On February 9th, the Securities and Exchange Commission (SEC) voted to create new and amend existing rules around cybersecurity risk management for registered investment advisers (RIAs) and funds.
“The proposed rules and amendments are designed to enhance cybersecurity preparedness and could improve investor confidence in the resiliency of advisers and funds against cybersecurity threats and attacks,” said SEC Chair Gary Gensler.
The rules would oblige RIA firms to develop and implement written policies and procedures to reduce cybersecurity risks that could harm clients and fund investors. The proposed regulations would also force advisers to report cybersecurity incidents like data breaches involving client information to the SEC.
Additionally, the proposed changes call for publicly disclosing cybersecurity risks and any significant incidents from the last two fiscal years in their marketing materials and registration statements. The SEC is also proposing new recordkeeping requirements to improve the availability of cybersecurity-related information and help streamline the SEC’s inspection and enforcement capacity.
Reach out if your firm needs assistance complying with and implementing these and other cybersecurity compliance standards. Coretelligent offers solutions, including CoreArmor and CoreBDR, to meet the compliance requirements and security needs of the RIAs, advisory firms, and other financial advisors. With over 16+ years of practice helping clients navigate a multitude of IT compliance regulations and strengthening their cybersecurity program, we can help your firm understand and meet its regulatory requirements.