Wall Street regulator to unveil new cybersecurity, customer data rules

The top U.S. markets regulator is set to unveil a new effort to control how broker-dealers and others tackle the risk of hacking and respond to theft of customer data, continuing a regulatory drive on cybersecurity in the financial sector.

The Securities and Exchange Commission’s five members are due to vote March 15 on issuing three new proposals, according to the agency’s website. Since last year, the commission has unveiled a series of cybersecurity proposals citing increased danger to public companies and investors.

The Commission will vote on whether to propose requiring broker-dealers, clearing houses and others to address the risk of hacking by adopting internal policies, alerting the commission to incidents and publicly disclosing them.

A similar proposal released last year applied to investment advisers and drew objections from some industry groups, who said requiring investment firms to report hacking incidents confidentially within 48 hours could hinder efforts to fix the problem quickly.

Other proposals under consideration on March 15 include whether to require broker-dealers and money managers to have programs in place to address unauthorized access to customer information, including by notifying the people affected, and whether to broaden the range of entities subject to SEC rules on market technology and infrastructure.