Does My Business Need to Comply with the FTC Safeguards Rule?

Many businesses assume that the FTC Safeguards Rule, implemented by the Gramm-Leach-Bliley Act (GLBA), only covers traditional financial institutions like banks and credit unions. The GLBA was enacted to protect and secure customer information. However, since the passage of the bill, regulatory and technological changes have allowed a variety of new businesses to offer services that traditionally fell to banking institutions. Many companies may not even be aware that they are required to comply with this rule.

The Safeguards Rule requires non-bank financial institutions to develop, implement, and maintain a comprehensive Information Security Program to secure their customers' data. The Safeguards Rule defines a business as a financial institution if the "business is engaging in an activity that is financial in nature or incidental to such financial activities." This broad definition covers a variety of institutions that are not banks but provide banking or related financial services. Here are some of the types of businesses that fall under this definition:

• A retailer that issues its own credit card directly to consumers

• An automobile or farm vehicle dealership that extends leases as part of its business

• A personal property or real estate appraiser

• A business that prints and sells checks for consumers

• A business that regularly wires money to and from customers

• A check-cashing business

• An accountant or other tax preparation service

• A business that provides real estate settlement services

• A mortgage broker

• An investment advisor or a credit counseling business

The mandatory compliance date was June 9, 2023. If your business is a financial institution under the Safeguards Rule, you should act quickly. The FTC Safeguards Rule mandates fines up to $100,000 per violation for companies and up to $10,000 per violation for corporate officers. In addition, civil penalties can accrue up to $11,000 per day per violation.

I can help. Click the button below for a no-obligation, free consultation. I am not a salesman, so there will be no high-pressure sales tactics, but an honest and confidential assessment.