United States:
SEC Proposes Buy-Side Cybersecurity Rules
To print this article, all you need is to be registered or login on Mondaq.com.
The SECĀ proposedĀ cybersecurity risk management
and reporting requirements that would be applicable to registered
investment advisers, registered investment companies and business
development companies. The SEC also proposed amendments to certain
rules that govern investment adviser and fund disclosures.
TheĀ proposed requirementsĀ are meant to (i)
address concerns relating to advisers and funds’ cybersecurity
preparedness and to reduce cyber risk, (ii) improve adviser and
fund disclosures, and (iii) improve the Commission’s ability to
assess systemic risks resulting from cyber incidents.
The proposed rules would require:
- advisers and funds to adopt and implement written policies
reasonably designed to address cybersecurity risks; - advisers to report significant cybersecurity incidents to the
SEC on proposed form ADV-C; and - advisers and funds to create cybersecurity-related books and
records.
The proposal also expands adviser and fund disclosures relating
to cybersecurity risks and incidents.
Commissioner Statements
SEC Chair GenslerĀ supportedĀ the proposed rules and
amendments stating that “[t]he proposed rules and amendments
are designed to enhance cybersecurity preparedness and could
improve investor confidence in the resiliency of advisers and funds
against cybersecurity threats and attacks.”
SEC Commissioner Caroline A. CrenshawĀ supportedĀ the proposed rules and
amendments stating that “robust cyber hygiene practices are
critical, both to safeguard investor money entrusted to firms and
advisers and to guard against market-wide instability.” She
noted the importance of investors having relevant information with
regard to cybersecurity in order to inform their investment
decisions, and commented that “[the] proposal would require
advisers and funds to tell investors about the cybersecurity risks
they anticipate, how they would handle those threats, and the
nature and scope of any significant cybersecurity incidents that
occurred in the past two years.”
SEC Commissioner Allison Herren LeeĀ supportedĀ the proposed rules and
amendments, noting that they include important investor protections
designed to address cybersecurity risks in a comprehensive way. She
further stated that “our efforts today acknowledge that
cybersecurity threats can have a profound impact on the financial
system, and establish the groundwork for a more collective and
collaborative approach among a variety of parties including the
adviser, the fund board, and others.”
Commissioner Hester M. PeirceĀ opposedĀ the rules and amendments,
suggesting cybersecurity prescriptions could be an easy hook for
enforcement even if a firm makes reasonable efforts to comply with
the requirements. She further stated that the proposed rules and
amendments are not grounded in the correct section of the
Investment Adviser’s Act, stating, “[c]entral to my
opposition to the investment adviser rule proposal is that we have
chosen to ground it in Section 206, the Investment Adviser
Act’s anti-fraud provision. Just as we regrettably did in 2003
when we established a general compliance rule for registered
advisers, we cite Section 206(4) as the authority allowing us to
impose cybersecurity policies and procedures. This approach does
not make sense.”
Primary Sources
- SEC Press Release: SEC Proposes Cybersecurity Risk
Management Rules and Amendments for Registered Investment Advisers
and Funds - SEC-Proposed Rule: Cybersecurity Risk Management
for Investment Advisers, Registered Investment Companies, and
Business Development Companies - SEC Cybersecurity Risk Management Fact
Sheet - SEC Commissioner Allison Herren Lee’s
Statement of Support - SEC Commissioner Caroline A. Crenshaw’s
Statement of Support - SEC Chair Gary Gensler’s Statement of
Support - SEC Commissioner Hester M. Peirce Statement of
Dissent
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
POPULAR ARTICLES ON: Finance and Banking from United States
