View Rule

View EO 12866 Meetings Printer-Friendly Version     Download RIN Data in XML

SEC RIN: 3235-AN08 Publication ID: Spring 2023 
Title: Cybersecurity Risk Management for Investment Advisers, Registered Investment Companies, and Business Development Companies 
Abstract:

The Division is considering recommending that the Commission adopt rules to enhance fund and investment adviser disclosures and governance relating to cybersecurity risks. The Commission proposed new rules to require registered investment advisers (advisers”) and investment companies (funds”) to adopt and implement written cybersecurity policies and procedures reasonably designed to address cybersecurity risks. The Commission also proposed a new rule and form under the Advisers Act to require advisers to report significant cybersecurity incidents affecting the adviser, or its fund or private fund clients, to the Commission. With respect to disclosure, the Commission proposed amendments to various forms regarding the disclosure related to significant cybersecurity risks and cybersecurity incidents that affect advisers and funds and their clients and shareholders. Finally, the Commission proposed new recordkeeping requirements under the Advisers Act and Investment Company Act.

 
Agency: Securities and Exchange Commission(SEC)  Priority: Substantive, Nonsignificant 
RIN Status: Previously published in the Unified Agenda Agenda Stage of Rulemaking: Final Rule Stage 
Major: Undetermined  Unfunded Mandates: No 
CFR Citation: 17 CFR 275.206(4)-9 (New)    17 CFR 270.38a-2 (New)    17 CFR 275.204-6 (New)   
Legal Authority: 15 U.S.C. 80a-30(a)    15 U.S.C. 80a-37(a)    15 U.S.C. 80b-4    15 U.S.C. 80b-11    15 U.S.C. 80b-3(d)    15 U.S.C. 80b-6(4)    15 U.S.C. 80b-11(a)    15 U.S.C. 80b-11(h)    15 U.S.C. 80a-8    15 U.S.C. 80a-29    15 U.S.C. 80a-37    15 U.S.C. 80b-3(c)(1)   
Legal Deadline:  None
Timetable:
Action Date FR Cite
NPRM  03/09/2022  87 FR 13524   
NPRM Comment Period End  04/11/2022 
NPRM Comment Period Reopened  03/21/2023  88 FR- 16921   
NPRM Comment Period End  05/22/2023 
Final Action  10/00/2023 
Regulatory Flexibility Analysis Required: Yes  Government Levels Affected: None 
Small Entities Affected: Businesses  Federalism: No 
Included in the Regulatory Plan: No 
International Impacts: This regulatory action will be likely to have international trade and investment effects, or otherwise be of international interest.
RIN Data Printed in the FR: Yes 
Agency Contact:
Christopher Staley
Branch Chief, Division of Investment Management
Securities and Exchange Commission
100 F Street NE,
Washington, DC 20549
Phone:202 551-8475
Email: staleyc@sec.gov