SEC Should Focus on Cybersecurity, Nominees Say

Stay up-to-date with the latest developments in securities law through access to both news and all statutes and regulations. Find relevant corporate filings through a searchable EDGAR database. And...

By Andrew Ramonas

Cybersecurity would be a top priority if confirmed to serve on the Securities and Exchange Commission, nominees Robert Jackson and Hester Peirce told the Senate Banking Committee Oct. 24.

The candidates expressed concern about the cyber-vulnerability of the planned Consolidated Audit Trail, a massive database of information intended to help the SEC fight illegal trading and monitor market disruptions. Jackson and Peirce also said they supported the commission’s role in policing the corporate disclosure of cyber issues, with Jackson saying the agency needs rules that keep up with the changing marketplace.

“We’ve got some work to do,” said Jackson, a Columbia Law School professor.

Jackson said the commission should consider updating how companies disclose cyber issues. “My concern is that the SEC’s rules in this area and guidance on what materiality is is not keeping pace with the changes in our markets and our companies,” he said in response to a question from Sen. Sherrod Brown of Ohio, the top Democrat on the committee.

Companies, not the SEC, must decide what to report about any cybersecurity incidents, Peirce, a senior research fellow at George Mason University’s Mercatus Center, said. The agency, however, must hold companies accountable for any omissions, she said.

Both Peirce and Jackson questioned whether the CAT may seek to gather more data than is necessary. The CAT could contain personal information for more than 100 million trading accounts as it tracks billions of orders to buy and sell stocks daily.

“Anytime the SEC is collecting data, I think it needs to ask, ‘Do we need the data? What are we going to use it for? And can we protect it?’ ” Peirce said. “I’m not convinced that those questions have been answered to my satisfaction.”

Jackson was nominated to fill a Democratic SEC seat in September. Peirce was re-nominated for a Republican spot on the commission in July.

FINRA, Dodd-Frank

The nominees received questions about the Financial Industry Regulatory Authority and finishing the implementation of the Dodd-Frank Act, as well.

Both Peirce and Jackson expressed concern about FINRA, which the SEC oversees. According to Peirce, brokerage firms are hesitant to report wrongdoing to the self-regulatory organization because doing so may draw regulatory scrutiny.

FINRA should reveal more about bad actors employed by its member firms, Jackson said.

He also said the SEC should focus on completing its regulatory mandates. Peirce, who has written extensively about her Dodd-Frank concerns, said she would work with the commission to finish the rules, but warned that other work might come up and take precedence.

“I don’t care if you’re a Democrat or a Republican. I don’t care if you love Dodd-Frank or you hate Dodd-Frank,” Sen. Elizabeth Warren (D-Mass.) said at the hearing. “The SEC is required to follow the law.”

Sen. Michael Crapo (R-Idaho), the Senate Banking Committee’s chairman, has yet to announce when the panel will vote on the nominations.

Peirce’s nomination passed the committee in 2016, but didn’t come up for a vote before the full Senate in the last Congress.

To contact the reporter on this story: Andrew Ramonas in Washington at aramonas@bna.com

To contact the editor responsible for this story: Phyllis Diamond at pdiamond@bna.com

Copyright © 2017 The Bureau of National Affairs, Inc. All Rights Reserved.

Request Securities & Capital Markets on Bloomberg Law