Strengthen Data Security and the Protection of Confidential Registrant Information

MFA supports “The Protection of Source Code Act,” bipartisan legislation that would require the SEC to issue a subpoena before obtaining a firm’s source code or similar intellectual property and urges reintroduction of the bill in both the House and Senate.  MFA also supports similar legislation that would require the subpoena requirement at the CFTC.

MFA supports efforts to provide regulators with the information needed to help oversee financial markets; nonetheless, MFA has strong concerns about the security of that information at the regulators, especially as it includes proprietary and market-moving information. A hack, breach, or theft of sensitive data could harm investors, create significant market volatility, destabilize markets, and result in the misappropriation of confidential proprietary information. MFA believes it is critical that regulatory agencies, as depositories of sensitive and confidential data, implement robust policies, procedures, and practices for the protection of U.S. investors, companies, and markets.  “The Protection of Source Code Act” would require the SEC and CFTC to implement a procedure before sensitive data can be collected during an examination.

MFA is working with policymakers on data security and the protection of confidential information and has outlined several steps regulators could take to mitigate the risk of a potential breach. MFA recommends that policymakers narrow the scope of systemic risk filings and other data requests to information that is necessary to achieve their core mission; incorporate protections within the design of their forms and reporting systems to mitigate cyber breaches; enhance data security policies and procedures, and only ask for confidential, commercially-valuable intellectual property when necessary and through the subpoena process.