

On June 9, 2023, the FTC is implementing its Safeguards Rule in order to protect customers from threats and cybercrimes. This new rule applies specifically to non-banking financial institutions; these include companies that provide services such as loan and debt relief, tax preparation, or debt collection. 

The Safeguards Rule requires these non-banking financial institutions to create, implement and maintain a security program to keep the sensitive financial information of their customers safe and secure. These non-banking financial institutions that are affected include:

  • Mortgage brokers: Companies that connect customers with lenders
  • Tax return preparers: Companies that provide tax preparation services and e-filing options
  • Debt relief service providers: Companies that provide debt relief, such as debt consolidation or credit counseling
  • Consumer reporting agencies: Companies that compile consumer information such as credit reports
  • Payday lenders: Companies that offer short-term loans in exchange for a fee

What is Required of the IT Security Program?

The IT security program must include administrative, technical and physical safeguards. The FTC approved changes to the Safeguards Rule back in 2021, in order to include more specific criteria that financial institutions must implement in their security programs.

The following is a list of the requirements that covered financial institutions:

  • Designate a certain individual to oversee the information security
  • Write a risk assessment
  • Limit who can access customer information
  • Train security personnel
  • Develop a comprehensive incident response plan
  • Conduct assessments on the practices of service providers
  • Implement MFA (multi-factor authentication) or another method to protect any individual accessing customer information

Why the Extension?

With the Safeguards Rule promising positive ramifications across the financial district, why has there been a delay in enacting it?  The deadline is being extended due to the reported shortage of qualified IT personnel, as well as supply chain issues. 

These difficulties have been exacerbated by the COVID-19 pandemic. This may make it difficult for financial institutions, especially small ones, to come into compliance with the new FTC Safeguards Rule.

What Now?

Financial institutions should begin preparations now to ensure they are ready for compliance with this new rule when it goes into effect in June 2023. Professionals dealing with IT for financial have an important role to play here as well; their expertise will be invaluable in helping these organizations upgrade their security systems and become compliant.

If you are looking for the right experts that can help with IT for financial institutions, eMDTec is the perfect IT partner for you. With years of experience in IT compliance and security, we can help ensure that your organization is prepared to meet the new FTC Safeguards Rule. Contact us today to see how we can help!