The SEC is focusing on cybersecurity breaches at broker-dealers and registered investment advisers, among other financial institutions, with an update to a 24-year-old rule.
The changes call for broker-dealers (including funding portals), investment companies, registered investment advisers and transfer agents registered with the SEC to develop, implement and maintain policies and procedures designed to detect, respond to and recover from customer data breaches.
The SEC’s newly announced amendments will become effective 60 days after their publication in the Federal Register.
Larger firms have 18 months from the publication date to comply with the new regulations, while smaller entities will have a longer 24-month window to become compliant.