As of January 10, 2022, the FTC’s amendments to the Safeguards Rule (“Amendments”) went into effect: 16 CFR Part 314; RIN 3084-AB35, Standards for Safeguarding Customer Information.

If you are in compliance of the new Safeguards Rule, then great you are ahead of most. If not, we have included some information below that may help.

The Amendments apply to financial institutions and has expanded from banks to mortgage lenders, credit unions and major players to car dealerships, payday lenders, check cashing businesses, tax preparation services and even home appraisers.

The Amendments include five (5) primary modifications to the Safeguards Rule. These modifications generally relate to heightened information security requirements and expanding the definition of “financial institution.”

Below are some highlights:

  • Financial institutions need a designated (named) individual that controls and manages their security plan/policy
  • Financial institutions need to have written policies and procedures (information security and incident response plan) in place
  • Financial institutions need to have detailed security controls in place
  • Processes for risk assessment and risk management (MSAs explicitly called out)
  • Financial institutions need to have penetration tests done, vulnerability assessments done, all according to a specific schedule (2x / year)
  • Defined reporting functionality
  • Report to board of directors or similar tier of executive leadership
  • What is reported, how it is reported and when it is reported
  • And more…..

Financial institutions now more than ever need to comply with a much higher standard when it comes to Cyber.

Goliath offers a Complimentary Cyber Risk Analysis to help guide you down the path to Cyber compliance and resilience – Contact us today:

Also, we have attached a couple of supporting links below.


Comments are closed