Investment advisors would have to adopt cybersecurity policies, among other new requirements, under a new proposal from the North American Securities Administrators Association, released Monday.
In a request for comment, NASAA proposed a model rule on information security that would encompass both cybersecurity and physical security.
In proposing the Information Security and Privacy Rule, NASAA stated it had “identified a significant need for more information and tools regarding cybersecurity.”
NASAA said it designed the proposed rule using a principles-based philosophy, but added some compliance-oriented requirements, in keeping with principles-based investment advisor regulations, in general.
The comment period for the proposal ends Nov. 26.