On February 9, 2022, the Securities and Exchange Commission (“SEC”) proposed new cybersecurity risk management rules and amendments (collectively, the “Proposal”) for registered investment advisers (“advisers”). The Proposal would require advisers to (i) adopt and implement written policies and procedures that are reasonably design to address cybersecurity risks; (ii) report significant cybersecurity incidents affecting the adviser, or its fund or private fund clients, to the SEC on a newly proposed Form ADV-C; and (iii) maintain, make, and retain certain cybersecurity-related books and records. The Proposal would also amend Form ADV Part 2A to require disclosure of significant cybersecurity risks and incidents that affect advisers and their clients.
Daniel Bresler recently discussed the proposal in this webinar: Upping the Ante: Cybersecurity, the SEC and Investment Firms.
Click here for an on-demand version of the webinar.