Gary Gensler, SEC Chairman has outlined several ways SEC staff will improve its cybersecurity compliance regulations:
- The SEC may extend Reg SCI, more commonly known as Regulation Systems Compliance and Integrity to firms the rule does not currently apply to. Financial professionals that may be affected by this extension include broker-dealers and market makers.
- Public traded companies may be required to disclose ransomware incidents that result in payments or data breaches that expose client information.
- Gensler has directed staff to begin updating the timing and substance of the notifications that brokers, fund managers, and investment advisers are required to send clients when their data have been accessed in a cyber incident.
Christopher Warren, Managing Partner at Warren Law Group states, “We’ve seen instances of cybersecurity breaches in broker-dealers that allows hackers to command internal communication systems, open bank accounts in the name of the business, and proceed to instruct the firm’s clients to wire their investment funds into the newly made fraudulent accounts. These types of breaches may result in investigations by a state securities regulator, SEC, and FINRA to verify your firm is in compliance with at least Regulation S-P, Rule 4530, and the Exchange Act Rule 17a-3 and 17a-4.”
If you run an independent RIA or BD, it is imperative you have written supervisory procedures in place to tackle cybersecurity breaches. Further, having counsel assist you in implementing proper procedures to prevent a cyberattack is a good first step. Contact the attorneys at Warren Law Group to schedule your complimentary consultation, call (866) WLGROUP, or email firstname.lastname@example.org.