In July 2023, the Securities and Exchange Commission (SEC) adopted rules requiring public companies to disclose material cybersecurity incidents and provide annual information on cybersecurity risk management, strategy and governance. However, similar disclosure requirements are unlikely to be imposed on the municipal securities market in the near term.
“Any incident disclosure that would impact municipal issuers would require an amendment to Rule 15c2-12,” Bracewell’s Ed Fierro, who earlier in his career served as senior counsel to the director of the SEC’s Office of Municipal Securities, told The Bond Buyer. “I worked on the Rule 15c2-12 amendments while at the SEC and making any changes to the rule is a very lengthy process.”
Rule 15c2-12 of the Securities Exchange Act requires dealers acting as underwriters in primary offerings of municipal securities to reasonably determine that the issuer or obligated person has agreed to provide to the Municipal Securities Rulemaking Board timely notice of certain events.
“The last amendments to Rule 15c2-12 took about 4 years from pre-rule stage, proposed rule stage and final rule stage,” Fierro said. “While circumstances could change, I doubt that we will see any changes to Rule 15c2-12 in the near future.”
