Upcoming cyber regulations – what can you do to prepare?

      On 4 January 2023, the current administration released its Fall 2022 regulatory agenda. In this document they outlined the upcoming 2023 regulations that will have a significant impact on all business, including financial services - positioning 2023 to become one of the most significant on record for the cyber security and regulatory sectors.

      As many as eight US regulatory entities have announced new regulations. Here is a summary of what is forthcoming in 2023:

      SEC Cyber Security Regulations

      The SEC is expected to adopt regulations on registered Broker Dealers that require disclosure of cyber security risks. (Estimated April 2023).

      The SEC has also proposed rules that would require public companies to have a robust cyber security program and to go into detail about breach reporting requirements. (Estimated April 2023).

      The most highly-anticipated regulation is around Cybersecurity Requirements for Investment Advisers and Investment Companies. (Estimated April 2023).

      Federal Reserve Cyber Security Regulations

      The Federal Reserve has highlighted that, “Examiners will be monitoring and assessing a supervised institution’s remediation of supervisory findings in areas such as independent risk management and controls, compliance, operational and cyber resilience, and information technology.”

      FTC Cyber Security Regulations

      The FTC has extended its deadline by six months to comply with the Safeguards Rules by 9 June 2023 and had announced that data security and privacy will be key enforcement items for 2023.

      NYDFS Cyber Security Regulations

      The New York Department of Financial services has proposed an amendment to the well-known NYDFS 500 to include cyber security requirements for financial services companies that had previously been out of scope.

      OCC Cyber Security Regulations

      As part of the FY2023 Bank Supervision Operating Plan the OCC has listed operational resilience, cyber security and third-party risk management as priority objectives.

      NCUA (National Credit Union Administration) Cyber Security Regulations

      The NCUA has issued cyber incident notification requirements for Federally insured credit unions.

      DOD, GSA and NASA Cyber Security Regulations

      The DOD, GSA, and NASA have introduced a single new rule that addresses the sharing of cyber threats (Federal Acquisition Regulation (FAR) amended).

      The Commerce Department Cyber Security Regulations

      The Commerce Department has proposed regulations around Executive order 13984 and Executive order 14086 that look to take additional steps to address the national emergency of significant cyber-enabled activities.

      What can firms do now to prepare?

      • begin cyber security risk assessments that include a strong vendor risk management component
      • draft new cyber policies or review prior policies
      • examine existing technology controls to determine whether or not they meet current industry best practice
      • prepare for the SEC’s annual review requirements.

      How can Waystone Compliance Solutions help?

      Our US Solutions Team offers an SEC Annual Cyber Security Review Retainer which provides firms with the following:

      • SEC Annual Review preparation including baseline cyber risk assessment
      • written Information Security Policy update or implementation, if required
      • SEC readiness report
      • Incident Response Annual Retainer (including SEC filing)
      • Cyber Risk Gap Analysis Report.

      Annual Services:

      • Provide ongoing advice on cyber security matters, ensuring that the client remains at the forefront when addressing cyber security developments
      • Propose an annual cyber workplan to be signed off by the management team
      • Provide quarterly updates to the management team on progress against a cyber workplan
      • Oversee third-party vendor management and other stakeholders.

      If you would like to discuss any of these topics further or discuss your cyber security requirements in more detail, please reach out to your usual Waystone Compliance Solutions representative or contact us below.

      Contact Us

      Previous post Next post

      More like this

      The SEC's cyber security rules are coming in April 2023

      By now everyone should understand the SEC is proposing rule 206(4)-9 under the Advisers Act and 38a-2 under the Investment…
      Read more

      FINRA highlights cyber security as one of the top risks facing the financial industry

      FINRA recently released their “2023 Risk Profile” report, highlighting cyber security as one of the major threats confronting the financial…
      Read more

      Cyber Risk in the Middle East – How secure is your firm and its ecosystem?

      Cyber-attacks are the unauthorised exploitation of systems, networks and technologies and they have been a high-risk item on companies' agendas…
      Read more

      Cybersecurity Awareness Month – a focus for asset managers

      Cybersecurity Awareness Month occurs each October and is a collaboration between government and private industry, designed to promote the importance…
      Read more

      eComms compliance – the SEC continues its scrutiny and issues substantial fines

      In September 2021, the SEC began its focus on how banks were monitoring, archiving and safeguarding business-related eComms being undertaken…
      Read more

      What role should NEDs play in cybersecurity?

      Waystone Compliance Solutions’ Chief Information Security Officer, Conor Flynn, was recently featured in an Assured article where he provided insight…
      Read more