The Division of Investment Management (the “Division”) of the Securities and Exchange Commission issued a cybersecurity guidance identifying cybersecurity of registered investment companies (“funds”) and registered investment advisers (“advisers”) as an important issue. Recognizing the rapidly changing nature of cyber threats and consequently, the necessity for funds and advisers to protect sensitive information including information of fund investors and advisory clients, the Division is suggesting a number of measures that funds and advisers may wish to consider in addressing the issue. To mitigate cybersecurity risk, the Division suggests that funds and advisers: 1) conduct a periodic assessment of their technology system and security controls and processes to identify potential cybersecurity threats and vulnerabilities, 2) create a strategy that is designed to prevent, detect and respond to cybersecurity threats, and 3) implement the strategy through written policies and procedures, training of officers and employees, and investor and client education. In addition, the Division also suggests that funds and advisers may wish to consider reviewing their operations and compliance programs whether they have measures in place that mitigate their exposure to cybersecurity risk, as well as assessing whether protective cybersecurity measures are in place at service providers that they rely on in carrying out their business operations.
A full version of the cybersecurity guidance is available HERE.
Please call an Investment Funds and Investment Management attorney with your inquiries regarding your firm’s cybersecurity risks and compliance procedures that address them.