A divided SEC released a proposal Wednesday designed to strengthen broker-dealer defenses against online attacks.
The Securities and Exchange Commission voted, 3-2, to put out for public comment a proposed new rule that would require brokers, clearing agencies, major swaps operations and other entities to establish written policies and procedures to address cybersecurity threats.
Under the proposal, brokerages would have to assess cyber risks periodically and put in place measures to protect the firm’s information systems from unauthorized access and to detect, respond and recover from cyberbreaches, according to an SEC fact sheet.
The 500-page proposal would require brokers immediately to report cyber incidents to the SEC and then follow up with more detailed information about its response within 48 hours. It also would mandate that firms make summary public disclosures annually about cyber risks and attacks over the previous year.
The measure is the first cybersecurity rule the SEC has proposed for brokers. It follows a similar cybersecurity proposal last year for investment advisors. The commission voted Wednesday to extend the comment period on the advisor proposal, which originally closed in April 2022. The new comment period will run for 60 days after a notice is published in the Federal Register.
The broker proposal will be open for public comment for 60 days after it is published in the Federal Register. The SEC might modify the proposal based on the public input before promulgating a final rule.
SEC Chairman Gary Gensler said the sophistication, scale and impact of cyber risks have increased significantly, necessitating stronger fortification against breaches.
“Investors, issuers and market participants alike would benefit from knowing that these entities have in place protections fit for a digital age,” Gensler said at an SEC open meeting. “This proposal would help promote every part of our mission, particularly regarding investor protection and orderly markets.”
Gensler and the two other Democratic SEC commissioners — Caroline Crenshaw and Jaime Lizárraga — voted in favor of releasing the proposal. The two Republican commissioners — Hester Peirce and Mark Uyeda — voted against putting it out for comment.
Peirce said the proposal puts the SEC in the position of punishing brokerages for cyberattacks rather than helping them recover from them.
“The commission stands ready, not with assistance but with a cudgel to wield if the firm fails to comply with a complicated reporting regime, even if the firm resolves the incident by avoiding significant harm to the firm or its customers.,” Peirce said at the open meeting.
She also expressed concern about the disclosure requirements, which she said could put brokerages in “legal peril” and “could serve as a road map for cybercriminals.”
Uyeda had misgivings about the mandate for brokerages to report cyber incidents immediately.
“These prescriptive deadlines can do more harm than good,” Uyeda said.
All five commissioners voted in favor of releasing for public comment a separate proposal that would require broker-dealers, investment companies, registered investment advisers and transfer agents to notify clients and customers of data breaches that could expose them to identity theft or other harm.
The SEC also approved Wednesday releasing for public comment a proposal to strengthen the security of the financial markets’ technological infrastructure.
The group led by a 37-year industry veteran brings $470 million in assets to the Philadelphia-based broker dealer.
The Atlanta, Georgia-based national wealth firm revealed its new PE partner as prior backers Wealth Partners Capital Group and HGGC’s Aspire Holdings exited their investments.
The latest departures in Ohio mark another setback for the hybrid RIA, which is looking to "expanding its presence across all models and segments of the wealth management industry.”
The St. Louis-based real estate investment firm gives the asset management giant a valuable access point to the roughly $1 trillion net lease market.
Eliseo Prisno, a former Merrill advisor, allegedly collected unapproved fees from Filipino clients by secretly accessing their accounts at two separate brokerages.
Orion's Tom Wilson on delivering coordinated, high-touch service in a world where returns alone no longer set you apart.
Barely a decade old, registered index-linked annuities have quickly surged in popularity, thanks to their unique blend of protection and growth potential—an appealing option for investors looking to chart a steadier course through today's choppy market waters, says Myles Lambert, Brighthouse Financial.
