SEC Commissioner Signals Regulatory Changes are underway for Cybersecurity
WHAT HAPPENED?
SEC Chair Gensler spoke at Northwestern Pritzker School of Law’s Annual Securities Regulation Institute yesterday, where he focused on the Commission’s cybersecurity initiatives and a potential cybersecurity regulatory overhaul. Cybersecurity has been a long-standing priority for the SEC and the recent events in Russia and Ukraine have emphasized its importance.
Gensler has tasked staff with making recommendations to enhance cybersecurity hygiene and incident disclosure for funds, advisers, and broker dealers. Potential updates include amending Regulation S-P, which was adopted in 1999 and is arguably overdue for modernization. Regulation S-P currently requires financial institutions, including many advisers, to deliver certain privacy disclosures to clients. Updates may include imposing additional requirements on the timing and content of notices related to cybersecurity events and breaches involving personally identifiable information of clients.
Chair Gensler noted that service providers continue to be an area of concern because they play a critical role in financial security and are not subject to the Commission’s oversight. Accordingly, the SEC staff has been tasked with providing recommendations to address service provider cybersecurity risk. Potential measures may include requiring registrants to identify key service providers and holding advisers accountable for key service providers that fail to appropriately protect access to client information.
As the Director of Cybersecurity and Infrastructure Security Agency (CISA) recently said, “Cybersecurity is a team sport.” The regulators have their role, and the SEC has made it clear that it intends to be a key player, both in issuing regulation with the goal of maintaining orderly markets and in reviewing its own cybersecurity.
WHAT DOES THIS MEAN FOR ME?
Businesses in the private sector are on the front lines. More so than ever, adopting and maintaining tailored policies and procedures and conducting thorough vendor due diligence is critical. If your firm requires assistance with implementing cybersecurity programs to comply with industry best practices and regulatory expectations, Fairview Cyber can be a valuable member of your cyber team. We support registered investment advisers by creating and implementing comprehensive, sustainable cybersecurity programs with the help of our in-house regulatory experts