The chairman of the SEC has floated a possible delay to new investment fund data gathering rules following a hack that has raised questions over the regulator’s cyber security controls.
Chairman Jay Clayton told the US House Financial Services Committee the SEC was reviewing whether it can adequately protect data it would require funds to report on their monthly performance, since this information could be market sensitive. The rules are due to start to go into effect next year.
Clayton last month disclosed that hackers may have profited by illegally trading on information stolen from the SEC’s EDGAR system, which houses millions of corporate filings. He also noted earlier that additional forensic analysis had found that the Social Security numbers, dates of birth and names of two individuals were made available to the hackers after they breached the system.
Last month, the Investment Company Institute trade group called for a delay to the rules until the SEC had cleared up concerns over its cyber defenses. Other market participants have also called on the SEC to delay a regulatory project to gather vast quantities of data that would provide an audit trail of daily market trades.
Clayton told lawmakers the SEC was also reviewing whether it was safe to gather this trade and other key data such as social security numbers, and plans to hire a chief risk officer to oversee the SEC’s cyber security programs.