The Securities and Exchange Commission said late Wednesday that it has modified the submission deadlines for registered investment companies filing nonpublic monthly reports on Form N-PORT to help prevent cybersecurity risks.
The agency said that it has determined that allowing funds to report the monthly data at quarter end — while not changing the amount or substance of the data — will allow the commission "to fulfill its mission while reducing its cyber risk profile."
SEC Chairman Jay Clayton said in a statement that he applauded agency staff's "efforts to evaluate our data needs and cybersecurity risk profile," and that he believes the "revised approach to the receipt of new, nonpublic monthly Form N-PORT data enables the commission to receive and analyze this new data while meaningfully reducing the sensitivity of that data at the time it is transmitted to the commission."
Form N-PORT is a new form for reporting both public and nonpublic fund portfolio holdings to the commission in a structured data format.
The Investment Company Institute welcomed the amendments to the timing requirements for reporting on Form N-PORT to address cybersecurity concerns raised by the commission's receipt of sensitive, nonpublic fund data on the form.
"We are very pleased that the SEC has taken this important step to allay substantially the information security risks posed by the original rule," said ICI President Paul Schott Stevens. "This is a sensible approach that gives the SEC all the information it needs while minimizing risks to investors that could result from any unauthorized access to funds' sensitive portfolio holdings information."
The amendments require funds to file three monthly reports on Form N-PORT 60 days after the end of the fund's fiscal quarter, rather than filing the nonpublic reports for the first two months of the quarter with the commission within 30 days after the end of each month, ICI explained.
