New Cybersecurity Rules for Registered Investment Advisors
… implement broad-based cybersecurity risk management programs. The Proposed RIA Rules contain four broad categories of cybersecurity requirements for firms that are registered or are required to be registered with the SEC: Risk Assessments & Policies/Procedures: The Proposed RIA Rules would require firms to conduct cybersecurity risk assessments, document such assessments in writing, and develop and implement policies and procedures that are reasonably designed to address identified cybersecurity risks; Reporting: Report significant cybersecurity incidents affecting the adviser or its fund or private fund clients to the SEC within 48 hours; Disclosure: Publicly disclose (in brochures and registration statements) cybersecurity risks
https://www.epicbrokers.com/insights/registered-investment-advisors-new-cybersecurity-rules/