FTC Safeguards Rule
The FTC Safeguards Rule is the rule, issued under the Gramm-Leach-Bliley Act, that requires financial institutions under the Federal Trade Commission’s jurisdiction to develop, implement, and maintain a written information security program to protect customer information. Amendments that took full effect in 2023 made the rule substantially more prescriptive about what that program must contain.
What the Safeguards Rule Requires
The amended rule requires covered firms to designate a qualified individual to oversee the program, perform a written risk assessment, and implement specified safeguards — access controls, data inventory, encryption of customer information, multi-factor authentication, secure development practices, change management, monitoring and logging, vendor oversight, staff training, and a written incident response plan. The program must be reported on to firm leadership.
Who the Rule Covers
The Safeguards Rule’s definition of “financial institution” is broad. It reaches not only lenders but many firms engaged in financial activities — including, depending on their activities, investment advisers, accountants, and other professional firms. A breach notification obligation, requiring notice to the FTC for certain events, was added effective in 2024.
Why the FTC Safeguards Rule Matters for Investment & Professional Firms
For DFW investment advisers, accounting firms, and other financial-services firms, the Safeguards Rule sets a concrete, examinable security baseline. DKBinnovative implements and documents the full set of required safeguards — including the written program, MFA, encryption, and incident response — for professional firms in Plano, Frisco, Irving, and Las Colinas.