The U.S. Federal Trade Commission announced nonbanking financial institutions will be subject to required data breach and security notification rules. Under an FTC-approved amendment to the Safeguards Rule, finance-based businesses, including mortgage brokers, motor vehicle dealers and payday lenders, will be obligated to maintain a "comprehensive security program" and report incidents involving more than 500 individuals within 30 days of discovery.