SEC Chairman Jay Clayton. (Photo: Diego Radzinschi/NLJ)

Members of the Senate Banking Committee told Securities and Exchange Commission Chairman Jay Clayton on Monday, a day before he is to appear before the Committee, to have SEC staff review whether the agency’s 2011 guidance regarding disclosure obligations related to cybersecurity risks needs updating, in light of the Equifax and EDGAR hacks.

In addition, the lawmakers asked Clayton in their letter to consider if there “needs to be other SEC guidance or rulemakings in this [cybersecurity] area.”

Late Monday, the SEC announced two new cyber-related initiatives: the creation of a Cyber Unit that will focus on targeting cyber-related misconduct as well as a retail strategy task force that will implement initiatives that directly affect retail investors. 

Clayton is to testify on Tuesday morning that the cyber breach matter that he announced on Sept. 20 involving the SEC’s EDGAR system for corporate filings “concerns me deeply. I recognize that I am not the only one who is deeply concerned.”

Clayton will also tell the committee, as his prepared testimony states, that he has “made clear in public statements that I am focused on the standards of conduct that investment professionals must follow in providing investment advice to Main Street investors,” adding that the SEC is “engaging expeditiously and constructively” with Labor Department colleagues “to best serve the interests of investors.”

Effects of Labor’s fiduciary rule, Clayton’s testimony says, “extend well beyond the DOL’s jurisdiction, and vice versa.”

As to an SEC uniform fiduciary standard, Clayton says in his testimony that “our standards should be clear and comprehensible to the average investor, consistent across retirement and nonretirement assets and coordinated with other regulatory agencies, including the DOL and state insurance regulators.”

As to the committee’s cybersecurity concerns, Clayton states in his testimony that “Rightfully, it [the EDGAR breach] will cause this Committee and others to increase their focus on whether the commission’s approach to cybersecurity appropriately addresses our cyber risk profile. This is all the more reason it was appropriate to disclose the 2016 intrusion now even though our review and investigation are ongoing. We must remain on top of evolving threats when it comes to securing our own networks and systems against intrusion.”

Other initiatives, Clayton’s testimony continues, “resulting from the general cybersecurity review we initiated in May are ongoing or will commence shortly. These include internal and interagency incident response exercises and continued interaction on cybersecurity efforts with other government agencies and committees, including the Department of Homeland Security, the Government Accountability Office and the Financial and Banking Information Infrastructure Committee.”

— Check out FINRA Fines Down 70% in First Half of 2017 on ThinkAdvisor.