Silver Explains 3 SEC Cybersecurity Proposals From 2023

In a recent webinar, Silver’s CEO, Fizza Khan, sat down with Nicholas DeVore, Manager of Financial Services at Egnyte, to discuss three proposals from the SEC in 2023 that directly link to cybersecurity rule making and the impact of these potential new regulations on registered investment advisers and broker dealers.

In 2023, the SEC made clear that cybersecurity remains top of mind for the Commission and that it intends to tackle some issues around transparency, recordkeeping and breach reporting requirement, among other areas of focus. In a recent webinar, Silver’s CEO, Fizza Khan, sat down with Nicolas DeVore, Manager of Financial Services at Egnyte, to discuss three SEC proposals from 2023 that are directly linked to cybersecurity initiatives: Cybersecurity Risk Management, Regulation SCI amendments and Regulation S-P (or the privacy policy).

A video of the full webinar is below, as well as key takeaways from the discussion:

  • Regulatory overview: A proposal for registered investment advisers and registered funds relating to cyber risk management was set forth back in February of 2022. The comment period was supposed to end in March 2023, but the SEC reopened it and is accepting additional comments through May 2024. This is due to the second proposal, around Regulation S-P amendments (or the privacy policy), as the proposed amendments to that rule are trying to capture the essence of cybersecurity breaches. As such, the SEC realized they needed to extend the comment period for investment advisers and investment companies. The third proposal – Regulation SCI amendments – is similar to the first one but is more in line with broker/dealers. Ultimately, they are all centered around cybersecurity issues the SEC wants very urgently to tackle.
  • While many registered investment advisers, including private fund managers, likely already have some form of cybersecurity program in place, there has never been real guidance or legal language to help form effective and compliant frameworks, which has resulted in firms piecing a lot of this together in a vacuum.
  • These proposed rules are codifying what the industry needs to have in place and enables registered market participants to better understand what the regulators are looking for.
  • The items outlined in these enacted proposals will be expected to be incorporated as part of financial firms’ compliance programs. In addition to the cybersecurity initiatives, private fund managers will also be impacted by other rulemaking – either by way of proposals or implementation – such as the recently passed fund advisory rule.
  • In a similar vein, regulators are doing their best to keep up with this rapidly growing area of artificial intelligence (AI). As notetaking software becomes increasingly popular, it means an AI system has your information. This is where vendor due diligence on the software provider becomes very important and is a key piece introduced in these proposed new rules.
  • Start implementing these precautions immediately by conducting a review of what service providers you are using. Firms must have full disclosure of what risks their clients are facing and therefore determine how they can best manage that risk. So, having these conversations with service providers, and where you may have had areas of concern, is of utmost importance. It is always crucial to be prepared and look at what these proposals are saying.
  • While Silver doesn’t have a crystal ball regarding timing, it is believed that Reg S-P could be enacted first, followed by Cybersecurity Risk Management for all of those impacted – i.e., registered investment advisers, financial services firms, broker/dealers and investment companies – though we don’t anticipate this happening in the near term.

Silver recommends taking a step back to conduct a thorough risk analysis of your firm’s cybersecurity policies and procedures to include forensic testing in order to examine the likelihood of a breach happening and the ways in which your firm would work to mitigate these potential risks. Effective training from the top down of all employees on what could go wrong will also be tantamount to successfully reducing risks.

If you have any questions about these Cybersecurity proposals from 2023, or your firm’s compliance program, please reach out to a member of Silver’s Compliance Team at [email protected].

 

Share the Post:

SilverVision Archive

Europe in Flux, U.S. Division: Q3 Sustainability Trends for Private Fund Managers and RIAs

Silver monitored key regulatory and market developments and in the US, activity ranged from efforts to roll back the EPA’s endangerment findings to court challenges over ESG proxy adviser rules to updated DOJ guidance on DEI programs. In the UK and EU, regulators advanced sustainability reporting consultations and trade agreements that may affect compliance obligations. Global industry alliances also saw shifts, including the suspension of the Net-Zero Banking Alliance and the release of SBTi’s new net-zero standard for financial institutions.

Read More »

Where Innovation Meets Oversight: Managing Artificial Intelligence, Crypto and Cybersecurity Compliance

In today’s market, AI, crypto and cybersecurity are rapidly reshaping opportunities and risks for private fund managers and RIAs. Regulators are signaling both openness, such as new crypto listing standards, and heightened scrutiny, particularly around AI oversight, token classification and cybersecurity expectations. Firms that integrate compliance into their innovation strategies will be best positioned to capture opportunities while protecting clients and reputations.

Read More »

Navigating Cybersecurity Compliance Amid Global Instability

With geopolitical tensions on the rise, cybersecurity risks have been heightened for RIAs and private fund managers, requiring firms to go beyond the basics and build cyber compliance programs that are strategic, proactive and SEC exam-ready. This roadmap will help RIAs and fund managers navigate this evolving ecosystem with clarity and confidence.

Read More »