The Securities and Exchange Commission (SEC) has updated its decades-old Regulation S-P rule governing customer data protection. 

Under the SEC’s amendments, RIAs, broker-dealers and investment companies must notify customers within 30 days after becoming aware that an unauthorized use of their information occurred. The SEC also said that the rule, which governs the safeguarding and disposal of client information, would require companies to maintain written procedures for responding to a data breach and for notifying customers. 

Read More

The New York State Department of Financial Services (NYDFS) issued guidance for small businesses attempting to comply with its cybersecurity regulations.

New York has had rules for financial institutions regarding cybersecurity in place since 2017. The state issued amended rules in 2023 that require financial institutions to conduct risk assessments more often and improve governance.

Under the amended rules, “[C]overed entities must maintain a cybersecurity program designed to identify and assess cybersecurity risks; protect nonpublic information (such as confidential customer information or sensitive business information) and the computers, phones, and other electronic devices storing such information from unauthorized access and other malicious acts; detect, respond, and recover from cybersecurity events; and comply with applicable regulatory reporting obligations,” the NYDFS said Monday in a guidance letter.

Read More

The Financial Industry Regulatory Authority has created a new key topics page for its new rules treating home offices as ”residential supervisory locations.”

Read More

The SEC’s new and proposed rules on cybersecurity and cyber-incident reporting will have a dual impact on private investment advisers and funds.

Read More

Last week, Paul Hastings attended the Securities and Exchange Commission (SEC) Speaks 2024 event presented by the Practising Law Institute (PLI) in cooperation with the SEC on April 1 and 2. The SEC Speaks program provides essential updates on current initiatives and priorities at the SEC.

Read More

Nearly 40% of compliance professionals across asset management, investment adviser, and private markets firms remain unprepared for the cybersecurity risks posed by AI, reveals the 2024 Cybersecurity Benchmarking Survey.

Read More

The Financial Industry Regulatory Authority (FINRA) has fined Osaic Wealth, Inc., formerly known as Royal Alliance Associates, Inc. and Securities America, Inc.

Read More

Registered Investment Advisors (RIAs) contended with a 213% frequency increase in total errors and omissions liability claims paid by their insurers in 2023, as they faced a sharp uptick in investor complaints due to 2022’s broad market slump, according to proprietary data from Golsan Scruggs, the corporate insurance brokerage firm serving the financial services industry.

Read More

The Securities and Exchange Commission, the Financial Industry Regulatory Authority and other regulators are focusing in 2024 on some new areas — like artificial intelligence — as well as putting increased pressure on advisors and broker-dealers to step up their compliance with others, according to regulatory experts at ACA Group.

Read More

Incomplete incident-response plans, insufficient training and a lack of visibility into branch offices’ practices are among the most common cybersecurity-related shortcomings of Financial Industry Regulatory Authority member firms, according to executives at the industry self-regulator.

Read More