SEC Rolls Out Cyberbreach Enforcement Initiative as Clayton Answers Senate Inquiry

Closely on the heels of the massive Equifax data breach and its own cybersecurity incident – in which SEC Chairman Jay Clayton admitted that the agency’s hack likely provided the basis for illicit gains through trading – the SEC has announced two separate enforcement initiatives to build on its existing enforcement division.

First, the creation of an SEC cyber unit will target “cyber-related misconduct,” and second, a retail strategy task force will implement initiatives that directly affect retail investors.

The SEC’s announcement came one day before Clayton was scheduled to testify before a Senate panel, in which he told elected officials that he learned of the data breach at the agency “belatedly” and that it could still take quite a bit of time before the full extent of the intrusion is understood.

The federal agency’s newly formed cyber unit has apparently been in the planning stages for months, intended to complement the incoming chairman’s initiatives to create a “cybersecurity working group to coordinate information sharing, risk monitoring, and incident response efforts throughout the agency,” SEC officials said.

The division’s expertise has sought to keep pace with the current cyber-climate, but co-director of the SEC’s enforcement division, Stephanie Avakian echoed in her statement, “The cyber unit will enhance our ability to detect and investigate cyber threats through increasing expertise in an area of critical national importance.” Robert Cohen has been appointed chief of the cyber unit – reassigned from his role as co-chief of the market abuse unit.

During his Senate testimony – Clayton’s first time before the Senate Banking Committee since taking office in May 2017 – several U.S. senators pressed the chairman to abide by the same, if not higher, standards as the companies he regulates.

“When we learn a year after the fact that the SEC had its own breach and that it likely led to illegal stock trades, it raises questions about why the SEC seems to have swept this under the rug,” asked Ohio Sen. Sherrod Brown, according to The Washington Post. “What else are we not being told, what other information is at risk, and what are the consequences?”

Clayton aptly answered by asserting that reporting a vulnerability before fully understanding it can lead others to “try to test and probe it.” However, this answer my draw attention back to the fact that Equifax intrusion came on the back of a months-old, and already patched, vulnerability.

Facing pressure from the company’s board in the wake of the massive breach, Equifax CEO Richard Smith announced his departure from the company in the form of an “early retirement”– in which he could walk away with at least $18 million in pension benefits.

Latest Articles

Securities and Exchange Commission Brings Back Misconduct Admissions Policy

Cancel culture is a hot topic in everything from celebrities to academia to sports. Impolite – or just plain offensive – actions and comments seem...

Executive Compensation: Clawback to the Future

It may seem like only yesterday to politicians, lobbyists and bankers, but the Dodd-Frank Wall Street Reform and Consumer Protection Act – more comm...

New EU Sustainability Reporting Standards Could Offer Blueprint for U.S.

In the United States, the Green New Deal is a political hot-button issue. In Europe, it’s a set of policies that already have been adopted to transf...