The Inner Circle

 View Only
  • 1.  SEC Proposed Rule Changes for Cybersecurity Risks to the U.S. Securities Markets

    Posted Mar 19, 2023 06:14:00 AM

    Just last week, the SEC proposed Cyber rule changes for all market entities like broker-dealers, clearing agencies, swap participants, exchanges, broker/ dealers, and transfer agents. Combined with similar rule changes for publicly traded companies proposed last year, every market participant is covered. Both mandate the reporting of Cyber incidents, along with the disclosure of board composition, and overall cyber resilience. Together, the impact every market participant within the SEC's purview.

    Whether an asset is a currency, a commodity, or an equity is a matter of law. So far, the SEC has limited - and often questioned authority - over crypto currencies and digital assets. Depending on what the US Congress does, these new rules could easily have a dramatic impact on the crypto community.

    Folding in, the U.S. National Cyber Policy, EU-US Data Privacy Framework (DPF), Network and Information Systems Directive (NIS2), and Digital Operational Resilience Act (DORA) we are seeing what could easily amount to the most sweeping regulatory changes since Sarbannes-Oxly.

    Anyone interested can find the Fact Sheet here and the Proposed Rule Changes here. PSA it is over 500 pages.

    Would love to hear everyone's thoughts.



    ------------------------------
    Alex Sharpe
    Principal
    Sharpe42
    [email protected]
    Co-Chair Philosophy & Guiding Principles Working Group
    Co-Chair Organizational Strategy & Governance Working Group
    ------------------------------


  • 2.  RE: SEC Proposed Rule Changes for Cybersecurity Risks to the U.S. Securities Markets

    Posted Mar 20, 2023 08:07:00 AM

    Folks interested in this space might also be interested in the U.S. Treasury Department's recent report on cloud services adoption in the financial services sector, located here. This report may also spur some shifts in the regulatory landscape.



    ------------------------------
    John Goodman
    Senior Vice President
    Cyber Risk Institute
    ------------------------------



  • 3.  RE: SEC Proposed Rule Changes for Cybersecurity Risks to the U.S. Securities Markets

    Posted Mar 23, 2023 08:09:00 AM

    Thank you, John. Good stuff. This is a good resource and very timely.  I have been asked to participate in developing scenarios to stress the operational resilience of the financial services sector. This helps.

    Any chance you are part of the FS-ISAC?

    Cheers,

    alex.



    ------------------------------
    Alex Sharpe
    Principal
    Sharpe42
    [email protected]
    Co-Chair Philosophy & Guiding Principles Working Group
    Co-Chair Organizational Strategy & Governance Working Group
    ------------------------------



  • 4.  RE: SEC Proposed Rule Changes for Cybersecurity Risks to the U.S. Securities Markets

    Posted Mar 23, 2023 07:11:00 PM

    Hey, Alex,

     

    Yes, we're members of FS-ISAC and I just returned from the Denver conference a few hours ago.  We and several of our member companies spoke at the conference.

     

    The Treasury report is triggering the formation of an FSSCC working group to address three workstreams requested of the private sector.  We'll likely be leading one of those (around alignment of cyber standards).  The CRI Cloud Profile, which was developed in collaboration with CSA, will probably form the basis of that work. 

     

    Please don't hesitate to reach out if you have any further questions.

     

    Regards. . . John Goodman

     






  • 5.  RE: SEC Proposed Rule Changes for Cybersecurity Risks to the U.S. Securities Markets

    Posted Mar 25, 2023 05:07:00 AM

    Thank you, John.

    What a small world. The Operational Resilience (OR) scenarios referred to in my request are for the Global Resilience Federation (GRF). The FS-ISAC is a member of the community. In fact, the scenario I will most likely propose is based on the aggregation of risk and TPRM from SaaS. It is based on some discussion with one of the FS-ISAC working groups. I will email you to set up some time to progress the discussions.

    Cheers,
    alex.



    ------------------------------
    Alex Sharpe
    Principal
    Sharpe42
    [email protected]
    Co-Chair Philosophy & Guiding Principles Working Group
    Co-Chair Organizational Strategy & Governance Working Group
    ------------------------------



  • 6.  RE: SEC Proposed Rule Changes for Cybersecurity Risks to the U.S. Securities Markets

    Posted Mar 24, 2023 07:32:00 PM

    Thank you sharing the cloud services adoption report in the financial services.  Great report. 

    Venkat 



    ------------------------------
    Venkat Raghavan
    CEO
    Stack Identity
    ------------------------------