Skip to main content

December 2021 Regulatory Updates

Collin Schwartz, Head of Legal and Regulatory Affairs / Head of Methodology

The TruSight methodology is shaped by the regulation, standards, and guidance governing the industries in which it operates. Our internal subject matter experts routinely review new regulatory requirements and guidance to ensure our methodology remains current and to provide updated information to customers for continued insight into an ever-shifting landscape. To continually equip our customers with the most up-to-date industry knowledge, below is a spotlight on December 2021 select regulatory updates.

SEC Proposes Amendments to Electronic Recordkeeping Requirements

In November, the Securities and Exchange Commission (SEC) published proposed amendments to the electronic recordkeeping and prompt production of records requirements applicable to broker-dealers, security-based swap dealers (SBSDs), and major security-based swap participants (MSBSPs). The SEC’s broker-dealer electronic recordkeeping rule requires firms to preserve electronic records exclusively in a non-rewriteable, non-erasable format (otherwise known as write once, read many, or WORM). The proposed amendments would add an audit-trail alternative. Under this alternative, preserve electronic records in a manner that permits the recreation of an original record if it is altered, over-written, or erased. The audit-trail alternative provides broker-dealers with greater flexibility in configuring their electronic recordkeeping systems so they more closely align with current technologies and practices while also protecting the authenticity and reliability of original records.

FTC Amends the GLBA’s Safeguards Rule

On December 9, 2021, the Federal Register published the Federal Trade Commission’s (FTC) amendments to the Standards for Safeguarding Customer Information (Safeguards Rule) under the Gramm-Leach-Bliley Act (GLBA). The Safeguards Rule protects the security and integrity of consumer personal information that is collected by financial institutions by ensuring that financial institutions put in place administrative, technical, and physical safeguards to protect personal information. The Safeguards Rule requires financial institutions under the FTC’s jurisdiction to implement measures to keep customer information secure and to ensure that their affiliates and service providers also safeguard customer information in their care. The amendments include:

  1. An expansion of the definition of “financial institution”
  2. Specific information security program safeguard and risk assessment requirements
  3. Enhanced accountability and reporting
  4. Alignment with existing regulatory requirements, including the FFIEC Handbook and NYSDFS Rule 500.

The deadline for compliance with the new requirements is December 9, 2022.

FSB Requests Feedback on Data Frameworks Affecting Cross-Border Payment Arrangements

On December 10, 2021, the Financial Stability Board (FSB) launched an online survey “to better understand how requirements applicable to data – e.g., where and what data must be stored/retained, where it may be transferred, the rules governing the security or access to data, could affect (either enabling or impeding) cross-border payments, by potentially affecting cost, speed, access, security of cross-border payments, or interoperability of cross-border payment networks.” In-scope data frameworks include:

  1. Domestic data frameworks (e.g., open banking frameworks, frameworks regulating data privacy, security or storage, multilateral, bilateral trade agreements)
  2. Implementation of international standards from the FSB and other standard-setting bodies, including BCBS, CPMI, FATF, IAIS, IOSCO, if not included as part of formal domestic data frameworks
  3. Other international efforts, arrangements, or agreements that jurisdictions may implement in their domestic data frameworks or that may affect cross-border data flows.

The survey closes on Friday, January 14, 2022.

svgImg Coronavirus Statement

Coronavirus Statement

Our highest priority at TruSight Solutions is to maintain health and safety, and we are closely monitoring the global situation regarding the spread of coronavirus (COVID-19.) At the same time, we remain steadfast in our commitment to deliver assessment products of the highest quality for our customers and assessed parties. In light of these dual goals, this statement addresses precautions and strategies that TruSight is implementing with respect to on-site assessments and the assessors who conduct these facility visits.

Assessors who have been assigned to conduct on-site assessments have attested that they have not traveled in the past 30 days to a country with a Level 2 or Level 3 designation from the U.S. Centers for Disease Control and Prevention. (A Level 2 alert is for enhanced precautions, and a Level 3 warning is to avoid non-essential travel.)

Upon request, each individual assigned assessor will confirm this assurance in writing via email.

Any assessor currently conducting an assessment in an affected country is bound by the country’s domestic regulations and will remain in that country as long as required.

Assessors have been instructed to escalate any personal travel concerns to their manager. Individual concerns will be respected and assignments adjusted accordingly.

For reasons of health and safety, there could be a delay in conducting an assessment and/or delivering a product where a country is prohibiting travel or otherwise inhibiting movement that is necessary for such assessment. In this event, we will inform impacted vendors and customers as soon as we become aware of the situation. We may also propose performing a remote assessment in lieu of an on-site assessment and making adjustments accordingly.

As the coronavirus situation quickly evolves, TruSight is closely following developments from the World Health Organization, U.S. Centers for Disease Control and Prevention, and other domestic and international bodies. If you have questions or concerns, please reach out directly to your TruSight contacts.

scroll to top icon