SEC Proposes Cyber Risk Management Rules for Advisers

This year, the SEC under Chair Gary Gensler has been on a rulemaking tear. The regulator’s growing focus on the size and influence of the private funds industry has now intersected with its longstanding focus on cybersecurity. To that end, the SEC recently proposed sweeping new cybersecurity rules for investment advisers and registered investment funds that would require them to adopt and implement comprehensive cybersecurity policies and procedures; report certain significant cybersecurity incidents to the SEC within 48 hours of discovery; and provide enhanced disclosure about cybersecurity risks and incidents. This article details the proposed rules as they apply to registered investment advisers, with commentary from Avi Gesser, partner at Debevoise & Plimpton, and Clifford E. Kirsch, partner at Eversheds Sutherland. See “Six Takeaways From the SEC’s FY 2021 Enforcement Results” (Jan. 27, 2022); “Recent Experiences With SEC Examinations and Enforcement: Cybersecurity, BCPs, Branch Offices and Disclosures (Part One of Two)” (Dec. 9, 2021); and “Fireside Chat With SEC Chair Gensler: Three Key Disclosure Areas (Part One of Two)” (Nov. 18, 2021).

To read the full article

Continue reading your article with a HFLR subscription.