U.S. regulators recently postponed for six months the bulk of new cybersecurity mandates for mortgage brokers, car dealers and payday lenders that were set to come into effect in early December.
The Federal Trade Commission said it was heeding concerns that there aren’t enough qualified personnel in the private sector to implement the new requirements, giving the nonbanking financial institutions that come under its purview until June 9 to comply.
The mandates stem from an October 2021 update of a regulation known as the Safeguards Rule. The update was the first since the rule took affect following President Bill Clinton’s approval of the Gramm-Leach-Bliley Act of 1999.
Agency commissioners approved along partisan lines – three Democrats in favor, two Republicans against – to strengthen the rule by imposing obligations such as the encryption of sensitive information, development of an incident response plan and multifactor authentication as a prerequisite for accessing customer information. The updated rule also tells the collection agencies, tax preparation firms and other companies under FTC jurisdiction to prepare a written information security program and update it annually to make sure it stays in line with periodic risk assessments. All of these elements come under the six-month delay the current four sitting commissioners – three Democrats and one Republican – approved.
A clutch of industry lobbyists including the National Automobile Dealers Association and ACA International, which represents debt collectors, asked the agency in July for a 12-month delay. “With every organization (not just financial institutions) vying for the same scarce talent, it is extremely difficult to fill open requisitions for positions that are crucial to an effective information security program,” the associations wrote.
See the full report from BankInfoSecurity.com by clicking here.
