By Matt MacLean, JD, CHAMP
On March 15-18, 2015, the country’s top securities and financial regulators met at the Securities Industry and Financial Markets Association (“SIFMA”) Compliance and Legal Society Annual Seminar. Speakers included Mary Jo White, Chair of the U.S. Securities & Exchange Commission, and Richard Ketchum, Chairman and CEO of FINRA.
The group confirmed that cybersecurity/data security will continue to be to priorities for all regulators and firms. Because laws and regulations on privacy and cybersecurity continue trailing technology, the regulators feel enforcement is the best way to keep firms focused on protecting client data. Given the interests at stake and the need for disclosure in data breaches, the speakers noted that financial firms have increasingly less control over the announcement of data breaches.
Although the group discussed rumors that the SEC is working on a new Regulation S-P, which forces SEC-regulated firms to protect client information, nothing has been publicly circulated. It is clear, however, that the SEC is investigating firms that suffer “hacking” or other data breaches for lack of internal controls or timely disclosure. In addition, the U.S. Department of Justice created a cybersecurity unit to identify legal impediments to improved data security.
More than ever, SEC and FINRA regulated firms need robust data security plans that protect the wealth of client information stored electronically.