The Securities and Exchange Commission (SEC) announced today
that Intercontinental Exchange, Inc. (ICE) has agreed to pay a $10 million
penalty to settle charges related to the failure of nine wholly-owned
subsidiaries, including the New York Stock Exchange (NYSE), to timely inform
the SEC of a cyber intrusion as mandated by Regulation Systems Compliance and
Integrity.
Delayed Subsidiary Notification Following Cyber Intrusion
According to the SEC’s order, ICE was notified in April 2021
by a third party about a potential system intrusion due to an unknown
vulnerability in its virtual private network (VPN). ICE’s investigation
revealed that a threat actor had inserted malicious code into a VPN device used
to access ICE’s corporate network remotely.
However, ICE personnel delayed informing the legal and
compliance
Compliance
In finance, banking, investing, and insurance compliance refers to following the rules or orders set down by the government regulatory authority, either as providing a service or processing a transaction. Compliance concerning finance would also be a state of being following established guidelines or specifications. This designation can also encompass efforts to ensure that organizations are abiding by both industry regulations and government legislation. Understanding ComplianceCompliance is a
In finance, banking, investing, and insurance compliance refers to following the rules or orders set down by the government regulatory authority, either as providing a service or processing a transaction. Compliance concerning finance would also be a state of being following established guidelines or specifications. This designation can also encompass efforts to ensure that organizations are abiding by both industry regulations and government legislation. Understanding ComplianceCompliance is a
Read this Term officials at its subsidiaries, violating internal reporting
procedures. This delay resulted in the subsidiaries not meeting their
regulatory obligations under Regulation SCI to notify the SEC immediately about
the intrusion and provide an update within 24 hours unless the intrusion was
deemed to have no or a de minimis impact.
Enforcement Action on Cyber Reporting Requirements
“The respondents in today’s enforcement action include the
world’s largest stock exchange
Stock Exchange
A stock exchange, also known as a securities exchange or bourse represents is a facility where stockbrokers and traders can buy and sell securities.This includes shares of stock, bonds, exchange-traded funds (ETFs), or other financial instruments. By extension, stock exchanges can also provide facilities for the issue and redemption of such securities and instruments and capital events including the payment of income and dividendsStock exchanges have developed into a permanent fixture in the fin
A stock exchange, also known as a securities exchange or bourse represents is a facility where stockbrokers and traders can buy and sell securities.This includes shares of stock, bonds, exchange-traded funds (ETFs), or other financial instruments. By extension, stock exchanges can also provide facilities for the issue and redemption of such securities and instruments and capital events including the payment of income and dividendsStock exchanges have developed into a permanent fixture in the fin
Read this Term and a number of other prominent intermediaries
that, given their roles in our markets, are subject to strict reporting
requirements when they experience cyber events,” said Gurbir S. Grewal,
Director of the SEC’s Division of Enforcement.
“Under Reg SCI, they have to immediately notify the SEC of
cyber intrusions into relevant systems that they cannot reasonably estimate to
be de miminis events right away. The reasoning behind the rule is simple: if
the SEC receives multiple reports across a number of these types of entities,
then it can take swift steps to protect markets and investors.”
⚠️ INTERCONTINENTAL EXCHANGE TO PAY $10 MILLION PENALTY OVER CYBER INTRUSION CASE, SEC SAYS
Full Story → https://t.co/B9gDyQgIDG
Intercontinental Exchange Inc (ICE) will pay a $10 million penalty to settle charges its subsidiaries failed to immediately alert the Securities… pic.twitter.com/0IRClxYk5Z
— PiQ (@PiQSuite) May 22, 2024
ICE and its subsidiaries, which include Archipelago Trading
Services, Inc.; NYSE American LLC; NYSE Arca, Inc.; ICE Clear Credit LLC; ICE
Clear Europe Ltd.; NYSE Chicago, Inc.; NYSE National, Inc.; and the Securities
Industry Automation Corporation, consented to the SEC’s order without admitting
or denying the findings.
In addition to the monetary penalty, ICE and its
subsidiaries agreed to a cease-and-desist order regarding the notification
provisions of Regulation SCI.
Finance Magnates reached out to ICE, and a spokesperson
commented, stating: "This settlement involves an unsuccessful
attempt to access our network more than three years ago. The failed incursion
had zero impact on market operations. At issue was the timeframe for reporting
this type of event under Regulation SCI."
The Securities and Exchange Commission (SEC) announced today
that Intercontinental Exchange, Inc. (ICE) has agreed to pay a $10 million
penalty to settle charges related to the failure of nine wholly-owned
subsidiaries, including the New York Stock Exchange (NYSE), to timely inform
the SEC of a cyber intrusion as mandated by Regulation Systems Compliance and
Integrity.
Delayed Subsidiary Notification Following Cyber Intrusion
According to the SEC’s order, ICE was notified in April 2021
by a third party about a potential system intrusion due to an unknown
vulnerability in its virtual private network (VPN). ICE’s investigation
revealed that a threat actor had inserted malicious code into a VPN device used
to access ICE’s corporate network remotely.
However, ICE personnel delayed informing the legal and
compliance
Compliance
In finance, banking, investing, and insurance compliance refers to following the rules or orders set down by the government regulatory authority, either as providing a service or processing a transaction. Compliance concerning finance would also be a state of being following established guidelines or specifications. This designation can also encompass efforts to ensure that organizations are abiding by both industry regulations and government legislation. Understanding ComplianceCompliance is a
In finance, banking, investing, and insurance compliance refers to following the rules or orders set down by the government regulatory authority, either as providing a service or processing a transaction. Compliance concerning finance would also be a state of being following established guidelines or specifications. This designation can also encompass efforts to ensure that organizations are abiding by both industry regulations and government legislation. Understanding ComplianceCompliance is a
Read this Term officials at its subsidiaries, violating internal reporting
procedures. This delay resulted in the subsidiaries not meeting their
regulatory obligations under Regulation SCI to notify the SEC immediately about
the intrusion and provide an update within 24 hours unless the intrusion was
deemed to have no or a de minimis impact.
Enforcement Action on Cyber Reporting Requirements
“The respondents in today’s enforcement action include the
world’s largest stock exchange
Stock Exchange
A stock exchange, also known as a securities exchange or bourse represents is a facility where stockbrokers and traders can buy and sell securities.This includes shares of stock, bonds, exchange-traded funds (ETFs), or other financial instruments. By extension, stock exchanges can also provide facilities for the issue and redemption of such securities and instruments and capital events including the payment of income and dividendsStock exchanges have developed into a permanent fixture in the fin
A stock exchange, also known as a securities exchange or bourse represents is a facility where stockbrokers and traders can buy and sell securities.This includes shares of stock, bonds, exchange-traded funds (ETFs), or other financial instruments. By extension, stock exchanges can also provide facilities for the issue and redemption of such securities and instruments and capital events including the payment of income and dividendsStock exchanges have developed into a permanent fixture in the fin
Read this Term and a number of other prominent intermediaries
that, given their roles in our markets, are subject to strict reporting
requirements when they experience cyber events,” said Gurbir S. Grewal,
Director of the SEC’s Division of Enforcement.
“Under Reg SCI, they have to immediately notify the SEC of
cyber intrusions into relevant systems that they cannot reasonably estimate to
be de miminis events right away. The reasoning behind the rule is simple: if
the SEC receives multiple reports across a number of these types of entities,
then it can take swift steps to protect markets and investors.”
⚠️ INTERCONTINENTAL EXCHANGE TO PAY $10 MILLION PENALTY OVER CYBER INTRUSION CASE, SEC SAYS
Full Story → https://t.co/B9gDyQgIDG
Intercontinental Exchange Inc (ICE) will pay a $10 million penalty to settle charges its subsidiaries failed to immediately alert the Securities… pic.twitter.com/0IRClxYk5Z
— PiQ (@PiQSuite) May 22, 2024
ICE and its subsidiaries, which include Archipelago Trading
Services, Inc.; NYSE American LLC; NYSE Arca, Inc.; ICE Clear Credit LLC; ICE
Clear Europe Ltd.; NYSE Chicago, Inc.; NYSE National, Inc.; and the Securities
Industry Automation Corporation, consented to the SEC’s order without admitting
or denying the findings.
In addition to the monetary penalty, ICE and its
subsidiaries agreed to a cease-and-desist order regarding the notification
provisions of Regulation SCI.
Finance Magnates reached out to ICE, and a spokesperson
commented, stating: "This settlement involves an unsuccessful
attempt to access our network more than three years ago. The failed incursion
had zero impact on market operations. At issue was the timeframe for reporting
this type of event under Regulation SCI."
