The two primary regulators in the US are the Securities and Exchange Commission (‘SEC’) and the Commodity Futures Trading Commission (‘CFTC’). Both have issued cyber & information security related guidance this year.
The SEC
The SEC hosted a roundtable at its Washington, D.C., headquarters on March 26 to discuss cybersecurity and the issues and challenges it raises for market participants and public companies, and how they are addressing those concerns. This work resulted in the OCIE Cybersecurity Initiative which is an examination regime for broker dealers
The document sets out in detail what the SEC is looking for from the firms under it’s remit. It is interesting to note the differences between the UK’s principals based approach to the detailed rules proposed by the US regulator. It is IP Sentinels opinion that the SEC guidance will arrive in the FCA rules within 12 to 18 months.
The CFTC
CFTC Staff Advisory No. 14-21 – February 26, 2014 Gramm-Leach-Bliley Act Security Safeguards . This is slanted more towards Information Security and outlines best practice, which is similar to that of the SEC.