U.S. SEC Chair Gensler maps out potential overhaul to agency's cyber rules

2 minute read
Register now for FREE unlimited access to Reuters.com

WASHINGTON, Jan 24 (Reuters) - The U.S. securities regulator is considering extending cyber risk management rules to third-party service providers, and beefing up public company disclosures when they experience a breach, the head of the Securities and Exchange Commission (SEC) said on Monday.

Gary Gensler, in an address to securities industry professionals, mapped out a sweeping overhaul of SEC cyber rules, including changes to how stock exchanges and clearinghouses mitigate and report on cyber risk under the Regulation "Systems Compliance and Integrity" (SCI) aimed at reducing systems issues and improving resilience.

Gensler added that new cybersecurity rules could extend to registered firms' third-party service providers, including fund administrators, index providers, custodians and others not currently registered with SEC.

Register now for FREE unlimited access to Reuters.com

These new rules could include a variety of measures, such as requiring certain registrants to identify service providers that could pose such risks; holding registrants accountable for service providers’ cybersecurity measures and protecting against inappropriate access and investor information.

"This could help ensure important investor protections are not lost and key services are not disrupted as financial sector registrants increasingly rely on outsourced services" Gensler said.

The agency could also make changes to rules around how companies disclose cybersecurity practices and cyber risk, including an update to how they must notify investors when cyber events occur.

Analysts said Gensler's outline comes at a time of growing concern about how cyber security issues could affect markets and investors. President Joe Biden's administration has also ratcheted up its focus on the issue after a recent series of high-profile cyber attacks on U.S.-based companies.

Register now for FREE unlimited access to Reuters.com
Reporting by Katanga Johnson in Washington

Our Standards: The Thomson Reuters Trust Principles.

Thomson Reuters

Washington-based reporter covering U.S. regulation at the Securities and Exchange Commission and the Consumer Financial Protection Bureau, previously e3xperience in Ecuador, alumnus of Morehouse College and Northwestern University’s Medill School of Journalism.