SEC Statements On Cybersecurity – Part 2
On September 20, 2017, SEC Chair Jay Clayton issued a statement on cybersecurity that included the astonishing revelation that the SEC Edgar system had been hacked in 2016. Since the original statement, the SEC has confirmed that personal information on at least two individuals was obtained in the incident. Following Jay Clayton’s initial statement, on September 25, 2017, the SEC announced two new cyber-based enforcement initiatives targeting the protection of retail investors, including protection related to distributed ledger technology (DLT) and initial coin or cryptocurrency offerings (ICO’s).
The issue of cybersecurity is at the forefront for the SEC, and Jay Clayton is asking the House Committee on Financial Services to increase the SEC’s budget by $100 million to enhance the SEC’s cybersecurity efforts.
This is the second in a two-part blog series summarizing Jay Clayton’s statement, the SEC EDGAR hacking and the new initiatives. Part I of this blog, which outlined Chair Clayton’s statement on cybersecurity and the EDGAR
SEC Chair Jay Clayton Discusses Direction Of SEC
In a much talked about speech to the Economic Club of New York on July 12, 2017, SEC Chairman Jay Clayton set forth his thoughts on SEC policy, including a list of guiding principles for his tenure. Chair Clayton’s underlying theme is the furtherance of opportunities and protection of Main Street investors, a welcome viewpoint from the securities markets’ top regulator. This was Chair Clayton’s first public speech in his new role and follows Commissioner Michael Piwowar’s recent remarks to the SEC-NYU Dialogue on Securities Market Regulation largely related to the U.S. IPO market. For a summary of Commissioner Piwowar’s speech, read HERE.
Guiding Principles
Chair Clayton outlined a list of eight guiding principles for the SEC.
#1: The SEC’s Mission is its touchstone
As described by Chair Clayton, the SEC has a three part mission: (i) to protect investors; (ii) to maintain fair, orderly and efficient markets, and (iii) to facilitate capital formation. Chair Clayton stresses that it
Yahoo Hacking Scandal And Obligations Related To Cybersecurity
On September 26, 2016, Senator Mark R. Warner (D-VA), a member of the Senate Intelligence and Banking Committees and cofounder of the bipartisan Senate Cybersecurity Caucus, wrote a letter to the SEC requesting that they investigate whether Yahoo, Inc., fulfilled its disclosure obligations under the federal securities laws related to a security breach that affected more than 500 million accounts. Senator Warner also requested that the SEC re-examine its guidance and requirements related to the disclosure of cybersecurity matters in general.
The letter was precipitated by a September 22, 2016, 8-K and press release issued by Yahoo disclosing the theft of certain user account information that occurred in late 2014. The press release referred to a “recent investigation” confirming the theft of user account information associated with at least 500 million accounts that was stolen in late 2014. Just 13 days prior to the 8-K and press release, on September 9, 2016, Yahoo filed a preliminary 14A filing with