{"id":561,"date":"2016-09-02T21:51:59","date_gmt":"2016-09-03T01:51:59","guid":{"rendered":"http:\/\/turinasbird.com\/?p=561"},"modified":"2016-09-03T00:36:14","modified_gmt":"2016-09-03T04:36:14","slug":"561","status":"publish","type":"post","link":"https:\/\/turinasbird.com\/2016\/09\/02\/finance\/561","title":{"rendered":"FTC GLBA Review: A Foreshadowing of Greater Oversight for FinTech Companies?"},"content":{"rendered":"
\n\t<\/a>\n\t<\/a>\n\t<\/a>\n\t<\/a>\n\t<\/a>\n<\/div>

\"FTC<\/a>Last week, the Federal Trade Commission (the \u201cFTC\u201d) announced plans to review the Safeguards Rule of the Gramm-Leach-Bliley Act (\u201cGLBA\u201d). The Safeguards Rule requires financial institutions to develop, implement, and maintain a comprehensive, written information security program which contains administrative, technical, and physical safeguards to protect the security, confidentiality, and integrity of customer information. The areas in which the FTC seeks comment suggest that the FTC is evaluating a broader definition of financial institutions and security requirements, issues that could have important implications for FinTech companies.<\/p>\n

Safeguards Rule Currently Not Prescriptive<\/b><\/p>\n

As it stands, the Safeguards Rule is not terribly specific and may not capture all companies working with consumer financial data. In terms of requirements, it instructs financial institutions to identify reasonably foreseeable internal and external data security risks and to design and implement information safeguards to control those risks. In connection with those requirements, there is an expectation that there will be ongoing monitoring and assessment of security procedures and appropriate adjustments as needed.<\/p>\n

Safeguards Rule Does Not Currently Reach All Companies Working in the Financial Sector<\/b><\/p>\n

Another issue that seems to concern the FTC is that GLBA does not reach all companies tinkering in the financial space. It applies only to \u201cfinancial institutions\u201d (as defined in the Bank Holding Company Act of 1956 (12 U.S.C. \u00a7 1843(k)) which are significantly engaged in financial activities. Those companies engaging in activities that are considered to be \u201cincidental\u201d or \u201ccomplementary\u201d to financial activities are not subject to GLBA. In addition, activities that were determined to be financial in nature after the enactment of GLBA may also be excluded from the Safeguards Rule.<\/p>\n

FTC Seeks Comments re Issues of Concern<\/b><\/p>\n

In addition to more general questions of the relative cost and benefits of the Safeguards Rule to consumers and companies alike, the specific issues raised for comment show a focus on more explicit security and response requirements as well as broadening the reach of GLBA. In particular, the FTC is seeking comment on the following questions:<\/p>\n