Blow the Whistle on Financial Institutions Not in Compliance with the Amended Rules Governing Treatment of Consumers’ Nonpublic Personal Information


June 4, 2024

The SEC has strengthened Customer Data Protection to address the expanded use of technology and risks by financial institutions.

On May 16, 2024, the U.S. Securities and Exchange Commission (SEC) announced the adoption of amendments to Regulation S-P: Privacy of Consumer Financial Information and Safeguarding Customer Information (the “Amendments”), which govern the treatment of nonpublic personal information about consumers by certain financial institutions.

The Amendments require broker-dealers (including funding portals), investment companies, registered investment advisers, and transfer agents to:

  • Incident response: Develop, implement, and maintain written policies and procedures for an incident response program that is reasonably designed to detect, respond to, and recover from unauthorized access to or use of customer information.
  • Customer notification: Provide affected customers timely notification about sensitive customer information that was or is reasonably likely to have been accessed or used without authorization.
    • Notices must be issued no later than 30 days after becoming aware of the unauthorized access to or use of customer information.
    • Notices must include details about the incident, the breached data, and how affected individuals can respond to the breach to protect themselves.

Since Regulation S-P’s adoption in 2000, technological advancements require critical updates to help protect the privacy of customers’ financial data. The Amendments are designed to modernize and enhance the protection of consumer financial information in the event of a data breach.

What if I witness misconduct or suspect fraud?

If you observe financial institutions not reporting a data breach, or failing to have written policies and procedures for safeguarding customer nonpublic information, it is critical that you inform the SEC.

The SEC will often pay monetary awards to whistleblowers who voluntarily provide the SEC with original information about violations of the federal securities laws.

How do I report this misconduct or fraud to the SEC?

If you suspect misconduct or fraud, contact a lawyer, such as a member of Cohen Milstein’s Whistleblower practice, who can counsel you on the Whistleblower process and help you complete and submit the SEC’s tip, complaint, and referral form (Form TCR).

Such consultations are confidential and free-of-charge.

What type of information is needed to report fraud, non-compliance, or misconduct to the SEC?

In addition to your personal observations and a completed Form TCR, the SEC requires supporting information that is original and not in the public sphere.

What if I’m not a company insider?

You do not need to be a company “insider” (like an employee or trader) to witness or report possible fraud or misconduct. Other market participants or victims of fraud or misconduct who observe these actions committed by others may also qualify as whistleblowers.

Does the SEC offer a whistleblower award for reporting fraud or misconduct?

Yes. If your information leads to a successful SEC enforcement action resulting in more than $1 million in monetary sanctions, you will receive an award ranging from 10-30% of any amount collected.

Where do I find more about reporting fraud and becoming a whistleblower?

The SEC’s Office of the Whistleblower provides comprehensive guidelines on reporting fraud and the whistleblower process.

You can also contact a member of our Whistleblower practice for a confidential and free-of-charge consultation.


About the Author

Christina McGlosson is Special Counsel in our Whistleblower practice, where she focuses exclusively on Dodd-Frank Whistleblower representation. She is the former acting director of the Whistleblower Office in the Division of Enforcement at the U.S. Commodity Futures Trading Commission (CFTC). She was also a senior attorney in the SEC’s Division of Enforcement for over a decade. Christina represents whistleblowers in the presentation and prosecution of fraud claims before the SEC, CFTC, FinCen, as part of the U.S. Treasury, and other government agencies.

Cohen Milstein Sellers & Toll PLLC

1100 New York Avenue, NW

Washington, DC 20005


T. 202-408-3635

Advertising Material. This content is informational in nature and should not be read or interpreted as legal advice. Should you need legal advice, please contact a lawyer.