By Stacy Shelhorse, Deborah R. Meshulam, John J. Gilluly III, Ron Plesco & Andrew Serwin
Cybersecurity risk governance has been a focus of the Securities and Exchange Commission (SEC) since at least 2011 and a priority in its examination of regulated market participants and the subject of numerous risk alerts since 2014. On February 9, 2022, the SEC took another step to address such risks with proposed new rules related to cybersecurity risk management for registered investment advisers, registered investment companies, and business development companies (funds).
The proposal also includes amendments to existing rules that govern investment adviser and fund disclosures.