Tailored Cybersecurity Programs Remain a Policy and Enforcement Focus for Financial Regulators

Recent pronouncements from U.S. government officials, as well as regulatory actions, have made it clear that ensuring financial institutions’ cybersecurity will be a major priority for the SEC and other regulators charged with safeguarding financial markets.

Market Regulators Recognize and Respond to the Growing Cybersecurity Threat

In recent weeks, the Chair of the Securities and Exchange Commission (SEC), Mary Jo White, and the Chairman of the Commodity Futures Trading Commission (CFTC), Timothy Massad, each identified cybersecurity as a critical risk for the financial industry and a priority for their respective agencies. Most recently, on June 2, 2016, the SEC appointed a new Senior Advisor to the Chair for Cybersecurity Policy. In commenting on the appointment, Chair White yet again reiterated the SEC’s cybersecurity focus. Earlier, in a May 2016 address to the Investment Company Institute’s (ICI) General Membership Meeting, Chair White explained that “[c]ybersecurity is ... one of the greatest risks facing the financial services industry.” Chair White also identified cybersecurity as a “key element” of the “evolution of regulation for the asset management industry” and an area in which industry participants “have major responsibilities.”

Similarly, in a May 2016 interview at the Reuters Financial Regulation Summit, Chairman Massad underscored the importance of cybersecurity when he commented that “[c]yber is the biggest threat facing financial markets today.” In a further parallel to Chair White’s commentary, Chairman Massad emphasized cybersecurity-related regulatory obligations, noting that the CFTC has undertaken its own review of the industry’s cybersecurity. He added that the CFTC plans to finalize new cybersecurity rules before year-end;1 the CFTC proposed rule would apply only to markets, not asset managers. MORE