FTC SafeGuards Compliance

FTC SafeGuards Rule Compliance

Cybercriminals continue to target financial institutions to steal customer data, whether the data is used to takeover customer accounts and make fraudulent transactions or other nefarious reasons. The Federal Trade Commission’s Standards for Safeguarding Customer Information, known as the FTC Safeguards Rule, governs how non-banking financial institutions need to keep customer data safe, including auto dealerships and mortgage brokers.

The FTC’s definition of the term “financial institutions” is broader than some people think, and includes “mortgage lenders, payday lenders, finance companies, mortgage brokers, account servicers, check cashers, wire transferors, collection agencies, credit counselors and other financial advisors, tax preparation firms, non-federally insured credit unions, and investment advisors that aren’t required to register with the SEC,” and finders (companies that bring buyers and sellers together, negotiating and consummating transactions between included parties).

The FTC approved changes to the Safeguards Rule in October 2021 to keep up with evolving technology and cyberthreats. The FTC recently extended the deadline for compliance with certain provisions to June 9, 2023, including requirements to designate a qualified individual to oversee their information security program, develop a risk assessment, limit and monitor access to customer data, and other provisions.


How K3 helps your company with Safeguards Rule compliance

K3’s Virtual Chief Information Security Officer (vCISO) service can make sure you are compliant with the Safeguards Rule. Non-banking financial institutions covered by the Safeguards Rule need to have people, processes and tools in place for a strong information security program. We can develop and oversee your program to maintain compliance.

Risk Assessment

Our risk assessment examines the consumer data protection practices, processes and tools already in place. The risk assessment is used identify what you are doing right, along with gaps in your practices and tools that need to be addressed to be compliant with the Safeguards Rule. monitoring service providers, business processes (such as accounting and vendor management processes), and information security programs.

Overseeing Compliance

Based on our written risk assessment for your company, our vCISO can recommend and implement solutions for any gaps we find. Our services include:

  • Acting as the qualified individual implementing and supervising your company’s information security program.
  • Advising your executive team on appropriate actions to take to safeguard data.
  • Developing an information security program that is risk based and aligned with organizational goals.
  • Developing and managing metrics to measure the effectiveness of the organization’s information security program.
  • Monitoring safeguards, training staff, monitoring service providers, and keeping your information security program current.

Ongoing Support

Your company needs to remain compliant to avoid FTC enforcement actions and reputational damage should data breaches occur while non-compliant. K3’s ongoing vCISO services monitor the effectiveness of the safeguards and make recommendations to keep your operations compliant.


Contact us

Contact K3 today to learn how our vCISO services can ensure you are in compliance with the FTC Safeguards Rule. We’re here to help!


Book a Call Today!