The SEC reveals 2023 priorities in new agenda

The seal of the U.S. Securities and Exchange Commission
The seal of the U.S. Securities and Exchange Commission hangs on the wall at SEC headquarters in Washington, June 24, 2011. REUTERS/Jonathan Ernst/File Photo

January 31, 2023 - The Office of Information and Regulatory Affairs has released its Fall 2022 Unified Agenda of Regulatory and Deregulatory Actions, which includes the Securities and Exchange Commission's rule agenda for 2023. Out of the 52 items on the agenda, 23 are in the "proposed rule stage" and 29 are in the "final rule stage." Collectively, these items give a picture of what the Commission's regulatory priorities will be for the rest of 2023.

In 2022, the SEC focused much of its efforts on regulating issues pertaining to Environmental, Social, & Governance (ESG), cryptocurrency, Regulation Best Interest, and cybersecurity. While the Commission looks to be continuing its pursuit of initiatives and rules relative to these topics, it has also outlined some new priorities for the coming year.


Originally released in March 2022, the new rule on Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure (RIN: 3235-AN08) has reached the final rule stage. The rule will require companies subject to the Securities Exchange Act of 1934 to report material cybersecurity incidents within a certain time frame and make disclosures pertaining to the company's cybersecurity protocols and risk management strategies.

The SEC is also considering a rule (still in the proposed rule stage) that would "address registrant cybersecurity risk and related disclosures, amendments to Regulation S-P and Regulation SCI, and other enhancements related to the cybersecurity and resiliency of certain Commission registrants" (RIN: 3235-AN15). Regulation S-P requires broker-dealers, registered investment advisors (RIAs), and investment companies to "adopt written policies and procedures that address administrative, technical, and physical safeguards for the protection of customer records and information" (17 CFR § 248.30). Additionally, Regulation SCI (Systems Compliance and Integrity), deals with the integrity and security of the technological infrastructure underpinning U.S. securities markets/exchanges.

While this rule proposal has yet to be released, a speech on cybersecurity and securities law given back in January 2022 at Northwestern University Pritzker School of Law sheds some light on the SEC's intentions in this area. SEC Chair Gary Gensler remarked that Regulation S-P was adopted over 20 years ago and should be modernized. He stated that he had asked SEC staff to propose "recommendations about how customers and clients receive notifications about cyber events when their data has been accessed, such as their personally identifiable information" which may include "proposing to alter the timing and substance of notifications currently required under Reg S-P."

Regarding Regulation SCI, Gensler remarked that its rules are meant to ensure that large financial entities have safeguards such as sound technology programs, business continuity plans, testing protocols, and data backups in order to make these entities more resilient to disruption. The SEC is looking to "broaden and deepen" this rule, while potentially extending it to cover other entities such as certain market-makers, broker-dealers, and Treasury trading platforms.

Environmental, social and governance

Under the broad banner of ESG, the SEC has proposed various rules with the goal of increasing transparency and disclosures related primarily to investment practices, environmental impact, and diversity.

Originally published to the Federal Register in June 2022, the proposed Enhanced Disclosures by Certain Investment Advisers and Investment Companies about Environmental, Social, and Governance Investment Practices (RIN: 3235-AM96) is now in the final rule stage. This rule will require investment advisors and investment companies who market ESG-focused funds to specify how ESG factors actually drive the investment strategies of these funds.

In the same vein, the SEC's Investment Company Names rule (RIN: 3235-AM72), also released in June 2022, will require "certain funds to adopt a policy to invest at least 80% of their assets in accordance with the investment focus that the fund's name suggests." In other words, funds with keywords such as "green," "sustainable," "ethical," or "socially responsible" in their names will have to reflect an emphasis on these areas through their investing choices.

Regarding more specific topics that fall under the umbrella of ESG, the Commission has also reached the final rule stage with The Enhancement and Standardization of Climate-Related Disclosures for Investors (RIN: 3235-AM87). This proposal contains a sweeping set of regulations that would require reporting companies to report on items such as greenhouse gas emissions, climate goals, and climate-related risks/risk management.

Moving from the environmental aspect to social and governance, the SEC's agenda also comprises a newer Corporate Board Diversity rule (RIN: 3235-AL91) and Human Capital Management Disclosure rule (RIN: 3235-AM88). The former would "enhance registrant disclosures about the diversity of board members and nominees" and the latter would do the same regarding "human capital management."

While the SEC does not specifically define human capital management here, a previous amendment to Regulation S-K provides insight into what a new human capital management rule will build upon. In August 2020, the SEC updated Regulation S-K at Item 101(c)(2)(ii) to require a summary of registrants' human capital resources, which would include the number of people employed by the registrant as well as descriptions of "any human capital measures or objectives that the registrant focuses on in managing the business" such as "measures or objectives that address the development, attraction and retention of personnel."

Digital engagement

Besides those mentioned above, there are a variety of other rules still in the proposal stage that have yet to be published to the Federal Register. The Digital Engagement Practices for Broker-Dealers/Investment Advisers (RIN: 3235-AN00/AN14) rules are two such examples. In August 2021, the SEC sought public comment pertaining to the digital tools utilized by broker-dealers and RIAs, such as "behavioral prompts, differential marketing, game-like features…and other design elements or features designed to engage with retail investors on digital platforms."

Often collectively known as digital engagement practices (DEPs), these methods are often used to increase user engagement on investment websites, portals, and apps (e.g., Fidelity, E-Trade, Robinhood, Webull, Acorns, etc.).

With the rise in retail investment and its facilitation through these digital platforms, the SEC has expressed concern that DEPs could potentially create conflicts of interest between the platform's optimization and the interest of the investor. The SEC has indicated that its forthcoming rule proposals will take into account the potential benefits afforded by DEPs in concert with the potential investor protection concerns that may also arise.


In a statement released on Jan. 4, 2023, Gensler stated that the agenda was designed to advance the Commission's "three-part mission": 1) to protect investors 2) maintain fair, orderly, and efficient markets, and 3) facilitate capital formation ( Just as 2022 saw a flurry of rulemaking activity under Gensler, the SEC's new agenda indicates that 2023 will follow suit.

However, it remains to be seen which of the outlined rule proposals will actually come to fruition in the current calendar year. In the meantime, registrants and advising entities should be cognizant of the likelihood that new policies and disclosure obligations are coming in the foreseeable future.

Roger E. Barton is a regular contributing columnist on securities regulation and litigation for Reuters Legal News and Westlaw Today.

Opinions expressed are those of the author. They do not reflect the views of Reuters News, which, under the Trust Principles, is committed to integrity, independence, and freedom from bias. Westlaw Today is owned by Thomson Reuters and operates independently of Reuters News.

Roger E. Barton is the managing partner of New York City-based Barton LLP and a litigator. He represents clients in the capital markets and financial services industries regarding securities fraud, breach of fiduciary duty, common-law fraud, 10b-5 class actions, and breach of representations and warranties. He is a fellow of the Litigation Counsel of America and can be reached at