On February 9, 2022, the SEC voted 3-1 to propose rules that would significantly expand the risk management and reporting requirements concerning cybersecurity and related matters for registered investment companies (RICs), business development companies (BDCs), and investment advisers registered or required to be registered with the SEC (RIAs)
The proposed rules would require advisers and funds to adopt and implement written cybersecurity policies and procedures designed to address cybersecurity risks that could harm advisory clients and fund investors. The proposed rules also would require advisers to report significant cybersecurity incidents affecting the adviser or its fund or private fund clients to the Commission on a new confidential form.
To further help protect investors in connection with cybersecurity incidents, the proposal would require advisers and funds to publicly disclose cybersecurity risks and significant cybersecurity incidents that occurred in the last two fiscal years in their brochures and registration statements.
Additionally, the proposal would set forth new recordkeeping requirements for advisers and funds that are designed to improve the availability of cybersecurity-related information and help facilitate the Commission’s inspection and enforcement capabilities.
The proposal will be published on SEC.gov and in the Federal Register. The public comment period will remain open for 60 days following the publication of the proposing release on the SEC’s website or 30 days following the publication of the proposing release in the Federal Register, whichever period is longer.
SEC Proposed Cybersecurity Rules link
#DOL #SEC #FinCEN #Compliance #Riskmanagement #Finra #VendorRiskManagement #DueDiligence #VRM #ThirdPartyRisk #Sanctions #GRC #TPRM #Modevity #RIA #Plansponsor #Serviceproviders