![]() Brian Johnson, David Joire, Amanda Wagner, Christopher Staley, and Rachel Kuo in the Division of Investment Management.Renee Jones, Erik Gerding, Betsy Murphy, Luna Bloom, Ian Greber-Raines, Charles Kwon, Michael Seaman, Lindsay McCord, Deanna Virginio, Michael Coco, Matt McNair, Shelly Luisi, Catherine Brown, Kim McManus, Rolaine Bancroft, Katherine Hsu, Arthur Sandel, Chris Windsor, Rushabh Soni, and Sam Serfaty in the Division of Corporation Finance.I’d like to thank the members of the SEC staff who worked on this rule, including: I am pleased to support today’s proposal and, subject to Commission approval, look forward to the public’s feedback. Going forward, I’ve also asked staff to make additional recommendations for the Commission’s consideration with respect to broker-dealers, Regulation SCI, and intermediaries’ requirements regarding customer notices (Regulation S-P). ![]() In February, we voted to propose new obligations for registered investment advisers and funds with respect to cybersecurity. Earlier this winter, the Commission voted to propose expanding Regulation Systems Compliance and Integrity (SCI) to certain government securities trading platforms. This is the third rulemaking project we have proposed that implicates cybersecurity. It also would require updates in periodic reports to give investors more complete information on previously disclosed, material cybersecurity incidents. Today’s proposal would specify when and what information about cybersecurity incidents companies must disclose in a current report, such as on Form 8-K. When companies have an obligation to disclose material information to investors, they must be complete and accurate. This is critical because such material cybersecurity incidents could affect investors’ decision-making. Second, it would require mandatory, material cybersecurity incident reporting. how cybersecurity risks and incidents are likely to impact the company’s financials.whether companies have cybersecurity policies and procedures and.management’s and the board’s role and oversight of cybersecurity risks. ![]() For example, under the proposed rules, companies would disclose information such as: This would allow investors to assess these risks more effectively. Today’s release would enhance issuers’ cybersecurity disclosures in two key ways:įirst, it would require mandatory, ongoing disclosures on companies’ governance, risk management, and strategy with respect to cybersecurity risks. I think companies and investors alike would benefit if this information were required in a consistent, comparable, and decision-useful manner. Thus, investors increasingly seek information about cybersecurity risks, which can affect their investment decisions and returns.Ī lot of issuers already provide cybersecurity disclosure to investors. They can have significant financial, operational, legal, and reputational impacts on public issuers. ![]() Investors want to know more about how issuers are managing those growing risks.Ĭybersecurity incidents, unfortunately, happen a lot. The interconnectedness of our networks, the use of predictive data analytics, and the insatiable desire for data are only accelerating, putting our financial accounts, investments, and private information at risk. Today, cybersecurity is an emerging risk with which public issuers increasingly must contend. Over the years, our disclosure regime has evolved to reflect evolving risks and investor needs. Companies that are raising money from the public have an obligation to share information with investors on a regular basis. The basic bargain is this: Investors get to decide what risks they wish to take. We’ve been requiring disclosure of important information from companies since the Great Depression. I am pleased to support this proposal because, if adopted, it would strengthen investors’ ability to evaluate public companies’ cybersecurity practices and incident reporting. Today, the Commission is considering a proposal to mandate cybersecurity disclosures by public companies.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |