ClearPath IT
Compliance · Security · Protection
Regulatory Compliance Guide

The laws that apply to your firm —
explained plainly

Financial professionals are held to strict data security standards. Here's exactly what each regulation requires — and what ClearPath does to keep you covered.

FTC Safeguards Rule

Gramm-Leach-Bliley Act

Max Penalty
$50,120 per violation per day
Applies to: CPAs, bookkeepers, tax preparers, credit counselors, collection agencies, payroll firms
Required Controls
Designate a Qualified Individual to oversee your info security program
Written risk assessment identifying threats to customer data
Access controls using least-privilege principles
Multi-Factor Authentication (MFA) on all customer data systems
Encrypt all data at rest and in transit (AES-256 minimum)
Secure data disposal procedures
Monitor and test security controls regularly
Document all third-party vendor compliance
FTC notification within 30 days of breach (500+ customers)
Maintain a written Information Security Program (WISP)

IRS Publication 4557

Safeguarding Taxpayer Data

Max Penalty
PTIN suspension & professional sanctions
Applies to: Tax preparers, CPAs, enrolled agents, anyone with a PTIN
Required Controls
Written Information Security Plan shared with all staff
Risk assessment with documented vulnerabilities
MFA on all tax software and client portals
Drive encryption on all devices with taxpayer data
Backup software with verified, tested restores
VPN for remote access to systems
Phishing-resistant email security (SPF/DKIM/DMARC)
Annual security awareness training for all staff

FCRA

Fair Credit Reporting Act

Max Penalty
$100–$1,000 per violation; class action liability
Applies to: Collection agencies, credit counselors, lenders, any furnisher of credit data
Required Controls
Accurate data reporting systems with dispute workflow
Audit trail of all data furnished to credit bureaus
Consumer dispute response tracking and documentation
Permissible purpose controls for credit report access
Data security sufficient to protect consumer credit information
Adverse action notice systems for credit decisions

FDCPA / CFPB Rules

Fair Debt Collection Practices Act

Max Penalty
Up to $1,000 per violation plus actual damages
Applies to: Debt collectors, collection agencies, third-party debt buyers
Required Controls
Timestamped logs of every contact attempt and conversation
Complete consent records for all communication channels
Documented opt-out requests and compliance confirmation
Copies of all written and electronic communications
Call recording and retention systems
Secure storage of all consumer account data

ClearPath handles all of this for you

Every plan includes the documentation, technical controls, and ongoing oversight to keep you compliant — without you needing to become an IT expert.

Book Free Assessment →View Pricing