The Securities and Exchange Commission has proposed amendments and rules that would require registered investment advisers and funds to implement cybersecurity procedures and policies to protect fund investors and advisory clients from cyberthreats.
The proposal would direct advisers and funds to report major cyber incidents to the SEC using a new confidential form and publicly reveal in their registration statements and brochures those incidents and other cyber risks that happened in the last two fiscal years, the commission said Wednesday.
SEC also proposed recordkeeping requirements for investment companies and advisers in order to improve the availability of data and enable the SEC to facilitate inspection and enforcement operations.
“Cyber risk relates to each part of the SEC’s three-part mission, and in particular to our goals of protecting investors and maintaining orderly markets,” said SEC Chair Gary Gensler.
“The proposed rules and amendments are designed to enhance cybersecurity preparedness and could improve investor confidence in the resiliency of advisers and funds against cybersecurity threats and attacks,” added Gensler.
The proposed rules will be open for public comments once published in the Federal Register or on the commission’s website.
