The SEC has proposed new cybersecurity disclosure requirements that scopes in ABS transactions. These proposed requirements concern:

• Incident reporting: Disclosure of material cybersecurity incidents
• Periodic disclosure of cybersecurity risk management, strategy, and governance: Disclosure of a registrant’s policies and procedures to identify and manage cybersecurity risks, management’s role in implementing those policies and procedures, the board of directors’ cybersecurity expertise and oversight of cybersecurity risk, and updates about previously reported material cybersecurity incidents.

The application of the proposed framework on our market is not laid out in a straightforward manner within the proposal. SFA’s task force will consider the shortcomings of the proposed rule and vulnerabilities to cybersecurity risk within our market that could be material to ABS investors in order to formulate a response to the SEC. Comments on the proposal are due May 9.