Securities and Exchange Commission Chairman Gary Gensler said Monday the agency is considering rules that would require financial advisers and funds to strengthen cyber protections and disclosures regarding cybersecurity threats.
The SEC has addressed cyber safeguards in risk alerts. It also brought an enforcement case last year against several financial firms for violating existing customer protection rules when hacking incidences exposed client records and information.
Gensler said SEC rules on record keeping, compliance and business continuity can implicate cybersecurity practices of registered investment advisers and brokers. Now the agency is looking to step up its cyber oversight.
“Building upon that, I’ve asked staff to make recommendations for the commission’s consideration around how to strengthen financial sector registrants’ cybersecurity hygiene and incident reporting, taking into consideration guidance issued by [the Cybersecurity and Infrastructure Security Agency] and others,” Gensler said in remarks at an online conference sponsored by the Northwestern University Pritzker School of Law.
The pending proposal would be designed to enhance cybersecurity preparedness and incident reporting by funds and advisers, Gensler said. It's due to be released by April, according to the SEC’s latest regulatory agenda.
“I think such reforms could reduce the risk that these registrants couldn’t maintain critical operational capability during a significant cybersecurity incident,” Gensler said. “I believe they could give clients and investors better information with which to make decisions, create incentives to improve cyber hygiene, and provide the commission with more insight into intermediaries’ cyber risks.”
As part of its effort to strengthen cybersecurity regulation, the agency also is looking to update its systems compliance and integrity rule for exchanges and self-regulatory organizations, and “modernize and expand” Regulation S-P, which requires brokers, investment advisers and investment companies to protect customer records and information.
Another initiative is a pending rule proposal to require public company disclosures related to cybersecurity risk and governance.
“Cyber collectively is an important resiliency project,” Gensler said. “There’s still going to be cyber events, but it’s how we can sort of update our rules in this modern time.”
The April deadline for new cyber rules doesn’t mean that’s when they’ll be released. The agency often misses its self-imposed goals on its regulatory agenda.
In a discussion about a pending climate-risk disclosure rule, Gensler declined to predict a timeline. He said that when the agency gets around to a rule sometimes is not in direct relationship to the urgency it places on the rule.
“We want to put it out … when the document’s ready based upon the economics, based upon the law, and based upon what we’re hearing from both investors and issuers,” Gensler said. “I wouldn’t confuse sequencing with priority.”
Thirty four percent of advisors surveyed by InvestmentNews say they use direct indexing strategies but 39 percent don’t.
“This is on the B. Riley Securities side of the business, the dealmaking side,” one senior industry executive said.
There are three essential elements you must bring to the table to increase the chances of a successful post-sale career.
Across generations, how are savers doing with their 401(k) contributions?
New report shines some light on today's billionaires' investments.
"Synth Equity has been such a tailwind for these advisors who really understand the story," Measured Risk Portfolios’ head of distribution said.
Streamline your outreach with Aidentified's AI-driven solutions