New SEC Measures on Cyber Risk

The US Securities and Exchange Commission (SEC) has issued new proposals designed to address the role of IT in the securities markets and enhance cyber resilience. The first proposal  amends Regulation S-P, which addresses the handling and safeguarding of personal customer information, adding to existing protections by imposing safeguarding requirements on transfer agents, and requiring SEC registrants to adopt an incident response programme. The second proposal would enhance the existing Cybersecurity Risk Management rules to better protect market entities from cyber threats, including national securities exchanges, broker-dealers, security-based swap entities, transfer agents and others. In addition, the proposal would require prompt public disclosure of any significant cybersecurity incidents and immediate reporting to the SEC. The third proposal  amends Regulation SCI (Systems Compliance and Integrity) to strengthen the resilience of key market infrastructures. It would extend Reg SCI to certain alternative trading systems, platforms trading government securities, security-based swap data repositories, registered broker-dealers, and clearing agencies. The SEC also reopened the comment period on proposed cybersecurity risk management and reporting requirements applicable to registered investment advisers, registered investment companies and business development companies.

 

The practical information hub for asset owners looking to invest successfully and sustainably for the long term. As best practice evolves, we will share the news, insights and data to guide asset owners on their individual journey to ESG integration.

Copyright © 2023 ESG Investor Ltd. Company No. 12893343. ESG Investor Ltd, Fox Court, 14 Grays Inn Road, London, WC1X 8HN

To Top
Newsletter SignupReceive all the latest stories from the ESG Investor editorial team

Subscribe to our free weekly newsletter below and never miss a story.