- Ransomware Groups Use Cloud Services For Data Exfiltration
- ChatGPT's Windows app is now available to free-tier users - here's what it can do
- 5 ways to catch AI in its lies and fact-check its outputs for your research
- 데이터와 클라우드로 디지털 혁신 완성한 이탈리아 기업 3곳
- How AI Deepfakes and Scams Are Changing the Way We Shop Online | McAfee Blog
The Role of the SEC in Enforcing InfoSec Legislation
What is the SEC?
Founded 85 years ago at the height of the Great Depression, the Securities and Exchange Commission (SEC) has a clear mission: to protect investors, maintain fair, orderly, and efficient markets, and facilitate capital formation.
Put simply, the SEC aims to protect US investors by maintaining a fair market. The SEC doesn’t work directly with investors, however. Instead, it regulates stock exchanges and entities that trade and sell securities, such as investment advisors, asset managers, and brokers.
The SEC also regulates investment companies dealing with ETFs and mutual funds while ensuring all companies follow reporting and public disclosure regulations. They require market participants and publicly-held companies to disclose pertinent information to ensure investors have all they need to make informed decisions.
Some key functions of the SEC include:
- Enforcing securities regulations and laws
- Protecting investors from financial manipulation and fraud
- Regulating brokers’, asset managers’, and other investment professionals’ activities
- Providing investors with market data and scam alerts
- Closely monitoring corporate takeovers
- Ensuring adherence to disclosure and financial reporting laws to ensure fairness and transparency by publicly-held companies
As an independent agency under the umbrella of the US government, the SEC is run by a chairman and four commissioners appointed by the President of the United States and confirmed by the Senate. Each member serves a five-year term before the position is up for a new appointment.
The SEC has more than 4,000 employees in six divisions: economic and risk analysis, corporation finance, investment management, trading and markets, examinations, and enforcement.
FinTech Compliance
All public companies are required to register with the SEC and are held to regular disclosures and financial reporting. In keeping pace with the modern financial services landscape, the SEC established the Strategic Hub for Innovation and Financial Technology (FinHub).
The FinHub oversees and responds to emerging technologies in the financial, regulatory, and supervisory systems. Additionally, FinHub addresses the unique requirements of distributed ledger technologies, digital marketplace financing, AI and machine learning, and automated investment advice.
In a slightly different composition than the SEC, the FinHub is made up of delegates from across the SEC agency serving as subject matter experts for all matters related to FinTech. The purpose of FinHub is to extend the purview of the SEC with a dedicated focus on leading-edge technologies and innovation and analysis of potential future impact.
Enforcement of InfoSec Legislation
The SEC helps to build confidence and safety within the financial markets by requiring public companies, certain insiders, and broker-dealers to file financial statements and other disclosures. Investors and financial professionals see SEC filings as trustworthy, reliable reports that help them make informed business decisions when considering an investment in a business.
The SEC is also the entity responsible for enforcing the following information security legislation:
- Securities Act of 1933 – also called the “Truth in Securities Law,” requires investors to receive financial and other pertinent information regarding securities before being offered for public sale, and prohibits deceit, misrepresentation, and fraud in the sale of securities.
- Securities Act of 1934 – with this Act, Congress established the SEC and empowered the group to preside over the securities industry nationwide.
- Investment Advisers Act of 1940 – requires SEC registration from all sole investment advisors and firms who are compensated for providing securities investment advice and obliges these entities to all regulations designed to protect investors.
- Dodd-Frank Wall Street Reform Consumer Protection Act of 2010 – designed in response to the 2008 financial crisis, this Act prevents excessive risk-taking in an effort to avoid the issues that lead to the downturn; also provides common-sense protections to American families and establishes a consumer watchdog to prevent exploitation from mortgage companies and payday lenders.
- The Sarbanes-Oxley Act of 2002 – mandates practices for financial record keeping and reporting for corporate entities and protects investors from fraudulent reporting.
- Jumpstart Our Business Startup (JOBS) Act of 2012 – encourages funding of small businesses by easing securities regulations and exempts companies with less than $1 billion from certain requirements contained in the Sarbanes-Oxley Act.
Cybersecurity and the SEC
With its scope on fairness, transparency, and stability in the markets, the SEC is an ally for investors and financial services entities alike. The organization aims to protect investors, maintain fair and orderly markets, and facilitate capital formation.
Not limited to reporting, the SEC also provides cybersecurity guidance and requirements for financial services entities to keep their data and investors safe. In 2022, the organization proposed expanded rules for governance, risk and compliance (GRC), including incident disclosure from publicly-held companies. Coupled with the Sarbanes-Oxley Act requirements for storing and maintaining sensitive data, the SEC seeks to mitigate pervasive and growing cyber risk.
To learn more about the main regulations financial services organizations need to comply with and tips to go beyond simple compliance for powerful cybersecurity using security configuration management (SCM) and file integrity monitoring (FIM), you can read our latest guide: https://www.tripwire.com/resources/guides/financial-services-cybersecurity-regulations
About the author:
Stefanie Shank. Having spent her career in various capacities and industries under the “high tech” umbrella, Stefanie is passionate about the trends, challenges, solutions, and stories of existing and emerging technologies. A storyteller at heart, she considers herself one of the lucky ones: someone who gets to make a living doing what she loves. Stefanie is a regular writer at Bora.
Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire.