Investor group seeks probe into SEC hack, urges data
rules delay
Send a link to a friend
 [September 23, 2017]
By Michelle Price
WASHINGTON (Reuters) - A global investor
group on Friday called for an independent investigation into a cyber
breach at the U.S. Securities and Exchange Commission (SEC) and urged
the regulator to delay new data-gathering rules until it could assure
investors that its computer systems were secure.
Wall Street's top regulator came under fire on Thursday after admitting
hackers had breached its database of corporate announcements in 2016 and
might have used it for insider trading.
The Investment Company Institute (ICI), which represents over 95 million
U.S. shareholders, wants the SEC to clear up concerns about its cyber
defenses before requiring funds to submit monthly performance data to
the regulator, Paul Schott Stevens, the group's chief executive, told
Reuters in a phone interview.
"What the SEC breach now makes very clear is precisely what we were
concerned about - that market-sensitive information of that nature can
be exploited to the disadvantage of millions and millions of investors,"
Stevens said.
ICI, whose members hold $20 trillion plus in assets, has raised concerns
about how the SEC safeguarded industry data it gathers since 2015.
"I'm certain there will be a full inquiry by the Government of
Accountability Office - and there should be, so we understand exactly
what happened here," Stevens said.
In a July report, the Government Accountability Office (GAO), a
congressional watchdog, criticized the SEC for failing to fully protect
its computer networks from cyber attacks and recommended a slew of
improvements. Some of recommendations it had made in previous reports
had still not been implemented, it noted.
Former SEC Chair Mary Jo White, in office when the hack occurred, told
Reuters in 2016 that cyber security posed the biggest risk to the U.S.
financial system.
[to top of second column] |
The headquarters of the U.S. Securities and Exchange Commission
(SEC) are seen in Washington,U.S., on July 6, 2009. REUTERS/Jim
Bourg/File Photo
Her successor, Jay Clayton, uncovered the full extent of the hack after
launching a review of the SEC's cyber security standards earlier this year.
"Some recommendations the GAO made haven't yet been implemented. There's
obviously a failure here of some kind. That's why we're so glad Chairman Clayton
has moved to address this," said Stevens.
The SEC declined to comment.
New reporting rules which start to come into force in December would require
funds for the first time to confidentially file complete monthly portfolio
holdings with the SEC, data which the ICI has said could easily be used for
insider trading if obtained by hackers.
"Until that information security environment has been established, funds should
continue to collect data quarterly, not monthly information, as quarterly data
is not nearly as sensitive," said Stevens.
The SEC disclosure came two weeks after credit-reporting company Equifax Inc
said a breach had exposed sensitive personal of data up to 143 million U.S.
customers. This followed last year’s cyber attack on SWIFT, the global bank
messaging system.
Stevens said rules governing the disclosure of such breaches should be tighter
for both public and private organizations.
"That disclosure obligation fixes the mind on need to fix the breach in the
first instance."
(Reporting by Michelle Price; editing by Richard Chang and Jonathan Oatis)
[© 2017 Thomson Reuters. All rights
reserved.] Copyright 2017 Reuters. All rights reserved. This material may not be published,
broadcast, rewritten or redistributed. |
