NYSE parent gets $10M wrist tap for failing to report 2021 systems break-in

NYSE parent gets $10M wrist tap for failing to report 2021 systems break-in

May 22, 2024 at 03:38PM

The New York Stock Exchange’s parent company, Intercontinental Exchange (ICE), was fined $10 million by the SEC for failing to immediately report a cyber intrusion in 2021. The SEC alleges ICE and its subsidiaries violated Regulation Systems Compliance and Integrity (Regulation SCI) reporting rules. The settlement includes no admission of guilt but a promise to improve.

From the meeting notes, it is clear that the New York Stock Exchange’s parent company, Intercontinental Exchange (ICE), has been fined $10 million by the Securities and Exchange Commission (SEC) for failing to properly inform the SEC of a 2021 cyber intrusion. The SEC alleged that ICE and its subsidiaries violated Regulation Systems Compliance and Integrity (Regulation SCI) reporting rules by not promptly notifying the SEC and by making a de minimis claim about the intrusion. Despite the settlement including no admission of guilt, ICE and the other entities involved have agreed to the $10 million fine.

The SEC emphasized the importance of strict adherence to reporting rules, especially in the case of critical market intermediaries like ICE. The settlement also took into account prior SCI violations by NYSE and its subsidiaries. The $10 million fine is seen as relatively small compared to ICE’s revenue, but it still represents a significant penalty.

In summary, ICE and its subsidiaries were fined by the SEC for failure to promptly report a cyber intrusion, and they have agreed to the settlement terms without admitting guilt. The SEC stressed the importance of immediate reporting in cybersecurity events, especially for critical market intermediaries.

Full Article