Member Article

The SEC’s Division of Investment Management issued a guidance update last week reminding registered investment advisers and registered investment companies of the importance of cybersecurity and providing recommendations on specific measures that advisers and investment companies should consider in addressing their cybersecurity risks. 

Last week’s guidance update demonstrates the SEC’s continued focus on cybersecurity as part of its compliance initiatives. In April 2014, the SEC’s Office of Compliance Inspections and Examinations (“OCIE”) announced a cybersecurity exam initiative and, in a February 2015 Risk Alert, reported findings from that exam initiative. OCIE’s Risk Alert described the results from examinations of over 100 advisers and broker-dealers noting that approximately 80 percent of the firms examined had experienced some type of cyber-attack. Now, the Investment Management (“IM”) staff has weighed in with a number of security measures that investment companies and advisers should consider implementing to safeguard confidential and sensitive information. Advisers should be particularly mindful of this guidance as it will likely serve as a basis for any inspections by the staff dealing with cybersecurity.

To read the full alert, <http://www.haynesboone.com/news-and-events/news/alerts/2015/05/11/sec-issues-cyberguidance-for-investment-adviser>