The US Securities and Exchange Commission (SEC) has proposed new rules to improve the securities market’s resilience against cybersecurity risks, data loss and system failure.
The proposed rules specify how market entities such as broker-dealers and clearing agencies need to respond to hacking incidents and safeguard consumer data.
They also govern how stock exchanges, transaction clearing houses, and other entities that are important to the country’s economic security should protect themselves against system failure.
All market entities would need to develop policies and processes that are reasonably intended to mitigate their cybersecurity risks under the proposed regulations.
They should also review and evaluate the effectiveness of their cybersecurity policies and processes at least once a year.
SEC chair Gary Gensler said: “The nature, scale, and impact of cybersecurity risks have grown significantly in recent decades. Investors, issuers, and market participants alike would benefit from knowing that these entities have in place protections fit for a digital age.”
Under the proposal, broker-dealers, investment companies, registered investment advisers, and transfer agents will have to notify individuals affected by data breaches.
According to the current legislation, covered businesses must inform clients on how they utilise their financial information.
Gensler said: “I think we should close this gap. Thus, under our proposal, covered firms would be required to notify customers of breaches that might put their personal financial data at risk.”
Furthermore, the SEC has suggested changes to the Regulation Systems Compliance and Integrity (SCI) to address technological flaws in the securities markets and enhance control of the core technology of important US securities market firms.