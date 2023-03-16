Skip to main content
Republicans Almost Sort Of Agree That Something Should Be Done About Financial Services Cybersecurity

Not too much, though. That would be duplicative and rash.

iiiiiiiiiiiiiiiiiii, CC BY-SA 4.0 <https://creativecommons.org/licenses/by-sa/4.0>, via Wikimedia Commons

If you thought that Gary Gensler and his exhausted, bedraggled underlings at the Securities and Exchange Commission would not have time—in between levying all those fines, shredding everything done between the years 2017 and 2021, and remaking the very structure of the capital markets—to add some rather routine, mundane and—dare we say it?—bipartisan matters to its frenetic rule-making schedule, well

The customer-notification requirement would give [brokers and asset managers] no more than 30 days to alert individuals whose sensitive information was likely to have been accessed without authorization. The new rule would come alongside additional expansions to the SEC’s 24-year-old regulation governing financial firms’ protection of customer data, which SEC Chair Gary Gensler tied to soaring reports of identity theft.

The SEC’s five commissioners voted unanimously in favor of the proposal, though the two Republicans on the panel expressed some reservations about how it would interact with state-level rules.

Of course, Gensler can’t allow just one rule where three would do, thereby failing to give his G.O.P. colleagues an opportunity to do more than meekly and impotently grumble about matters on the margin.

Commissioners voted 3-2 along party lines to propose another pair of rules designed to strengthen institutions’ defenses. Republicans Hester Peirce and Mark Uyeda said elements of the rules were duplicative or redundant and could create confusion./One would require entities such as broker-dealers and stock exchanges to maintain written policies and procedures to address cybersecurity risks.

The other aims to improve the resilience of market infrastructure such as trading platforms and clearing agencies to account for new cybersecurity risks and wider usage of cloud-service providers.

SEC Proposes New Cybersecurity Rules for Financial Firms [WSJ]

