Greenville SC Tax Preparers Must do THIS before December 9, 2022

Executive Summary: Do you prepare tax returns as part of your accounting, bookkeeping, payroll, or tax preparation service business? If so, the U.S. Federal Trade Commission recognizes you as a “Financial Institution,” regardless of the size of your business. The FTC Safeguards Rule went into effect in January 2022, except for Part 314.4, Information Security. Christmas comes early for the tax preparation services Greenville SC individuals, businesses, and nonprofits depend on.

To avoid potential fines and other penalties, you should choose Triad Network Security as your “Qualified Individual.” We will develop, deploy, maintain, and enforce an FTC-compliant comprehensive Information Security program for your business.

Greenville SC Tax Preparers Must do THIS before December 9, 2022

Every CPA Greenville businesses and individuals use for tax preparation is a Financial Institution, according to the Federal Trade Commission. The bookkeeping services Greenville SC residents and organizations use for tax preparation are also “Financial Institutions” under the law.

I’m a one-person tax preparation service, do I have to implement FTC Part 314.4 before December 9, 2022?

The FTC Safeguards Rule applies to all businesses and organizations that match the Federal Trade Commission’s definition of “Financial Institution.”

NOTE: The FTC Safeguards Rule, including Part 314.4, apply to businesses of every size. Even if you work alone in your business, the law still requires you to maintain an Information Security program that complies with Part 314.

What is a Financial Institution, according to the FTC?

Financial institution means any institution the business of which is engaging in an activity that is financial in nature or incidental to such financial activities as described in section 4(k) of the Bank Holding Company Act of 1956, 12 U.S.C. 1843(k). An institution that is significantly engaged in financial activities, or significantly engaged in activities incidental to such financial activities, is a financial institution. – 16 CFR Part 314.2 (h)(1)

The scope of the Safeguards Rule applies to entities which the Federal Trade Commission regards as “Financial Institutions.”

More specifically, those entities include, but are not limited to, mortgage lenders, “pay day” lenders, finance companies, mortgage brokers, account servicers, check cashers, wire transferors, travel agencies operated in connection with financial services, collection agencies, credit counselors and other financial advisors, tax preparation firms, non-federally insured credit unions, investment advisors that are not required to register with the Securities and Exchange Commission, and entities acting as finders. – 16 CFR Part 314.1(b)

What are some examples of a Financial Institution in Greenville SC?

Examples of Greenville SC financial institutions apply to businesses across the country. Here are some examples as provided by the Federal Trade Commission Part 314.2 (h)(2):

  • A retailer that extends credit.
  • Automobile dealers that lease vehicles for longer than 90 days.
  • Personal property and real estate appraisers.
  • Certain career counselors.
  • A business that prints and sells checks as its primary business or as a product line.
  • A business that wires money to and from consumers. Think Western Union, MoneyGram, etc.
  • Check cashing businesses.
  • CPA Greenville, bookkeeping services Greenville SC, accountants Greenville SC, accounting firms in South Carolina which prepare tax returns as part of their business.
  • Certain travel agencies.
  • Real estate settlement services.
  • Mortgage brokers.
  • Investment advisors.
  • Credit counseling services.
  • Finders who bring together buyers and sellers.

Greenville SC Tax Preparers Must do THIS before December 9, 2022

Part 314 applies to me as a Greenville SC tax preparer. Now what?

Now that we’ve established that the Federal Trade Commission’s Safeguards Rule applies to you as a tax preparer, you need to know what your obligations are under this law.

Let’s talk about the purpose and scope of FTC Part 314:

What is the scope of FTC Part 314?

According to Part 314.1 (b):

This part applies to the handling of customer information by all nancial institutions over
which the Federal Trade Commission (“FTC” or “Commission”) has jurisdiction. Namely, this part applies to those “financial institutions” over which the Commission has rulemaking authority pursuant to section 501(b) of the Gramm-Leach-Bliley Act.

What is the purpose of FTC Part 314?

According to 16 CFR Part 314.1, the purpose of Part 314 is as follows:

This part, which implements sections 501 and 505(b)(2) of the Gramm-Leach-Bliley Act, sets forth standards for developing, implementing, and maintaining reasonable administrative, technical, and physical safeguards to protect the security, confidentiality, and integrity of customer information.

As a Greenville SC CPA, bookkeeping service, tax preparation service, along with most accounting firms Greenville SC hosts, you are a Financial Institution if you prepare tax returns as part of your client services.

As a financial institution, regardless of your business’s size, you must protect the customer information that you obtain, process, transact, and store.

Your leading compliance service provider MSP in Greenville SC, Triad Network Security, can help your business comply with FTC Safeguards Rule Part 314.

When does the FTC Safeguards Rule go into effect?

Most or FTC Part 314 went into effect in January 2022. The FTC is enforcing all included provisions except for Part 314.4 which the FTC will begin enforcing on December 9, 2022. In other words, Christmas comes early for CPA Greenville businesses, in the form of new Information Security requirements, and civil penalties for compliance failures.

What does FTC Safeguards Rule Part 314.5 Say?

FTC Safeguards Rule, Part 314.5 states that:

Section 314.4(a), (b)(1), (c)(1) through (8), (d)(2), (e), (f)(3), (h), and (i) are effective as of December 9, 2022. [86 FR 70308, Dec. 9, 2021]

In other words, for Greenville SC tax preparers, you must comply with Part 314.4 prior to December 9, 2022 to avoid fines and other penalties.

What exceptions exist for the FTC Safeguards Rule, Part 314.4?

According to the FTC Safeguards Rule, Part 314.6, some requirements do not apply to businesses and organizations that control fewer than 5,000 customer records.

Section 314.4(b)(1), (d)(2), (h), and (i) do not apply to financial institutions that maintain customer information concerning fewer than five thousand consumers. [86 FR 70308, Dec. 9, 2021]

Many very small businesses have more than 5,000 customer records. If your Greenville SC tax preparation business does not have that many customer records, the majority of Part 314.4 still applies to you.

What does FTC Safeguards Rule Part 314.4 require me to do?

Part 314.4 requires any business that prepares tax returns as part of its services to “develop, implement, and maintain an Information Security Program" that meets the requirements of Part 314.4.

How does the FTC define an acceptable Information Security Program?

  • An acceptable Information Security Program must include:A designated qualified individual who oversees and implements your Information Security program. The designated entity must also enforce your Information Security Program and is responsible for compliance with FTC requirements.
    Most CPA Greenville businesses do not have a qualified individual on their staff.Thanks to Part 314.4 (a), you can retain the services of Triad Network Security to fill the role of your “designated qualified individual.” Contact us to learn more about our compliance services.
  • Perform a qualifying risk assessment to form the foundation of your Information Security program:“Base your information security program on a risk assessment that identifies reasonably foreseeable internal and external risks to the security, confidentiality, and integrity of customer information that could result in the unauthorized disclosure, misuse, alteration, destruction, or other compromise of such information, and assesses the sufficiency of any safeguards in place to control these risks.” Part 314.4 (b)
    NOTE: Bookkeeping services that prepare tax returns and hold more than 5,000 customer records must have a written risk assessment.
  • “Implement policies and procedures to ensure that personnel are able to enact your information security program…” Part 314.4 (c).
  • Oversee your business’s service providers (aka, supply chain) to ensure that all your business partners are following Information Security protocols that comply with FTC Part 314.4 requirements.
  • Test, monitor, and adjust your Information Security program to meet emerging threats and evolving requirements of your business model.
  • Create a written and tested incident response plan (applies to businesses with more than 5,000 customer records).
  • Require a written assessment of your Information Security program written by your “Qualified Individual,” who could be the leading Greenville SC MSP, Triad Network Security, if you choose to get us, the leading Greenville SC MSP and compliance services provider on your side.Routinely test and verify the effectiveness of your risk-mitigation controls. Triad Network Security can do this for you.
  • Implement controls and safeguards to mitigate the risks identified by Triad Network Security’s risk assessment performed for your organization.

Go Further with Triad Network Security in Greenville SC

Triad Network Security, LLC has the in-house expertise, time, and technology needed to help your Greenville SC tax preparation comply with the requirements of the FTC Safeguards Rule, Part 314.4.Contact us now to get your best chance for complying with Part 314.4 before the enforcement date of December 9, 2022.

If you are among the following types of businesses that fill out tax returns as part of your line of work, contact Triad Network Security right away. Email us at

Triad Network Security, LLC