This PDF is the current document as it appeared on Public Inspection on 01/29/2013 at 08:45 am.
Upon Written Request Copies Available From: Securities and Exchange Commission, Office of Investor Education and Advocacy, Washington, DC 20549-0213.
Rule 248.30; OMB Control No. 3235-0610, SEC File No. 270-549.
Notice is hereby given that, pursuant to the Paperwork Reduction Act of 1995 (44 U.S.C. 3501 et seq.), the Securities and Exchange Commission (the “Commission”) is soliciting comments on the collection of information summarized below. The Commission plans to submit this existing collection of information to the Office of Management and Budget for extension and approval.
Rule 248.30 (17 CFR 248.30), under Regulation S-P is titled “Procedures to Safeguard Customer Records and Information; Disposal of Consumer Report Information.” Rule 248.30 (the “safeguard rule”) requires brokers, dealers, investment companies, and investment advisers registered with the Commission (“registered investment advisers”) (collectively “covered institutions”) to adopt written policies and procedures for administrative, technical, and physical safeguards to protect customer records and information. The safeguards must be reasonably designed to “insure the security and confidentiality of customer records and information,” “protect against any anticipated threats or hazards to the security and integrity” of those records, and protect against unauthorized access to or use of those records or information, which “could result in substantial harm or inconvenience to any customer.” The safeguard rule's requirement that covered institutions' policies and procedures be documented in writing constitutes a collection of information and must be maintained on an ongoing basis. This requirement eliminates uncertainty as to required employee actions to protect customer records and information and promotes more systematic and organized reviews of safeguard policies and procedures by institutions. The information collection also assists the Commission's examination staff in assessing the existence and adequacy of covered institutions' safeguard policies and procedures.
We estimate that as of the end of 2011, there are 4,695 broker-dealers, 4,203 investment companies, and 11,658 investment advisers currently registered with the Commission, for a total of 20,556 covered institutions. We believe that all of these covered institutions have already documented their safeguard policies and procedures in writing and therefore will incur no hourly burdens related to the initial documentation of policies and procedures.
Although existing covered institutions would not incur any initial hourly burden in complying with the safeguards rule, we expect that newly registered institutions would incur some hourly burdens associated with documenting their safeguard policies and procedures. We estimate that approximately 1,500 broker-dealers, investment companies, or investment advisers register with the Commission annually. However, we also expect that approximately 70% of these newly registered covered institutions (1,050) are affiliated with an existing covered institution, and will rely on an organization-wide set of previously documented safeguard policies and procedures created by their affiliates. We estimate that these affiliated newly registered covered institutions will incur a significantly reduced hourly burden in complying with the safeguards rule, as they will need only to review their affiliate's existing policies and procedures, and identify and adopt the relevant policies for their business. Therefore, we expect that newly registered covered institutions with existing affiliates will incur an hourly burden of approximately 15 hours in identifying and adopting safeguard policies and procedures for their business, for a total hourly burden for all affiliated new institutions of 15,750 hours.
Finally, we expect that the 450 newly registered entities that are not affiliated with an existing institution will incur a significantly higher hourly burden in Start Printed Page 6362reviewing and documenting their safeguard policies and procedures. We expect that virtually all of the newly registered covered entities that do not have an affiliate are likely to be small entities and are likely to have smaller and less complex operations, with a correspondingly smaller set of safeguard policies and procedures to document, compared to other larger existing institutions with multiple affiliates. We estimate that it will take a typical newly registered unaffiliated institution approximately 60 hours to review, identify, and document their safeguard policies and procedures, for a total of 27,000 hours for all newly registered unaffiliated entities.
Therefore, we estimate that the total annual hourly burden associated with the safeguards rule is 42,750 hours. We also estimate that all covered institutions will be respondents each year, for a total of 20,556 respondents.
These estimates of average burden hours are made solely for the purposes of the Paperwork Reduction Act. An agency may not conduct or sponsor, and a person is not required to respond to a collection of information unless it displays a currently valid control number. The safeguard rule does not require the reporting of any information or the filing of any documents with the Commission. The collection of information required by the safeguard rule is mandatory.
Written comments are invited on: (a) Whether the proposed collection of information is necessary for the proper performance of the functions of the agency, including whether the information will have practical utility; (b) the accuracy of the agency's estimate of the burden of the collection of information; (c) ways to enhance the quality, utility, and clarity of the information collected; and (d) ways to minimize the burden of the collection of information on respondents, including through the use of automated collection techniques or other forms of information technology. Consideration will be given to comments and suggestions submitted in writing within 60 days of this publication.
Please direct your written comments to Thomas Bayer, Chief Information Officer, Securities and Exchange Commission, c/o Remi Pavlik-Simon, 6432 General Green Way, Alexandria, VA 22312; or send an email to: PRA_Mailbox@sec.gov.Start Signature
Dated: January 24, 2013.
Kevin M. O'Neill,
[FR Doc. 2013-01936 Filed 1-29-13; 8:45 am]
BILLING CODE 8011-01-P