Cybersecurity Risk Management Rule for Broker-Dealers, Clearing Agencies, Major Security-Based Swap Participants, the Municipal Securities Rulemaking Board, National Securities Associations, National Securities Exchanges, Security-Based Swap Data Repositories, Security-Based Swap Dealers, and Transfer Agents

The Securities and Exchange Commission (“Commission”) is proposing a new rule and form and amendments to existing recordkeeping rules to require broker-dealers, clearing agencies, major security-based swap participants, the Municipal Securities Rulemaking Board, national securities associations, national securities exchanges, security-based swap data repositories, security-based swap dealers, and transfer agents to address cybersecurity risks through policies and procedures, immediate notification to the Commission of the occurrence of a significant cybersecurity incident and, as applicable, reporting detailed information to the Commission about a significant cybersecurity incident, and public disclosures that would improve transparency with respect to cybersecurity risks and significant cybersecurity incidents. In addition, the Commission is proposing amendments to existing clearing agency exemption orders to require the retention of records that would need to be made under the proposed cybersecurity requirements. Finally, the Commission is proposing amendments to address the potential availability to security-based swap dealers and major security-based swap participants of substituted compliance in connection with those requirements.