16 CFR §314.6 — Exceptions (FTC GLBA Safeguards Rule)

glba-safeguards-16cfr-314-6

16 CFR §314.6 establishes a small-institution exception for the written-risk-assessment-contents, continuous-monitoring-or-pen-test, incident-response plan, and annual-board-reporting requirements where customer information is maintained on fewer than 5,000 consumers.

Get this register: .xlsx .csv More bundles →

Verbatim regulatory text (2)

Verbatim provisions from 16 CFR §314.6 — Exceptions (FTC GLBA Safeguards Rule) — each quote is a verified substring of the regulator-published source snapshot, not retyped. Quoted for reference; this is not legal advice. The operational layer (P&P updates, prompts) lives in the regulation update kits.

16 CFR §314.6 — Small-institution exception applicability determination

Section 314.4(b)(1) , (d)(2), (h), and (i) do not apply to financial institutions that maintain customer information concerning fewer than five thousand consumers.

Source: 16 CFR §314.6 · source URL · snapshot 606c7f5a2fe08fcd

16 CFR §314.6 — Non-excepted §314.4 elements remain required for small institutions

Section 314.4(b)(1) , (d)(2), (h), and (i) do not apply to financial institutions that maintain customer information concerning fewer than five thousand consumers.

Source: 16 CFR §314.6 · source URL · snapshot 606c7f5a2fe08fcd