X

SEC Sets Comment Deadline for Proposed Cybersecurity Requirements

Comments on an SEC proposal that would create new cybersecurity risk management and disclosure requirements are due by June 5, 2023. The comment deadline was published in the Federal Register.

As previously covered, the SEC proposed new Rule 10 that would require market entities to (i) create and maintain written policies and procedures to address cybersecurity risks, (ii) annually review these policies, (iii) submit an annual review to the SEC and (iv) immediately inform the SEC of any significant cybersecurity incidents once the market entity concluded that a cybersecurity incident occurred. The proposal would also require covered entities to disclose and document through new Form SCIR (i) steps taken to remedy any significant cyber incidents and (ii) an annual summary of cybersecurity risks and incidents.

If adopted, the requirements would apply to broker-dealers, the MSRB and FINRA, clearing agencies, national securities exchanges, security-based swap data repositories, security-based swap dealers and transfer agents.

Primary Sources

  1. SEC Proposal: Cybersecurity Risk Management Rule
  2. SEC Fact Sheet: Addressing Cybersecurity Risks to the U.S. Securities Markets
  3. SEC Federal Register Comment Deadline: Cybersecurity Risk Management Rule

Related Articles

  • SEC Proposes New Cybersecurity Requirements

    The SEC proposed a new rule that would require market entities to implement procedures designed to address cybersecurity risk, and a related form for disclosing information about cyber incidents and risks.

  • SEC Proposes Buy-Side Cybersecurity Rules

    The SEC proposed cybersecurity risk management and reporting requirements that would be applicable to registered investment advisers, registered investment companies and business development companies. The SEC also proposed amendments to certain rules that govern investment adviser and fund disclosures.

Premium Content

Available only to Premium subscribers.

 

Join Premium

US Regulatory Intelligence combines regulatory and enforcement news, analysis, and practical work tools on an easy-to-use digital platform.

Request a Free Trial

Tags

Regulated Activities
Data Protection / Cybersecurity
Sub-Activity
Cybersecurity
Regulated Entities
Broker-Dealers Issuers of Securities Swap Dealers / SBSDs
Sub-Entity
SEC-Registered Issuers
Body of Law
Securities Law
Jurisdiction
US - Federal
Organization
SEC