SEC Requires Financial Institutions to Disclose Breach Within 30 Days

The Securities and Exchange Commission (SEC) is implementing a new rule that will require some financial institutions to report security breaches within 30 days of identifying the issue.

The amendments stated that institutions should notify compromised customers "as soon as practicable, but not later than 30 days" after learning about the security breach.

SEC Chair Gary Gensler 2022 — Kevin Dietsch/Getty Images

SEC Implements New Policy Amid Increasing Breaches on Financial Institutions

The changes will be reflected in Regulation S-P, the rules that concern appropriate treatment for the personal information of consumers. This affects registered broker-dealers, investment companies, registered investment advisers, and transfer agents.

"These amendments to Regulation S-P will make critical updates to a rule first adopted in 2000 and help protect the privacy of customers' financial data. The basic idea for covered firms is if you've got a breach, then you've got to notify," said SEC chair Gary Gensler.

Financial institutions must provide detailed information about the incident, what type of consumer data was compromised by the attack, and what measures could individuals take to protect themselves.

SEC Strengthens Policy on Security Breaches

The amendments for Regulation S-P marked its first update since it was adopted in 2000. SEC announced that the policy change will force institutions to maintain and develop their policies against unauthorized access to customer information.

However, affected institutions are not required to alert their customers if their investigation proves that the accessed personal information was not used to create substantial harm or inconvenience.

Last year, the SEC implemented new regulations that required publicly traded companies to report security breaches that can affect business, strategy, or financial results and conditions.

The amendments for Regulation S-P will be effective 60 days after its publication in the Federal Register. Larger organizations are given up to 18 months to comply while smaller institutions can take up to 24 months.

SEC Requires Financial Institutions to Disclose Breach Within 30 Days

SEC Implements New Policy Amid Increasing Breaches on Financial Institutions

SEC Strengthens Policy on Security Breaches

Trending News

YouTube Bug 'Accidentally' Bans Accounts, Removes Channels Because of 'Spam' and Now Affecting Users

Fans Want Rockstar Games to Bring 'GTA San Andreas' Focus to 'GTA 6,' But It May Not Happen

Apple to Bring 1st 5G Modem to iPhone SE 4 With A18 Chipset, iPhone 15 Cameras and More

'Avatar: The Last Airbender' Getting a Prequel As an AAA-Rated Game Exploring the Past Before Kyoshi

Meta Movie Gen AI Offers Deepfake Tools for Making Realistic Videos From Single Photo

More from iTechPost

Meta Movie Gen AI Offers Deepfake Tools for Making Realistic Videos From Single Photo

'Avatar: The Last Airbender' Getting a Prequel As an AAA-Rated Game Exploring the Past Before Kyoshi

YouTube Bug 'Accidentally' Bans Accounts, Removes Channels Because of 'Spam' and Now Affecting Users

Apple to Bring 1st 5G Modem to iPhone SE 4 With A18 Chipset, iPhone 15 Cameras and More

SEC Implements New Policy Amid Increasing Breaches on Financial Institutions

SEC Strengthens Policy on Security Breaches

Sign Up for the iTechPost Newsletter