On Monday, January 24, 2022, in a speech at the Northwestern University Pritzker School of Law annual Securities Regulation Institute conference, Gary Gensler, Chair of the U.S. Securities and Exchange Commission (SEC), announced that he has asked SEC staff to provide sweeping rulemaking recommendations to modernize and expand the agency’s rules relating to cybersecurity.1 Stressing that cybersecurity is a matter of national security, Chair Gensler signaled that new guidance or proposed rules would enhance or expand public company cybersecurity programs and risk disclosures; cybersecurity program requirements and breach notification obligations for SEC regulated entities under Reg S-P; and the scope of registrants covered under Regulation Systems Compliance and Integrity (Reg SCI). He also signaled the SEC’s continued focus on enforcement and cooperation with other law enforcement agencies.2
These SEC rules could broadly affect cybersecurity requirements across the U.S. securities markets, including for public securities issuers, SEC registrants (such as broker-dealers, investment advisers, investment companies, self-regulatory organizations (SROs), and alternative trading systems (ATSs)), and service providers to issuers and SEC-registered entities.
Given the potential scope and reach of the new rules, firms should monitor these developments and begin to consider how they may wish to comment on the SEC’s proposals and advocate with the agency to ensure that the SEC adopts final rules that are well informed, are harmonious with other relevant and well-developed cybersecurity compliance regimes, and will not impose inappropriate costs and compliance burdens. Below, we summarize the areas of SEC focus and identify related considerations, including certain guidance and best practices regarding existing SEC cybersecurity requirements.
Sidley Austin LLP provides this information as a service to clients and other friends for educational purposes only. It should not be construed or relied on as legal advice or to create a lawyer-client relationship. Readers should not act upon this information without seeking advice from professional advisers.
Attorney Advertising—Sidley Austin LLP, One South Dearborn, Chicago, IL 60603. +1 312 853 7000. Sidley and Sidley Austin refer to Sidley Austin LLP and affiliated partnerships, as explained at www.sidley.com/disclaimer.
© Sidley Austin LLP