View Rule

The Division is considering recommending that the Commission adopt amendments to require that market entities address cybersecurity risks, to improve the Commission’s ability to obtain information about significant cybersecurity incidents impacting market entities, and to improve transparency about cybersecurity risk in the U.S. securities markets.  The Commission proposed a new rule and form and amendments to existing recordkeeping rules to require broker-dealers, clearing agencies, major security-based swap participants, the Municipal Securities Rulemaking Board, national securities associations, national securities exchanges, security-based swap data repositories, security-based swap dealers, and transfer agents to address cybersecurity risks through policies and procedures, immediate notification to the Commission of the occurrence of a significant cybersecurity incident and, as applicable, reporting detailed information to the Commission about a significant cybersecurity incident, and public disclosures that would improve transparency with respect to cybersecurity risks and significant cybersecurity incidents. In addition, the Commission proposed amendments to existing clearing agency exemption orders to require the retention of records that would need to be made under the proposed cybersecurity requirements. Finally, the Commission proposed amendments to address the potential availability to security-based swap dealers and major security-based swap participants of substituted compliance in connection with those requirements.