SEC proposes new cybersecurity requirements for broker-dealers

SEC proposes new cybersecurity requirements for broker-dealers
The proposal is similar to one the SEC released last year that focuses on investment advisors. The SEC also extended the comment period for the advisor proposal.
MAR 15, 2023

A divided SEC released a proposal Wednesday designed to strengthen broker-dealer defenses against online attacks.

The Securities and Exchange Commission voted, 3-2, to put out for public comment a proposed new rule that would require brokers, clearing agencies, major swaps operations and other entities to establish written policies and procedures to address cybersecurity threats.

Under the proposal, brokerages would have to assess cyber risks periodically and put in place measures to protect the firm’s information systems from unauthorized access and to detect, respond and recover from cyberbreaches, according to an SEC fact sheet.

The 500-page proposal would require brokers immediately to report cyber incidents to the SEC and then follow up with more detailed information about its response within 48 hours. It also would mandate that firms make summary public disclosures annually about cyber risks and attacks over the previous year.

The measure is the first cybersecurity rule the SEC has proposed for brokers. It follows a similar cybersecurity proposal last year for investment advisors. The commission voted Wednesday to extend the comment period on the advisor proposal, which originally closed in April 2022. The new comment period will run for 60 days after a notice is published in the Federal Register.

The broker proposal will be open for public comment for 60 days after it is published in the Federal Register. The SEC might modify the proposal based on the public input before promulgating a final rule.

SEC Chairman Gary Gensler said the sophistication, scale and impact of cyber risks have increased significantly, necessitating stronger fortification against breaches.

“Investors, issuers and market participants alike would benefit from knowing that these entities have in place protections fit for a digital age,” Gensler said at an SEC open meeting. “This proposal would help promote every part of our mission, particularly regarding investor protection and orderly markets.”

Gensler and the two other Democratic SEC commissioners — Caroline Crenshaw and Jaime Lizárraga — voted in favor of releasing the proposal. The two Republican commissioners — Hester Peirce and Mark Uyeda — voted against putting it out for comment.

Peirce said the proposal puts the SEC in the position of punishing brokerages for cyberattacks rather than helping them recover from them.

“The commission stands ready, not with assistance but with a cudgel to wield if the firm fails to comply with a complicated reporting regime, even if the firm resolves the incident by avoiding significant harm to the firm or its customers.,” Peirce said at the open meeting.

She also expressed concern about the disclosure requirements, which she said could put brokerages in “legal peril” and “could serve as a road map for cybercriminals.”

Uyeda had misgivings about the mandate for brokerages to report cyber incidents immediately.

“These prescriptive deadlines can do more harm than good,” Uyeda said.

All five commissioners voted in favor of releasing for public comment a separate proposal that would require broker-dealers, investment companies, registered investment advisers and transfer agents to notify clients and customers of data breaches that could expose them to identity theft or other harm.

The SEC also approved Wednesday releasing for public comment a proposal to strengthen the security of the financial markets’ technological infrastructure.


Latest News

Texas man says SEC and fund could make him pay twice
Texas man says SEC and fund could make him pay twice

A $141M judgment and a federal asset freeze collide over one shrinking pool

Osaic executives Kristy Britt and Greg Cornick to leave
Osaic executives Kristy Britt and Greg Cornick to leave

The firm's CFO and EVP of Wealth Management Solutions are the latest executives to exit the broker-dealer.

Estate planning becomes a client retention issue for financial advisors, survey finds
Estate planning becomes a client retention issue for financial advisors, survey finds

Clients are saying they would consider switching advisors if another professional offered estate planning services, according to a new Trust & Will survey.

Candidly adds AI agents for Trump Accounts, workplace benefits
Candidly adds AI agents for Trump Accounts, workplace benefits

CEO Laurel Taylor says the fintech's composable AI stack helps workers optimize dollars across Trump Accounts, 529s, 401(k)s, and other employee benefits.

BMO adds three advisors in Dallas amid Y'all Street wealth boom
BMO adds three advisors in Dallas amid Y'all Street wealth boom

The bank has swiped three private banking veterans from BNY as the city climbs the ranks of America's fastest-growing wealth hubs.

SPONSORED Who builds the income when the pension disappears?

Dan Biagini of American Equity says the steady decline of pensions, longer lifespans and a reset in interest rates are rewriting how advisors build retirement income

SPONSORED Why direct indexing stopped being optional

Direct indexing is on pace to outgrow ETFs and mutual funds. Northern Trust's Ken Lassner explains why the advisors who get it wish they had started sooner.