SEC Names First Chief Risk Officer

iStock-852407924-SEC-cybersecurity-300x200On the heels of a January 2019 announcement that it was charging nine persons with participation in a scheme that allowed them to hack into the SEC’s confidential database of public filings, commonly known as EDGAR. On February 28, the SEC named Gabriel Benincasa as its first-ever Chief Risk Officer (CRO). Although the two events have no direct causal link, they serve as useful reminders that the SEC is determined to re-emphasize its mission to ensure the smooth operation of the U.S. securities markets and to root out and punish instances of fraud and market manipulation, be it by traditional methods or where digital tools are implicated and databases are compromised. The position of CRO is a new one at the SEC. Created by SEC Chairman Jay Clayton to strengthen the agency’s risk management and cybersecurity efforts, Benincasa’s office will help to coordinate efforts to identify, monitor and address risks facing the agency.

Benincasa began his legal career at Davis Polk & Wardwell before taking in-house positions at Morgan Stanley and Bank of America. He also has held legal and compliance positions with Credit Suisse Group AG and the financial technology firm, Investment Technology Group. His hiring comes just months after he was named general counsel for Patomak Global Partners in New York, a firm headed by Paul Atkins, a former Trump transition team advisor on financial regulation and fellow Davis Polk alumnus.

As Chief Risk Officer, Benincasa will play an important role in helping to coordinate the Agency’s efforts regarding timely evaluation and response to issues involving risk evaluation and mitigation, legal compliance and the stability of financial markets in light of emerging and more sophisticated cyber-threats. Benincasa will join with Ken Johnson, the SEC’s Chief Operating Officer, and will work within the SEC’s Office of the COO to maintain and strengthen the SEC’s risk management program. He also will serve as a key adviser on matters related to enterprise risks and controls.