View Rule

View EO 12866 Meetings Printer-Friendly Version     Download RIN Data in XML

SEC RIN: 3235-AN15 Publication ID: Spring 2024 
Title: Cybersecurity Risk Management Rules for Broker-Dealers, Clearing Agencies, MSBSPs, the MSRB, National Securities Associations, National Securities Exchanges, SBSDRs, SBS Dealers, and Transfer Agents 

The Division is considering recommending that the Commission adopt amendments to require that market entities address cybersecurity risks, to improve the Commission’s ability to obtain information about significant cybersecurity incidents impacting market entities, and to improve transparency about cybersecurity risk in the U.S. securities markets.  The Commission proposed a new rule and form and amendments to existing recordkeeping rules to require broker-dealers, clearing agencies, major security-based swap participants, the Municipal Securities Rulemaking Board, national securities associations, national securities exchanges, security-based swap data repositories, security-based swap dealers, and transfer agents to address cybersecurity risks through policies and procedures, immediate notification to the Commission of the occurrence of a significant cybersecurity incident and, as applicable, reporting detailed information to the Commission about a significant cybersecurity incident, and public disclosures that would improve transparency with respect to cybersecurity risks and significant cybersecurity incidents. In addition, the Commission proposed amendments to existing clearing agency exemption orders to require the retention of records that would need to be made under the proposed cybersecurity requirements. Finally, the Commission proposed amendments to address the potential availability to security-based swap dealers and major security-based swap participants of substituted compliance in connection with those requirements.

Agency: Securities and Exchange Commission(SEC)  Priority: Substantive, Nonsignificant 
RIN Status: Previously published in the Unified Agenda Agenda Stage of Rulemaking: Final Rule Stage 
Major: Undetermined  Unfunded Mandates: No 
CFR Citation: 17 CFR 232.101    17 CFR 240.3a71-6    17 CFR 240.17a-4    17 CFR 240.17Ad-7    17 CFR 240.18a-6    17 CFR 240.18a-10    17 CFR 242.10    17 CFR 249.624    ...     (To search for a specific CFR, visit the Code of Federal Regulations.)
Legal Authority: 15 U.S.C. 77c    15 U.S.C. 77f    15 U.S.C. 77g    15 U.S.C. 77h    15 U.S.C. 77j    15 U.S.C. 77s(a)    15 U.S.C. 77z-3    15 U.S.C. 77sss(a)    15 U.S.C. 78c(b)    15 U.S.C. 78l    15 U.S.C. 78m    15 U.S.C. 78n    15 U.S.C. 78o(d)    15 U.S.C. 78o-10    15 U.S.C. 78w(a)    15 U.S.C. 78ll    15 U.S.C. 80a-6(c)    15 U.S.C. 80a-8    15 U.S.C. 80a-29    15 U.S.C. 80a-30    15 U.S.C. 80a-37    15 U.S.C. 80b-4    15 U.S.C. 80b-10    15 U.S.C. 80b-11    15 U.S.C. 7201 et seq.    18 U.S.C. 1350    ...   
Legal Deadline:  None
Action Date FR Cite
NPRM  04/05/2023  88 FR 20212   
NPRM Comment Period End  06/05/2023 
Final Action  10/00/2024 
Regulatory Flexibility Analysis Required: YES  Government Levels Affected: None 
Small Entities Affected: Businesses  Federalism: No 
Included in the Regulatory Plan: No 
RIN Data Printed in the FR: Yes 
Agency Contact:
Nina Kostyukovsky
Securities and Exchange Commission
100 F Street NE,
Washington, DC 20549
Phone:202 551-8833