SEC Adopts New Regulation S-P Rules

Written By John Quinn

The Securities and Exchange Commission (SEC) announced a set of rule amendments effective June 3, 2024, to update Regulation S-P and the so-called “safeguards rule” for safeguarding customer confidential information. These amendments are aimed at strengthening the security of customer information across several financial entities, including broker-dealers, investment companies, investment advisers, funding portals, and transfer agents (“covered entities”).  These covered entities will need to implement robust incident response programs and adopt stronger measures to safeguard sensitive customer data within the next 18-24 months following implementation.

Summary of the New Rule

The SEC's new rule amendments require the following key actions from financial entities:

  • Adoption of Incident Response Programs: All covered entities must create concrete written policies designed to respond to unauthorized access or use of customer information. The details of the specific procedures are up to the entities themselves, but all must include timely notification to affected individuals, a detailed report of the incident, and information to help them respond effectively.

  • Extended Safeguard Requirements: The amendments extend the requirements to safeguard customer records and information to include transfer agents, ensuring broader security measures across the industry.

  • Broader Scope of Covered Information: The SEC is expanding the scope of information that must be protected under the safeguarding requirements and proper disposal of consumer report information.

  • Documentation of Compliance: Entities must maintain written records that detail how they are compliant with the new SEC rules.

  • Annual Privacy Notice Delivery: The new SEC amendments align the delivery of annual privacy notices with the exceptions provided by the statutory amendment to the Gramm-Leach-Bliley Act (GLBA).

Impacts of the New Rule

The adoption of these new rule amendments by the SEC is expected to have several significant impacts:

  • Enhanced Data Security: The new amendments aim to significantly strengthen the security of customer information by requiring comprehensive incident response programs and extending safeguard requirements. These changes will likely reduce the risk of data breaches and unauthorized access.

  • Improved Customer Trust: Entities are now required to provide timely notification and detailed incident information to customers. This will help the entities affected by the amendments respond more effectively to potential threats, thereby increasing their trust in financial institutions.

  • Uniform Compliance Standards: By extending safeguard requirements to transfer agents and broadening the scope of covered information, the SEC can better ensure that all financial entities adhere to a consistent standard of data protection.

  • Regulatory Alignment: Aligning annual privacy notice delivery with GLBA exceptions simplifies compliance for financial entities and ensures that regulations are up-to-date with current statutory requirements.

For a more in-depth explanation of the amendment to Regulation S-P and its impact on compliance policies, procedures, and written information supervision plans, please see our website.

John Quinn
Previous

Reviewing The SEC Marketing Rule
Next

NASAA Approves Amendments For Two Model Rules