SEC Proposes New Cybersecurity Rules for Financial Firms
Brokers and asset managers would have to notify their customers of data breaches as part of a raft of cybersecurity and resiliency rules the U.S. Securities and Exchange Commission (SEC) proposed. The customer-notification requirement would give firms no more than 30 days to alert individuals whose sensitive information was likely to have been accessed without authorization. The new rule would come alongside additional expansions to the SEC’s 24-year-old regulation governing financial firms’ protection of customer data, which SEC Chair Gary Gensler tied to soaring reports of identity theft. The SEC also approved a proposal that would require entities such as broker-dealers and stock exchanges to maintain written policies and procedures to address cybersecurity risks. Another proposal aims to improve the resilience of market infrastructure such as trading platforms and clearing agencies to account for new cybersecurity risks and wider usage of cloud-service providers.
Read the full article on Wall Street Journal