On March 15, 2023, the SEC issued a release (the “Release”) containing proposed amendments to Regulation S-P (the “Proposals”). These Proposals were published in the Federal Register today, March 21. If adopted, the Proposals would require broker-dealers, registered investment companies (with business development companies, “registered funds”) and investment advisers to adopt written policies and procedures creating an incident response program to deal with unauthorized access to customer information, including procedures for notifying persons affected by the incident within 30 days.

These proposals are in addition to the SEC’s other pending cybersecurity regulations, and the SEC has re-opened comments on the registered investment adviser cybersecurity proposal, almost certainly delaying its release past the April regulatory agenda estimate.

Click here to read Ropes and Gray’s Client Alert on the proposed amendments.