How The FTC Safeguards Rule Affects Collections Agencies

How The FTC Safeguards Rule Affects Collections Agencies

The purpose of the Federal Trade Commission is to set standards for safeguarding customer information. The FTC’s Safeguards Rule originally took effect in 2003 but was revised in 2021 to ensure that the policy keeps in check with modern technology.

The amended rule offers in-depth guidance for a specific class of financial institutions, like mortgage companies, creditors, mortgage brokers, and debt collectors, and reflects core data security protocols that all organizations under the FTC’s jurisdiction must implement. 

The FTC had imposed an initial deadline of December 9th, 2022, but has now revised it to take effect June 9th, 2023. There is a $45,000 penalty for violating the new regulations. Financial institutions like banks and federal credit unions, however, are not impacted by the Safeguards Rule.

At TEC Services Group, we understand the revision may be shocking news for non-banking financial institutions that are first-time subject to the FTC Safeguards Rule. So, what does this mean for collections agencies and their IT infrastructure? 

What the FTC Safeguards Rule requires organizations to do.

The regulator of the rule outlines three standards for every IT program of applicable financial institutions, including collection agencies, to: ensure the security and confidentiality of customer data, protect customer data against hazards and threats, and prevent unauthorized access to their information.

The Safeguards Rule also outlines nine requirements for compliance. In order for an organization to be compliant, it must:

  • Assign a qualified individual to implement and supervise an organization’s IT security program.
  • Conduct a risk assessment to identify any vulnerabilities that may compromise security and/or confidentiality of customer data.
  • Design and implement solutions to mitigate any risks identified through a risk assessment, including data encryption, multi-factor authentication, secure data disposal, and access control.
  • Routinely monitor and test the strength of your security protocols.
  • Train staff to cut out all human vulnerabilities in your security programs.
  • Monitor service providers to ensure they meet company security standards.
  • Keep your information security program updated.
  • Create a documented incident response plan.
  • An organization’s qualified individual report to its board of directors.

How the FTC Safeguards Rule affects collections agencies.

The core of the rule’s impact is this: specific financial institutions, such as collection agencies, must adhere to new standards of cybersecurity solutions. The new IT amendments have multiple new requirements, namely policies, updated reports and documentation, and in-depth technical and training requirements.

Collections agencies under the FTC should get into compliance as fast as possible before the deadline approaches. While the updated FTC Safeguards Rule demands a lot from your organization for compliance, it’s for the benefit of your organization and your customers. 

Amidst an ever-growing spike in security threats, everybody must do their part in managing risks. Does your organization need help meeting compliance standards? TEC Services Group is here to assist you. Click here to begin. 


Sedric is an innovative technology that is being deployed at the highest levels of our industry. When combined with leading omnichannel systems, Sedric can deliver real-time compliance management, voice analytics, and reporting on all forms of communication to guarantee your agency is doing everything possible to deliver amazing customer experiences.


Intelligent Contacts is one of the leading omnichannel solutions in the market today. By combining customer payment opportunities in line with your dialer and telephony platforms, they are changing the game when it comes to effective and efficient consumer engagement.


As a premier solution for enterprise organizations, C&R’s Debt Manager platform is designed to provide the most flexible and compliant solution on the market. Debt Manager is used by the world’s largest banks and governments, along with some of the ARM industry’s largest collection companies.


Latitude by Genesys is one of the leading technologies for mid-market and enterprise companies. With a long history in both first-party agency management and third-party collections, Latitude’s functionality is built for the end user. Administrative tasks become easy while remaining flexible for your changing business operations.

"*" indicates required fields

Contact Information



When are you typically available?


Currently in debt collections (or related) industry?
Collection System(s) that you've worked with and how long?
How long ago
Other Technical Skills
This field is for validation purposes and should be left unchanged.