signzy

API Marketplace

downArrow

Solutions

downArrow

Resources

downArrow

Our Company

downArrow
Book a Demo
laptop
Logo
Responsive
Decorative line
← Back to Glossary

FTC Safeguards Rule Amendments

United States

United States

2003

Privacy

Cybersecurity

Overview

The FTC Safeguards Rule, part of the Gramm-Leach-Bliley Act (GLBA), was originally adopted in 2003 and significantly amended in 2021, with most provisions enforced from June 9, 2023. The rule requires non-bank financial institutions to develop, implement, and maintain a comprehensive information security program to protect customer data.
The 2021 amendments modernize the rule to address evolving cyber threats, introducing more prescriptive requirements such as multi-factor authentication, encryption, and risk assessments. It applies to non-bank financial institutions, including mortgage brokers, auto dealers, loan servicers, investment advisors, payday lenders, and tax preparers under FTC jurisdiction. These entities must establish robust customer due diligence protocols as part of their comprehensive information security programs to verify customer identities, assess risk profiles, and maintain ongoing monitoring to protect sensitive financial information and ensure regulatory compliance.

Key Obligations

  • Designate a qualified individual to oversee the information security program
  • Conduct written risk assessments and implement safeguards based on findings
  • Encrypt customer data at rest and in transit
  • Require multi-factor authentication for system access
  • Regularly monitor and test systems for vulnerabilities
  • Provide staff training and incident response planning
  • Submit annual reports to boards of directors or governing bodies

Stay ahead of risk with Signzy

Explore tools that help you onboard, monitor, and verify with confidence

One Touch KYC

One Touch KYC

Launch global KYC flows with built-in document OCR, liveness checks, deepfake detection, and AML, all through a single, customizable dashboard.

AML Screening

AML Screening

Screen users against Politically Exposed Persons (PEP), watchlists, sanctions lists, adverse media, and more through one-time screening and advanced monitoring.

Transaction Monitoring

Transaction Monitoring

Monitor transactions in real-time and analyse past behaviour to identify suspicious activities and ensure regulatory compliance across the user journey.

Related Regulations

Decorative icon
GLBA Safeguards Rule Compliance

Decorative icon
NIST CSF 2.0 Cyber Framework

Decorative icon
CIRCIA Cyber Incident Reporting Law

FAQ

Who must comply with the amended Safeguards Rule?

Non-bank financial institutions under FTC jurisdiction, such as mortgage lenders, auto dealers, and tax preparers.

What’s the biggest change in the 2021 amendments?

The shift from flexible principles to prescriptive technical and administrative requirements, including encryption and MFA.

Are small businesses exempt from all requirements?

Certain provisions are waived for firms with fewer than 5,000 consumers, but core security program requirements still apply.

When did enforcement begin?

While the amendments were finalized in 2021, most requirements became enforceable from June 9, 2023.