SEC Poised to Take Action on Cyber: Looking Ahead to Anticipated Cybersecurity and Privacy Rulemaking
The U.S. Securities and Exchange Commission (the “SEC”) is poised to adopt several new rules on privacy and cybersecurity that will impact public companies, broker-dealers, investment companies and registered investment advisers, including the following proposed rules:
- Proposed Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure (applicable to public companies; adoption currently anticipated in October 2023)
- Proposed Cybersecurity Risk Management for Investment Advisers, Registered Investment Companies, and Business Development Companies (adoption currently anticipated in October 2023)
- Proposed Amendments to Regulation S-P: Privacy of Consumer Financial Information and Safeguarding Customer Information (applicable to brokers and dealers, funds and advisers; adoption currently anticipated in April 2024)
- Proposed Cybersecurity Risk Management Rules for Broker-Dealers and Other Market Participants (adoption currently anticipated in April 2024)
Among other things, the proposed rules zero in on the intersection of cybersecurity and risk management matters, promote disclosure of certain privacy and cybersecurity risks and, in the case of the rules applicable to public companies, promote appropriate oversight of cybersecurity and privacy matters.
Contributor(s)
Co-Head of Public Company Advisory Group
More from the Governance & Securities Watch
Copyright © 2024 Weil, Gotshal & Manges LLP, All Rights Reserved. The contents of this website may contain attorney advertising under the laws of various states. Prior results do not guarantee a similar outcome. Weil, Gotshal & Manges LLP is headquartered in New York and has office locations in Boston, Brussels, Dallas, Frankfurt, Hong Kong, Houston, London, Miami, Munich, New York, Paris, Shanghai, Silicon Valley and Washington, D.C.