Unknown Sponsor Bank

In January 2022, amendments to the Gramm-Leach-Bliley Act (GLBA) Safeguards Rule took effect, with key compliance provisions requiring implementation by December 2022. The rule was expanded to cover 'finders' operating in the fintech space, broadening the scope of entities subject to information security requirements. Financial institutions, including those operating BaaS models, were required to designate a qualified individual to oversee their information security programs. These changes reflected regulators' growing concern about data security in bank-fintech partnerships where customer data flows between multiple entities. The amendments imposed new obligations on banks and their fintech partners to maintain robust cybersecurity frameworks and oversight structures.

Verified from source: The FTC's final rule amending the GLBA Safeguards Rule became effective on January 10, 2022, with key provisions having a compliance deadline of December 9, 2022. The amendments expanded the definition of 'financial institution' to include 'finders' and required designation of a qualified individual to oversee information security programs.