A video of the full webinar is below, as well as key takeaways from the discussion:
- While many registered investment advisers, including private fund managers, likely already have some form of cybersecurity program in place, there has never been real guidance or legal language to help form effective and compliant frameworks, which has resulted in firms piecing a lot of this together in a vacuum.
- These proposed rules are codifying what the industry needs to have in place and enables registered market participants to better understand what the regulators are looking for.
- The items outlined in these enacted proposals will be expected to be incorporated as part of financial firms’ compliance programs. In addition to the cybersecurity initiatives, private fund managers will also be impacted by other rulemaking – either by way of proposals or implementation – such as the recently passed fund advisory rule.
- In a similar vein, regulators are doing their best to keep up with this rapidly growing area of artificial intelligence (AI). As notetaking software becomes increasingly popular, it means an AI system has your information. This is where vendor due diligence on the software provider becomes very important and is a key piece introduced in these proposed new rules.
- Start implementing these precautions immediately by conducting a review of what service providers you are using. Firms must have full disclosure of what risks their clients are facing and therefore determine how they can best manage that risk. So, having these conversations with service providers, and where you may have had areas of concern, is of utmost importance. It is always crucial to be prepared and look at what these proposals are saying.
- While Silver doesn’t have a crystal ball regarding timing, it is believed that Reg S-P could be enacted first, followed by Cybersecurity Risk Management for all of those impacted – i.e., registered investment advisers, financial services firms, broker/dealers and investment companies – though we don’t anticipate this happening in the near term.
Silver recommends taking a step back to conduct a thorough risk analysis of your firm’s cybersecurity policies and procedures to include forensic testing in order to examine the likelihood of a breach happening and the ways in which your firm would work to mitigate these potential risks. Effective training from the top down of all employees on what could go wrong will also be tantamount to successfully reducing risks.
If you have any questions about these Cybersecurity proposals from 2023, or your firm’s compliance program, please reach out to a member of Silver’s Compliance Team at [email protected].