SEC Reopens Comment Period for Proposed Cybersecurity Rule
SEC Releases
On March 15th, the SEC chose to reopen the comment period on the Proposed Cyber Rule for cybersecurity risk management and disclosure requirements on Registered Investment Advisers (“RIAs”) and Registered Investment Companies (“RICs).
The comment period will remain open for another 60 days after the publication of the reopening release in the Federal Register.
Important Items to be Aware of
- The SEC originally proposed new requirements for RIAs and Funds to:
- Adopt and implement written cybersecurity policies and procedures.
- Report significant cybersecurity incidents to the SEC.
- Publicly disclose cybersecurity risks and significant incidents occurring in the previous two years.
- Adjust to new recordkeeping requirements.
- The original comment period ended April 11th, 2022.
- Commenters voiced multiple concerns including:
- Significant costs to RIAs already, as it is uniform practice to use third-party providers for cybersecurity.
- Severe underestimation of the costs to implement the new proposals.
- The possibility that third party vendors outside of the jurisdiction of the SEC would be required to comply due to the new vetting requirements.
- The rule requirements may interfere with other federal and state regulatory reporting requirements related to cybersecurity.
- Interested persons now have additional time to comment on these rules in relation to other regulatory changes and any possible effects other proposals may have on these requirements.
Vigilant’s Conclusion
Parties will have 60 days to publicly comment on the Proposed Rule.
We encourage firms to take the time to analyze potential issues and consider how it may affect your firm.
Reopening the comment period suggests that the SEC may see merit in some of the previous criticisms or concerns.
If you need help understanding how these proposed rules could affect your compliance, please reach out to Vigilant today.