Summary
On April 22, 2025, Laura D’Allaird, Chief of the SEC’s Cyber and Emerging Technologies Unit, shared insights at the Incident Response Forum Masterclass 2025. The session focused on cyber regulation, particularly following the SEC’s tightening of Regulation S-P to protect customer data in the wake of emerging technology challenges. Key areas of concern highlighted were fraud in emerging technologies, cybersecurity compliance, and addressing cyber-related misconduct.
Key Points
- The SEC emphasizes rigorous oversight on firms using AI to prevent overstated claims and protect investors.
- Recent amendments to Regulation S-P require firms to have robust incident response programmes and stringent third-party service provider monitoring.
- Firms must notify customers of unauthorized access to their information within a specified time frame and broadened definitions of protected data under Regulation S-P.
- The amendments introduce compliance dates: larger entities by December 3, 2025, and smaller firms by June 3, 2026.
- The SEC is vigilant against cyber-related misconduct that threatens investor confidence and market integrity.
Why should I read this?
If you’re in the financial sector, this is a must-read! The SEC is stepping up its game in regulating how your firm handles customer data, especially with the rise of advanced tech like AI. These new amendments could significantly impact your operations and compliance strategies. Don’t let your firm be caught off-guard—get the lowdown on what to look out for now!
