News Roundup: SEC Finalizes New Cybersecurity Rules for Broker-Dealers, Others

CCI staff share recent surveys, reports and analysis on risk, compliance, governance, infosec and leadership issues. Share details of your survey with us: editor@corporatecomplianceinsights.com.

SEC adopts amendments to Regulation S-P; covered entities will have 18-24 months to comply

About a year after they were proposed, the SEC has finalized amendments to Regulation S-P aimed at protecting consumers’ sensitive information. 

Under the rules approved May 16, broker-dealers, investment companies, registered investment advisers and transfer agents will be required to develop written incident response plans designed to detect and respond to unauthorized access to customer information, as well as, with some exceptions, to provide notice to people whose sensitive information was likely accessed.

Notice is required in 30 days at most after the institution becomes aware of an incident, and the notice must include details about the incident and how affected customers can protect themselves from further damage.

The final amendments to Regulation S-P, coming about eight months after the commission finalized cybersecurity reporting regulations for public companies, will become effective 60 days after publication in the federal register, and compliance will be phased in beginning in 18  months for large institutions and 24 months for smaller ones.

OFAC launches public-facing sanctions data tool

The Treasury Department’s Office of Foreign Assets Control (OFAC) recently launched a new public-facing website and data search tool, Sanctions List Service (SLS), allowing users to access and download data about federally sanctioned entities.

Users can download information from either the specially designated nationals (SDN) list or the consolidated (non-SDNs) list, as well as creating custom datasets based on their selection of certain sanctions lists or programs. They can also access archived data files on the redesigned interface.

BarkerGilmore: General counsel gender pay gap shrinking

The pay gap between men and women in general counsel roles closed by about six-tenths of a percentage point over the past year, according to a survey conducted by boutique executive search firm BarkerGilmore.

Women GCs will make about 4.3% less than their male counterparts in 2024, falling from 4.9% in 2023, according to the findings, which are detailed in the firm’s annual in-house counsel compensation report, informed by surveys from thousands of in-house counsel across the U.S.

Other key findings include:

• Salaries for in-house counsel increased by 4.4% in 2024.
• Motivation to find a new job due to compensation issues decreased by 22%.
• The percentage of in-house counsel changing jobs last year decreased to 9% overall as the market stabilized from the 12% high in 2021.

Littler: 87% of employers concerned about managing divisions during election year

Nearly nine in 10 employers (87%) say they’re concerned about managing divisive political and social beliefs among their employers as the U.S. — and much of the rest of the world — head into an election year, according to a new survey by employment and labor law practice Littler.

Based on surveys of about 400 in-house lawyers, executives and HR professionals, the findings, reported in the firm’s 12th annual employer survey, reveal how employer expectations and workplace policies are evolving in a consequential election year and amid the introduction of disruptive generative AI technology.

Among the key findings:

• 51% of those surveyed expect employment-law related changes governing the use of artificial intelligence (AI) in HR functions, up from just 20% last year, as state, federal and international regulatory frameworks continue to emerge.
• 79% expect a moderate or significant impact from compliance and enforcement efforts by the U.S. Department of Labor over the next 12 months, compared to 65% who said the same earlier in the Biden Administration, in 2022.
• For organizations that are using AI in HR and talent acquisition, the most popular applications include the creation of HR-related materials (26%) and self-service chatbots for internal questions about policy or procedures (24%).
• 71% of respondents say their organizations operate under some form of a hybrid work schedule (the same proportion as last year’s survey), there was a notable shift toward more days spent working in person than remotely. Specifically, 39% now have hybrid schedules with employees working more days in person than remotely, compared to 31% in 2023.

WoltersKluwer: Corporate Transparency Act readiness inching upward

Businesses are increasingly confident they’ll be able to meet compliance deadlines with the Corporate Transparency Act’s beneficial ownership reporting mandate, according to a webinar poll conducted by WoltersKluwer, with compliance readiness rising from 18% late last year to 42% in early May.

An estimated 33 million U.S. businesses are subject to the CTA rule, with existing businesses having a 2025 deadline and those newly formed starting this year having a 90-day window to file their initial reports. (The CTA’s mandates have been challenged in court, though they remain in effect for most organizations.)

Despite growing compliance readiness, the webinar poll of about 1,400 attendees showed that about one-quarter of those surveyed were unsure whether the new requirements would apply to their organization. Other key findings include:

• 40% of respondents view keeping pace with ongoing reporting obligations as their top concern.
• 24% cited as a challenge identifying their organization’s beneficial owners.
• 12% said resource allocation and staff time required to gather the information was a challenge.