Sullivan & Cromwell Discusses SEC’s Proposed New Cybersecurity Risk-Management Rules for Investment Advisers and Firms

On February 9, 2022, the Securities and Exchange Commission (the “SEC”) voted 3 to 1 (Commissioner Peirce dissenting[1]) to propose cybersecurity risk management rules and amendments for registered investment advisers, registered investment companies and business development companies (the “proposal”).[2]  The proposed rules and amendments are designed to reduce cybersecurity risks to clients and investors and enhance the SEC’s ability to oversee advisers and funds.  As proposed, the rules would require SEC-registered advisers and funds to adopt and implement written policies and procedures reasonably designed to address cybersecurity risks and registered advisers to confidentially report significant cybersecurity incidents … Read more