Collin Schwartz, Head of Legal and Regulatory Affairs / Head of Methodology
The TruSight methodology is shaped by the regulation, standards, and guidance governing the industries in which it operates. Our internal subject matter experts routinely review new regulatory requirements and guidance to ensure our methodology remains current and to provide updated information to customers for continued insight into an ever-shifting landscape. To continually equip our customers with the most up-to-date industry knowledge, below is a spotlight on December 2021 select regulatory updates.
SEC Proposes Amendments to Electronic Recordkeeping RequirementsIn November, the Securities and Exchange Commission (SEC) published proposed amendments to the electronic recordkeeping and prompt production of records requirements applicable to broker-dealers, security-based swap dealers (SBSDs), and major security-based swap participants (MSBSPs). The SEC’s broker-dealer electronic recordkeeping rule requires firms to preserve electronic records exclusively in a non-rewriteable, non-erasable format (otherwise known as write once, read many, or WORM). The proposed amendments would add an audit-trail alternative. Under this alternative, preserve electronic records in a manner that permits the recreation of an original record if it is altered, over-written, or erased. The audit-trail alternative provides broker-dealers with greater flexibility in configuring their electronic recordkeeping systems so they more closely align with current technologies and practices while also protecting the authenticity and reliability of original records.
FTC Amends the GLBA’s Safeguards Rule
On December 9, 2021, the Federal Register published the Federal Trade Commission’s (FTC) amendments to the Standards for Safeguarding Customer Information (Safeguards Rule) under the Gramm-Leach-Bliley Act (GLBA). The Safeguards Rule protects the security and integrity of consumer personal information that is collected by financial institutions by ensuring that financial institutions put in place administrative, technical, and physical safeguards to protect personal information. The Safeguards Rule requires financial institutions under the FTC’s jurisdiction to implement measures to keep customer information secure and to ensure that their affiliates and service providers also safeguard customer information in their care. The amendments include:
- An expansion of the definition of “financial institution”
- Specific information security program safeguard and risk assessment requirements
- Enhanced accountability and reporting
- Alignment with existing regulatory requirements, including the FFIEC Handbook and NYSDFS Rule 500.
The deadline for compliance with the new requirements is December 9, 2022.
On December 10, 2021, the Financial Stability Board (FSB) launched an online survey “to better understand how requirements applicable to data – e.g., where and what data must be stored/retained, where it may be transferred, the rules governing the security or access to data, could affect (either enabling or impeding) cross-border payments, by potentially affecting cost, speed, access, security of cross-border payments, or interoperability of cross-border payment networks.” In-scope data frameworks include:
- Domestic data frameworks (e.g., open banking frameworks, frameworks regulating data privacy, security or storage, multilateral, bilateral trade agreements)
- Implementation of international standards from the FSB and other standard-setting bodies, including BCBS, CPMI, FATF, IAIS, IOSCO, if not included as part of formal domestic data frameworks
- Other international efforts, arrangements, or agreements that jurisdictions may implement in their domestic data frameworks or that may affect cross-border data flows.
The survey closes on Friday, January 14, 2022.