The Securities and Exchange Commission has proposed new requirements to address cybersecurity risks to the U.S. securities markets, including enforcing written policies and procedures to counter digital threats.
Market entities must also conduct annual reviews and assessments to ensure the effectiveness of their policies and determine whether they reflect changes in the cybersecurity threat landscape during the time of the review, SEC said Wednesday.
The commission aims to use information from the reports to boost its ability to obtain information about significant cybersecurity incidents in the sector and to address their severe impacts on investors.
“The nature, scale, and impact of cybersecurity risks have grown significantly in recent decades. Investors, issuers, and market participants alike would benefit from knowing that these entities have in place protections fit for a digital age,” said Gary Gensler, chairman of the SEC.
The proposed rules will affect the Municipal Securities Rulemaking Board and other market entities, including clearing agencies, broker-dealers, national securities associations and exchanges.