Finance

New SEC Cybersecurity Rules: CCO Refresher for Broker Dealers, Investment Advisers and Transfer Agents

The Securities and Exchange Commission (SEC) voted to approve a new set of cybersecurity rules. Please see the below CCO Refresher.

Topics:
Cybersecurity
CCO
Privacy
New SEC Cybersecurity Rules: CCO Refresher for Broker Dealers, Investment Advisers and Transfer Agents

The Securities and Exchange Commission (SEC) voted to approve a new set of cybersecurity rules. Broker dealers, investment advisers, and transfer agents (Registrants) are now required to have robust measures in place to detect data breaches and notify clients when they may be affected by a data breach, otherwise defined within the new rule as a cybersecurity incident.

RegComp Financial highlights key information below for CCOs:

  • A "cybersecurity incident" is defined as "an unauthorized occurrence, or a series of related unauthorized occurrences, on or conducted through a registrant's information systems that jeopardizes the confidentiality, integrity, or availability of a registrant's information systems or any information residing therein." "Information systems" is broad and includes resources owned or used by the registrant.
  • A determination of materiality must be made "without unreasonable delay" on any cybersecurity incident.
  • The amendments change Regulation S-K. Registrants are now required to annually disclose in the firm's Form 10-K and 8-K the following information: (i) cybersecurity risk management and strategy, (ii) management's role in assessing and managing material risks from cybersecurity threats, and (iii) the board of directors' oversight of cybersecurity risks. Registrants must disclose material "cybersecurity incidents" and annually disclose information about registrants' cybersecurity risk management procedures and policies on these Forms.
  • These new rules are a set of amendments to the older Regulation S-P (Privacy).

Please note the increasing patchwork of privacy regulations and cybersecurity statutes, rules, and regulations both on federal and state level will likely result in further compliance costs to firms. Oversight is increasing and enforcement actions will follow suit.

RegComp Financial is a leading national compliance consulting firm with offices in Texas and Florida. To read more about RegComp Financial and its services related to cybersecurity compliance and Regulation S-P, please visit https://www.regcompfinancial.com.

Reference: SEC.gov | SEC Adopts Rules on Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure by Public Companies

Click to view reference document

Other Related Posts

CCO
September 30, 2024

Compliance Requirements: Exemption for Certain Investment Advisers Operating Through the Internet (Rule 203A-2(e)

As a reminder, amended rule 203A-2(e) will impose certain reporting, recordkeeping, and compliance requirements on investment advisers relying on the exemption.

Compliance Requirements: Exemption for Certain Investment Advisers Operating Through the Internet (Rule 203A-2(e)
Broker Dealer
September 30, 2024

FINRA Examinations: Noteworthy Exam Findings, Form CRS Guidance

FINRA's Examination team conducts exams every member firm at least every four years and as often as annually. See Form CRS exam findings.

FINRA Examinations: Noteworthy Exam Findings, Form CRS Guidance
Compliance
September 30, 2024

New SEC Cybersecurity Rules: CCO Refresher for Broker Dealers, Investment Advisers and Transfer Agents

The Securities and Exchange Commission (SEC) voted to approve a new set of cybersecurity rules. Please see the below CCO Refresher.

New SEC Cybersecurity Rules: CCO Refresher for Broker Dealers, Investment Advisers and Transfer Agents

Ready to get started?

Get in touch with us to know more
LINKS
Regulatory NewsPrivacyTerms and Conditions
CONTACT US
(713) 565-8733info@regcompfinancial.comJoin our mailing list
© 2023 RegComp Financial