SEC Sets Sights on Cybersecurity for RIAs

Image credit: © kkssr | Dreamstime.com

The Securities and Exchange Commission is introducing new rules around cybersecurity risk management for registered investment advisors (RIAs), registered investment companies and business development companies (funds), as well as amendments to certain rules that govern investment advisor and fund disclosures.

Citing the “numerous cybersecurity risks and incidents that advisors and funds face due to their interface with numerous interconnected systems and networks, the rules and amendments are designed to address concerns around preparedness and cybersecurity-related risks to clients and investors.

SEC Chair Gary Gensler

Earlier reports signaled that cybersecurity would be a significant focus of the regulatory agency in 2022. Last year, the SEC instigated civil penalties against a handful of broker-dealers and investment advisors as a result of various cybersecurity incidents that exposed the personal data of customers and clients. They also settled with additional companies who were not transparent about cybersecurity incidents.

The proposal is multilayered and would require advisers and funds to engage as follows:

SEC Chair Gary Gensler noted that the recommended rules and amendments are “designed to enhance cybersecurity preparedness and could improve investor confidence in the resiliency of advisors and funds against cybersecurity threats and attacks.”

Advisors can weigh in with comments when the proposed rules are posted on SEC.gov and in the Federal Register. The public comment period will remain open for 60 days following the publication of the proposing release on the SEC’s website or 30 days following the publication of the proposing release in the Federal Register, whichever period is longer.

Exit mobile version