Securities and Exchange Commission Chairman Gary Gensler said Monday the agency is considering rules that would require financial advisers and funds to strengthen cyber protections and disclosures regarding cybersecurity threats.
The SEC has addressed cyber safeguards in risk alerts. It also brought an enforcement case last year against several financial firms for violating existing customer protection rules when hacking incidences exposed client records and information.
Gensler said SEC rules on record keeping, compliance and business continuity can implicate cybersecurity practices of registered investment advisers and brokers. Now the agency is looking to step up its cyber oversight.
“Building upon that, I’ve asked staff to make recommendations for the commission’s consideration around how to strengthen financial sector registrants’ cybersecurity hygiene and incident reporting, taking into consideration guidance issued by [the Cybersecurity and Infrastructure Security Agency] and others,” Gensler said in remarks at an online conference sponsored by the Northwestern University Pritzker School of Law.
The pending proposal would be designed to enhance cybersecurity preparedness and incident reporting by funds and advisers, Gensler said. It's due to be released by April, according to the SEC’s latest regulatory agenda.
“I think such reforms could reduce the risk that these registrants couldn’t maintain critical operational capability during a significant cybersecurity incident,” Gensler said. “I believe they could give clients and investors better information with which to make decisions, create incentives to improve cyber hygiene, and provide the commission with more insight into intermediaries’ cyber risks.”
As part of its effort to strengthen cybersecurity regulation, the agency also is looking to update its systems compliance and integrity rule for exchanges and self-regulatory organizations, and “modernize and expand” Regulation S-P, which requires brokers, investment advisers and investment companies to protect customer records and information.
Another initiative is a pending rule proposal to require public company disclosures related to cybersecurity risk and governance.
“Cyber collectively is an important resiliency project,” Gensler said. “There’s still going to be cyber events, but it’s how we can sort of update our rules in this modern time.”
The April deadline for new cyber rules doesn’t mean that’s when they’ll be released. The agency often misses its self-imposed goals on its regulatory agenda.
In a discussion about a pending climate-risk disclosure rule, Gensler declined to predict a timeline. He said that when the agency gets around to a rule sometimes is not in direct relationship to the urgency it places on the rule.
“We want to put it out … when the document’s ready based upon the economics, based upon the law, and based upon what we’re hearing from both investors and issuers,” Gensler said. “I wouldn’t confuse sequencing with priority.”
Relationships are key to our business but advisors are often slow to engage in specific activities designed to foster them.
Whichever path you go down, act now while you're still in control.
Pro-bitcoin professionals, however, say the cryptocurrency has ushered in change.
“LPL has evolved significantly over the last decade and still wants to scale up,” says one industry executive.
Survey findings from the Nationwide Retirement Institute offers pearls of planning wisdom from 60- to 65-year-olds, as well as insights into concerns.
Streamline your outreach with Aidentified's AI-driven solutions
This season’s market volatility: Positioning for rate relief, income growth and the AI rebound