The FTC Safeguards Rule Extension Is Almost Over. Is Your Financial Institution Prepared?

Manager of financial institution reading reports.

For financial institutions, finding ways to protect, monitor, and secure customer data is a crucial part of protecting their customers. 

The FTC Safeguards Rule, which was extended by the Consumer Financial Protection Bureau (CFPB) in 2020 due to the COVID-19 pandemic, is an important regulation for financial institutions to follow when it comes to protecting customer data. In this article, we are going to discuss the Safeguards Rule, what it includes, why financial institutions need to follow it, and how they can prepare for its implementation.

What Is GLBA?

The FTC Safeguards Rule is part of the Gramm-Leach-Bliley Act (GLBA), which was passed in 1999. This law helps ensure that financial institutions protect consumers’ personal data from unauthorized access and use. 

The rule requires financial institutions to develop a written information security plan that describes how they will protect customer information—such as Social Security numbers, bank account numbers, and credit card information—from misuse or theft. 

The FTC Safeguards Rule Extension is coming to an end. The deadline to implement the protocols is approaching fast.

Why Was There an Extension?

Due to the ongoing pandemic, the FTC Safeguards Rule Extension emerged which will expire June 9th, 2023. The extension was meant to help financial institutions comply during these challenging times by providing more time for implementation. As part of the extension, the FTC also added additional requirements to help ensure customer data is secure.

What Does the Safeguard Rules Include?

The Safeguards Rule includes several provisions, such as:

  • Assigning Security Responsibilities: Financial institutions must have a designated individual responsible for overseeing their security program.
  • Conducting Risk Assessments: Organizations need to identify and address vulnerabilities that may pose a threat to customer data.
  • Protecting Against Unauthorized Access: Financial institutions must take appropriate measures such as encryption and access control to protect confidential information.
  • Adopting Physical Safeguards: Financial institutions need to protect customer information stored in physical locations, such as branch offices and server rooms.

What New Requirements Were Added?

The FTC Safeguards Rule Extension added additional safeguards that must be implemented before June 9th, 2023. These include

  • Updating Incident Response Plans: Organizations must have a plan in place for responding to known or suspected security incidents.
  • Monitoring Vendor Activity: It is now mandatory to monitor third party vendors who access or store customer data on behalf of the financial institution.
  • Conducting Training Sessions: Financial institutions should provide employees with regular cybersecurity training sessions to help them recognize potential threats.
  • Evaluating Customer Authentication Systems: Organizations should evaluate their customer authentication methods and update them if necessary.

How Can Financial Institutions Prepare?

Financial Institutions must act quickly to ensure compliance before the June 9th deadline. The FTC Safeguards Rule Extension provided extra time for institutions to create a plan for complete compliance. To make sure they are ready, they should consider working with an MSP or security services provider such as eMDTec who specialize in securing customer data. 

An experienced security partner can help them assess their current systems and processes and provide guidance on how best to protect customer information. Additionally, organizations should have a comprehensive incident response plan in place and provide regular training sessions for employees to ensure compliance.

Get Compliant with eMDTec Today!

It is essential that financial institutions understand the requirements of GLBA and take the necessary steps to comply with the FTC Safeguards Rule Extension before it expires. Doing so will help reduce the risk of data breaches and other security incidents that can cause irreparable damage to the organization’s reputation.

Schedule a cybersecurity assessment with eMDTec today to make sure your financial institution is compliant with GLBA requirements before the deadline. Contact us for more information.