¿How do you know if your business is a financial institution subject to the Safeguards Rule?
Nowadays, it is vital to know the laws that support your business activity, as their function is to protect you as an entrepreneur and, thus, your end customer.
As the name suggests, the Federal Trade Commission’s Customer Information Protection Standards (the Safeguards Rule) ensure that entities covered by the Rule maintain defenses to keep customer information secure.
The Safeguards Rule went into effect in 2003, but after public comment, the FTC amended it in 2021, which consolidated it to keep pace with our current technology, thus providing a more specific guidance model for companies to adapt and meet the required need.
How do you know if your business is a financial institution subject to the Safeguards Rule?
The first thing you should know is that this rule applies to financial institutions that are subject to the jurisdiction of the FTC and are not subject to the enforcement authority of another regulator under Section 505 of the Gramm-Leach-Bliley Act, 15 USC § 6805. Under Section 314.1(b), an entity is a “financial institution” if it engages in an activity that is “financial in nature” or is “incidental to such financial activities, as described in section 4(k) of the Bank Holding Company Act of 1956, 12 USC § 1843(k).”
We will show you 13 examples of the types of entities that are financial institutions under Rule:
1. Mortgage lenders.
2. Payday lenders.
3. Finance companies.
4. Mortgage brokers.
5. Account managers.
6. Check cashers.
7. Wire transfers.
8. Collection agencies.
10. Financial advisors.
11. Tax preparation firms.
12. Non-federally insured credit unions.
13. Investment advisers that are not required to register with the SEC.
The 2021 amendments to the Safeguards Rule add a new example of a financial institution: finders. Those firms bring buyers and sellers together, and then the parties negotiate and consummate the transaction.
What does the Safeguards Rule require companies to do?
It requires covered financial institutions to develop, implement and maintain an information security program with administrative, technical, and physical defenses designed to protect customer information.
The Statute defines customer information as “any record containing nonpublic personal information about a financial institution’s customer, whether in paper, electronic or other form, that is managed or maintained by or on behalf of you or your affiliates.”
The Rule covers information about your customers and customers of other financial institutions that have provided that data to you. Your information security program should be written and appropriate to the size and complexity of your business, the nature and scope of your activities, and the sensitivity of the information involved.
The objectives of your company’s program are:
– To ensure the security and confidentiality of customer information.
– To protect against anticipated threats or hazards to the security or integrity of that information
– To protect against unauthorized access to that information that could result in substantial harm or inconvenience to any customer.
Do you have any doubts? Would you like to know more about it?
You can visit the FTC’s official website.
You can also request a meeting with one of our consultants to find out how advanced your security program is, its weaknesses, and what options exist to complement it.
Our mission at Dapango is to provide people with the education, resources, and knowledge they need to be resilient in a world of advanced technology. We aim to create unique experiences and shape a better world for all by supporting them in pursuing their passions and achieving their goals.