SEC Withdraws Proposed Cyber-Related Rule Applicable to Broker-Dealers And Signals SolarWinds Settlement on the Horizon

Kristen Bartolotta, Katherine Doty Hanniford, Madeleine Juszynski, Cara Peterman, Sierra Shear
Alston & Bird
Contact
LinkedIn
Facebook
X
Send
Embed

The Securities and Exchange Commission (SEC) recently announced the withdrawal of several Biden-era regulations, including a proposed rule that would have required a broad range of platforms and financial intermediaries (such as broker-dealers, clearing agencies, national securities exchanges, and transfer agents) to adopt policies and procedures that address cybersecurity risks. The proposed rule also would have mandated immediate notification to the SEC of significant cybersecurity events along with detailed reporting and public disclosures.

Originally proposed in March 2022, the withdrawn rule generated significant industry controversy and thousands of public comments across two comment periods. If implemented, it would have significantly expanded the cybersecurity compliance obligations for registered investment advisers.

The withdrawal, while notable, is not entirely unexpected. Though the SEC did not cite a specific rationale, the move aligns with a broader shift under Commissioner Paul Atkins toward easing compliance burdens for market participants. Recent amendments to Regulation S-P, which require broker-dealers, registered funds, and registered investment advisers to adopt written policies and procedures that address cybersecurity risks, may have already addressed some of the concerns the withdrawn rule sought to tackle.

Shortly thereafter, the parties to the SEC’s closely-watched enforcement action against SolarWinds and its CISO announced a pending settlement of the case. While the terms of the settlement are not yet public, the move indicates a significant shift in the litigation on the heels of the SEC’s opposition to SolarWinds’ motion for summary judgment, which had urged the court to proceed to trial.

While no new cyber-related enforcement actions have been filed under Chair Atkins, the Trump Administration’s creation of a Cyber and Emerging Technologies Unit earlier this year potentially signals continued focus on cyber-related misconduct, particularly in protecting retail investors in the emerging technologies space.

[View source.]

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations. Attorney Advertising.

© Alston & Bird

Written by:

Alston & Bird
Alston & Bird
Contact
more
less

PUBLISH YOUR CONTENT ON JD SUPRA NOW

  • Increased visibility
  • Actionable analytics
  • Ongoing guidance

Alston & Bird on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide