The U.S. Securities and Exchange Commission (the “SEC”) is poised to adopt several new rules on privacy and cybersecurity that will impact public companies, broker-dealers, investment companies and registered investment advisers, including the following proposed rules:
- Proposed Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure (applicable to public companies; adoption currently anticipated in October 2023)
- Proposed Cybersecurity Risk Management for Investment Advisers, Registered Investment Companies, and Business Development Companies (adoption currently anticipated in October 2023)
- Proposed Amendments to Regulation S-P: Privacy of Consumer Financial Information and Safeguarding Customer Information (applicable to brokers and dealers, funds and advisers; adoption currently anticipated in April 2024)
- Proposed Cybersecurity Risk Management Rules for Broker-Dealers and Other Market Participants (adoption currently anticipated in April 2024)
Among other things, the proposed rules zero in on the intersection of cybersecurity and risk management matters, promote disclosure of certain privacy and cybersecurity risks and, in the case of the rules applicable to public companies, promote appropriate oversight of cybersecurity and privacy matters.