Cyber Risks Force Data Rethink at SEC
The Securities and Exchange Commission (SEC) has modified the submission deadlines for registered investment companies filing non-public monthly reports in order to mitigate risks from cybersecurity breaches.
The changes mean funds will still be required to maintain non-public monthly records on file (accessible to examiners on demand) before filing data for public consumption every quarter.
SEC Chairman Jay Clayton said in a statement that “this revised approach […] enables the Commission to receive and analyze this new data while meaningfully reducing the sensitivity of that data at the time it is transmitted to the Commission.”
Our take? With cybersecurity breaches increasing rapidly (see here), this might signal the start of a rethink in relation to certain time sensitive data. Regulators can put even more effort into their cyber defences, reduce the amount of data of this sort that they hold, or require its preparation and then review it within the (also tightly secured) network of regulated institutions instead of within the regulators “off site” data collection system. Perhaps, as here, a mixture of all three approaches will win out.
Read more here.