Cybersecurity Drives SEC to Modify Timing of Form N-PORT Filings

The SEC announced on Wednesday, Feb. 27 that it approved an interim final rule amending the timing requirements for filing Form N-PORT. Reports will now be prepared monthly but submitted to the SEC quarterly. In addition, the deadline to submit the reports has been changed from 30 days to 60 days. In a release announcing the change, the SEC said the adjustments would reduce cybersecurity risk.

This is a significant change for filers and comes just before Larger Fund Groups (fund groups with net assets of $1 billion or more as of the most recent fiscal year-end) were to begin reporting on EDGAR.

At a glance:
  • 30 days after the end of each month, funds must maintain in their records the information required in Form N-PORT. The information must be made available to the SEC upon request.
  • 60 days after the end of each fiscal quarter, funds file all three monthly N-PORT reports on EDGAR
  • As before, the reports for the third month of each quarter (the “quarter-end report”) will become publicly available upon filing
  • As before, the reports for the first and second months of the quarter will remain non-public
  • As before, the first six months of reports (i.e., reports for quarters ending March 31, 2019-August 31, 2019) will be kept non-public to allow the funds and the SEC to adjust technical specifications and data validation processes

Compliance dates

  • Larger Fund Groups that have been complying with Form N-PORT reporting requirements since June 1, 2018 will continue to maintain information in their records until the new EDGAR reporting date, which takes effect on April 1, 2019.
  • Smaller Fund Groups have an N-PORT compliance date of June 1, 2019. The compliance date for filing reports on EDGAR is April 1, 2020.

First report for Larger Fund Groups

  • Larger Fund Groups have been complying with Form N-PORT requirements since June 1, 2018 by maintaining the information in their records. They have not been required to maintain this information in XML.
  • Because Larger Fund Groups with fiscal quarters ending in March or April might not be prepared to file all three months of reports at quarter-end (because the information is not already in XML):
    • Larger Fund Groups with March quarter-end are exempt from reporting for January and February data
    • Larger Fund Groups with April quarter-end are exempt from reporting February data

First N-PORT reporting dates for Larger Fund Groups:

Fiscal Quarter-End
First N-PORT report filed on EDGAR by
Report data for
March 31, 2019May 30, 2019March 2019
April 30, 2019July 1, 2019 (because June 29 is a Saturday)March, April 2019
May 31, 2019July 30, 2019March, April, May 2019

 

The rule amendment reflects the Commission’s awareness of the sensitivity of the data that it collects as well as the associated cybersecurity risks. With this change, the SEC will collect the same volume of data but reduce potential cybersecurity risks that arise from maintaining sensitive, non-public data on EDGAR. That the SEC can access the monthly data maintained in a fund’s records is key to this compromise.


For more on our Form N-PORT filing solution Consensus, click here.

For more information on our compliance services, click here.


Subscribe to CSS Blog

CSS frequently publishes blog posts which are written by our team from their observations in the field, at conferences and through experiences with compliance professionals. These posts are designed to further knowledge and share industry best practices. Topics run the gamut, including Form ADV, cybersecurity, MiFID II, position limit monitoring, technology challenges and more. Complete and submit the brief form below to receive notifications when we publish new content.

Loading form...

Latest Content

Improving Mutual Funds’ Principal Risks Disclosure

The Securities and Exchange Commission (SEC) has for years stressed that registrants’ disclosure in regulatory filings needs to be written in “plain English.” The SEC’s Disclosure Review and Accounting Office recently reiterated the plain English directive in “ADI 2019 – 08 – Improving Principal Risks Disclosure.” The guidance focuses specifically on making disclosure of principal risks … Continued

Cayman Islands Data Protection Law Nears Taking Effect

Cybersecurity regulations have landed ashore on the islands, and life is about to become anything but a beach for firms forced to comply with the Cayman Islands’ new Data Protection Law (DPL), slated to take effect September 30, 2019. With provisions largely mirroring the EU’s General Data Protection Regulation (GDPR), entities with a presence or … Continued