SEC proposes new cybersecurity requirements for broker-dealers

SEC proposes new cybersecurity requirements for broker-dealers
The proposal is similar to one the SEC released last year that focuses on investment advisors. The SEC also extended the comment period for the advisor proposal.
MAR 15, 2023

A divided SEC released a proposal Wednesday designed to strengthen broker-dealer defenses against online attacks.

The Securities and Exchange Commission voted, 3-2, to put out for public comment a proposed new rule that would require brokers, clearing agencies, major swaps operations and other entities to establish written policies and procedures to address cybersecurity threats.

Under the proposal, brokerages would have to assess cyber risks periodically and put in place measures to protect the firm’s information systems from unauthorized access and to detect, respond and recover from cyberbreaches, according to an SEC fact sheet.

The 500-page proposal would require brokers immediately to report cyber incidents to the SEC and then follow up with more detailed information about its response within 48 hours. It also would mandate that firms make summary public disclosures annually about cyber risks and attacks over the previous year.

The measure is the first cybersecurity rule the SEC has proposed for brokers. It follows a similar cybersecurity proposal last year for investment advisors. The commission voted Wednesday to extend the comment period on the advisor proposal, which originally closed in April 2022. The new comment period will run for 60 days after a notice is published in the Federal Register.

The broker proposal will be open for public comment for 60 days after it is published in the Federal Register. The SEC might modify the proposal based on the public input before promulgating a final rule.

SEC Chairman Gary Gensler said the sophistication, scale and impact of cyber risks have increased significantly, necessitating stronger fortification against breaches.

“Investors, issuers and market participants alike would benefit from knowing that these entities have in place protections fit for a digital age,” Gensler said at an SEC open meeting. “This proposal would help promote every part of our mission, particularly regarding investor protection and orderly markets.”

Gensler and the two other Democratic SEC commissioners — Caroline Crenshaw and Jaime Lizárraga — voted in favor of releasing the proposal. The two Republican commissioners — Hester Peirce and Mark Uyeda — voted against putting it out for comment.

Peirce said the proposal puts the SEC in the position of punishing brokerages for cyberattacks rather than helping them recover from them.

“The commission stands ready, not with assistance but with a cudgel to wield if the firm fails to comply with a complicated reporting regime, even if the firm resolves the incident by avoiding significant harm to the firm or its customers.,” Peirce said at the open meeting.

She also expressed concern about the disclosure requirements, which she said could put brokerages in “legal peril” and “could serve as a road map for cybercriminals.”

Uyeda had misgivings about the mandate for brokerages to report cyber incidents immediately.

“These prescriptive deadlines can do more harm than good,” Uyeda said.

All five commissioners voted in favor of releasing for public comment a separate proposal that would require broker-dealers, investment companies, registered investment advisers and transfer agents to notify clients and customers of data breaches that could expose them to identity theft or other harm.

The SEC also approved Wednesday releasing for public comment a proposal to strengthen the security of the financial markets’ technological infrastructure.


Latest News

SEC charges Chicago-based investment adviser with overbilling clients more than $2.5M in fees
SEC charges Chicago-based investment adviser with overbilling clients more than $2.5M in fees

Eliseo Prisno, a former Merrill advisor, allegedly collected unapproved fees from Filipino clients by secretly accessing their accounts at two separate brokerages.

Apella Wealth comes to Washington with Independence Wealth Advisors
Apella Wealth comes to Washington with Independence Wealth Advisors

The Harford, Connecticut-based RIA is expanding into a new market in the mid-Atlantic region while crossing another billion-dollar milestone.

Citi's Sieg sees rich clients pivoting from US to UK
Citi's Sieg sees rich clients pivoting from US to UK

The Wall Street giant's global wealth head says affluent clients are shifting away from America amid growing fallout from President Donald Trump's hardline politics.

US employment report reactions: Overall better than expected, but concerns with underlying data
US employment report reactions: Overall better than expected, but concerns with underlying data

Chief economists, advisors, and chief investment officers share their reactions to the June US employment report.

Creative Planning's Peter Mallouk slams 'offensive' congressional stock trading
Creative Planning's Peter Mallouk slams 'offensive' congressional stock trading

"This shouldn’t be hard to ban, but neither party will do it. So offensive to the people they serve," RIA titan Peter Mallouk said in a post that referenced Nancy Pelosi's reported stock gains.

SPONSORED How advisors can build for high-net-worth complexity

Orion's Tom Wilson on delivering coordinated, high-touch service in a world where returns alone no longer set you apart.

SPONSORED RILAs bring stability, growth during volatile markets

Barely a decade old, registered index-linked annuities have quickly surged in popularity, thanks to their unique blend of protection and growth potential—an appealing option for investors looking to chart a steadier course through today's choppy market waters, says Myles Lambert, Brighthouse Financial.