What Does the SEC’s New Cybersecurity Rule 206(4)-9 Mean for Investment Advisors and Private Funds?

Cybersecurity Rule 206(4)-9 for investment advisers and private funds is expected to be finalized April 2023 according to the SEC’s 2023 regulatory agenda.

Proposed in February 2022, the rule is designed to promote a more comprehensive framework to address cybersecurity risks for advisers and funds, including their ability to effectively respond and recover from a cyber incident, while also strengthening investors’ confidence in the security of their investments. The proposed changes impact disclosure requirements, include a mandatory 48-hour incident reporting requirement, and establish new record keeping requirements for advisors and funds that are designed to improve the availability of cybersecurity-related information and help facilitate the Commission’s inspection and enforcement capabilities.

How will your cybersecurity program perform during its next regulatory audit?

Financial organizations, such as banks, investment firms, private equity firms, wealth management firms, hedge funds and more are facing new and growing market pressures, technology disruptions and cyber threats, seemingly on all fronts. Thrive has decades of experience working with financial services firms worldwide building risk mitigation and compliance programs that help companies protect their data and grow their business.

Our Financial Operations Platform helps our clients by making it easier to navigate regulatory processes and meet standards – on time – thanks to its simplified compliance reporting capabilities.

A member FS-ISAC, Nicsa and AIMA, Thrive is here to help your firm navigate the complex world of financial services technology and regulatory best practices to improve data security posture while generating value to your business operations. Our consulting team provides assessment services specifically tailored to evaluating registered investment advisors – contact us today to learn more.