SEC Guidance Update Suggests a Three-Step Framework for Investment Manager Cybersecurity Programs

The SEC's Division of Investment Management issued an Investment Management Guidance Update (Guidance) on cybersecurity on April 28, 2015.  The Guidance discusses actions that investment advisers and managers should consider to make their cybersecurity protections more robust as well as to mitigate technology risks and enhance their cybersecurity programs.  See “K&L Gates-IAA Panel Provides Comprehensive Overview of Cybersecurity Laws and Threats Applicable to Investment Managers (Part One of Two),” Hedge Fund Law Report, Vol. 8, No. 16 (Apr. 23, 2015); and Part Two of Two, Vol. 8, No. 17 (Apr. 30, 2015).  The SEC Guidance follows on the heels of the SEC Office of Compliance Inspections and Examinations (OCIE) Risk Alert earlier this year based on sweep exams OCIE conducted of cybersecurity practices and policies of investment adviser and broker-dealers, as well as the SEC’s 2014 Cybersecurity Roundtable.  See “Benchmarking and Best Practices for Hedge Fund Manager Cybersecurity,” Hedge Fund Law Report, Vol. 8, No. 5 (Feb. 5, 2015).  This article summarizes the three-step proactive process for investment manager cybersecurity programs outlined by the SEC in the Guidance.

To read the full article

Continue reading your article with a HFLR subscription.