Read Aloud the Text Content

This audio was created by Woord's Text to Speech service by content creators from all around the world.

Text Content or SSML code:

Regulators and Regulation Primary Regulators Many regulators, such as SEC and FINRA, require information security policies, procedures or programs and also periodic education/training for certain financial firms and their employees or associated persons related to information security and cybersecurity. As such, Penn Mutual Information Security undergoes various internal and external conducted assessments, examinations, and audits by state and federal regulators. Insurance and financial services companies, like Penn Mutual and our affiliates, are responsible to hold, manage, and protect not just our client's money, but sensitive financial and personal information. In order to gain and maintain client trust, and meet legal and regulatory standards at the federal, state, and local levels, Penn Mutual safeguards information through preventing individuals and companies from unauthorized access. As our Company continues to evolve and leverage third-party relationships, it becomes increasingly important to be careful when sharing information and access to systems. The following Company policies are available on The Cube and HTK Connect to guide your day-to-day work in support of information security and cybersecurity: Information Classification Standard Acceptable Use of Company's Electronic Resources Standard Password Standard Continued Breaking News Recently Adopted Regulations and Other Notable Regulatory Information Numbered divider 1 NYDFS Cybersecurity Regulation Overview Since 2017, the New York Department of Financial Services (NYDFS) Cybersecurity Regulation requires that certain financial professionals and brokers take steps to protect sensitive information and comply with regulatory requirements: Risk Assessment: Financial professionals and brokers (certain financial professionals) must assess their specific cyber risk profiles. Cybersecurity Programs: Design and implement cybersecurity programs to address identified risks. Regulation Update: Effective November 1, 2023, financial institutions are now required to adopt more proactive and rigorous security practices. These measures assure that sensitive information is safeguarded and that financial institutions remain in compliance with NYDFS regulations. Numbered divider 2 SEC Amendments to Regulation S-P: Enhanced Consumer Data Protection On May 16, 2024, the SEC adopted amendments to Regulation S-P, Privacy of Consumer Financial Information and Safeguarding Customer Information. These changes apply to broker-dealers (including funding portals), investment companies, registered investment advisers, and transfer agents (collectively, "covered institutions"). These amendments aim to modernize and enhance consumer financial information protection by requiring covered institutions have robust incident response and notification measures in place: Incident Response Program. Covered institutions must implement a program to respond effectively to data breaches. Customer Notification. Institutions are required to notify affected individuals in the event of a data breach. The final amendments establish a federal minimum standard for covered institutions to provide data breach notifications to affected individuals. Regulators are focused on emerging technologies. As new regulations are proposed and adopted, we will amend or adopt policies to manage any risks to our customers, clients, and our Company.