The U.S. Securities and Exchange Commission (SEC) recently detailed the proposed requirements to address cybersecurity risks to the U.S. securities markets.
The proposal would require all Market Entities to implement policies and procedures reasonably designed to address their cybersecurity risks and, at a minimum, review and assess the design and effectiveness of their cybersecurity policies and procedures annually.
The proposal would apply to broker-dealers, clearing agencies, major security-based swap participants, the Municipal Securities Rulemaking Board, national securities associations, national securities exchanges, security-based swap data repositories, security-based swap dealers, and transfer agents.
“I am pleased to support this proposal because, if adopted, it would set standards for Market Entities’ cybersecurity practices,” SEC Chair Gary Gensler said. “The nature, scale, and impact of cybersecurity risks have grown significantly in recent decades. Investors, issuers, and market participants alike would benefit from knowing that these entities have in place protections fit for a digital age.”
Gensler said the proposal would help promote every part of the SEC’s mission, with particular regard to investor protection and orderly markets.
According to the SEC, the proposal would also enhance the Commission’s ability to obtain information about significant cybersecurity incidents impacting the market entities. The proposing release would be published in the Federal Register, with the public comment period remaining open until 60 days after the date of publication of the proposing release in the Federal Register.