anonymous

Safeguards Rule Compliance Countdown: Are You Ready?

Did you know that in six short months, your business must develop, implement, and maintain a comprehensive information security program?

12/08/2022 11:45 A.M.

Safeguards Rule: What Is It? 

Part of the Gramm-Leach-Bliley-Act (GLBA), the Safeguards Rule is designed to define standards for protecting the integrity of customers’ private personal information (PPI). It was implemented by the Federal Trade Commission in 2003 and has been used to regulate financial institutions for nearly 20 years to ensure customer data is secure. In 2021, the FTC amended the Safeguards Rule to ensure the law keeps up with modern technology. Now, all affected financial institutions must be compliant by June 9, 2023. 

The new rule requires that debt collectors like you, plus mortgage brokers, mortgage lenders, payday lenders, real estate appraisers, check cashiers, tax preparers, and more, protect the security of their customers’ information in various ways. Keep an eye on this blog for more posts about these protections and what’s required of your business. 

So, What’s Changed About the Safeguards Rule? 

There are five new aspects of the rule that financial institutions should know about: 

  • Expanding adherence to the SMB Financial institutions with more than 5,000 records must comply with the additional requirements. 
  • Organizations that are considered financial institutions Defined as any institution the business of which is engaging in an activity that is financial in nature. 
  • Information security program expectations – Must comply with nine elements that strengthen your cybersecurity program (see the section below). 
  • Detailed definitions of compliance – The Safeguards Rule gives specific instructions on how to reach compliance paving the way for a more secure information security program. 
  • Reporting guidelines and expectations – Provide written procedures for reporting cybersecurity incidents.  

Why Did the Compliance Deadline Change? 

Previously required in December 2022, the new June 9, 2023, deadline provides financial institutions more time to reach compliance.  

Small and medium-sized businesses might find it more challenging to become compliant by the approaching deadline. Thanks to pressure from ACA International and other groups on behalf of small businesses in the financial sector, the FTC allowed six more months for organizations to become compliant. Like taxes being due, an extension doesn’t mean delaying filing until the night before the deadline. It means taking advantage of the extension and starting to work toward compliance. 

Many members don’t realize how much time it takes to have a risk assessment performed, create a security program per the risk assessment results, perform and remediate the findings of vulnerability and penetration scans, and document more than nine security policies. It’s all part of the months-long process to become compliant and avoid hefty penalties. So don’t wait! You’ll want to start today. 

What’s at Stake?  

It sounds like a challenge. How can your company develop, implement, and maintain a cybersecurity program by June 9, 2023?  

The key is to start now. In order to pass the FTC audits beginning in June 2023, you’ll need to be defensible and provide a strong case that your information security program is secure and running smoothly. Claiming you started work on June 8 will not be nearly as defensible and potentially will result in a less-than-desirable report. 

Even worse, non-compliant institutions or individuals could face jail time and financial penalties. Avoid up to $100,000 in financial penalties per incident and prison sentences for up to five years by upgrading your internet security program months before the June 2023 deadline. 

Here’s What We’ll Do to Make Your Business Safeguards Rule Compliant 

ACA has tapped TPx as their Safeguards Security Partner of Choice. We’re ready to implement nine steps to making your business defensible before the June 9, 2023, deadline: 

  • Identify an organization (like TPx) or a qualified employee to head up your cybersecurity program 
  • Run a risk assessment 
  • Deploy safeguards and mitigate risks 
  • Regularly examine your infrastructure 
  • Train staff on security awareness 
  • Monitor progress with the designated service provider 
  • Run cybersecurity updates 
  • Create and implement an incident response plan 
  • Regularly report and document progress 

We’re here to help you become defensible and stay secure. As a trusted managed services provider for financial institutions from coast to coast, our certified experts on staff can address all your cybersecurity needs and ensure you’re defensible.  

Ask the Experts 

It sounds complicated, but TPx experts can help you navigate the complications, translate the rule into simple terms and answer any question you may have. When it’s time to implement the changes, TPx will walk your organization through every step of the process.  

As the exclusive ACA International partner, TPx has created unique solutions which are available at discounted pricing for ACA members.  

Find more information and get started at tpx.com/aca

If you have executive leadership updates or other member news to share with ACA, contact our communications department at [email protected]. View our publications page for more information and our news submission guidelines here.

Join the Conversation on The Hub
Subscribe to Our Publications
Advertising Media Kit
ACA Events Calendar

Recently Posted

Newsroom

Advertisement

Benchmarking

Advertisement

Training Zone
One moment please...

Share Profile

  • Copy Profile Link
  • Open In New Window
CLOSE
Training Zone

Access all of ACA’s online education for one low price.

Training Zone

This site uses cookies. By continuing to use our site, you are agreeing to our use of cookies. Review our Privacy Policy for more information. You may change your preferences on how cookies are stored by reviewing the settings on your browser.

The content on this site is presented for educational, general reference, and informational purposes only; is not intended to serve as legal or other advice; is not intended to be a full and exhaustive explanation of the law in any area; and should not replace the advice of your own legal counsel. By continuing to use our site, you are agreeing to the legal disclaimers in our Terms of Use. Review our Terms of Use for more information.

Accept & Close

Friendly Reminder

Get continued access to ACA International’s wide array of resources, which can help you become more profitable, compliant and successful.

Renew your membership today to take advantage of tools you won’t find anywhere else:

  • Discounts on seminars, products, services and events
  • Resources to strengthen your compliance department
  • Industry-specific risk management products and services
  • Participation in ACA’s online community, The Hub
    Members-only website content
  • Professional development and training opportunities, and so much more!

If you have completed your renewal, please disregard this reminder.

Renew Today