SEC proposes cyber security risk management rules and amendments for registered investment advisers and funds - Waystone

      SEC proposes cyber security risk management rules and amendments for registered investment advisers and funds

      On February 9th, the SEC voted to propose rules related to cybersecurity risk management for registered investment advisers, and registered investment companies in a clear signal that firms who are not prepared to address cybersecurity risks will need to take action.

      Among the proposed rules:

      1. investment advisers would be required to implement written cyber security policies and procedures designed to address cyber security risks that could harm advisory clients and fund investors
      2. investment advisers must maintain, make and retain documentation, pursuant to cyber security-related books and records
      3. investment advisers must publicly disclose cyber security risks and significant cyber security incidents that occurred in the last two fiscal years in their Form ADV and registration statements for Funds
      4. the rules would also require advisers to report significant cyber security incidents to the Commission on a new confidential form.

      The proposal includes new rule 206(4)-9 under the Advisers Act and new rule 38a-2 under the Investment Company Act (collectively, the “proposed cybersecurity risk management rules”).

      How can Waystone help?

      Cyber security is becoming an increasing focal point for all global regulators and in response, we have established a dedicated cyber security solution.

      Cyber Security Officer

      Waystone will provide a Cyber Officer to investment advisors and fund boards, who will offer a plain language interpretation and opinion on the current practices of investment advisors and service providers, including:

      • governance
      • identification and protection
      • response and recovery
      • provide an ongoing assessment
      • provide guidance on upcoming cyber-related regulatory requirements
      • provide cyber training.

      Cyber security compliance

      Waystone will provide:

      • cyber security policy development and review
      • assistance with Form ADV and brochure disclosures.

      Security testing and remediation

      We are acknowledged by our clients for our technical expertise as well as our guidance and assurance from an information security perspective.

      This includes:

      • penetration testing
      • continuous vulnerability assessments
      • source code reviews
      • static application security testing (SAST)
      • open web application security project (OWASP) compliance assessment
      • firewalls and network perimeter reviews
      • policy standards and procedures development
      • incident response support.

       

      Contact Us

      Read the SEC Press release in full

      Read more about our Cyber Security Solutions

      Previous post Next post
      Share

      More like this

      Form ADV annual amendment 2022 – deadline fast approaching

      The deadline for annual amendments to Form ADV are due by March 31, 2022.
      Read more

      SEC Releases Proposed Disclosures Rules

      On March 21st, the SEC released details of its much-anticipated proposal for climate disclosures. The proposal would require domestic and…
      Read more

      Proposed amendments to Form PF

      On Wednesday, the SEC released proposed amendments to the Form PF.
      Read more

      Form PF 2022 - Deadline fast approaching

      Waystone is once again pleased to offer our services to SEC registered investment advisers subject to the annual, part 1…
      Read more

      Consolidated audit proposed funding model

      The comment period on a revised funding model (“Proposed Funding Model”) for the consolidated audit trail (“CAT”) recently closed. The…
      Read more

      SEC Division of Examination’s review of ESG investing

      The SEC recently issued a Risk Alert that highlights observations from recent exams of investment advisers, registered investment companies, and…
      Read more