Proposed rules for public companies, investment advisors, and funds are now expected to be finalized in October 2023 at the earliest
According to its Spring 2023 rulemaking agenda, the U.S. Securities and Exchange Commission (SEC) has delayed issuance of two sets of cybersecurity requirements that previously were expected to be finalized in April 2023. The SEC’s proposed Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure rule for public companies and its proposed rule on Cyber Risk Management for Investment Advisers, Registered Investment Companies and Business Development Companies now are scheduled to be finalized by October 2023 at the earliest.
Three other sets of proposed requirements—amendments to Reg S-P on safeguarding customer information, amendments to Reg SCI on cybersecurity and IT resilience (among other things) for “SCI entities,” and a new Cybersecurity Risk Management Rule for broker-dealers, clearing agencies and other SEC-regulated entities—now are slated for April 2024.
Proposed Cybersecurity Rule for Public Companies
The SEC proposed requirements for cybersecurity risk management, governance, and incident disclosure for…
