The Securities and Exchange Commission proposed amendments to Rule 35d-1 under the Investment Company Act of 1940, the fund “Names Rule," including improving the 80% rule and creating new and enhanced disclosure and reporting requirements. …
The proposed rule would require:
- Advisers and funds need to adopt and implement written policies and procedures that are reasonably designed to address cybersecurity risks
- Advisers need to report significant cybersecurity incidents to the Commission
- Modify disclosures related to cybersecurity risks and incidents
- New recordkeeping requirements
The Securities and Exchange Commission is proposing new rules under the Investment Advisers Act of 1940 (“Advisers Act”) and the Investment Company Act of 1940 (“Investment Company Act”) to require registered investment advisers (“advisers”) and investment companies (“funds”) to adopt and implement written cybersecurity policies and procedures reasonably designed to address cybersecurity risks. The Commission is also proposing a new rule and form under the Advisers Act to require advisers to report significant cybersecurity incidents affecting the adviser, or its fund or private fund clients, to the Commission.