PlanetVerify helps financial companies to collect and manage client documents and personally identifiable information in a streamlined, secure, and compliant manner.
The remit of the FTC Safeguards Rule has been expanded to meet the evolving cybersecurity threat financial institutions face. The main updates – which came into effect in June 2023 – brought about an expanded definition of what the FTC considers a financial institution and also broadened the information security program requirements companies must comply with.
The PlanetVerify platform was built specifically with compliance in mind and includes a number of features companies use to support their information security program – including secure document and personal data collection, end-to-end data encryption, multi-factor authentication, access controls, personal data auditing, and data purging. The PlanetVerify platform can also help companies to smoothly transition away from legacy processes – such as using email for client document sharing. Below we delve into the specifics of how exactly PlanetVerify can help your company meet the updated FTC Safeguards Rule requirements.
What FTC Safeguards Rule Requires:
How PlanetVerify Supports:
Encryption: The FTC Safeguards Rule requires that financial institutions encrypt customer information on their systems and when it is in transit
PlanetVerify’s encrypted client document collection capabilities helps financial institutions to meet this requirement. Instead of relying on legacy tools like email, users can send a highly secure PlanetVerify link to clients who can then upload their documents and personally identifiable financial information (PIFI) to a centralized portal.
Secure disposal of customer information – Companies are required to remove past customer data from their systems in a secure manner.
PlanetVerify’s data purging feature helps companies to meet this requirement. Client documents and personally identifiable information (PII) can be purged from the system in an automated way ensuring past customer details are not stored on the system.
Multi-factor authentication – Companies are required to implement multi-factor authentication for any staff member who accesses customer information.
The PlanetVerify platform possesses end-to-end encryption, multi-factor authentication, and user permission settings to ensure only authorized users have access to the relevant customer information.
Know what you have and where you have it – The FTC Safeguards Rule requires financial institutions to conduct a periodic inventory of data, noting where it is collected, stored, and transmitted.
Using tools like email to collect client documents means you will very quickly lose track of where client documents are stored. Instead of letting documents off into the wild via email, PlanetVerify replaces this legacy process and provides financial institutions with a single, highly secure, automated, and compliant way to collect and store client documents. Conducting a periodic inventory of client data is made simple with PlanetVerify.
What is the FTC Safeguards Rule?
The FTC Safeguards Rule is part of the Gramm-Leach-Bliley Act (GBLA) and sets forth a set of requirements that financial institutions must follow around the development and maintenance of a comprehensive information security program. The FTC Safeguards Rule was updated in 2023 to broaden the information security requirements that financial institutions must meet – as a response to the evolving cyber threats companies face today. The goal of the Rule is to protect consumers’ personal information held by financial institutions.
Who has to comply with the FTC Safeguards Rule?
The Rule applies to “financial institutions”, but, it must be noted, this term is used in a broad sense. Section 314.2(h) of the Rule provides 13 examples of entities that fall under the definition of financial institutions, assisting you in determining whether your company is covered. These examples include various entities such as mortgage lenders, payday lenders, finance companies, mortgage brokers, account servicers, check cashers, wire transferors, collection agencies, credit counselors, financial advisors, tax preparation firms, non-federally insured credit unions, and investment advisors exempt from SEC registration. The recent amendments to the Safeguards Rule in 2021 introduce a new addition to the list, which is finders. Finders are companies that bring buyers and sellers together, with the negotiation and completion of transactions performed directly by the parties involved.
Will my company breach the FTC Safeguards Rule if we use email to collect client documents?
Using email to collect client documents, PII, and PIFI is not in itself an automatic breach of the FTC Safeguards Rule – doing so, however, will make the task of meeting the requirements of the Rule much more difficult if not borderline impossible. There are number of ways email can cause your company to fall foul of the FTC Safeguards Rule.
What happens to my company if we fail to meet FTC Safeguards Rule requirements?
Not adhering to the FTC Safeguards Rule can lead to substantial penalties and harm your business’s reputation. The revised guidelines, effective from June 2023, empower the FTC to impose fines of up to $100,000 for each violation. Furthermore, your business may face lawsuits filed by affected customers and employees, potentially causing additional financial losses and damage to your reputation.
With over 120,000 users, PlanetVerify is used by companies all around the world to collect, manage, and share sensitive files and information in a GDPR Compliant manner.
Collection, storage, verification and compliance with the FTC Safeguards Rule and all other data protection rules and regulations is made easiest with the privacy by design approach adopted by PlanetVerify. Creating an infrastructure to collect, manage and monitor your client or customers personal data in real time has never been so integral to the core functionality of companies as it is today.
Using services like PlanetVerify to achieve these goals will position you as a safe, fortified and trustworthy company and do away with later stresses of dealing with any unwanted data protection breaches, or Subject Access Request (SAR) your company might be unprepared for.
A better experience for your clients, fewer headaches for your team. You’ll be set up in minutes.