FTC Safeguards Rule

FTC Safeguards Compliance

Keep your current information security program organized, current, and ready to show. The FTC Safeguards Rule mandates comprehensive programs for financial institutions — we help you organize and track yours.

Get Started

Overview

What Is the FTC Safeguards Rule?

The FTC Safeguards Rule requires non-banking financial institutions to develop, implement, and maintain a comprehensive information security program to protect customer data.

Originally enacted in 2003 and substantially amended in 2021, the Safeguards Rule (16 CFR Part 314) is enforced by the Federal Trade Commission. It mandates administrative, technical, and physical safeguards to protect the security, confidentiality, and integrity of customer information.

Non-compliance can result in significant civil penalties, FTC enforcement actions, reputational harm, and loss of customer trust. The amended rule introduces specific criteria — including encryption, access controls, multi-factor authentication, and regular penetration testing.

Who Does It Apply To?

  • Mortgage brokers
  • Motor vehicle dealers
  • Payday lenders
  • Finance companies
  • Account servicers
  • Check cashers
  • Wire transferors
  • Collection agencies
  • Credit counselors
  • Tax preparation firms
  • Non-federally insured credit unions
  • Investment advisors

Requirements

Key Requirements of the FTC Safeguards Rule

The amended rule outlines specific elements every covered institution's information security program must address.

1

Designate a Qualified Individual

Appoint someone responsible for overseeing and implementing your information security program.

2

Conduct a Risk Assessment

Identify and evaluate reasonably foreseeable internal and external risks to customer information.

3

Design & Implement Safeguards

Put controls in place to manage the risks identified during your assessment.

4

Monitor & Test Safeguards

Regularly test and monitor the effectiveness of your safeguards, including continuous monitoring and annual penetration testing.

5

Train Staff on Security Awareness

Provide security awareness training to all personnel and specialized training for security staff.

6

Create an Incident Response Plan

Establish a written plan to respond to security events, including notification procedures.

7

Assess Service Providers

Periodically assess the security practices of your service providers handling customer information.

8

Keep the Program Current

Continuously update and adjust your security program based on operational changes, risk landscape, and testing results.

Our Platform

How Relevant Compliance Helps with FTC Safeguards

Our platform maps every requirement to actionable workflows so you can organize and track your compliance program.

Guided Risk Assessments

Tailored survey-based assessments that map directly to FTC Safeguards requirements, giving you a clear picture of gaps and vulnerabilities.

AI-Powered Document Analysis

Our AI engine reviews your existing security policies and identifies gaps aligned with FTC requirements.

Task Generation & Assignment

Generate remediation tasks from assessment findings and assign them to the right team members.

Remediation Tracking

Structured remediation plans are generated from assessment findings, giving you a clear roadmap to address gaps.

Start organizing your FTC compliance

Join organizations that trust Relevant Compliance to organize their FTC Safeguards compliance process.

Get Started