SEC Breach Prompts Davidson's Market Data Protection Act
Washington, DC – Today, Rep. Warren Davidson is introducing the Market Data Protection Act in the House which directs the U.S. Securities and Exchange Commission (SEC), the Financial Industry Regulatory Authority (FINRA) and Thesys Technologies to accelerate its cybersecurity risk controls before collecting data in the Consolidated Audit Trail (CAT) to prevent future hacker attacks.
“We need to make sure our house is in order at the SEC,” remarked Davidson. “The CAT will be the world’s largest repository of securities transactions and the second largest database in the country. Given the recent data security issues in the current EDGAR database, we know there are serious flaws in the way the SEC maintains its data, and in the ways they respond to and communicate errors and omissions. These flaws undermine the trust and confidence of the customers the SEC regulates.”
On September 20, 2017, hackers breached the EDGAR database which stores millions of public and nonpublic filings. Additionally, a recent Government Accountability Office (GAO) report found “information security control deficiencies in the SEC computing environment may jeopardize the confidentiality, integrity, and availability of information residing in and processed by its systems.” The report continued, “Until SEC mitigates its control deficiencies, it’s financial and support systems and the information they contain will be at unnecessary risk of compromise.”
The Market Data Protection Act directs the SEC to develop and implement proper risk assessment protocols to reduce, stem or eliminate potential exposure to cyber threats.
SEC Improved Control of Financial Systems but Needs to Take Additional Actions; General Accountability Office (July, 27, 2017) https://www.gao.gov/products/GAO-17-469
Rep. Davidson (OH-8) questions SEC Commissioner Jay Clayton; Financial Services Committee (October 4, 2017)