Published on Mar 19th, 2023 |

SEC Proposes Amendments to Regulation S-P

SEC Releases

Brief Introduction

On March 15th, the SEC proposed new changes to Regulation S-P . Their goal is to enhance the protection of customer information.

Currently, Regulation S-P requires firms to disclose to customers how their financial information is used.

Who Does This Apply To?

Who Does This Apply To?

  • Broker Dealers
  • Investment Companies
  • Registered Investments Advisers (“RIAs”)
  • Transfer Agents

What Are The Proposed Changes?

What Are The Proposed Changes?

  • Firms would need to adopt written policies and procedures for an “incident response program” addressing unauthorized access or use of customer information.
    • Programs should reasonably be designed to detect, respond to, and recover from unauthorized access of customer information.
    • Programs should also be capable of assessing the nature and scope of any incidents.
    • Third Party Service Providers would also be covered under the new proposal.
  • Firms would need to create written policies and procedures to notify customers when their data was, or likely was, accessed or used without authorization.
    • The notification should occur as quickly as possible but cannot take longer than 30 days.
    • The Firm would not be required to notify customers after a potential breach if it is determined that no sensitive customer information could have been accessed.
  •  “Customer Information” is a newly defined term referring to a “a record containing nonpublic personal information”.
    • Information under either definition collected by the Firm or a Third Party would be covered under the new amendment.
  • Firms would be required to maintain written policies and procedures showing compliance with the safeguard/disposal rule.
  • The safeguard and disposal rule will apply to transfer agents registered with the SEC or another appropriate regulatory agency.

Vigilant's Conclusion

Vigilant’s Conclusion

Following publication in the Federal Register, the public will have 60 days to deliver their comments.

We encourage all interested parties to make their opinions heard. Firms should evaluate the strength of their compliance program, and estimate what additional resources may be required in order to comply with these potential proposals.

Vigilant offers end-to-end compliance support, providing your business with the resources necessary to adjust to a dynamic and increasingly aggressive regulatory climate. Please reach out to us with any questions.

Contact Us Today For Support