The Securities Compliance Podcast Season 3 Episode 12 - The New SEC Cybersecurity Rule Proposal—What You Need To Know

Podcast

Securities Compliance Podcast: Compliance in Context

On Episode 12 of Season 3 of the Securities Compliance Podcast: Compliance in Context, host Patrick D. Hayes does a deep dive on the new SEC Cybersecurity Risk Management rule proposal for Investment Advisers—what it says and what you can do now to help prepare your firm for the potential updates that may be necessary comply with the new rule. In the Headlines section, Patrick looks at two recent interviews from Chair Gensler stating that most cryptoassets are securities, what the future holds for this growing area of the financial markets, and the potential impact on compliance. Finally, Patrick wraps up the show with another installment of the Outtakes series where a recent SEC and CFTC sweep uncovered “egregious misconduct” related to off-channel business communications for 16 regulated entities, and what are some of the key lessons investment adviser and broker dealer firms should take away in order to avoid suffering the same fate.

Season 3, Episode 12 Topics:

Headlines

• Chair Gensler interview with PLI regarding disclosure requirements of digital assets
• Chair Gensler interview with Coinbase regarding cryptoassets as securities

Interview with Amber Allen and Craig Watanabe

• Review the evolution of the SEC’s Cybersecurity guidance
  • Reg S-ID
  • Reg S-P
  • Prior enforcement actions
  • SEC Risk Alerts
• Discuss the specifics of Proposed Rule 206(4)-9
• Analyze the benefits of cybersecurity risk assessments
• Outline additional elements of the new rule in conjunction with best practices from prior guidance
  • User Security and Access
  • Information Protection
  • Vendor Management
• Examine the use of incident response plans and applicability of cyber insurance
• Summarize key steps firms can take to protect their firms now and what to do when a breach occurs

Final Segment – Outtakes

• SEC and CFTC Sweep Uncovers “Egregious Misconduct” Related to Off-Channel Business Communications

Quotes

09:24 - “I think evolution is a good word and I would view this most current proposal (Rule 2064-9) as evolutionary rather than revolutionary. And in your introduction, I really picked up on one key word and I think that really characterizes what the SEC is doing, and that is codify. And I’ll take it one step further: formalize.” - Craig

12:05 - “Having the potential obligation to disclose an incident within 48 hours of that occurring could be a pretty onerous requirement for the firms, especially when they’re trying to juggle some of the things that go alongside of a data breach.” - Amber

26:32 - “One of the problems with cybersecurity is that it’s easy to talk about but hard to do. And I will say this, it’s particularly challenging because many compliance officers don’t have a lot of savviness with regard to IT and, in particular, information security.” - Craig

---

About the Securities Compliance Podcast: Compliance in Context

Introducing the Securities Compliance Podcast: Compliance in Context presented by Calfee, Halter & Griswold and the National Society of Compliance Professionals and hosted by Patrick D. Hayes, Partner and leader of Calfee's Investment Management practice.

Designed as a personal master class for the securities legal and compliance professional, this podcast embodies Patrick’s passion to help you put Compliance In Context™ by combining the technical expertise of industry thought leaders and innovators with the practical experience of doers and key decision makers.

Listeners will find the podcast on Apple Podcast, Google Podcast, Spotify and Stitcher.

---

The opinions expressed by guest speakers and panelists during Securities Compliance Podcasts may not necessarily reflect the viewpoints of the attorneys and professionals of Calfee, Halter & Griswold LLP or its subsidiaries or affiliates. Calfee’s educational content is intended to inform and educate readers about legal developments and is not intended as legal advice for any specific individual or specific situation. Please consult with your attorney regarding any legal questions you may have. With regard to all content including case studies or descriptions, past outcomes do not predict future results.