Close Close
Sign In
Newsletters
Popular Financial Topics Discover relevant content from across the suite of ALM legal publications From the Industry More content from ThinkAdvisor and select sponsors Investment Advisor Issue Gallery Read digital editions of Investment Advisor Magazine Tax Facts Get clear, current, and reliable answers to pressing tax questions
Luminaries Awards
Podcast Center Video Center Webcasts Resource Center Events
About ThinkAdvisor Contact Us Advertise With Us Asset & Logo Licensing Sitemap Terms of Service Privacy Policy Copyright © 2024 ALM Global, LLC. All Rights Reserved.
ThinkAdvisor

Regulation and Compliance > Federal Regulation > SEC

SEC Outlines Cyber Rules, New Form for Advisors

By Melanie Waddell

X
Your article was successfully shared with the contacts you provided.

What You Need to Know

  • Advisors would have to report significant cybersecurity incidents to the SEC on a new proposed Form ADV-C.
  • Proposed rules would require advisors and funds to adopt and implement written cybersecurity policies and procedures.

In a first for the agency, the Securities and Exchange Commission on Wednesday proposed rules requiring advisors to adopt written policies and procedures that address cybersecurity risks, as well as to report “significant cybersecurity incidents” to the SEC on a new proposed Form ADV-C.

The SEC’s plan also aims to enhance advisor and fund disclosures related to cybersecurity risks and incidents, while requiring advisors and funds to maintain, make and retain certain cybersecurity-related books and records.

“Cyber risk relates to each part of the SEC’s three-part mission, and in particular to our goals of protecting investors and maintaining orderly markets,” said SEC Chairman Gary Gensler during the open meeting.

“The proposed rules and amendments are designed to enhance cybersecurity preparedness and could improve investor confidence in the resiliency of advisers and funds against cybersecurity threats and attacks,” Gensler explained.

The proposed rules would require advisors and funds to adopt and implement written cybersecurity policies and procedures designed to address cybersecurity risks that could harm advisory clients and fund investors, the agency said.

The plans would require advisors to report “significant cybersecurity incidents” affecting the advisor, its funds or private fund clients to the Commission on a new “confidential” Form ADV-C.

Advisers and funds would also be asked to publicly disclose cybersecurity risks and significant cybersecurity incidents that occurred in the last two fiscal years in their brochures and registration statements.

The SEC plans for its proposal to be published on SEC.gov and in the Federal Register soon. The public comment period will remain open for 60 days following the publication of the proposing release on the SEC’s website or 30 days following the publication of the proposing release in the Federal Register, whichever period is longer.

Melanie Waddell

@Think_MelanieW

NOT FOR REPRINT

© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.