Securities and Exchange Commission Chairman Gary Gensler said Monday the agency is considering rules that would require financial advisers and funds to strengthen cyber protections and disclosures regarding cybersecurity threats.
The SEC has addressed cyber safeguards in risk alerts. It also brought an enforcement case last year against several financial firms for violating existing customer protection rules when hacking incidences exposed client records and information.
Gensler said SEC rules on record keeping, compliance and business continuity can implicate cybersecurity practices of registered investment advisers and brokers. Now the agency is looking to step up its cyber oversight.
Building upon that, Ive asked staff to make recommendations for the commissions consideration around how to strengthen financial sector registrants cybersecurity hygiene and incident reporting, taking into consideration guidance issued by [the Cybersecurity and Infrastructure Security Agency] and others, Gensler said in remarks at an online conference sponsored by the Northwestern University Pritzker School of Law.
The pending proposal would be designed to enhance cybersecurity preparedness and incident reporting by funds and advisers, Gensler said. It’s due to be released by April, according to the SECs latest regulatory agenda.
I think such reforms could reduce the risk that these registrants couldnt maintain critical operational capability during a significant cybersecurity incident, Gensler said. I believe they could give clients and investors better information with which to make decisions, create incentives to improve cyber hygiene, and provide the commission with more insight into intermediaries cyber risks.
As part of its effort to strengthen cybersecurity regulation, the agency also is looking to update its systems compliance and integrity rule for exchanges and self-regulatory organizations, and modernize and expand Regulation S-P, which requires brokers, investment advisers and investment companies to protect customer records and information.
Another initiative is a pending rule proposal to require public company disclosures related to cybersecurity risk and governance.
Cyber collectively is an important resiliency project, Gensler said. Theres still going to be cyber events, but its how we can sort of update our rules in this modern time.
The April deadline for new cyber rules doesnt mean thats when theyll be released. The agency often misses its self-imposed goals on its regulatory agenda.
In a discussion about a pending climate-risk disclosure rule, Gensler declined to predict a timeline. He said that when the agency gets around to a rule sometimes is not in direct relationship to the urgency it places on the rule.
We want to put it out when the documents ready based upon the economics, based upon the law, and based upon what were hearing from both investors and issuers, Gensler said. I wouldnt confuse sequencing with priority.
The post Pending SEC proposal targets advisers cyber hygiene appeared first on InvestmentNews.
We're here to help. Send us an email or call us at +1 (585) 329-9661. Please feel free to contact our experts.
A donation will be made by Adviser First Partners to a Veterans organization on behalf of all financial professionals and firms that register each month
Contact Us© 2024 Adviser First Partners. All Rights Reserved.
Web Design by eLink Design, Inc., a Kentucky Web Design company