SEC proposes cyber security risk management rules and amendments for registered investment advisers and funds - Waystone

      SEC proposes cyber security risk management rules and amendments for registered investment advisers and funds

      On February 9th, the SEC voted to propose rules related to cybersecurity risk management for registered investment advisers, and registered investment companies in a clear signal that firms who are not prepared to address cybersecurity risks will need to take action.

      Among the proposed rules:

      1. investment advisers would be required to implement written cyber security policies and procedures designed to address cyber security risks that could harm advisory clients and fund investors
      2. investment advisers must maintain, make and retain documentation, pursuant to cyber security-related books and records
      3. investment advisers must publicly disclose cyber security risks and significant cyber security incidents that occurred in the last two fiscal years in their Form ADV and registration statements for Funds
      4. the rules would also require advisers to report significant cyber security incidents to the Commission on a new confidential form.

      The proposal includes new rule 206(4)-9 under the Advisers Act and new rule 38a-2 under the Investment Company Act (collectively, the “proposed cybersecurity risk management rules”).

      How can Waystone help?

      Cyber security is becoming an increasing focal point for all global regulators and in response, we have established a dedicated cyber security solution.

      Cyber Security Officer

      Waystone will provide a Cyber Officer to investment advisors and fund boards, who will offer a plain language interpretation and opinion on the current practices of investment advisors and service providers, including:

      • governance
      • identification and protection
      • response and recovery
      • provide an ongoing assessment
      • provide guidance on upcoming cyber-related regulatory requirements
      • provide cyber training.

      Cyber security compliance

      Waystone will provide:

      • cyber security policy development and review
      • assistance with Form ADV and brochure disclosures.

      Security testing and remediation

      We are acknowledged by our clients for our technical expertise as well as our guidance and assurance from an information security perspective.

      This includes:

      • penetration testing
      • continuous vulnerability assessments
      • source code reviews
      • static application security testing (SAST)
      • open web application security project (OWASP) compliance assessment
      • firewalls and network perimeter reviews
      • policy standards and procedures development
      • incident response support.


      Contact Us

      Read the SEC Press release in full

      Read more about our Cyber Security Solutions

      Previous post 

      More like this

      Securing sensitive employee data – recommended HR policies and procedures

      The onboarding and offboarding of employees is not a subject that we often think about in terms of information security.…
      Read more

      Cyber Security Solutions for the US Investment Advisers

      SEC Focus on Cyber Security and Operational Resilience. The US Securities and Exchange Commission (“SEC”) has increased its focus on…
      Read more