Seimitsu Assists Financial Institutions in Preparing for June 9 FTC Compliance Deadline

Staff Report

Thursday, June 8th, 2023

Savannah area financial institutions are facing an imminent deadline to comply with a new Federal Trade Commission (FTC) Safeguards Rule. Seimitsu Corp., the Savannah-based business specializing in IT managed services and high-speed broadband fiber services, is standing by to assist applicable businesses with compliance requirements in advance of the June 9 deadline.
 
“The FTC has broadened the definition of a ‘financial institution’ to include businesses from auto dealers to real estate appraisers and more,” said Sam Cook, Seimitsu president and CEO. “The details of the new law require those businesses to have a designated security officer – internal or external – who is responsible to design, maintain and enforce information security.
 
“The new rules define financial institutions as any institution the business of which is engaging in an activity that is financial in nature or incidental to such financial activities as described in section 4(k) of the Bank Holding Company Act of 1956, 12 U.S.C. 1843(k)”, said retired Lt. Col. Scott Scheidt, chief security officer for Seimitsu. "An institution that is significantly engaged in financial activities, or significantly engaged in activities incidental to such financial activities, is a financial institution.”
 
Examples of newly defined financial institutions include mortgage lenders, mortgage brokers, motor vehicle dealers, payday lenders, finance companies, account servicers, check cashing companies, wire transferors, collection agencies, credit counselors and other financial advisors, tax preparation firms, non-federally insured credit unions, and investment advisors that aren’t required to register with the SEC.
 
In addition to requiring financial institutions to have a designated security officer, the law also stipulates those businesses must be able to identify security risks to customer information and maintain a written risk assessment plan to mitigate those risks. It also requires the implementation of safeguards as well as regular security training, testing, assessments, evaluation and reporting.
 
“If you aren’t sure if your business is covered by the new rule, we can help,” said Scheidt. “Seimitsu is positioned to provide consultation and support in understanding the FTC’s expectations and meeting its requirements. The new law is clear in its purpose to strengthen the data security safeguards that covered companies must put in place to protect customers’ personal information.”
 
According to Scheidt, cyber attacks occur every 39 seconds and can cause catastrophic loss of revenue and client trust for businesses big and small. Restoration of services and client confidence following a cyber attack can also be extensive and expensive.