Cybersecurity has become a top concern for executives and boards across all sectors of commerce and critical infrastructure that rely on digital technologies—including financial services—and investment advisers, investment companies and broker-dealers (“market participants”) fall squarely within that group. Over the last two years, regulators have increasingly set their sights on this group, which is being subjected to increasingly rigorous scrutiny both as part of examinations and through enforcement actions.
The Securities and Exchange Commission (SEC) implemented the so-called Safeguards Rule, which is part of Regulation S-P, pursuant to the Gramm-Leach-Bliley Act in 2000. In December 2004, the SEC updated the Safeguards Rule to require that safeguarding policies and procedures be written, which became effective on July 1, 2005. The SEC was not particularly active in enforcing the rule for several years thereafter.
Please see full publication below for more information.