Commission seeks public comment on wide range of issues in proposal
In brief
On 9 February 2022, the Securities and Exchange Commission (SEC or “Commission“) voted 3-1, with Commissioner Peirce, the lone remaining Republican appointee opposed, to propose new rules under the Investment Advisers Act of 1940 (“Advisers Act“) and the Investment Company Act of 1940 (“Investment Company Act“) related to cybersecurity risk management, reporting of breach events, and recordkeeping for registered investment advisers and investment funds.1
If adopted, the proposal would require investment advisers and funds to adopt and implement written cybersecurity policies and procedures reasonably designed to address the cybersecurity risks relevant to their specific businesses, which could impact their clients and investors. Perhaps more notable, the proposal also mandates that advisers self-report certain cybersecurity events to the Commission on a newly created – though confidential – form. This detailed information would only go to the SEC and not be shared with clients or the public. However, the proposal does require that advisers and funds disclose…