Published on May 23rd, 2023 |

Cybersecurity Investor Protection | SEC Commissioner Update

SEC Releases

Brief Introduction

SEC Commissioner, Jaime Lizarrage, spoke at the Digital Directs Network on May 16th.

He discussed how the SEC is pushing for all market actors to strengthen their cybersecurity protocols and actions.

With cyber-attacks and data breaches causing major financial and reputational costs for investors and issuers, the SEC has made cybersecurity a top priority.

The SEC has proposed rules and amendments with the intention of minimizing the cybersecurity risk facing our financial markets.

The Commissioner summarized the SEC actions related to Cybersecurity.

3 ways Cybersecurity Incidents Threaten the US Marketplace

3 ways Cybersecurity Incidents Threaten the US Marketplace

  1. Disrupting a major point of failure in financial markets.
  2. Compromising the integrity of critical data.
  3. Causing significant loss in confidence in US markets leading to large withdrawals from the market.

Emerging Artificial Intelligence ("AI") Use

Emerging Artificial Intelligence (“AI”) Use

  • AI is being implemented by many Firms in differing roles.
  • AI could be used to increase efficiency, returns, and access from the greater community, but it could equally be used by Firms to place their interests above those of the market and their customers.
  • The SEC will attempt to stay ahead of potential complications with AI.
  • As we saw back in March, some Firms have been also banning employees from the use of certain AI Technology as well.

Regulation S-P (In Proposed Stage)

Regulation S-P (In Proposed Stage)

  • Financial Firms covered by the Proposed Rule would be required to notify customers if their private information is compromised.
  • If a state has stronger protections under their own laws, the regulation defaults to their level of protection.

Regulation SCI (In Proposed Stage)

Regulation SCI (In Proposed Stage)

  • Additional entities such as Registered Security-Based Swap Repositories, large Broker Dealers, and some Exempt Clearing Agencies that disseminate market data and serve central repository functions will be treated as entities performing these functions in equity classes.
  • Large Broker Dealers are included in this change due to their important role in Capital Markets; a catastrophic failure of a large-scale Broker could cut off many retail investors from the market.

Cybersecurity Event Disclosure

Cybersecurity Event Disclosure

  • Rules have been proposed to provide reliable and consistent information on material cybersecurity incidents that now include the role of management personnel in mitigating their risks.
  • If any member of a public company’s board of directors has expertise in cybersecurity, details must be provided to fully describe their experience.

Vigilant's Conclusion

Vigilant’s Conclusion

The SEC has many rule proposals related to cybersecurity that includes implementing proper procedures, providing customers with proper disclosures, and taking steps to minimize cybersecurity risks.

It is important for Firms to assess their protocols, including the use of Third-Party Vendors, to ensure that they are taking cybersecurity threats seriously.

Additionally, we believe any use of AI should be assessed from a compliance perspective before implementation.

As multiple rules and amendments have been proposed, please reach out to us for any ongoing compliance support you may need.

Contact Us Today