The SEC recommended that money managers and other registered investment advisers create a strategy to prevent, detect and respond to cybersecurity, including more internal security measures, data encryption and backup, and restrictions on the removal of storage media.
The recommendations were part of guidance the Securities and Exchange Commission issued Tuesday. They are not enforceable rules, but the SEC said managers and advisers should consider cybersecurity as part of their overall obligations in complying with federal securities laws. Specifically, the guidance targeted data protection, fraud and business continuity, “as well as other disruptions in service that could affect, for instance, a fund’s ability to process shareholder transactions.”
“In the staff’s view, funds and advisers should identify their respective compliance obligations under the federal securities laws and take into account these obligations when assessing their ability to prevent, detect and respond to cyberattacks,” the SEC guidance said.