By Melody Cooke
Director of Client Success
The Federal Trade Commission’s (FTC) Federal Safeguards Rule, can seem very overwhelming. One of the most difficult parts of the Rule is accurately communicating the requirements and progress to the dealership’s governing body. In fact, it’s actually written into the rule that the board of directors or an equivalent governing body of the financial institution must receive an annual report on the status and effectiveness of the institution’s information security program and other material matters relating to Safeguards Rule Compliance 16 CFR §314.4(i).
The broad aspect of the law can oftentimes leave dealers confused: What do I actually need to include in the report? Where should I start? And now, not only does the qualified individual need to manage and implement an information security program, they also need to summarize and report on this information! The qualified individual must draft a report that will cover the dealership’s information security program, risk assessments, risk management and control decisions, service provider arrangements, the results of penetration tests and vulnerability scans, and any recommendations for changes in the information security program. Drafting this report by hand would require hours of data compilation that many dealership employees simply do not have time for.
For most new car dealers and other smaller financial institutions, it can feel very overwhelming. How can one person manage all of these requirements and continue on with their own responsibilities of running a dealership? Like most things, breaking it down into steps and understanding the nuances of this report goes a long way in getting it put together in a timely manner that hopefully won’t cause too much heartburn.
Existing ComplyAuto customers and use the Annual Board Report builder to save your qualified individuals and staff an enormous amount of time. The software automatically pulls data from across the platform to automate the process of generating a board report.
Remember, the revised FTC Safeguards Rule went into effect earlier this year and the first report is due by the end of the year!
Simply log into your ComplyAuto account, toggle over to the “policies and reports” section of the software, and select “Annual Board Report”. From here you will want to “create a new report” and generate a report for the last twelve (12) months with the proper locations selected. Now all that you need to do is review the report and select “Finish.”