MFA supports efforts to provide global regulators with the information needed to help oversee financial markets. Even so, MFA has strong concerns about the security of that information at the regulators, especially as it includes proprietary and market-moving information.
A hack, breach, or theft of sensitive data could harm investors, create significant market volatility, destabilize markets, and result in the misappropriation of confidential proprietary information. MFA believes it is critical that regulatory agencies, as depositories of sensitive and confidential data, implement robust policies, procedures, and practices for the protection of investors, companies, and markets.
MFA is working with policymakers on data security and the protection of confidential information and has outlined several steps regulators could take to mitigate the risk of a potential breach.
In Europe, MFA sees an opportunity for the EU to enhance its global competitiveness in capital markets by setting clear cybersecurity policies and procedures to better protect the sensitive, proprietary data regulators collect in the supervisory process.
Domestically, MFA recommends policymakers narrow the scope of systemic risk filings and other data requests to information that is necessary to achieve their core mission; incorporate protections within the design of their forms and reporting systems to mitigate cyber breaches; enhance data security policies and procedures, and only ask for confidential, commercially-valuable intellectual property when necessary.
In 2019, MFA welcomed language included in CFTC Reauthorization legislation which was advanced by a unanimous voice vote in the House Agriculture Committee and is promoting similar language to apply to the SEC. This language would require the SEC to adopt policies and procedures after public notice and comment that would govern their collection of sensitive and proprietary information.