The SEC reopened the comment period on proposed rules and amendments related to cybersecurity risk management and cybersecurity disclosure for registered investment advisers, registered investment companies and business development companies.
The commission first proposed the rules and amendments on Feb. 9, 2022, with an April 11, 2022, deadline for comments.
The SEC proposed the requirement of “market entities” to implement cybersecurity policies and procedures, review the effectiveness of the policies at least once a year and give the commission notice of significant cybersecurity incidents.
The SEC also proposed amendments to Regulation S-P that would require broker-dealers, investment companies, registered investment advisers and transfer agents to inform individuals of certain types of data breaches.
The comment period will remain open until 60 days after the date of publication of the reopening release in the Federal Register.