SEC Reopens Comment Period for Cybersecurity Risk Management Proposal

On March 15 the Securities and Exchange Commission reopened the comment period on the proposed cybersecurity risk management rule for registered investment advisers and registered investment companies, originally proposed by the Commission on February 9, 2022. In a press release, the Commission notes the reopening of the comment period “will allow interested persons additional time to analyze the issues and prepare comments in light of other regulatory developments, including whether there would be any effects of other Commission proposals related to cybersecurity risk management and disclosure that the Commission should consider.” At the same meeting, the Commission issued a rule proposal that would require broker-dealers, clearing agencies, major security-based swap participants, the Municipal Securities Rulemaking Board, and transfer agents, among others to “implement policies and procedures that are reasonably designed to address their cybersecurity risks and, at least annually, review and assess the design and effectiveness of their cybersecurity policies and procedures, including whether they reflect changes in cybersecurity risk over the time period covered by the review.” Both comment periods will remain open until 60 days after the date of publication of the proposing release in the Federal Register.

Click here to read an ACA Insights article covering the recent proposals.
Click here to read the Forum’s comment letter submitted in April 2022 on the Commission’s Cybersecurity Risk Management proposal.