Gensler Hints at Cyber Regulations to Affect Service Providers, Funds, Advisers

SEC Chairman Gary Gensler in a recent speech emphasized the need for a stronger regulatory regime around cybersecurity for a range of firms, including funds, advisers, broker dealers and service providers. Chair Gensler acknowledged that these firms already comply with rules that may implicate their cybersecurity practices, such as books-and-records, compliance, and business continuity regulations. However, he stated that he has asked SEC staff for recommendations on how to shore up financial sector registrants’ cybersecurity hygiene and incident reporting, taking into consideration guidance issued by the federal government and others. According to Chair Gensler, such regulatory reforms “could reduce the risk that these registrants couldn’t maintain critical operational capability during a significant cybersecurity incident.” Chair Gensler also pointed to what regulations could look like for service providers, many of which are not SEC-registered entities. According to Chair Gensler, regulations “could include a variety of measures, such as requiring certain registrants to identify service providers that could pose such risks. Further, it could include holding registrants accountable for service providers’ cybersecurity measures with respect to protecting against inappropriate access and investor information.”