The Practical Implications of the National Securities Clearing Corporation’s New Cybersecurity Rules
View Debevoise In Depth
- The National Securities Clearing Corporation has adopted rules requiring all members and trade data organizations to make periodic, written representations relating to their cybersecurity practices and procedures as an ongoing condition of membership.
- By tying the rules to industry standard, risk-based frameworks, the NSCC reaffirms their use and adds to the growing consensus on what practices constitute a reasonable cybersecurity program.
- NSCC members that are also subject to the NYDFS Cybersecurity Regulation should be able to leverage their existing work to comply with that regulation given its substantial overlap with the new NSCC rules.
- The rules continue a trend by regulators of holding senior management and boards accountable for an entity’s cybersecurity program.