SEC Proposes Requirements to Mitigate Cybersecurity Threats

The Securities and Exchange Commission (SEC) has released a proposed rule “Cybersecurity Risk Management for Investment Advisers, Registered Investment Companies, and Business Development Companies”. According to the press release, the proposed rule would require advisers and investment companies to implement written cybersecurity policies and procedures designed to 1) address cybersecurity risks that could harm advisory clients and fund investors, and 2) publicly disclose significant risks and incidents. The proposed rule would also implement new recordkeeping requirements for advisers and funds to improve the availability of cybersecurity-related information and to help facilitate the SEC’s enforcement capabilities.

The SEC will accept public comments for the longer of 1) 60 days following the release of the proposed rule on the SEC’s website, or 2) 30 days following the publication of the proposed rule in the Federal Register.