Davidson introduces Market Data Protection Act in wake of SEC breach

Oct 06, 2017
U.S. Rep. Warren Davidson, R-Troy, has introduced a bill that would require the the U.S. Securities and Exchange Commission, the Financial Industry Regulatory Authority and Thesys Technologies to accelerate its cyber-security risk controls. MICHAEL D. PITMAN/FILE

In the wake of the 2016 U.S. Securities and Exchange Commission breach revealed last month, Congressman Warren Davidson said Congress will help make sure the commission’s “house is in order.”

On Thursday, Davidson, R-Troy, introduced the Market Data Protection Act in the House which directs the SEC to develop and implement proper risk assessment protocols to reduce, stem or eliminate potential exposure to cyber threats. It also directs the Financial Industry Regulatory Authority (FINRA) and Thesys Technologies to accelerate its cyber-security risk controls before collecting data in the Consolidated Audit Trail (CAT) to prevent future hacker attacks.

RELATED: SEC reveals 2016 hack that breached its filing system

The CAT was implemented in November 2016 to create a single, comprehensive database. It would enable regulators to improved tracking of equity and option securities trading throughout the US markets in the National Market Systems.

“We need to make sure our house is in order at the SEC,” Davidson said. “Given the recent data security issues in the current EDGAR database, we know there are serious flaws in the way the SEC maintains its data, and in the ways they respond to and communicate errors and omissions. These flaws undermine the trust and confidence of the customers the SEC regulates.”

Last month, hackers breached the SEC’s Electronic Data Gathering, Analysis, and Retrieval system (EDGAR) database. It stores millions of public and nonpublic filings.

RELATED: EPA moves to rescind Obama plan to slow global warming

A recent Government Accountability Office report found “information security control deficiencies in the SEC computing environment may jeopardize the confidentiality, integrity, and availability of information residing in and processed by its systems.”

The report indicated that until the SEC fixes the deficiencies, “it’s financial and support systems and the information they contain will be at unnecessary risk of compromise.”