Digital Asset Technologies Can Help Subprime Auto Lenders Comply With Gramm-Leach-Bliley Act Updates

Lenders have until January 2023 to enact new risk assessments and procedures

The updates to the Gramm-Leach-Bliley Act data privacy rules that took effect at the beginning of 2022 will require subprime auto lenders to revise contracts with automotive and dealer partners that includes language that maintains necessary protection of consumer information.

Effective January 10, 2022, The Federal Trade Commission’s (FTC) revised rules will add certain new requirements along with a strict focus on documentation reporting processes that specifically address how financial institutions store and protect consumer information. For their part, subprime lenders will need to conduct ongoing risk assessments and also put in place certain procedures that alleviate security and privacy risks to consumers within one year of implementation.

The FTC originally adopted the Safeguards Rule in 2003 to encourage financial institutions under their jurisdiction to develop a written information security plan tailored to the institution’s size, operations, complexity, and information sensitivity. The FTC’s recent amendments are the first changes to the Safeguards Rule in almost 20 years, and will require auto finance providers to reinforce and further protect their data security practices and infrastructure to meet enhanced scrutiny.

Everything from ongoing fraud threats, cybersecurity and consumer sensitivity over the use of individual data have resulted in more stringent oversight of automotive finance providers and their service partners.

Auto finance providers currently have until January 10, 2023, to review their operations and ensure compliance with the amended Safeguards Rule.

With the help of trusted compliance partners, subprime auto finance providers have until next January to prep and develop an actionable plan for compliance. The FTC’s new Safeguards Rule outlines precise criteria for protecting consumer financial information. For example, the amended rule addresses encryption requirements for customer information in transit over external networks and at rest on your servers or cloud infrastructure. While data encryption can be operationally challenging and costly, the FTC noted that encryption for data at rest is “now cheaper, more flexible, and easier than before.” The good news is that auto lenders are not required to encrypt data transmitted internally.

In today’s auto finance industry, protecting customer data and digital loan documents must go beyond simple confidentiality, and sophisticated digital technology must be leveraged to ensure compliance with the GLBA Safeguards Rule while delivering digital asset certainty with their lending transactions.

These advanced solutions offer guarantees at the highest level of enforceability. This provides auto finance providers assurance that their digital loan documents containing customer information are encrypted, compliant, and meet all legal requirements and industry best practices.

Digital asset certainty creates an immutable, authoritative “Digital Original” that ensures data integrity and provides a tamper-proof chain of custody, making everything that has happened to the digital asset known. Digital asset certainty also enables digital loans to be legally enforceable under the Uniform Electronic Transactions Act (UETA), the Electronic Signatures in Global and National Commerce Act (ESIGN), and the Uniform Commercial Code Section 9-105, including all Safe Harbor provisions.

In addition to the protection of consumer information, auto finance providers must also rely on trusted tech partners to help maintain regulatory compliance checks. Compliance with the new rules will likely be enforced resulting from consumer inquiries or public data breaches.

Responding to a specific or series of inquiries, the FTC would begin an investigation of a company. If the FTC gets a series of consumer complaints about the security of a particular auto finance provider, an investigation may ensue. Leveraging the right technology can help a particular auto lender against compliance investigations.

In an already highly regulated space, auto finance providers must remain agile and responsive to evolving standards for data protection and privacy practices.

The right technology partner can help manage long-term FTC compliance while future-proofing customer data and digitized assets from unforeseen threats.

Jenn Reid is Head of Sales, Digital Lending – Motor Vehicle for Wolters Kluwer, a global provider of professional information, software solutions and services for the automotive and auto lending industries. For more information please visit