Mar. 31, 2023
March 31, 2023 Thank you for the opportunity to comment on the proposed rule. As a current SEC staff member, I am concerned that by contracting with a third-party vendor, the Agency no longer controls employee data, and does not have sole authority to adjust to actual or perceived cybersecurity threats. Further, the proposal fails to state the incremental gain to the Agency, except in the vaguest terms. The proposed rule notes that the current system has been \"successful\", but goes on to state \"the amendment would reduce the burden on employees and compliance staff, and improve data accuracy and completeness, by replacing the requirements for manually submitted account statements and manual transaction confirmations.\" In this search for improved accuracy and completeness, please consider cybersecurity hygiene in hiring a contractor to monitor sensitive staff holdings. In accounting terms, we are successfully passing the audit. Are we introducing substantial cyber risk by automating this function via a third-party?