Final comments were due last week to the Securities and Exchange Commission (SEC)’s proposed cybersecurity risk management rules for registered investment advisers, registered investment companies and business development companies (registered funds), as well as various amendments to existing rules governing investment adviser and registered fund disclosures. The main focus of the 200 plus page proposed rule is to strengthen existing requirements and foster upgrades to the cybersecurity risk management practices of registered funds and advisers. The vote was 3-1.[1] Cybersecurity has been front of mind for the SEC in recent years, having issued updated guidance on public company cybersecurity disclosures in 2018 and risk alerts in 2020 on credential stuffing and ransomware attacks.
As outlined in the accompanying Cybersecurity Risk Management Fact Sheet, the proposed rule would affect financial sector registrants’ cybersecurity practices in a number of key ways, by REQUIRING:
- Registered advisers and funds to implement written cybersecurity policies and procedures reasonably designed to address cybersecurity risks, including risks of using interconnected systems and…
