Intercontinental Exchange Fined $10M Over Delayed Breach Reporting; SEC Commissioners Criticize Penalty
Summary:
The Intercontinental Exchange (ICE) is set to pay a $10 million fine for neglecting to inform necessary parties about a significant cyber breach in April 2021. The delay in response is in violation of the SEC's regulations, which stipulate immediate reporting of substantial cybersecurity incidents. The SEC's actions drew criticism from its commissioners, suggesting the penalty regime is more about boosting statistics than enhancing market integrity.
The United States Securities and Exchange Commission (SEC) has declared that the Intercontinental Exchange (ICE) will face a $10 million fine due to neglecting to inform relevant parties about a cyber breach. This violation, identified in April 2021, involved malicious software infiltrating a VPN device to enter ICE's enterprise network. While ICE promptly detected the risk, they were slow to alert legal and compliance staff at their subsidiaries, including the New York Stock Exchange. Delay in reporting the breach is a violation of the SEC's Regulation Systems Compliance and Integrity (Regulation SCI), which obliges businesses to immediately report any cybersecurity incidents of substantial magnitude. According to Gurbir S. Grewal, the SEC's director of enforcement, even few days of delay can lead to further complications. ICE oversees the most extensive network of exchange platforms and clearinghouses worldwide, with subsidiaries like the New York Stock Exchange, ICE Futures U.S. and Europe, and other clearinghouses and data providers. The SEC's punitive action impacted various ICE subsidiaries, and the Securities Industry Automation Corporation agreed to a cease-and-desist order alongside the financial penalty. However, SEC Commissioners Hester Peirce and Mark Uyeda criticized the fine, labeling it an "overreaction" for a "minor incident". They argued that the sizeable fine for a delay in reporting a minor incident suggests that the SEC is more focused on imposing high fines than ensuring technological vulnerabilities are addressed by significant market entities. The commissioners asserted that such penalties contribute to the perception that the SEC's penalty regime is more about boosting statistics than enhancing market integrity. They had previously criticized the SEC's dealings with crypto companies.
Published At
5/22/2024 6:15:00 PM
Disclaimer: Algoine does not endorse any content or product on this page. Readers should conduct their own research before taking any actions related to the asset, company, or any information in this article and assume full responsibility for their decisions. This article should not be considered as investment advice. Our news is prepared with AI support.
Do you suspect this content may be misleading, incomplete, or inappropriate in any way, requiring modification or removal?
We appreciate your report.