SEC Proposes Cyber Reporting Rule for Financial Institutions

The Securities and Exchange Commission has proposed a new cyber incident reporting rule that would require financial institutions to inform the agency of compromises within two days and to review their policies and procedures annually.

According to the SEC, the new rule would help it learn more about the cyber risks that financial institutions face and would improve information system oversight. The rule would cover the Municipal Securities Rulemaking Board, broker-dealers, national security exchanges, security-based swap entities and other financial institutions.

Interested parties have two months to submit feedback before regulators decide on implementing the rule, The Record reported.

Gary Gensler, the chairman of the SEC, said the proposed regulation would address the evolving cyber risks that financial institutions face and would assure investors and market participants that they will be protected.

The proposal comes a year after lawmakers called on the SEC to implement cyber reporting rules. In February 2022, senators wrote to Gensler about reporting rules that would guarantee investors that publicly traded companies and financial institutions are serious about cybersecurity and that they are informed of any cyber incidents.