Eyeing Cyber Risks, SEC Seeks 3.5% Budget Boost

Starved by a two-year hiring freeze, the SEC is asking Congress to approve funding for 100 more employees in the agency's 2019 budget.
David KatzFebruary 13, 2018
Eyeing Cyber Risks, SEC Seeks 3.5% Budget Boost

After a two years of flat funding, the Securities and Exchange Commission is asking Congress to boost its 2019 budget by 3.5%. And perhaps the SEC’s main reason for the request is to help the commission tackle cyber risks and fortify its technological capabilities.

Securities and Exchange Commission logoIn the budget request it released yesterday for its 2019 fiscal year, which starts on Oct. 1, 2018, the SEC is seeking permission to hike its funding from $1.602 billion to $1.658 billion.

Drive Business Strategy and Growth

Drive Business Strategy and Growth

Learn how NetSuite Financial Management allows you to quickly and easily model what-if scenarios and generate reports.

Out of that extra $56 million, the commission wants the authority to collect $45 million “for information technology enhancements to support the agency’s cybersecurity capabilities, risk and data analysis, enforcement and examinations, and automation of business processes,” according to an SEC press release issued Monday. (The commission’s costs would be offset by matching collections of fees on securities transactions.)

Listing cybersecurity and risk management as the first among the agency’s top priorities for fiscal-year 2019, the SEC said its overall budget increase “would support key enhancements to the agency’s program to protect the security of its network, systems, and sensitive data.”

The SEC is already moving this year to set up a new chief risk officer post to supervise the agency’s enterprise risk program. If the commission’s request is granted, the 2019 budget would enable the commission to hire two new staffers under the CRO.

Further, the budget request asks for four new staff slots “to enable the SEC to expand its cybersecurity protections, particularly with regard to incident management and response, advanced threat intelligence monitoring, and enhanced database and system security.”

Those new hires would be information-system security officers focusing on “the security of specific systems or programs,” according to the SEC.

Contending that its ability to invest in advanced analytics tools or to bring its legacy systems up to date “has been constrained,” the commission noted in its budget request that its annual investments in IT development, modernization, and enhancement have dropped from $100 million in fiscal 2015 to an expected $50 million in fiscal 2018.

More IT investment is needed “for the SEC to keep pace with the rapid technology advancements occurring in areas we regulate, including to meet ever-evolving cybersecurity challenges,” according to the commission.

Following cybersecurity and risk management, the agency’s other top priorities for the next fiscal year are: “facilitating capital formation,” “protecting Main Street investors and our markets,” and “effective oversight of changing markets.”

To stay within its flat annual $1.6 billion level, the SEC imposed a hiring freeze at the start of fiscal 2017 that will continue throughout fiscal 2018. “The agency permits few exceptions to the hiring freeze and, consequently, the overall staffing level is declining and is expected to drop to 4,528 positions by the end of [fiscal-year] 2018,” the commission says.

In its 2019 request, the SEC is asking for funds to support a total of 4,628 positions.