The Safeguards Rule makes you responsible for the providers handling customer data. Coverbase helps you oversee them.
The FTC's Safeguards Rule requires non-bank financial institutions to vet, contract with, and monitor their service providers, and since May 2024, to notify the FTC within 30 days of a breach affecting 500 or more consumers. Coverbase runs the oversight side.
Who the Safeguards Rule applies to
The rule (16 CFR Part 314), enforced by the FTC under the Gramm-Leach-Bliley Act, applies to non-banking 'financial institutions' under FTC jurisdiction, such as mortgage lenders and brokers, finance companies, auto dealers, tax preparers, collection agencies, and certain advisers. Banks and credit unions are overseen by their own prudential regulators.
What the Safeguards Rule asks of you
Service provider oversight (§314.4(f))
Select providers that can safeguard customer information, require safeguards by contract, and periodically assess them based on risk.
A written information security program
Run a documented program overseen by a designated Qualified Individual.
Risk-based safeguards
Apply controls like access management, encryption, and MFA across customer information.
30-day breach notification
Notify the FTC as soon as possible, and no later than 30 days, after discovering a breach affecting 500 or more consumers.
Make service-provider oversight a standing process
The rule names three things: pick capable providers, contract for safeguards, and reassess by risk. Coverbase does all three on a schedule.
Provider assessments, automated
Vet and reassess service providers based on the risk they present.
Safeguard clauses tracked
Confirm provider contracts require the safeguards the rule expects.
Breach-ready records
Keep provider facts on hand for the 30-day FTC notification clock.
Program documentation
Give your Qualified Individual the evidence to oversee the program.
One platform for third-party risk and security
Speed with control
Automate intake, assessment, and monitoring with built-in guardrails that preserve policy integrity.
Explain with confidence
AI provides traceable reasoning for every recommendation, so you can defend every risk rating and finding.
Automate with assurance
Adapt controls and meet regulatory changes in minutes, not months, without breaking your program.
Building Trust, Together
Some of the world's most innovative and security conscious enterprises trust us to safeguard their data. We see security and privacy not as checkboxes, but as an ongoing promise to our customers. For questions about our security program or to report a vulnerability, please contact us at security@coverbase.ai