The Commission proposed requirements are applicable to brokers-dealers, clearing agencies, major security-based swap participants, national securities exchanges, the Municipal Securities Rulemaking board, security-based swap data repositories, security-based swap dealers, and transfer agents.
According to SEC, market entities increasingly rely on information systems to perform their functions and provide their services and thus are targets for threat actors who may seek to disrupt their functions or gain access to the data stored on the information systems for financial gain.
Cybersecurity risk also can be caused by the errors of employees, service providers, or business partners. The interconnectedness of market entities increases the risk that a significant cybersecurity incident can simultaneously impact multiple market entities causing systemic harm to the US securities markets.
The SEC highlighted the proposal would require all market entities to implement policies and procedures that are reasonably designed to address their cybersecurity risks and, at least annually, review and assess the design and effectiveness of their cybersecurity policies and procedures, including whether they reflect changes in cybersecurity risk over the time period covered by the review.
The proposal would also improve the commission’s ability to obtain information about significant cybersecurity incidents affecting these entities. Further, new public disclosure requirements for covered entities would improve transparency about the cybersecurity risks that can cause adverse impacts to the US securities markets.
The proposed release will be published in the Federal Register. The public comment period will remain open until 60 days after the date of publication of the proposing release in the Federal Register.
Officials from the SEC said that they support this proposal because, if adopted, it would set standards for market entities’ cybersecurity practices. The nature, scale, and impact of cybersecurity risks have grown significantly in recent decades.
The officials added that investors, issuers, and market participants alike would benefit from knowing that these entities have in place protections fit for a digital age. This proposal would help promote every part of their mission, particularly regarding investor protection and orderly markets.
Earlier in 2023, the SEC charged Genesis and Gemini for the unregistered offer and sale of securities to retail investors through the Gemini Earn crypto asset lending programme.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now