The SEC has created a landing page for “Cybersecurity” on its website. This webpage provides a general overview of the steps that the SEC is taking to address cyber threats. Importantly, the webpage provides resources concerning the applicable regulations that address cybersecurity practices for the following respective market participants:
- Issuers / Public Companies
- Investment Advisers / Investment Companies
- Brokers and Dealers
- Self-Regulatory Organizations
In particular, with respect to Investment Advisers and Investment Companies, the SEC references the below governing securities regulations:
- Regulation S-P
- Regulation S-ID: Subpart C – Regulation S-ID: Identity Theft Red Flags
- Compliance Rule: Investment Company Act (ICA) Rule 38-1
Compliance Rule: Investment Advisers Act (IAA) Rule 206(4)-7
- Adopting Release for ICA Rule 38-1 and IAA Rule 206(4)-7: See Section II(A)(1) which provides additional information about issues that the policies and procedures of funds or advisers should consider, certain of which are related to cybersecurity.
NOTE: This webpage is being continuously updated to reflect additional SEC guidance on cybersecurity, so it is a helpful resource to refer back to overtime.
Click here to access the SEC’s “Cybersecurity, the SEC and You” webpage.