Silver Explains 3 SEC Cybersecurity Proposals From 2023

In a recent webinar, Silver’s CEO, Fizza Khan, sat down with Nicholas DeVore, Manager of Financial Services at Egnyte, to discuss three proposals from the SEC in 2023 that directly link to cybersecurity rule making and the impact of these potential new regulations on registered investment advisers and broker dealers.

In 2023, the SEC made clear that cybersecurity remains top of mind for the Commission and that it intends to tackle some issues around transparency, recordkeeping and breach reporting requirement, among other areas of focus. In a recent webinar, Silver’s CEO, Fizza Khan, sat down with Nicolas DeVore, Manager of Financial Services at Egnyte, to discuss three SEC proposals from 2023 that are directly linked to cybersecurity initiatives: Cybersecurity Risk Management, Regulation SCI amendments and Regulation S-P (or the privacy policy).

A video of the full webinar is below, as well as key takeaways from the discussion:

  • Regulatory overview: A proposal for registered investment advisers and registered funds relating to cyber risk management was set forth back in February of 2022. The comment period was supposed to end in March 2023, but the SEC reopened it and is accepting additional comments through May 2024. This is due to the second proposal, around Regulation S-P amendments (or the privacy policy), as the proposed amendments to that rule are trying to capture the essence of cybersecurity breaches. As such, the SEC realized they needed to extend the comment period for investment advisers and investment companies. The third proposal – Regulation SCI amendments – is similar to the first one but is more in line with broker/dealers. Ultimately, they are all centered around cybersecurity issues the SEC wants very urgently to tackle.
  • While many registered investment advisers, including private fund managers, likely already have some form of cybersecurity program in place, there has never been real guidance or legal language to help form effective and compliant frameworks, which has resulted in firms piecing a lot of this together in a vacuum.
  • These proposed rules are codifying what the industry needs to have in place and enables registered market participants to better understand what the regulators are looking for.
  • The items outlined in these enacted proposals will be expected to be incorporated as part of financial firms’ compliance programs. In addition to the cybersecurity initiatives, private fund managers will also be impacted by other rulemaking – either by way of proposals or implementation – such as the recently passed fund advisory rule.
  • In a similar vein, regulators are doing their best to keep up with this rapidly growing area of artificial intelligence (AI). As notetaking software becomes increasingly popular, it means an AI system has your information. This is where vendor due diligence on the software provider becomes very important and is a key piece introduced in these proposed new rules.
  • Start implementing these precautions immediately by conducting a review of what service providers you are using. Firms must have full disclosure of what risks their clients are facing and therefore determine how they can best manage that risk. So, having these conversations with service providers, and where you may have had areas of concern, is of utmost importance. It is always crucial to be prepared and look at what these proposals are saying.
  • While Silver doesn’t have a crystal ball regarding timing, it is believed that Reg S-P could be enacted first, followed by Cybersecurity Risk Management for all of those impacted – i.e., registered investment advisers, financial services firms, broker/dealers and investment companies – though we don’t anticipate this happening in the near term.

Silver recommends taking a step back to conduct a thorough risk analysis of your firm’s cybersecurity policies and procedures to include forensic testing in order to examine the likelihood of a breach happening and the ways in which your firm would work to mitigate these potential risks. Effective training from the top down of all employees on what could go wrong will also be tantamount to successfully reducing risks.

If you have any questions about these Cybersecurity proposals from 2023, or your firm’s compliance program, please reach out to a member of Silver’s Compliance Team at [email protected].

 

Share the Post:

SilverVision Archive

Crypto Deregulation? Not Quite – The SEC’s New Strategy Explained

Silver’s CEO, Fizza Khan, along with Senior Director Benny Armstrong and Director Josh Burton, published an article in the April 2025 issue of Uncorrelated Magazine that unpacks the SEC’s evolving stance on crypto enforcement and regulation. The piece explores what recent regulatory shifts mean for digital asset managers and offers practical guidance for staying compliant while engaging in this rapidly changing space.

Read More »

ESG Q1 2025: Worldwide Changes and the Ongoing Aftermath

ESG regulation and DEI initiatives face significant shifts globally, driven by regulatory rollbacks in the U.S., evolving EU and UK reporting requirements and increasing political scrutiny. This guide offers a deeper dive into the latest regulatory updates and their outcomes worldwide to help private fund managers navigate these shifting landscapes while balancing regulatory compliance with investor and stakeholder expectations.

Read More »