More than 24 years have passed since the U.S. Securities and Exchange Commission (SEC) first adopted Regulation S-P, which governs the treatment of consumers’ private information by certain financial institutions. In May of 2024, the SEC unanimously agreed to update these rules to keep pace with modern cyber-attacks and data breaches. The amendments to Regulation S-P will require covered institutions (including broker-dealers, investment companies and registered investment advisors) to implement and maintain written procedures that aim to detect, respond to and recover the unauthorized use of their customer’s information. As a result, covered institutions may also be required to notify affected customers within 30 days of becoming aware of the incident and must include details about the incident, the breached data and offer the next steps for responding to the breach.
SEC Chair Gary Gensler emphasized the necessity of notifying customers stating “The basic idea for covered firms is if you’ve got a breach, then you’ve got to notify. That’s good for investors.” Consequently, firms will have to hire more people, expend resources and spend more money, right?—not exactly. As financial institutions prepare to adhere to the updated regulations, SS&C Flex emerges as a comprehensive solution to navigate the complexities of incident response management and staff augmentation. With a suite of tailored services, SS&C Flex facilitates seamless coordination of customer notifications, establishes responsive call centers, and works with financial institutions to develop highly effective notification programs.
Twenty-four years later, the synergy between regulatory reforms and proactive solutions like SS&C Flex highlights a collective commitment to safeguarding the integrity of financial systems and preserving consumer trust. With SS&C Flex, the financial industry stands poised to navigate the digital landscape with resilience and confidence. Download our "Expert Support for Disruptive Business Events" brochure to learn more.