SEC proposes cyber security risk management rules and amendments for registered investment advisers and funds - Waystone

SEC proposes cyber security risk management rules and amendments for registered investment advisers and funds

On February 9th, the SEC voted to propose rules related to cybersecurity risk management for registered investment advisers, and registered investment companies in a clear signal that firms who are not prepared to address cybersecurity risks will need to take action.

Among the proposed rules:

  1. investment advisers would be required to implement written cyber security policies and procedures designed to address cyber security risks that could harm advisory clients and fund investors
  2. investment advisers must maintain, make and retain documentation, pursuant to cyber security-related books and records
  3. investment advisers must publicly disclose cyber security risks and significant cyber security incidents that occurred in the last two fiscal years in their Form ADV and registration statements for Funds
  4. the rules would also require advisers to report significant cyber security incidents to the Commission on a new confidential form.

The proposal includes new rule 206(4)-9 under the Advisers Act and new rule 38a-2 under the Investment Company Act (collectively, the “proposed cybersecurity risk management rules”).

How can Waystone help?

Cyber security is becoming an increasing focal point for all global regulators and in response, we have established a dedicated cyber security solution.

Cyber Security Officer

Waystone will provide a Cyber Officer to investment advisors and fund boards, who will offer a plain language interpretation and opinion on the current practices of investment advisors and service providers, including:

  • governance
  • identification and protection
  • response and recovery
  • provide an ongoing assessment
  • provide guidance on upcoming cyber-related regulatory requirements
  • provide cyber training.

Cyber security compliance

Waystone will provide:

  • cyber security policy development and review
  • assistance with Form ADV and brochure disclosures.

Security testing and remediation

We are acknowledged by our clients for our technical expertise as well as our guidance and assurance from an information security perspective.

This includes:

  • penetration testing
  • continuous vulnerability assessments
  • source code reviews
  • static application security testing (SAST)
  • open web application security project (OWASP) compliance assessment
  • firewalls and network perimeter reviews
  • policy standards and procedures development
  • incident response support.

 

Contact Us

Read the SEC Press release in full

Read more about our Cyber Security Solutions

Previous post 
Share

More like this

Securing sensitive employee data – recommended HR policies and procedures

The onboarding and offboarding of employees is not a subject that we often think about in terms of information security.…
Read more