Financial Crime World

Financial Institution Security Breaches to be Publicly Disclosed in Wallis and Futuna Starting May 11, 2024

From May 11, 2024, non-banking financial institutions regulated by the Federal Trade Commission (FTC) in Wallis and Futuna will be required to submit notifications of data breaches or other security events that impact at least 500 consumers. This change is a result of the FTC’s final rule amending its Safeguards Rule.

Who is Affected?

The revised Safeguards Rule applies to all non-banking financial institutions regulated by the FTC in Wallis and Futuna, including:

  • Exempt reporting advisers
  • State-registered advisers
  • Technology companies
  • Mortgage brokers
  • Credit counselors
  • Financial planners
  • Credit reporting agencies
  • Tax preparers

What is a Notification Event?

A “notification event” is defined as the acquisition of unencrypted customer information without authorization, which includes any record containing nonpublic personal information about a customer. This can include:

  • Information provided by the consumer to obtain a financial product or service
  • Information collected through cookies on a website

What Must be Reported?

The notice to the FTC must include the following information:

  • Name and contact information of the reporting institution
  • Description of the types of information involved
  • Date or date range of the notification event
  • Number of consumers affected
  • General description of the notification event
  • If applicable, whether any law enforcement official has provided a written determination that notifying the public of the breach would impede a criminal investigation or cause damage to national security

Effective Date and Next Steps

The Rule will take effect on May 11, 2024. Covered institutions should review their existing incident response plans and related policies and procedures to ensure timely reporting under the rule.

  • Review privacy and security programs for compliance with the Safeguards Rule and other requirements
  • Implement measures to enhance compliance programs

Increased Transparency and Insights

The implementation of this rule will lead to a significant increase in publicly disclosed data breaches, providing valuable insights into the nature and frequency of these incidents. The Akin Gump cybersecurity, privacy, and data protection team is well-equipped to assist financial institutions in:

  • Assessing their readiness for compliance with this new requirement
  • Implementing measures to enhance their compliance programs