Structured Finance Association Logo

Menu
  • SFA on the Issues
    • Back
    • Overview
    • Committees and Task Forces
    • COVID-19: Supporting Consumers & Businesses
    • Capital & Other Bank Regulations
    • Disclosure & Reporting
    • ESG Institute
    • Global Initiatives
    • Housing Finance
    • LIBOR Transition
    • Market Structure & Dynamics
    • Research Corner
    • Structured Finance in the Courts
  • About Securitization
  • News
    • Back
    • Overview
    • Press Releases
    • Industry News
    • SFA News
    • Newsletter Sign Up
  • Events
  • Diversity, Equity, and Inclusion Hub
  • Women in Securitization
  • Structured Finance Coalition
  • Structured Finance Foundation
  • About Us
    • Back
    • Overview
    • Board of Directors
    • Our Team
    • Our Members
    • Committees and Task Forces
  • Join Membership
    • About Membership
    • Join
  • Blog
  • Multimedia Library
  • Make a Payment
  • Careers

COVID-19 Resources

Learn how the Structured Finance Association and our members are supporting consumers and businesses during this global pandemic.

Learn More

    SFA Responds to SEC Cybersecurity Disclosure Proposal

    Download SFA’s Letter to the SEC Here

    Background:

    On March 9, 2022, the Securities and Exchange Commission (SEC) proposed new disclosure rules to enhance and standardize disclosures made by public companies regarding cybersecurity risk management, strategy, governance, and incident reporting by public companies. The proposal applies to registrants, including corporate issuers and asset-backed issuers, specifically.

    The proposal would require:

    • Current reporting about material cybersecurity incidents,
    • Periodic reporting to provide updates about previously reported cybersecurity incidents,
    • Periodic reporting about a registrant’s cybersecurity risk policies and procedures, board of directors’ oversight of cybersecurity risk, and management’s role and expertise in assessing and managing cybersecurity risk, and
    • Annual reporting or certain proxy disclosure about the board of directors’ cybersecurity expertise, if any.

    Our View:

    • We found the proposed rule to be focused almost exclusively on corporate registrants ignoring extensive fundamental and technical differences between the potential impact of cybersecurity risks and incidents on investors in corporate securities versus ABS.
    • Therefore, we urged the SEC to propose tailored rules for asset-backed issuers that are appropriately aligned with the SEC disclosure and reporting framework for ABS and the relevant risks to ABS investors and to give the ABS market stakeholders an opportunity to provide public comment on those re-proposed rules.
    • An example of an important area where the proposal does not appropriately address ABS risk is its focus on the asset-backed issuer whose very limited activities do not present cybersecurity risk to the ABS investors.
      • Instead, we believe the primary area of potential cybersecurity risk to an ABS transaction relates to the breach of information systems used by a servicer (including the breach of personal information maintained on those information systems, which could disrupt servicing of the underlying pool assets).
        • SFA highlighted that cybersecurity disclosure should be principles-based, focusing on material risks and risk management (rather than matters of cybersecurity strategy or governance) that would apply to Securities Act registration statements and prospectuses rather than ongoing reporting.
      • For any proposed and adopted rules that the SEC may release for ABS transactions, we called for a transition period of at least six months.
      • Lastly, legacy ABS should be excluded from additional cybersecurity reporting requirements.

    Related

    SEC Fact Sheet: Public Companie Cybersecurity; Proposed Rules

    Orrick Alert: SEC’s Proposed New Cybersecurity Disclosure Requirements: ABS Supplement for Asset-Backed Issuers

    Securitization Alliance logo
    • Resources
    • Membership
    • Make a Payment
    • Join
    • Newsletter Sign Up
    • Structured Finance Coalition
    • Foundation
    • About Securitization
    • Careers
    • Contact Us
    • SFA on the Issues
    • About Securitization
    • News
    • Events
    • Diversity, Equity, and Inclusion Hub
    • Women in Securitization
    • Structured Finance Coalition
    • Structured Finance Foundation
    • About Us

    Structured Finance Association

    1776 I Street NW Suite 501

    Washington, DC 20006