NMLS Laws and Regulations Practice Test

The Safeguards Rule centers on protecting customer information with a formal, written information security program. It requires financial institutions to design, implement, and maintain safeguards that are appropriate to the institution’s size, complexity, and the type of information it handles, aiming to prevent unauthorized access, theft, or disclosure of customer data. The program covers administrative, technical, and physical safeguards, and should include a risk assessment, access controls, employee training, vendor management, encryption or other protections for data in transit and at rest, incident response planning, and regular testing and updates. This emphasis on a comprehensive, ongoing security program explains why it’s the option stating that all companies must design, implement, and maintain safeguards to protect customers’ information from theft. The other choices describe services or disclosures not mandated by the Safeguards Rule.