FTC Compliance

FTC Compliance Regulation Deadline is Fast Approaching

Auto dealerships, income tax preparers, mortgage brokers, etc. need to meet FTC Safeguards Rule for information security by June 9, 2023, to avoid fines and penalties.

CyberCompass FTC Compliance as a Service (CaaS) can get you through the complexity of compliance quickly and affordably at half the cost.

FTC Compliance based on updated Safeguards Rule

Reclassified non-banking financial institutions in regard to meeting information security

This reclassification includes:

  • income tax preparation firms
  • motor vehicle dealers
  • mortgage lenders
  • payday lenders
  • finance companies
  • mortgage brokers
  • account services
  • check cashers
  • wire transferors
  • collection agencies
  • credit counselors and other financial advisors
  • tax preparation firms
  • non-federally insured credit unions
  • investment advisors that aren’t required to register with the SEC

What you have to have to be compliant:

  • Perform Risk Assessment across your organization
  • Implement & Maintain Written Information Security Plan (WISP)
  • Designate qualified individual (i.e. vCISO)
  • Maintain written Policy and Procedures
  • Establish and test Incident Response Plan
  • Perform monitoring/penetration testing
  • Maintain data retention policy
  • Complete annual, formal reporting about your information security program and status

Deadline and Possible Penalties/Costs

All financial institutions must be compliant by June 9, 2023, with the Safeguards Rule. Possible legal ramifications of non-compliance to the FTC Safeguards Rule:

  • Fines and penalties – up to $46,000 per day per violation
  • Lawsuits
  • Regulatory scrutiny

CyberCompass vs. Do It Yourself

FTC Safeguard Requirements

FTC Safeguard Requirements

FTC Safeguard Requirements

Maintain a written information security plan (WISP)

Up to 80 hours


Designated qualified security officer

Up to 160 hours plus training, research, certification

Included (Your Commander (vCISO) meets with you once a month)

Perform a risk assessment

Up to 80 hours (using Excel spreadsheets)

(Assessment performed by your Commander with our cloud-based platform. You receive a prioritized risk assessment with a roadmap of identified issues– all tracked and recorded in one place)

Perform continuous monitoring or penetration testing

Outside services to perform, costing from $4,000 to $100,000

**Includes quarterly external penetration testing and network vulnerability scans**

Establish an incident response plan

Up to 20 hours


Maintain documentation and reporting :

– Policies and Procedures
– Change Management Process
– Data Retention
– Report to Board of Directors

Up to 200 hours plus 40 hours minimum for reporting

(Dashboards, tracking, and documentation are on-demand via your CyberCompass platform account)

Oversight of Information Security such as:

– Actively managing MSPs
– Implementation of Multi-Factor Authentication
– Inventory data and where it flows
– Manage data, personnel, devices, and facilities
– Use encryption at rest and in-transit

Up to 120 hours

Your Commander acts as an advisor to assist you and reviews your compliance requirements

Security Awareness Training for Employees

Up to 120 hours

(Phishing Training optional)

Estimated Cost

$50,000 to $250,000

CyberCompass FTC Compliance
starts at $2,499/ month

1/3 to 1/2 the total cost

cyber hygiene

Get your cyber hygiene checklists today!

Please tell us a little about yourself

Thank you for downloading our checklists

Download the case study

Learn more about how CyberCompass has helped companies just like you!

Thank you for downloading our case study

Download the case study

Learn more about how CyberCompass has helped companies just like you!

Thank you for downloading our case study

Share This