July 21, 2016
Leading U.S. banks, and other publicly traded companies, should expect increased cybersecurity scrutiny from the Securities and Exchange Commission.
This week, during a meeting of the Treasury Department’s Financial and Banking Information Infrastructure Committee, leaders of the SEC and the Commodity Futures Trading Commission, which aims to protect consumers from fraud, shared updates about their agencies’ approaches to cybersecurity, as well as an overview of their examination processes, rules and other actions.
The Treasury committee focuses on improving information sharing among financial regulators, promoting public-private partnerships and enhancing the resiliency of the financial sector. And its membership reads like a who’s who of regulatory authority, including Sarah Bloom Raskin, deputy secretary at the Treasury Department; Mark Gruenberg, chairman of the Federal Deposit Insurance Corp.; and Thomas J. Currey, comptroller of the Office of the Comptroller of the Currency.
While all meetings of the FBIIC are closed, the post-meeting synopsis of the committee’s July 19 meeting reinforces what many cybersecurity and legal experts have been saying for months: The SEC is staking claim on its right to review the consumer privacy and data protection practices at all publicly traded companies.
At this week’s meeting, SEC Chairwoman Mary Jo White and CFTC Chairman Timothy Massad discussed their agencies’ strategies for ensuring cyber resiliency in the financial sector. And committee members were briefed about results from recent cyber exercises conducted to evaluate the impact of a cyber incident on the nation’s financial stability, according to the meeting synopsis.
The FBI also played a role at the meeting, noting the need for more information sharing with the financial sector.