Samuel P. Jacobs
Managing Director
Cyber and Data Resilience
Washington DC
FTC Safeguards Rule Compliance Services
The Federal Trade Commission (FTC) Safeguards Rule requires non-banking financial institutions to develop, implement and maintain an information security program with safeguards designed to protect customer information, all by June 9, 2023. Kroll’s Cyber Risk team has the service capabilities to help your organization tackle the FTC Safeguards Rule line-by-line.
Talk to an ExpertWhat is the FTC Safeguards Rule Update?
While the FTC Safeguards Rule isn’t new (It was originally released in 2003.), it did receive substantial updates in 2021. These updates were designed to help covered organizations keep up with the rapid evolution of modern technology. The original deadline for FTC Safeguards Rule compliance was December 9, 2022. However, the final deadline was extended by six months in the latest FTC Safeguards Rule update, and as of now, the deadline for FTC Safeguards Rule compliance is June 9, 2023.
What Does the New FTC Safeguards Rule Require?
According to the FTC’s Safeguards Rule Information Page:
“The Safeguards Rule applies to financial institutions subject to the FTC’s jurisdiction and that aren’t subject to the enforcement authority of another regulator under section 505 of the Gramm-Leach-Bliley Act, 15 U.S.C. § 6805. According to Section 314.1(b), an entity is a “financial institution” if it’s engaged in an activity that is “financial in nature” or is “incidental to such financial activities as described in section 4(k) of the Bank Holding Company Act of 1956, 12 U.S.C § 1843(k).”
How do you know if your business is a financial institution subject to the Safeguards Rule? First, consider that the Rule defines “financial institution” in a way that’s broader than how people may use that phrase in conversation. Furthermore, what matters are the types of activities your business undertakes, not how you or others categorize your company.”
Simply put, if you are an organization that handles customer financial data, but aren’t a bank, you are probably covered by the FTC Safeguards Rule and must show compliance to avoid business disruption and fines.
Meet FTC Safeguards Rule Compliance Requirements and Increase Cyber Resilience with a Cyber Risk Retainer
Kroll delivers more than a typical incident response retainer—secure a true cyber risk retainer with elite digital forensics and incident response capabilities and maximum flexibility for proactive and notification services.
Kroll retainers not only include mandatory compliance services like risk assessments and penetration testing, but also meets practical security needs like cloud security, tabletop exercises, and in the event of an incident, prioritized support.
How Can Kroll Help?
Kroll has built the foundation and experience needed to handle any size of engagement, including for the world’s top companies in industries from media and entertainment to critical infrastructure.
We’ve developed a seasoned in-house team dedicated to providing you with the structure and management background needed to scale and adapt your FTC Safeguards Rule compliance program based on your business drivers.
Kroll also boasts a unique advantage: the insights provided by our world-class incident response practice, which feed our certified cyber experts the information they need to test against the exploits attackers are executing today.
Kroll understands that every organization has its own unique needs. This is why Kroll offers three different FTC Safeguards bundles, achieving the “right sized” offering for every organization that needs to satisfy the requirements.
Kroll’s “Right Sized” FTC Safeguards Rule Compliance Bundles
Kroll’s FTC Safeguards Rule bundles are built to take the pain and confusion out of this new set of requirements. By offering three different levels of engagement, Kroll enables covered organizations to achieve compliance with a package that fits their needs.
If your organization handles customer financial information, then you are likely to be covered under the FTC Safeguards Rule. Thanks to Kroll’s extensive background in compliance and financial engagements along with our deep expertise in cybersecurity and IT compliance frameworks, we have the scalable solution for your organization.
The Support Bundle |
The Guide Bundle |
The Manage Bundle |
|
For organizations that choose to achieve compliance with FTC Safeguards requirements in-house but require some support. Includes:
|
For organizations that require additional guidance and services to comply with FTC Safeguards requirements. Includes:
|
For organizations that require substantial guidance and managed services to comply with FTC Safeguards requirements. Includes Guide Bundle Services and:
|
What Our Team Brings to the Table
100,000+ Hours of Security Testing and Assessment Work Every Year
Kroll has extensive experience with industry and compliance standards such as NIST, GDPR, CCPA, CMMC, and many others.
100+ Security Certifications across Privacy, Offensive Security, Cloud and Hybrid Systems
Our team brings the depth and breadth of expertise needed to tackle complex challenges across a variety of financial services' needs.
3,000+ Incident Response Cases Handled Worldwide Every Year
Kroll's DNA as incident response leader expands our assessments beyond compliance mandates but on actionable remediation based on frontline threat intelligence.
FTC Safeguards Rule Compliance
Talk to a Kroll Expert
Kroll is ready to help, 24x7. Use the links on this page to explore our services further or speak to a Kroll expert today via our 24x7 cyber hotlines or our contact page.
Connect With Us
Cyber and Data Resilience
Incident response, digital forensics, breach notification, security strategy, managed security services, discovery solutions, security transformation.
Threat Exposure and Validation
Proactively identify your highest-risk exposures and address key gaps in your security posture. As the No. 1 Incident Response provider, Kroll leverages frontline intelligence from 3000+ IR cases a year with adversary intel from deep and dark web sources to discover unknown exposures and validate defenses.
Penetration Testing Services
Validate your cyber defenses against real-world threats. Kroll’s world-class penetration testing services bring together front-line threat intelligence, thousands of hours of cyber security assessments completed each year and a team of certified cyber experts — the foundation for our sophisticated and scalable approach.
Cloud Security Services
Kroll’s multi-layered approach to cloud security consulting services merges our industry-leading team of AWS and Azure-certified architects, cloud security experts and unrivalled incident expertise.
Cyber Risk Retainer
Kroll delivers more than a typical incident response retainer—secure a true cyber risk retainer with elite digital forensics and incident response capabilities and maximum flexibility for proactive and notification services.
Red Team Security Services
Red team security services from Kroll go beyond traditional penetration testing, leveraging our frontline threat intelligence and the adversarial mindset used by threat actors to push the limits of your information security controls.
Incident Response Tabletop Exercises
Kroll’s field-proven incident response tabletop exercise scenarios are customized to test all aspects of your response plan and mature your program.
Cyber Risk Assessments
Kroll's cyber risk assessments deliver actionable recommendations to improve security, using industry best practices & the best technology available.
Cyber Governance and Strategy
Manage cyber risk and information security governance issues with Kroll’s defensible cyber security strategy framework.
Middle-Market M&A Could Defy Gloomy Predictions Despite Recent Volatility
M&A Updates
Middle-Market M&A Could Defy Gloomy Predictions Despite Recent Volatility
May 16, 2025
by Josh Benn
Compliance Risk
Enhanced Third Party Due Diligence: Risk & Compliance Magazine Roundtable
May 15, 2025
by Kevin Braine, Tom Hollobone, Mariellen Davies-DeMarco, Michael Watt
Fraud and Investigations
Influencer Marketing: The Hidden Dangers
May 13, 2025
by Benedict Hamilton, James Barker
Threat Intelligence
PDFast But Luckily Not So Furious
May 12, 2025
by Ryan Hicks, Otavio Passoss
Kroll to Exhibit at Airmic Annual Conference 2025 
Valuation Outlook
Kroll to Exhibit at Airmic Annual Conference 2025
June 9 - 11, 2025|In Person
Kroll is pleased to announce that it will be exhibiting at the Airmic Annual Conference 2025.
Threat Intelligence
Kroll at Gartner Security & Risk Management Summit 2025
June 9 - 11, 2025|Conference
Join Kroll experts at Gartner Security & Risk Management Summit in National Harbor from June 9-11, 2025. Stop by Booth #1036 to meet our team.
Threat Intelligence
Kroll at Infosecurity Europe 2025
June 3 - 5, 2025|Conference
Join our Cyber and Data Resilience experts at Infosecurity Europe in London, June 3–5. Stop by stand D45 to meet our team.
Cyber
Webinar: Q1 2025 Cyber Threat Landscape Briefing – Lens On Crypto
May 28, 2025|Online
This quarter’s threat landscape report combines Kroll’s deep insight into cryptocurrency with our frontline incident response intel from elite analysts.
Kroll is headquartered in New York with offices around the world.
One World Trade Center
285 Fulton Street, 31st Floor
New York NY 10007
Sign up to receive periodic news, reports, and invitations from Kroll.
Our privacy policy describes how your data will be processed.
© 2025 Kroll, LLC. All rights reserved.
Kroll is not affiliated with Kroll Bond Rating Agency,
Kroll OnTrack Inc. or their affiliated businesses. Read more.