February 1, 2022
In a recent speech at the Northwestern Pritzker School of Law’s Annual Securities Regulation Institute, SEC Chair Gary Gensler focused on cybersecurity policy at the SEC, including certain potential reforms to rules governing the cybersecurity practices of registered investment companies and advisers.
For investment companies, investment advisers, and broker-dealers, Gensler announced that he has asked the SEC staff (Staff) to make recommendations for strengthening cybersecurity hygiene and incident reporting. According to Gensler, the purpose of these reforms would be to reduce the risk that these registrants would not be able to maintain critical operational capability during a significant cybersecurity incident. Gensler believes that these reforms could also give clients and investors better information on which to make decisions, create incentives to improve cyber practices and provide the SEC with more insight into intermediaries’ cyber risks.
Gensler also discussed financial sector registrants’ customer and client data privacy and protection of personal information. He noted that Congress last addressed this issue in the Gramm-Leach-Bliley Act of 1999, and that the SEC adopted Regulation S-P in response to that law, requiring registered investment companies and advisers to protect customer records and information. Gensler said it has been “an eternity in the cybersecurity world” since Regulation S-P was adopted and that there may be opportunities to modernize and expand the rule. In particular, Gensler has asked Staff for recommendations regarding how customers and clients receive notifications about cyber events when their data, such as their personally identifiable information, has been accessed. These recommendations, according to Gensler, could include proposing alterations to the timing and substance of notifications currently required under Regulation S-P.
Gensler closed the speech by emphasizing the cybersecurity challenges the financial sector, investors, issuers and the economy at large face during a time of rapid technological change, and how the SEC has a key role to play in meeting these challenges.
Chair Gensler’s speech can be found here.
September 12, 2024
September 11, 2024
September 6, 2024
August 29, 2024
August 27, 2024
August 22, 2024
August 5, 2024
July 29, 2024
July 18, 2024
July 3, 2024
The opinions expressed are those of the author(s) and do not necessarily reflect the views of the firm or its clients, or any of its or their respective affiliates. This article is for general information purposes and is not intended to be and should not be taken as legal advice.
One Battery Park Plaza
New York, NY 10004
Phone (212) 574-1200
Fax (212) 480-8421
901 K Street, NW
Washington, DC 20001
Phone (202) 737-8833
Fax (212) 480-8421
Contact Us
General/Media Inquiries – info@sewkis.com
Legal Recruiting – recruiting@sewkis.com
Staff Recruiting – hr@sewkis.com
© 2024