The U.S. Securities and Exchange Commission (SEC) is expected to adopt new rules that would mandate publicly traded companies to disclose hacking incidents. This move aims to assist investors in dealing with the increasing costs and frequency of cyber attacks. The SEC is also set to propose regulations regarding conflicts of interest in broker-dealers’ use of artificial intelligence (AI). This reform has been influenced by the events of the 2021 “meme stock” rally, where robo-advisers and brokers used AI and game-like features to drive trading.
If adopted, the cybersecurity rule would require companies to report a cyber breach within four days after determining its material impact on investors. The SEC allows delays in reporting if deemed necessary for national security or police investigations. Additionally, companies would need to provide periodic updates on their efforts to identify and mitigate cyber threats.
The cybersecurity rule was first proposed in March 2022 and is part of the SEC’s broader initiative to bolster the financial system against data theft, system failures, and cyber intrusions. Further revisions have been made to the proposal based on public comments, including the removal of the requirement to disclose board members’ cybersecurity expertise and a narrower definition of the information that must be disclosed.
The AI proposal, if issued, would require broker-dealers to address any conflict of interest arising from a trading platform’s predictive data analytics that prioritizes the broker’s financial interest over that of the firm’s clients. SEC Chair Gary Gensler has expressed concerns about the potential risks that AI poses to financial stability. The SEC is also planning to propose similar regulations governing the use of AI by investment advisers.
In an additional vote, the SEC will consider proposing changes to rules that currently exempt certain online investment advisers from registering under the Investment Advisers Act of 1940.