On May 15th, the SEC adopted amendments to Regulation S-P, affecting investment companies, RIAs, broker-dealers, and transfer agents. These changes mark a pivotal shift in the financial industry's approach to data security and privacy. Join us Tuesday, June 25th at 1:00pm ET for a live webinar where experts from Abacus Group and Orical LLC: Jonathan Bohrer, Christian Scott and Jim Leahy, will discuss how these updates affect you and what steps you need to take to comply with the SEC's new mandate. Register now: https://hubs.ly/Q02BBgnV0 Can't Make It? Register anyway and we'll send you a copy of the recording. #SEC #Regulation #FinancialServices #IncidentResponse #Compliance #Security #IT #MSP #MSSP #RIA #Investment
Abacus Group’s Post
More Relevant Posts
-
On May 16, the Securities and Exchange Commission (SEC) announced the adoption of amendments to Regulation S-P to modernize and enhance the rules governing the treatment of consumers’ nonpublic personal information by certain financial institutions. The amendments update the requirements for broker-dealers (including funding portals), investment companies, registered investment advisers, and transfer agents (collectively, “covered institutions”) to address new technology development and cybersecurity risks. The amendments will become effective 60 days after publication in the Federal Register. Larger entities will have 18 months after the date of publication in the Federal Register to comply with the amendments, and smaller entities will have 24 months after the date of publication in the Federal Register to comply. The amendments also require covered institutions to notify affected individuals whose sensitive customer information was or is reasonably likely to have been, accessed or used without authorization. The amendments require a covered institution to provide the notice as soon as practicable, but not later than 30 days, after becoming aware that unauthorized access to or use of customer information has occurred or is reasonably likely to have occurred, except under certain limited circumstances. A notice must include details about the incident, the breached data, and how affected individuals can respond to the breach to protect themselves. Read more - https://lnkd.in/gPcZCrU9 #SEC #CybersecurityRisks #InvestmentAdvisors #DataBreach
SEC Amends Regulation S-P to Address Information Security and Data Breach Response
thompsonhine.com
To view or add a comment, sign in
-
The US Securities and Exchange Commission (SEC) has adopted new rules requiring publicly listed firms to disclose serious incidents within four days. The regulator voted 3-2 to adopt the rules. The four-day period will start from the time a cyber-incident was determined to be “material.” Registrants will need to disclose on a new Item 1.05 of Form 8-K details on the incident’s nature, scope, timing and impact or “reasonably likely material impact,” the SEC said in a note yesterday. #cyberriskmanagement #cyberincidents #riskmanagement https://lnkd.in/ekWWJVuh
SEC Wants Cyber-Incident Disclosure Within Four Days
infosecurity-magazine.com
To view or add a comment, sign in
-
The fall RegFlex agenda has been published and includes the Safeguarding Rule, the Outsourcing Rule, the Form PF/CFTC Rule, ESG Rule for Investment Advisers, cybersecurity for Investment Advisers all slated for 1Q2024. Seems unlikely. #regflex #regulation #privatefunds https://lnkd.in/e4xnnR_G
Agency Rule List - Fall 2023
reginfo.gov
To view or add a comment, sign in
-
Business Sales Leader Identity - EMEA | Subject Matter Expert Identity Security | Manage & Control Identity Risk
The Securities and Exchange Commission (SEC) announced new rules requiring certain kinds of financial institutions to have well-defined plans for what to do when a data breach involving customer information occurs. The new amendments come right as companies are easing into new incident reporting regulations from the SEC that force public companies to notify the agency of “material” incidents. #IdentitySecurity #cybersecurity
Industry News: The new SEC rule requires financial firms to create data breach response plans.
my.sociabble.com
To view or add a comment, sign in
-
The Securities and Exchange Commission (SEC) announced new rules requiring certain kinds of financial institutions to have well-defined plans for what to do when a data breach involving customer information occurs. The new amendments come right as companies are easing into new incident reporting regulations from the SEC that force public companies to notify the agency of “material” incidents. #IdentitySecurity #cybersecurity
Industry News: The new SEC rule requires financial firms to create data breach response plans.
my.sociabble.com
To view or add a comment, sign in
-
The Securities and Exchange Commission (SEC) announced new rules requiring certain kinds of financial institutions to have well-defined plans for what to do when a data breach involving customer information occurs. The new amendments come right as companies are easing into new incident reporting regulations from the SEC that force public companies to notify the agency of “material” incidents. #IdentitySecurity #cybersecurity
Industry News: The new SEC rule requires financial firms to create data breach response plans.
my.sociabble.com
To view or add a comment, sign in
-
Ever heard of the SEC? They're basically the financial world's hall monitor, making sure everyone plays by the rules. Well, guess what? They just rolled out some new guidelines to help keep your customers' data safe. The SEC is cracking down on financial institutions (like banks and credit unions) to make sure they have a plan in place in case of a cyberattack. This plan, called an "incident response program," needs to outline what happens if a hacker stumbles onto your customers' info. Think of it like a fire drill, but for data breaches. The most important part? You (the financial institution) gotta tell your customers if their information gets exposed. This means sending out clear notices explaining what happened, what data was leaked, and how your customers can protect themselves. Transparency is key! So, what does this mean for you, the small business owner? Well, it's a good thing! The SEC is making it easier for everyone to stay informed about their financial data. And hey, strong cybersecurity is good for everyone's peace of mind, right? But here's the question... How can small businesses, without a massive IT department, step up their cybersecurity game? Let's chat in the comments! #cybersecurity #dataprivacy #financialinstitutions #smallbusiness https://hubs.ly/Q02y6H3W0
SEC Adds New Incident Response Rules for Financial Sector
darkreading.com
To view or add a comment, sign in
-
🔐 Taking control of your data. How secure is your personal information, and what are the practical steps you can take in order to safeguard your data? Let’s engage in sharing insights, and collectively addressing the challenges of preserving privacy in a data-centric world. Below are some links to resources you might want to check out. 🌐 Learn more about how to protect yourself online here. 👉 https://lnkd.in/gqhmfF-A #StayInformed #StayVigilant #DataPrivacyWeek #DigitalSecurity #Secure #Finance #CKMAdvisers #CKM #FinancialPlanning
To view or add a comment, sign in
-
(Cybersecurity Dive) The regulatory agency’s rule change comes less than a year after it required publicly traded companies to disclose material security incidents within four business days. Dive Brief: 🔹 The Securities and Exchange Commission will soon require certain financial institutions to notify individuals within 30 days of determining their personal information was compromised in a breach. 🔹 “Over the last 24 years, the nature, scale and impact of data breaches has transformed substantially,” SEC Chair Gary Gensler said Thursday in a statement. “The basic idea for covered firms is if you’ve got a breach, then you’ve got to notify. That’s good for investors.” 🔹 The adopted amendments to Regulation S-P, which apply to broker-dealers, funding portals, investment companies, registered investment advisers and transfer agents, also requires covered entities to develop and implement formal policies and procedures for incident response. #SEC #RegSP #Buckler #regulations #cybersecurity #cybersecurityregulations #cybersecuritypolicies #cybercompliance #BrokerDealers #Advisers #Advisors #RIA #RIAs #policies #policiesandprocedures #breaches #databreaches #FinancialServices https://lnkd.in/eE46a8K7
SEC requires financial firms to disclose data breaches within 30 days
cybersecuritydive.com
To view or add a comment, sign in
-
Technology and cybersecurity industry veteran helping companies successfully navigate the constantly changing technology landscape | Canadian Cybersecurity Network Advisor
I find this really interesting as not all breaches are created equal. There are breaches that result in ransomware, data loss, privacy loss and financial impact from things like Business Email Compromise (BEC). Then there are “breaches” that if detected quickly and remediated, have no impact to your business. Should both types of breaches be reported on the same way given a very different outcome? Thanks for sharing Ryan Patrick #cybersecurity #cyberbreach #detectionandresponse #cyberresilience #businessresilience #notallbreachesarecreatedequal
SEC says you must report a breach in four days. Bold. Aggressive. "The U.S. Securities and Exchange Commission has adopted new rules requiring publicly traded companies to disclose cyberattacks within four business days after determining they're material incidents...They require the disclosure of the following breach-related information (provided it is available at the time of filing Form 8-K): -The date of discovery and status of the incident (ongoing or resolved). -A concise description of the incident's nature and extent. -Any data that may have been compromised, altered, accessed, or used without authorization. -The impact of the incident on the company's operations. -Information about ongoing or completed remediation efforts by the company."
SEC now requires companies to disclose cyberattacks in 4 days
bleepingcomputer.com
To view or add a comment, sign in