A practical guide to the updated FTC Safeguards Rule for non-bank financial institutions. Covers who is actually covered (including auto dealers, mortgage brokers, and tax preparers who often don't know they are), what the 2023 requirements demand, and how to reframe compliance from a regulatory checkbox into a measurable competitive advantage.
The Gramm-Leach-Bliley Act has been on the books since 1999, and the FTC's Safeguards Rule has existed since 2003. For most of that time, compliance looked like having a written policy, doing something that resembled a risk assessment, and moving on. Then the FTC updated the rule substantially in 2021, with the new requirements taking effect in 2023, and what "compliance" requires became significantly more specific: a Qualified Individual accountable for the program, annual reporting to the board or senior officer, mandated technical controls including encryption, multi-factor authentication, penetration testing, and audit logging, and a breach notification obligation to the FTC when 500 or more customers are affected.
The updated rule also reaches a broader population of businesses than many realize. "Financial institution" under the GLBA and the FTC's Safeguards Rule is not limited to banks and credit unions. It includes auto dealers who arrange financing, mortgage brokers and lenders, payday and installment lenders, tax preparers, accountants who prepare tax returns, financial advisors and investment advisors not covered by SEC rules, real estate appraisers, check cashers, wire transfer services, retailers that extend credit, and a range of other businesses that touch consumer financial information in ways that trigger the rule's coverage. Many of these businesses have been covered for years and do not know it.
This course does two things simultaneously. The first is practical compliance: you will understand exactly who is covered, what the nine elements of a compliant information security program require, what the 2023 technical safeguard mandates look like in practice, how to build a risk assessment that actually drives your program, what the incident response and FTC notification requirements demand, and how to manage vendor oversight under the rule. The second is strategic: you will understand how to reframe Safeguards Rule compliance from a regulatory burden into a consumer trust asset that influences how customers choose you, stay with you, and refer others to you.
Most businesses that handle consumer financial data treat their security posture as something regulators care about and customers do not notice. The evidence suggests the opposite is increasingly true. Consumers are making active decisions about which businesses they trust with their financial information, and the businesses that can articulate a credible security posture in plain language are earning a competitive advantage that their compliant-but-silent competitors are leaving on the table.
Whether you are a compliance lead trying to get the technical requirements right, an operations manager building the program from scratch, or a business owner who wants to satisfy the regulator and use the effort to win customers, this course gives you both the compliance foundation and the strategic frame to make the investment pay off twice.
One-time payment. Lifetime access. Access link delivered by email.
Already purchased? Resend access link