The American Bankers Association and nine associations today asked the Securities and Exchange Commission to extend the compliance date for recent amendments to its data breach standards for investment companies and advisers.
The SEC last year adopted amendments to Regulation S-P to require brokers and dealers, investment companies and investment advisers registered with the agency to adopt written policies and procedures for cyber incidents, including data breaches. ABA and the associations previously asked the SEC to provide more clarity and guidance on the amendments. In a new joint letter, the groups urged the commission to extend the compliance date by six months to June 3, 2026, for large firms and to Dec. 3, 2026, for smaller firms.
“Our members respectfully submit that a modest extension is reasonable, prudent and necessary given the cumulative impact of the unprecedented 43-day shutdown and the absence of guidance during certain implementation windows,” the associations said.
