WASHINGTON—The Securities and Alternate Fee is exploring methods to enhance cybersecurity in capital markets, together with by extending compliance obligations to firms that presently don’t have to satisfy them, Chairman
Gary Gensler
mentioned Monday.
“The financial value of cyberattacks is estimated to be at the very least within the billions, and presumably within the trillions, of {dollars},” Mr. Gensler mentioned in a digital speech to the Northwestern Pritzker Faculty of Legislation’s annual Securities Regulation Institute convention. “We on the SEC are working to enhance the general cybersecurity posture and resiliency of the monetary sector.”
Mr. Gensler mentioned the company is contemplating extending a rule generally known as Regulation Methods Compliance and Integrity, or Reg SCI, to massive monetary corporations it doesn’t presently cowl, equivalent to market makers and broker-dealers. The rule, which presently applies to inventory exchanges, clearinghouses and comparable entities, requires corporations to conduct testing for cybersecurity points, again up their information and have business-continuity plans within the occasion of a breach.
At a gathering of SEC commissioners Wednesday, officers plan to suggest extending Reg SCI to buying and selling platforms that match patrons and sellers of Treasury securities, Mr. Gensler mentioned.
Regulators have lately stepped up their scrutiny of how corporations reply to assaults by hackers. Mr. Gensler reiterated Monday that publicly traded firms might need an obligation to reveal ransomware incidents that lead to funds, or information breaches that expose buyer info.
The SEC chairman mentioned he additionally has directed employees to look into updating the timing and substance of the notifications that brokers, fund managers and funding advisers are required to ship shoppers when their information has been accessed in a cyber incident.
As well as, the SEC is analyzing methods to boost cybersecurity requirements for a spread of service suppliers—equivalent to index suppliers, custodians, investor-reporting methods and others—that aren’t straight coated by present laws, Mr. Gensler mentioned. Attainable measures embody requiring SEC-registered corporations to establish service suppliers that might pose dangers, or holding corporations accountable for his or her service suppliers’ cybersecurity measures.
“This might assist guarantee essential investor protections will not be misplaced and key providers will not be disrupted as financial-sector registrants more and more depend on outsourced providers,” Mr. Gensler mentioned.
Write to Paul Kiernan at paul.kiernan@wsj.com
Copyright ©2022 Dow Jones & Firm, Inc. All Rights Reserved. 87990cbe856818d5eddac44c7b1cdeb8