The SEC voted today to propose new rules addressing cybersecurity risks for registered investment advisers, registered investment companies and business development companies. Amendments are also proposed to certain rules that govern investment adviser and investment company disclosures.
Proposed Rules
The proposed rules would require the following on the part of registered investment advisors:
- Adopt and implement written cybersecurity policies and procedures designed to address cybersecurity risks that could harm advisory clients.
- Report any significant cybersecurity incidents to the SEC on a new confidential form.
- Publicly disclose in their Form ADV Part 2A brochures any cybersecurity risks and significant incidents that occurred over the last two fiscal years.
- Maintain additional records to improve the availability of cybersecurity-related information and help facilitate the SEC’s inspection and enforcement capabilities.
Next Steps
The SEC will seek comments regarding these proposed rules. Once comments have been reviewed, a final rule and adopting release may be issued.
A copy of the proposed rule can be found here.
For more information about the proposed rules discussed above, please contact NCA Compliance.
Hayley Nelson is the President and Principal Consultant of NCA Compliance, Inc., a compliance consulting firm providing a wide range of customized compliance solutions for investment advisors. Ms. Nelson previously worked for the Securities and Exchange Commission and a large investment manager in New York.