The Financial Industry Regulatory Authority issued a Cybersecurity Advisory regarding a recent action to enhance the protection of customer information.
FINRA said it was providing the notice from its Cyber and Analytics Unit to highlight the Securities and Exchange Commission’s recent amendments to Regulation S-P. Last month, the SEC said it had adopted the amendments to reform the rules governing the treatment of consumers’ nonpublic personal information by certain financial institutions.
The action updates the requirements for broker-dealers, investment companies, registered investment advisers, and transfer agents to address the expanded use of technology and corresponding risks that have emerged since Regulation S-P was originally implemented in 2000.
“Over the last 24 years, the nature, scale, and impact of data breaches has transformed substantially,” said SEC Chair Gary Gensler. “These amendments to Regulation S-P will make critical updates to a rule first adopted in 2000 and help protect the privacy of customers’ financial data. The basic idea for covered firms is if you’ve got a breach, then you’ve got to notify. That’s good for investors.”
The amendments require covered institutions to adopt an incident response program that is designed to respond to and recover from unauthorized access to customer information. They will also have to notify affected individuals whose sensitive customer information was, or is reasonably likely to have been, accessed or used without authorization.
Covered institutions will be required to provide notice about a breach no later than 30 days after it happens, with details about the incident, the breached data, and how affected individuals can respond to the breach to protect themselves.
The amendments also expand and align the safeguards and disposal rules to cover both nonpublic information that the covered institution collects about its own customers and nonpublic personal information it receives from another financial institution about that institution’s customers.
FINRA recommended that all member firms review the amendments to ensure their cybersecurity programs are modified, as needed, to come into compliance by the applicable compliance date for their firms.
The attorneys at Lewitas Hyman include former senior attorneys at the SEC whose legal experience and industry knowledge make them uniquely qualified to provide counsel on securities regulatory, compliance and enforcement matters. When it comes to regulatory compliance and enforcement matters, our attorneys have dealt with investigations and enforcement actions stemming from allegations including violations of SEC, FINRA, and SRO rules and regulations. If your firm is facing an investigation from a regulatory agency, please contact Lewitas Hyman at (888) 655-6002 or through our online contact form.