SEC Proposes Cybersecurity Risk Management Rules and Amendments for registered investment advisers and funds

On February 9th, 2022, the SEC voted to propose cybersecurity risk management rules for registered investment advisors, registered investment companies and funds. There were also proposed amendments made related to rules that govern investment advisers and fund disclosures. SEC Chair Gary Gensler stated, “The proposed rules and amendments are designed to enhance cybersecurity preparedness and could improve investor confidence in the resiliency of advisers and funds against cybersecurity threats and attacks."

The proposed cybersecurity rules have several requirements, one being that advisers and funds must create and implement policies and procedures regarding cybersecurity risks that may cause harm to clients and investors. Another proposed requirement would create a new confidential form for reporting cybersecurity incidents that affect advisers, its funds, and private funds clients. Additionally, advisers and funds would be required to publicly disclose cybersecurity related incidents and risks in brochures and registration statements that have taken place within the last two fiscal years. Lastly, new recordkeeping requirements would be implemented by advisers and funds to make cybersecurity-related information more available and to better facilitate inspection and enforcement by the SEC.