Skip to main content

SEC Proposes Comprehensive Cybersecurity Compliance and Reporting Rules for Registered Investment Advisers, Registered Investment Companies, and Business Development Companies

Client memorandum | February 16, 2022

On February 9, 2022, the Security and Exchange Commission (“SEC”) voted to propose rules and amendments under the Investment Advisers Act of 1940 (“Advisers Act”) and the Investment Company Act of 1940 (“Investment Company Act”) that would require the implementation of cybersecurity risk management and disclosure obligations by registered investment advisers (“advisers”), registered investment companies, and business development companies (the “Proposal”).  The Proposal — contemporaneously announced alongside a set of sweeping new rules and amendments applicable to private fund advisers — follows a recent period of increased investigatory and enforcement activity concerning cybersecurity by the SEC.  The SEC’s stated goals for the Proposal are twofold: (1) to ensure better protection of clients and investors by requiring advisers and funds to implement policies and procedures with specific elements to address cybersecurity risks that can lead to significant business disruptions and the loss or theft of data or assets; and (2) to ensure that clients’ and investors’ investment decisions can be informed by the receipt of information concerning the impact of cybersecurity risks and incidents on the operations of advisers and funds across the industry.

Additional information

icon View File

This communication is for general information only. It is not intended, nor should it be relied upon, as legal advice. In some jurisdictions, this may be considered attorney advertising. Please refer to the firm’s data policy page for further information.