WASHINGTON (Reuters) - The chairman of the U.S. Securities and Exchange Commission (SEC) has floated a possible delay to new investment fund data gathering rules following a hack that has raised questions over the regulator’s cyber security controls.
Chairman Jay Clayton told the U.S. House Financial Services Committee on Wednesday the SEC was reviewing whether it can adequately protect data it would require funds to report on their monthly performance, since this information could be market sensitive.
“That’s exactly the type of question we’re asking: can we protect it ... and if we can‘t, do we delay?” he told the committee of the SEC’s review process.
The rules are due to start to go into effect next year.
Clayton last month disclosed that hackers may have profited by illegally trading on information stolen from the SEC’s EDGAR system, which houses millions of corporate filings.
On Monday, Clayton said that additional forensic analysis had found that the Social Security numbers, dates of birth and names of two individuals were made available to the hackers after they breached the system.
Last month, the Investment Company Institute trade group called for a delay to the rules until the SEC had cleared up concerns over its cyber defenses.
Other market participants have also called on the SEC to delay a regulatory project to gather vast quantities of data that would provide an audit trail of daily market trades.
Clayton told lawmakers the SEC was also reviewing whether it was safe to gather this trade and other key data such as social security numbers.
He also said that he plans to hire a chief risk officer to oversee the SEC’s cyber security programs.
Reporting by Michelle Price; Editing by Jeffrey Benkoe and Meredith Mazzilli