2023 IT Examiner School

Regulatory Authority Examples: Non-Depository Institutions

Regulators / Licensure CFPB, FTC, States

Laws, Regulations, or Guidance Related to IT, InfoSec, Privacy, etc.

Type of Entity

Mortgage Originators and Servicers

16 CFR 314; 501 and 505(b)(2) of GLBA; State Laws and Regulations (e.g., Part 500 and CCPA).

Money Service Businesses / Money Transmitters

FTC, States

Consumer Finance

CFPB, FTC, States

Regulations & Guidance – Non-Depository

16 CFR Part 314 of the FTC Rules and Regulations – “Standards for Safeguarding Customer Information”

• The “Safeguards Rule”, which took effect in 2003, is designed to ensure that covered entities maintain safeguards to protect the security of customer information • It applies to financial institutions subject to FTC jurisdiction and that aren’t subject to enforcement authority of another regulator under Section 505 of the Gramm-Leach-Bliley Act, 15 U.S.C. § 6805. • In December 2021, the FTC amended the Safeguards Rule to keep pace with current technology.

Source: https://www.ftc.gov/business-guidance/resources/ftc-safeguards-rule-what-your-business-needs-know