SEC proposes cyber security risk management rules and amendments for registered investment advisers and funds
Among the proposed rules:
- investment advisers would be required to implement written cyber security policies and procedures designed to address cyber security risks that could harm advisory clients and fund investors
- investment advisers must maintain, make and retain documentation, pursuant to cyber security-related books and records
- investment advisers must publicly disclose cyber security risks and significant cyber security incidents that occurred in the last two fiscal years in their Form ADV and registration statements for Funds
- the rules would also require advisers to report significant cyber security incidents to the Commission on a new confidential form.
The proposal includes new rule 206(4)-9 under the Advisers Act and new rule 38a-2 under the Investment Company Act (collectively, the “proposed cybersecurity risk management rules”).
How can Waystone help?
Cyber security is becoming an increasing focal point for all global regulators and in response, we have established a dedicated cyber security solution.
Cyber Security Officer
Waystone will provide a Cyber Officer to investment advisors and fund boards, who will offer a plain language interpretation and opinion on the current practices of investment advisors and service providers, including:
- identification and protection
- response and recovery
- provide an ongoing assessment
- provide guidance on upcoming cyber-related regulatory requirements
- provide cyber training.
Cyber security compliance
Waystone will provide:
- cyber security policy development and review
- assistance with Form ADV and brochure disclosures.
Security testing and remediation
We are acknowledged by our clients for our technical expertise as well as our guidance and assurance from an information security perspective.
- penetration testing
- continuous vulnerability assessments
- source code reviews
- static application security testing (SAST)
- open web application security project (OWASP) compliance assessment
- firewalls and network perimeter reviews
- policy standards and procedures development
- incident response support.