The SEC has proposed cybersecurity risk management rules for registered investment advisers, and registered investment companies and business development companies (funds), as well as amendments to certain rules that govern investment adviser and fund disclosures.
“Cyber risk relates to each part of the SEC’s three-part mission, and in particular to our goals of protecting investors and maintaining orderly markets,” said SEC Chair Gary Gensler. “The proposed rules and amendments are designed to enhance cybersecurity preparedness and could improve investor confidence in the resiliency of advisers and funds against cybersecurity threats and attacks.”
The proposed rules would require advisers and funds to adopt and implement written cybersecurity policies and procedures designed to address cybersecurity risks that could harm advisory clients and fund investors. The proposed rules also would require advisers to report significant cybersecurity incidents affecting the adviser or its fund or private fund clients to the Commission on a new confidential form.
To further help protect investors in connection with cybersecurity incidents, the proposal would require advisers and funds to publicly disclose cybersecurity risks and significant cybersecurity incidents that occurred in the last two fiscal years in their brochures and registration statements.
Additionally, the proposal would set forth new recordkeeping requirements for advisers and funds that are designed to improve the availability of cybersecurity-related information and help facilitate the Commission’s inspection and enforcement capabilities.
The proposal will be published on SEC.gov and in the Federal Register. The public comment period will remain open for 60 days following the publication of the proposing release on the SEC’s website or 30 days following the publication of the proposing release in the Federal Register, whichever period is longer.
Have a securities law question? Call New York Securities Lawyers at 212-509-6544.
Visit The Securities Law Home Page – news and tips from securities regulators and top securities attorneys
Mark Astarita is a nationally recognized securities attorney, who represents investors, financial professionals and firms in securities litigation, arbitration and regulatory matters, including SEC and FINRA investigations and enforcement proceedings.
He is a partner in the national securities law firm Sallah Astarita & Cox, LLC, and the founder of The Securities Law Home Page - SECLaw.com, which was one of the first legal topic sites on the Internet. It went online in 1995 and is updated daily with news, commentary and securities law related links.