The SEC is continuing its focus on cybersecurity regulations by announcing three new proposed rules and re-opening the comment period on an additional proposed rule from last year. Each of the proposed rules focuses on entities in the financial sector, including broker-dealers, investment advisers, investment companies and other entities regulated by the SEC. A trio of experts from Baker Donelson — Matthew G. White, Alexander F. Koskey and Michael G. McLaughlin — explain the proposals and offer best-practice guidance.
Proposed new SEC regulations would, among other things, require regulated entities to formally adopt policies and procedures for responding to cyber incidents, expand the scope of information subject to the rules to include information received from third-party financial institutions and implement new requirements for reporting cyber incidents to both customers and regulators.
Regulation S-P
The SEC’s proposed amendments to Regulation S-P would require the following of broker-dealers, registered investment advisers and investment companies.
- Create an incident response program: Entities would be required to adopt written policies and procedures that address unauthorized access to, or use of, customer information, including procedures for notifying individuals affected by an…
