The SEC on Wednesday for the first time proposed a cybersecurity rule for registered investment advisers and investment companies.
The proposed regulation, which the Securities and Exchange Commission released for public comment on a 3-1 vote, would require advisers to adopt and implement written policies and procedures that address risks related to cyberattacks.
Under the 243-page proposed rule, advisers would have to report incidents to the agency on a confidential form and disclose major cyber breaches over the last two fiscal years on their Form ADV. It also mandates that advisers keep books and records related to cybersecurity.
The SEC drafted the cybersecurity rule at a time when cyberattacks are increasing in order to protect investors and strengthen market stability, SEC Chairman Gary Gensler said at an SEC open meeting.
“Cybersecurity incidents can lead to significant financial, operational, legal and reputational harm for advisers and funds,” Gensler said. “More importantly, they can lead to investor harm. The proposed rules and amendments are designed to enhance cybersecurity preparedness and could improve investor confidence in the resiliency of advisers and funds against cybersecurity threats and attacks.”
Over the last few years, the Securities and Exchange Commission has issued cybersecurity guidance, made the topic an examination priority and brought enforcement cases that centered on cybersecurity lapses that violated existing customer protection rules.
The proposal distills the SEC’s expectations on cyber preparedness in a stand-alone cyber rule.
SEC Commissioner Hester Peirce opposed releasing the proposal, saying it could create a foundation for enforcement against advisers who are victims of cyberattacks. She criticized an adversarial approach that might limit the ability of regulators and financial firms to work together on combatting cyber threats.
“A cyber rule that is styled as a cudgel will not facilitate such cooperation,” Peirce said during the open meeting. “A cyber policies and procedures rule may not even be necessary to foster the investments, strong cyber defenses, dialogue, communication and cooperation we seek for investment advisers and funds.”
The proposal will be open to public comment for 60 days after it’s posted on the SEC website or 30 days after it’s published in the Federal Register, whichever is longer. After reviewing the feedback, the SEC might revise the proposal before voting on a final rule.
Carson is expanding one of its relationships in Florida while Lido Advisors adds an $870 million practice in Silicon Valley.
The approval of the pay proposal, which handsomely compensates its CEO and president, bolsters claims that big payouts are a must in the war to retain leadership.
Integrated Partners is adding a husband-wife tandem to its network in Missouri as Kestra onboards a father-son advisor duo from UBS.
Futures indicate stocks will build on Tuesday's rally.
Cost of living still tops concerns about negative impacts on personal finances
RIAs face rising regulatory pressure in 2025. Forward-looking firms are responding with embedded technology, not more paperwork.
As inheritances are set to reshape client portfolios and next-gen heirs demand digital-first experiences, firms are retooling their wealth tech stacks and succession models in real time.
