The US Securities and Exchange Commission (SEC) has issued new proposals designed to address the role of IT in the securities markets and enhance cyber resilience. The first proposal amends Regulation S-P, which addresses the handling and safeguarding of personal customer information, adding to existing protections by imposing safeguarding requirements on transfer agents, and requiring SEC registrants to adopt an incident response programme. The second proposal would enhance the existing Cybersecurity Risk Management rules to better protect market entities from cyber threats, including national securities exchanges, broker-dealers, security-based swap entities, transfer agents and others. In addition, the proposal would require prompt public disclosure of any significant cybersecurity incidents and immediate reporting to the SEC. The third proposal amends Regulation SCI (Systems Compliance and Integrity) to strengthen the resilience of key market infrastructures. It would extend Reg SCI to certain alternative trading systems, platforms trading government securities, security-based swap data repositories, registered broker-dealers, and clearing agencies. The SEC also reopened the comment period on proposed cybersecurity risk management and reporting requirements applicable to registered investment advisers, registered investment companies and business development companies.
The proposals will enhance cyber and technology risk management requirements for key entities that underpin the US securities market.https://t.co/Tqr023WZ2A
— Regulation Asia (@RegulationAsia) March 17, 2023