BPI Comments on SEC Rulemaking Regarding Cybersecurity Risk Management and Incident Reporting

Ladies and Gentlemen:

The Bank Policy Institute (“BPI”)[1], through its technology policy division known as BITS[2], appreciates the opportunity to comment on the proposed rulemaking issued by the Securities and Exchange Commission (“SEC” or “Commission”) regarding cybersecurity risk management and incident reporting for investment advisors, registered investment companies, and business development companies. As the trade association for the nation’s leading banks, many BPI/BITS- affiliated firms operate lines of business and deliver access to investment adviser and wealth management products and services from within their wider corporate structures as a convenient way to facilitate a comprehensive offering for a customer’s financial life. We therefore write to offer comments with the goal of achieving clarity and alignment on the requirements as proposed and where appropriate, address some of the Commission’s thoughtful questions.

Technology plays an enormous role in the relationship between complexity and efficiency in the operation of today’s financial markets. As a result, critical business operations face escalating cybersecurity risks via a rapidly broadening and intensifying attack surface. The reliance on technology to facilitate efficient and resilient markets coupled with the growing sophistication of, and exposure to, cyber threat actors means that the industry must remain constantly vigilant. Given the growing threat environment, the Commission is justifiably concerned about cybersecurity risk management and incident awareness. This pertains equally to concerns about active market operations that rely on uninterrupted stability, as well as ensuring that investors enter markets with access to adequate information to inform their investment decisions.

To read the full comment letter, please click here.

[1] The Bank Policy Institute is a nonpartisan public policy, research, and advocacy group, representing the nation’s leading banks and their customers. Our members include universal banks, regional banks and the major foreign banks doing business in the United States. Collectively, they employ almost 2 million Americans, make nearly half of the nation’s small business loans and are an engine for financial innovation and economic growth.

[2] BITS – Business, Innovation, Technology, and Security – is BPI’s technology policy division that provides an executive level forum to discuss and promote current and emerging technology, foster innovation, reduce fraud, and improve cybersecurity and risk management practices for the nation’s financial sector.