On June 13, 2023, the SEC published its semiannual Spring 2023 regulatory agenda (“Agenda”) and plans for rulemaking. The Agenda is published twice a year, and for several years I have blogged about each publication. Although items on the Agenda can move from one category to the next, be dropped off altogether, or new items pop up in any of the categories (including the final rule stage), the Agenda provides valuable insight into the SEC’s plans and the influence that comments can make on the rulemaking process.
The Agenda is broken down by (i) “Pre-rule Stage”; (ii) Proposed Rule Stage; (iii) Final Rule Stage; and (iv) Long-term Actions. The Proposed and Final Rule Stages are intended to be completed within the next 12 months and Long-term Actions are anything beyond that. The number of items to be completed in a 12-month time frame is 55, which is in-line with the average items under Gary Gensler’s regime (and much higher than
On September 20, 2017, SEC Chair Jay Clayton issued a statement on cybersecurity that included the astonishing revelation that the SEC Edgar system had been hacked in 2016. Since the original statement, the SEC has confirmed that personal information on at least two individuals was obtained in the incident. Following Jay Clayton’s initial statement, on September 25, 2017, the SEC announced two new cyber-based enforcement initiatives targeting the protection of retail investors, including protection related to distributed ledger technology (DLT) and initial coin or cryptocurrency offerings (ICO’s).
The issue of cybersecurity is at the forefront for the SEC, and Jay Clayton is asking the House Committee on Financial Services to increase the SEC’s budget by $100 million to enhance the SEC’s cybersecurity efforts.
This is the first in a two-part blog series summarizing Jay Clayton’s statement, the SEC EDGAR hacking and the new initiatives. My prior blog outlining SEC guidance on the disclosure of cybersecurity matters can be read