GRAMM-LEACH-BLILEY GETS A SYSTEMS UPGRADE: WHAT THE FTC’S PROPOSED SAFEGUARDS RULE CHANGES MEAN FOR SMALL AND MEDIUM AMERICAN FINANCIAL INSTITUTIONS

Abstract

This paper provides an overview of impending regulatory changes to the long-standing “Safeguards Rule.” The Safeguards Rule, adopted by the U. S Federal Trade Commission (FTC) following the passage of the Gramm-Leach-Bliley Act in 1999, established the very bedrock of business cybersecurity conditions that helped fuel development of the American information economy for two decades. While the Safeguards Rule fostered the emergence of the digital economy, it has begun to show its age. In response to a seemingly endless series of cybersecurity incidents, the FTC has proposed a series of the most sweeping reforms to the American cybersecurity regulatory regime in history. The paper identifies and describes the most impactful of the proposals and examines potential compliance challenges, including significantly increased compliance costs, notably burdensome for small and medium financial firms across the United States.