Global Trustee and Fiduciary Services Bite-Sized Issue 6 2024

15 QUICK LINKS AIFMD CMU CRYPTOASSETS EMIR FINTECH IFD/IFR MAR MIFID II/MIFIR OPERATIONAL RESILIENCE SECURITISATION SUSTAINABLE FINANCE/ESG UCITS ASIA EUROPE UNITED STATES UNITEDKINGDOM Global Trustee and Fiduciary Services Bite-Sized | Issue 6 | 2024 Depository Trust & Clearing Corporation’s T+1 Website here SEC Adopts Rule Amendments to Regulation S-P to Enhance Protection of Customer Information On 16 May 2024, the SEC adopted amendments to Regulation S-P to modernise and enhance the rules that govern the treatment of consumers’ nonpublic personal information by certain financial institutions. The amendments update the rules’ requirements for broker-dealers (including funding portals), investment companies, registered investment advisers, and transfer agents (collectively, “covered institutions”) to address the expanded use of technology and corresponding risks that have emerged since the SEC originally adopted Regulation S-P in 2000. The amendments require covered institutions to develop, implement, and maintain written policies and procedures for an incident response program that is reasonably designed to detect, respond to, and recover from unauthorised access to or use of customer information. The amendments also require that the response program include procedures for, with certain limited exceptions, covered institutions to provide notice to individuals whose sensitive customer information was or is reasonably likely to have been accessed or used without authorisation. The amendments require a covered institution to provide notice as soon as practicable, but not later than 30 days, after becoming aware that an incident involving unauthorised access to or use of customer information has occurred or is reasonably likely to have occurred. The notice must include details about the incident, the breached data, and how affected individuals can respond to the breach to protect themselves. The amendments will become effective on 2 August 2024. Larger entities will have 18 months after the date of publication in the Federal Register to comply with the amendments, and smaller entities will have 24 months after the date of publication in the Federal Register to comply. Link to Fact Sheet here Link to Final Rule here SEC, FinCEN Propose Customer Identification ProgramRequirements for Registered Investment Advisers and Exempt Reporting Advisers On 13 May 2024, the SEC and the U.S. Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) jointly proposed a new rule that would require SEC-registered investment advisers (RIAs) and exempt reporting advisers (ERAs) to establish, document, and maintain written customer identification programs (CIPs). The proposal is designed to prevent illicit finance activity involving the customers of investment advisers by strengthening the anti-money laundering and countering the financing of terrorism (AML/CFT) framework for the investment adviser sector. Under this proposal, RIAs and ERAs would be required to implement reasonable procedures to identify and verify the identity of their customers, among other requirements, in order to form a reasonable belief that RIAs and ERAs know the true identity of their customers. The proposed rule would make it more difficult for criminal, corrupt, or illicit actors to establish customer relationships – including by using false identities – with investment advisers for the purposes of laundering money, financing terrorism, or engaging in other illicit finance activity. This proposed rulemaking complements a separate FinCEN proposal in February 2024 to designate RIAs and ERAs as “financial institutions” under the Bank Secrecy Act (BSA) and subject them to AML/CFT program requirements and suspicious activity report (SAR) filing obligations, among other requirements. That proposal cites a Treasury risk assessment that identified that the investment adviser industry has served as an entry point into the U.S. market for illicit proceeds associated with foreign corruption, fraud, tax evasion, and other criminal activities. Together, these proposals aim to prevent illicit finance activity in the investment adviser sector and further safeguard the U.S. financial system. The rule, if adopted, would require RIAs and ERAs to, among other things, implement a CIP that includes procedures for verifying the identity of each customer to the extent reasonable and practicable and maintaining records of the information used to verify a customer’s identity, among other requirements. The proposal is generally consistent with the CIP requirements for other financial institutions, such as brokers or dealers in securities and mutual funds. Link to Fact Sheet here Link to Proposed Rule here