Description
Smaller financial institutions must comply with amendments to SEC Regulation S-P. Requirements include: written policies for detecting, responding to, and recovering from unauthorized access; customer notification within 30 days of breach discovery; service provider oversight with 72-hour breach notification clauses; incident response program; and enhanced recordkeeping.
Requirements
- Develop written breach detection and response policies
- Implement 30-day customer breach notification process
- Update service provider contracts with 72-hour notification clauses
- Establish incident response program
- Enhance recordkeeping for security events
Applicable To
SEC-registered investment advisers under $1.5B AUMInvestment companies under $1B net assetsSmaller broker-dealers
Penalty Information
âš SEC enforcement actions including fines, censure, suspension, or revocation of registration.