Cybersecurity continues to be a priority for the Securities and Exchange Commission. The SEC’s Office of Compliance Inspections and Examinations conducted a cybersecurity “sweep” examination in 2014 and released a summary of its results in early 2015. The SEC’s Division of Investment Management — which regulates investment companies and investment advisers — has now issued additional cybersecurity guidance in the form of a Guidance Update.
Most registrants will find the Guidance Update to be fairly broad and high-level. It does, however, provide more detail on what reasonable security measures are than the SEC has previously offered, and it expressly confirms that mishandling cyber risks can result in violations of the securities laws by investment companies and investment advisers.
The legal, compliance and information security officers of private and registered fund managers should review this guidance and determine what additional measures within their organization are warranted.
Click here to read more about the SEC’s guidance.