Proposal for Increased Cybersecurity Requirements for Market Entities
The Securities and Exchange Commission (SEC) has proposed new requirements designed to address the increasing risks of cybersecurity among broker-dealers, clearing agencies, major security-based swap participants, the Municipal Securities Rulemaking Board, national securities associations, national securities exchanges, security-based swap data repositories, security-based swap dealers, and transfer agents (collectively, “Market Entities”). The proposal would require all Market Entities to implement policies and procedures to address their cybersecurity risks, review such policies and procedures at least annually, and notify the SEC about significant cybersecurity incidents. Additionally, for certain large entities, the proposal calls for public disclosure about the risks of cybersecurity. The SEC will accept comments on the proposal for 60 days after the Federal Register publishes it.