The Securities and Exchange Commission (SEC), has proposed new cyber risk management rules for financial institutions, which follows a recent and well-publicized cyber-attack on a third-party services provider. Risk.net spoke with Financial Markets and Funds partner Nathaniel Lalone on potential confusion and other challenges resulting from duplicative regulations. Nate noted that with other rule proposals having already been published regarding operational security, financial firms may find themselves "caught in the cross-current." Clarity being key, he added, "Hopefully the rule set, once adopted, operates as a coherent, integrated whole, otherwise the implementation burden for firms will be significant."
Nate acknowledges the statutory limitations the regulators face when overseeing financial services providers. In that context, by "beefing up policies and procedures and requiring greater transparency around cybersecurity incidents," the SEC's latest proposal "probably pushes the rulemaking envelope as far as it can go."
"SEC cyber rules risk creating web of confusion and costs," Risk.net, March 28, 2023
*Subscription may be required for article access
London
