Cybersecurity Risk Management for Investment Advisers, Registered Investment Companies, and Business Development Companies

1 member

Summary

The proposed rule would require:

  • Advisers and funds need to adopt and implement written policies and procedures that are reasonably designed to address cybersecurity risks
  • Advisers need to report significant cybersecurity incidents to the Commission
  • Modify disclosures related to cybersecurity risks and incidents
  • New recordkeeping requirements
Business case

The Securities and Exchange Commission is proposing new rules under the Investment Advisers Act of 1940 (“Advisers Act”) and the Investment Company Act of 1940 (“Investment Company Act”) to require registered investment advisers (“advisers”) and investment companies (“funds”) to adopt and implement written cybersecurity policies and procedures reasonably designed to address cybersecurity risks. The Commission is also proposing a new rule and form under the Advisers Act to require advisers to report significant cybersecurity incidents affecting the adviser, or its fund or private fund clients, to the Commission.

Collaboration details

Type
Consultation
Status
Active
ESG theme
  • Governance
Created on
Geography
United States