{"id":171,"date":"2023-03-13T15:17:49","date_gmt":"2023-03-13T15:17:49","guid":{"rendered":"https:\/\/iqeq.com\/us\/10-elements-secs-proposed-cybersecurity-rules\/"},"modified":"2024-08-07T15:11:44","modified_gmt":"2024-08-07T15:11:44","slug":"10-elements-secs-proposed-cybersecurity-rules","status":"publish","type":"post","link":"https:\/\/iqeq.com\/us\/insights\/10-elements-secs-proposed-cybersecurity-rules\/","title":{"rendered":"10 elements of the SEC\u2019s proposed cybersecurity rules"},"content":{"rendered":"<section class=\"text-block standard-spacing  \">    <div class=\"container fade-in\">\n        <p class=\"introduction\"><strong>On February 9, 2022, the U.S. Securities and Exchange Commission (SEC) proposed Rule 206(4)-9 under the Investment Advisers Act of 1940 and Rule 38a-2 under the Investment Company Act of 1940. The proposed rules would provide registered investment advisers and funds with a set of rules governing how they address cybersecurity risks.<\/strong><\/p>\n<p>These rules would build on existing Commission rules and regulations regarding cybersecurity. Regulation S-ID, for instance, sets rules for broker-dealers, investment advisers, investment companies and other financial institutions governing their identity theft prevention programs. Regulation S-P requires many of these same entities to adopt policies and procedures centering around protecting customer records and data.<\/p>\n<p>The rules cover 10 different elements of cybersecurity protection, including:<\/p>\n<h2>1. Risk assessment<\/h2>\n<p>The first step for advisers and funds to address any cybersecurity risks is to understand what those risks are.<\/p>\n<p>Advisers and funds would be tasked with categorizing and prioritizing cybersecurity risks associated with their information systems (and the information within). They\u2019d also have to identify any service providers that receive, maintain or process adviser or fund information, or that otherwise have access to their information systems, and identify any cybersecurity risks associated with their access.<\/p>\n<h2>2. User security and access<\/h2>\n<p>Advisers and funds would also be tasked with installing controls that would minimize unauthorized access to information systems. These controls would include:<\/p>\n<ul>\n<li>Standards of behavior for anyone with access to adviser or fund information systems and data<\/li>\n<li>User authentication measures requiring two or more credentials for verification<\/li>\n<li>Procedures outlining distribution, replacement and revocation of passwords<\/li>\n<li>Access to information systems and data that\u2019s restricted to what\u2019s necessary for users to perform their responsibilities<\/li>\n<li>Securing remote access technologies to info systems and data<\/li>\n<\/ul>\n<h2>3. Information protection<\/h2>\n<p>Advisers and funds would be required to monitor and protect their information systems via periodic assessments that take into account info sensitivity; where and how data is accessed, stored and transmitted; system access controls and malware protection; and more.<\/p>\n<p>Measures to identify suspicious behavior could include generating and reviewing activity logs, identifying potential anomalous activity and escalating issues to senior officers whenever appropriate.<\/p>\n<p>The rule would also require oversight of service providers with access to information systems and data. Due diligence procedures and periodic contract review processes are among the methods advisers and funds could use to ensure their service providers are capable of protecting important information and data systems.<\/p>\n<h2>4. Threat and vulnerability management<\/h2>\n<p>Advisers and funds would also be required to create policies for detecting, mitigating and remediating cybersecurity threats to, and vulnerabilities of, their information and systems.<\/p>\n<p>Given the importance of preventing cybersecurity threats, advisers and funds should develop plans for monitoring, tracking and patching vulnerabilities. They should also monitor industry and government sources for new threat and vulnerability information to stay on top of threat trends.<\/p>\n<p>Role-specific training is also advised. Examples include system administration courses for IT professionals, vulnerability awareness and prevention training for web application developers and social engineering awareness training for employees and executives.<\/p>\n<h2>5. Cybersecurity incident response and recovery<\/h2>\n<p>The rules are designed with a back acknowledgment that not all cyberattacks can be prevented. Advisers and funds must have policies and procedures guiding the detection of, response to and recovery from a cybersecurity incident.<\/p>\n<p>These policies should be designed to ensure continued operation, protection of information systems and data, internal and external cybersecurity information sharing and communications and reporting of significant cybersecurity incidents to the SEC.<\/p>\n<h2>6. Annual review and required written reports<\/h2>\n<p>The proposed rules would also require advisers and funds to conduct a review of their cybersecurity policies and procedures no less frequently than once per year. This would involve:<\/p>\n<ul>\n<li>An assessment of whether current cybersecurity policies are effective and reflect any changes in cyber risks during the period covered by the review<\/li>\n<li>A written report that describes the annual assessment, whether any control tests were performed (and what their results were); documents any cybersecurity incidents that occurred since the previous report; and discusses any material changes to the policies and procedures since the last report<\/li>\n<\/ul>\n<h2>7. Fund board oversight<\/h2>\n<p>The proposal explicitly states that \u201cboard oversight should not be a passive activity.\u201d The rules would require a fund\u2019s board of directors, including a majority of its independent directors, to approve a fund\u2019s initial cybersecurity policies and procedures.<\/p>\n<p>After that, the board should be involved in reviewing the required written reports to better understand the fund\u2019s risk management policies and procedures; ask questions about the program\u2019s effectiveness, implementation, resources and weaknesses; and determine the appropriate level of oversight of the fund\u2019s service providers.<\/p>\n<h2>8. Form ADV-C<\/h2>\n<p>As part of the proposed rules, the SEC is proposing a new Form ADV-C that would require advisers to provide information about a significant cybersecurity incident in a structured format \u2013 specifically, check-the-box and fill-in-the-blank questions.<\/p>\n<p>If an investment adviser had a reasonable basis to conclude that a significant adviser or fund cybersecurity incident occurred, the adviser would have to submit proposed Form ADV-C within 48 hours. The same timeframe would apply to any necessary amendments if the adviser discovered new material information about a previously reported incident, learned that information on the form became materially inaccurate, closed an internal investigation pertaining to a previously disclosed incident or resolved a previously reported incident.<\/p>\n<h2>9. Disclosure of cybersecurity risks and incidents<\/h2>\n<p>The SEC is proposing amendments to a large number of forms; namely, Form ADV Part 2A for advisers and Forms N-1A, N-2, N-3, N-4, N-6, N-8B-2 and S-6 for funds.<\/p>\n<p>Advisers would be required to use plain English to describe any cybersecurity risks that could affect their advisory services, and how they assess, prioritize and address those risks. They would also be required to describe any cybersecurity incidents over the past two fiscal years that caused substantial harm to the adviser or its clients. Advisers would have to deliver interim brochure amendments to existing clients if the adviser adds a cybersecurity incident disclosure to, or materially revises cybersecurity incident information already disclosed in, their brochure.<\/p>\n<p>Funds also would be required to disclose significant cybersecurity incidents from the past two fiscal years to provide prospective and current investors.<\/p>\n<h2>10. Recordkeeping<\/h2>\n<p>The proposal additionally includes new proposed recordkeeping requirements under the Investment Advisers Act and Investment Company Act.<\/p>\n<p>Advisers would be asked to include:<\/p>\n<ul>\n<li>A copy of cybersecurity policies pursuant to proposed Rule 206(4)-9, as well as any policies that were in effect in the last five years<\/li>\n<li>Copies of written reports documenting their annual cybersecurity reviews from the past five years<\/li>\n<li>Copies of proposed Form ADV-C filed in the past five years<\/li>\n<li>Records documenting any cybersecurity incident from the past five years<\/li>\n<li>Records documenting an adviser\u2019s cybersecurity risk assessment from the past five years<\/li>\n<\/ul>\n<p>Funds would be asked to include:<\/p>\n<ul>\n<li>A copy of cybersecurity policies and procedures that are currently in effect or were in effect in the past five years<\/li>\n<li>Copies of written reports provided to the board from the past five years<\/li>\n<li>Records documenting the annual review of the fund\u2019s cybersecurity policies and procedures from the past five years<\/li>\n<li>Any report of a significant fund cybersecurity incident provided to the SEC by its adviser in the past five years<\/li>\n<li>Records documenting any cybersecurity incident from the past five years<\/li>\n<li>Records documenting the fund\u2019s cybersecurity risk assessment from the past five years<\/li>\n<\/ul>\n<p><strong>Update:\u00a0<\/strong>On March 15, 2023, the\u00a0<a title=\"https:\/\/protect-de.mimecast.com\/s\/j1yvcnol6zf99vpltm8fz0\" href=\"https:\/\/www.sec.gov\/news\/press-release\/2023-54\" target=\"_blank\" rel=\"noreferrer noopener\">SEC reopened the comment period on the cybersecurity rules<\/a>\u00a0that were proposed by the Commission on February 9, 2022.\u00a0The comment period will remain open for 60 days after the date of.<\/p>\n<h4><strong>IQ-EQ\u2019s cybersecurity services deliver a comprehensive solution for investment managers that exceed the requirements of the SEC, NFA and other guidance, providing peace of mind. To find out more, please get in touch:<\/strong><\/h4>\n            <\/div>\n<\/section>\n\n    <section class=\"related-section related-section--people related-section--centered standard-spacing\">\n        <div class=\"container\">\n                            <h2>Meet the author<\/h2>\n                        <div class=\"cards row-load\">\n                    <div class=\"person-card\">\n                    <a href=\"https:\/\/iqeq.com\/people\/sean-wilke\/\" class=\"bg-img lozad normal\">\n                <img width=\"290\" height=\"192\" class=\"attachment-person_card size-person_card lozad\" alt=\"\" data-src=\"https:\/\/iqeq.com\/us\/wp-content\/uploads\/2023\/04\/Sean-Wilke-Formal-Grey_0-290x192.png\" \/>            <\/a>\n            <a href=\"https:\/\/iqeq.com\/people\/sean-wilke\/\" class=\"bg-img lozad hover\">\n                <img width=\"290\" height=\"192\" class=\"attachment-person_card size-person_card lozad\" alt=\"\" data-src=\"https:\/\/iqeq.com\/us\/wp-content\/uploads\/2023\/04\/Sean-Wilke-Informal-Green-290x192.png\" \/>            <\/a>\n                <div class=\"info\">\n                            <h3>\n                    <a href=\"https:\/\/iqeq.com\/people\/sean-wilke\/\">Sean Wilke<\/a>\n                <\/h3>\n                        <p class=\"job-title\">Head of Growth Strategy, Americas<\/p>\n            <div class=\"border\"><\/div>\n                            <p class=\"location\">United States<\/p>\n                        <a href=\"#contact-person\" class=\"link link--deepgray email\">\n                Send email            <\/a>\n                            <a href=\"tel:+16464534298\" class=\"link telephone\">\n                    +1 646 453 4298                <\/a>\n                                        <a href=\"https:\/\/iqeq.com\/people\/sean-wilke\/\" class=\"link link--deepgray permalink\">\n                    Full profile                <\/a>\n                                        <div class=\"socials\">\n                    <a href=\"https:\/\/www.linkedin.com\/in\/seanrwilke\/\" class=\"linkedin\">\n                        <span class=\"screen-reader-text\">LinkedIn<\/span>\n                    <\/a>\n                <\/div>\n                    <\/div>\n    <\/div>\n            <\/div>\n            <div class=\"button-wrapper\">\n                            <\/div>\n        <\/div>\n    <\/section>\n","protected":false},"excerpt":{"rendered":"","protected":false},"author":5,"featured_media":172,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"content-type":"","footnotes":""},"categories":[1],"tags":[12,54],"expertise":[13,14],"service_category":[],"class_list":["post-171","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized","tag-sec","tag-cybersecurity"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.1.1 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>10 elements of the SEC\u2019s proposed cybersecurity rules | IQ-EQ<\/title>\n<meta name=\"description\" content=\"On February 9, 2022, the U.S. SEC proposed Rule 206(4)-9 under the Investment Advisers Act of 1940 and Rule 38a-2 under the Investment Company Act of 1940. The proposed rules, which are not yet finalized but are expected to be in April 2023, would provide registered investment advisers and funds with a set of rules governing how they address cybersecurity risks. In this article, Sean Wilke outlines the 10 key elements of the SEC&#039;s proposed cybersecurity protection rules.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/iqeq.com\/us\/insights\/10-elements-secs-proposed-cybersecurity-rules\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"10 elements of the SEC\u2019s proposed cybersecurity rules | IQ-EQ\" \/>\n<meta property=\"og:description\" content=\"On February 9, 2022, the U.S. SEC proposed Rule 206(4)-9 under the Investment Advisers Act of 1940 and Rule 38a-2 under the Investment Company Act of 1940. The proposed rules, which are not yet finalized but are expected to be in April 2023, would provide registered investment advisers and funds with a set of rules governing how they address cybersecurity risks. In this article, Sean Wilke outlines the 10 key elements of the SEC&#039;s proposed cybersecurity protection rules.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/iqeq.com\/us\/insights\/10-elements-secs-proposed-cybersecurity-rules\/\" \/>\n<meta property=\"og:site_name\" content=\"IQ-EQ U.S.\" \/>\n<meta property=\"article:published_time\" content=\"2023-03-13T15:17:49+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-08-07T15:11:44+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/iqeq.com\/us\/wp-content\/uploads\/sites\/3\/2024\/08\/shutterstock_2181808749-scaled.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"2560\" \/>\n\t<meta property=\"og:image:height\" content=\"1280\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"chantelleharvey\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"chantelleharvey\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/iqeq.com\/us\/insights\/10-elements-secs-proposed-cybersecurity-rules\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/iqeq.com\/us\/insights\/10-elements-secs-proposed-cybersecurity-rules\/\"},\"author\":{\"name\":\"chantelleharvey\",\"@id\":\"https:\/\/iqeq.com\/us\/#\/schema\/person\/393f39d0fea3dcf3a9a5f42d3ffa8ef7\"},\"headline\":\"10 elements of the SEC\u2019s proposed cybersecurity rules\",\"datePublished\":\"2023-03-13T15:17:49+00:00\",\"dateModified\":\"2024-08-07T15:11:44+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/iqeq.com\/us\/insights\/10-elements-secs-proposed-cybersecurity-rules\/\"},\"wordCount\":8,\"image\":{\"@id\":\"https:\/\/iqeq.com\/us\/insights\/10-elements-secs-proposed-cybersecurity-rules\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/iqeq.com\/us\/wp-content\/uploads\/sites\/3\/2024\/08\/shutterstock_2181808749-scaled.jpg\",\"keywords\":[\"SEC\",\"cybersecurity\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/iqeq.com\/us\/insights\/10-elements-secs-proposed-cybersecurity-rules\/\",\"url\":\"https:\/\/iqeq.com\/us\/insights\/10-elements-secs-proposed-cybersecurity-rules\/\",\"name\":\"10 elements of the SEC\u2019s proposed cybersecurity rules | IQ-EQ\",\"isPartOf\":{\"@id\":\"https:\/\/iqeq.com\/us\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/iqeq.com\/us\/insights\/10-elements-secs-proposed-cybersecurity-rules\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/iqeq.com\/us\/insights\/10-elements-secs-proposed-cybersecurity-rules\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/iqeq.com\/us\/wp-content\/uploads\/sites\/3\/2024\/08\/shutterstock_2181808749-scaled.jpg\",\"datePublished\":\"2023-03-13T15:17:49+00:00\",\"dateModified\":\"2024-08-07T15:11:44+00:00\",\"author\":{\"@id\":\"https:\/\/iqeq.com\/us\/#\/schema\/person\/393f39d0fea3dcf3a9a5f42d3ffa8ef7\"},\"description\":\"On February 9, 2022, the U.S. SEC proposed Rule 206(4)-9 under the Investment Advisers Act of 1940 and Rule 38a-2 under the Investment Company Act of 1940. The proposed rules, which are not yet finalized but are expected to be in April 2023, would provide registered investment advisers and funds with a set of rules governing how they address cybersecurity risks. In this article, Sean Wilke outlines the 10 key elements of the SEC's proposed cybersecurity protection rules.\",\"breadcrumb\":{\"@id\":\"https:\/\/iqeq.com\/us\/insights\/10-elements-secs-proposed-cybersecurity-rules\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/iqeq.com\/us\/insights\/10-elements-secs-proposed-cybersecurity-rules\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/iqeq.com\/us\/insights\/10-elements-secs-proposed-cybersecurity-rules\/#primaryimage\",\"url\":\"https:\/\/iqeq.com\/us\/wp-content\/uploads\/sites\/3\/2024\/08\/shutterstock_2181808749-scaled.jpg\",\"contentUrl\":\"https:\/\/iqeq.com\/us\/wp-content\/uploads\/sites\/3\/2024\/08\/shutterstock_2181808749-scaled.jpg\",\"width\":2560,\"height\":1280},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/iqeq.com\/us\/insights\/10-elements-secs-proposed-cybersecurity-rules\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/iqeq.com\/us\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"10 elements of the SEC\u2019s proposed cybersecurity rules\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/iqeq.com\/us\/#website\",\"url\":\"https:\/\/iqeq.com\/us\/\",\"name\":\"IQ-EQ U.S.\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/iqeq.com\/us\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/iqeq.com\/us\/#\/schema\/person\/393f39d0fea3dcf3a9a5f42d3ffa8ef7\",\"name\":\"chantelleharvey\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/iqeq.com\/us\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/6f3edcd14663aca39f17972735631bdd6eee061ee2f963441daef02c9c01bedb?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/6f3edcd14663aca39f17972735631bdd6eee061ee2f963441daef02c9c01bedb?s=96&d=mm&r=g\",\"caption\":\"chantelleharvey\"},\"url\":\"https:\/\/iqeq.com\/us\/insights\/author\/chantelleharvey\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"10 elements of the SEC\u2019s proposed cybersecurity rules | IQ-EQ","description":"On February 9, 2022, the U.S. SEC proposed Rule 206(4)-9 under the Investment Advisers Act of 1940 and Rule 38a-2 under the Investment Company Act of 1940. The proposed rules, which are not yet finalized but are expected to be in April 2023, would provide registered investment advisers and funds with a set of rules governing how they address cybersecurity risks. In this article, Sean Wilke outlines the 10 key elements of the SEC's proposed cybersecurity protection rules.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/iqeq.com\/us\/insights\/10-elements-secs-proposed-cybersecurity-rules\/","og_locale":"en_US","og_type":"article","og_title":"10 elements of the SEC\u2019s proposed cybersecurity rules | IQ-EQ","og_description":"On February 9, 2022, the U.S. SEC proposed Rule 206(4)-9 under the Investment Advisers Act of 1940 and Rule 38a-2 under the Investment Company Act of 1940. The proposed rules, which are not yet finalized but are expected to be in April 2023, would provide registered investment advisers and funds with a set of rules governing how they address cybersecurity risks. In this article, Sean Wilke outlines the 10 key elements of the SEC's proposed cybersecurity protection rules.","og_url":"https:\/\/iqeq.com\/us\/insights\/10-elements-secs-proposed-cybersecurity-rules\/","og_site_name":"IQ-EQ U.S.","article_published_time":"2023-03-13T15:17:49+00:00","article_modified_time":"2024-08-07T15:11:44+00:00","og_image":[{"width":2560,"height":1280,"url":"https:\/\/iqeq.com\/us\/wp-content\/uploads\/sites\/3\/2024\/08\/shutterstock_2181808749-scaled.jpg","type":"image\/jpeg"}],"author":"chantelleharvey","twitter_card":"summary_large_image","twitter_misc":{"Written by":"chantelleharvey","Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/iqeq.com\/us\/insights\/10-elements-secs-proposed-cybersecurity-rules\/#article","isPartOf":{"@id":"https:\/\/iqeq.com\/us\/insights\/10-elements-secs-proposed-cybersecurity-rules\/"},"author":{"name":"chantelleharvey","@id":"https:\/\/iqeq.com\/us\/#\/schema\/person\/393f39d0fea3dcf3a9a5f42d3ffa8ef7"},"headline":"10 elements of the SEC\u2019s proposed cybersecurity rules","datePublished":"2023-03-13T15:17:49+00:00","dateModified":"2024-08-07T15:11:44+00:00","mainEntityOfPage":{"@id":"https:\/\/iqeq.com\/us\/insights\/10-elements-secs-proposed-cybersecurity-rules\/"},"wordCount":8,"image":{"@id":"https:\/\/iqeq.com\/us\/insights\/10-elements-secs-proposed-cybersecurity-rules\/#primaryimage"},"thumbnailUrl":"https:\/\/iqeq.com\/us\/wp-content\/uploads\/sites\/3\/2024\/08\/shutterstock_2181808749-scaled.jpg","keywords":["SEC","cybersecurity"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/iqeq.com\/us\/insights\/10-elements-secs-proposed-cybersecurity-rules\/","url":"https:\/\/iqeq.com\/us\/insights\/10-elements-secs-proposed-cybersecurity-rules\/","name":"10 elements of the SEC\u2019s proposed cybersecurity rules | IQ-EQ","isPartOf":{"@id":"https:\/\/iqeq.com\/us\/#website"},"primaryImageOfPage":{"@id":"https:\/\/iqeq.com\/us\/insights\/10-elements-secs-proposed-cybersecurity-rules\/#primaryimage"},"image":{"@id":"https:\/\/iqeq.com\/us\/insights\/10-elements-secs-proposed-cybersecurity-rules\/#primaryimage"},"thumbnailUrl":"https:\/\/iqeq.com\/us\/wp-content\/uploads\/sites\/3\/2024\/08\/shutterstock_2181808749-scaled.jpg","datePublished":"2023-03-13T15:17:49+00:00","dateModified":"2024-08-07T15:11:44+00:00","author":{"@id":"https:\/\/iqeq.com\/us\/#\/schema\/person\/393f39d0fea3dcf3a9a5f42d3ffa8ef7"},"description":"On February 9, 2022, the U.S. SEC proposed Rule 206(4)-9 under the Investment Advisers Act of 1940 and Rule 38a-2 under the Investment Company Act of 1940. The proposed rules, which are not yet finalized but are expected to be in April 2023, would provide registered investment advisers and funds with a set of rules governing how they address cybersecurity risks. In this article, Sean Wilke outlines the 10 key elements of the SEC's proposed cybersecurity protection rules.","breadcrumb":{"@id":"https:\/\/iqeq.com\/us\/insights\/10-elements-secs-proposed-cybersecurity-rules\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/iqeq.com\/us\/insights\/10-elements-secs-proposed-cybersecurity-rules\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/iqeq.com\/us\/insights\/10-elements-secs-proposed-cybersecurity-rules\/#primaryimage","url":"https:\/\/iqeq.com\/us\/wp-content\/uploads\/sites\/3\/2024\/08\/shutterstock_2181808749-scaled.jpg","contentUrl":"https:\/\/iqeq.com\/us\/wp-content\/uploads\/sites\/3\/2024\/08\/shutterstock_2181808749-scaled.jpg","width":2560,"height":1280},{"@type":"BreadcrumbList","@id":"https:\/\/iqeq.com\/us\/insights\/10-elements-secs-proposed-cybersecurity-rules\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/iqeq.com\/us\/"},{"@type":"ListItem","position":2,"name":"10 elements of the SEC\u2019s proposed cybersecurity rules"}]},{"@type":"WebSite","@id":"https:\/\/iqeq.com\/us\/#website","url":"https:\/\/iqeq.com\/us\/","name":"IQ-EQ U.S.","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/iqeq.com\/us\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/iqeq.com\/us\/#\/schema\/person\/393f39d0fea3dcf3a9a5f42d3ffa8ef7","name":"chantelleharvey","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/iqeq.com\/us\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/6f3edcd14663aca39f17972735631bdd6eee061ee2f963441daef02c9c01bedb?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/6f3edcd14663aca39f17972735631bdd6eee061ee2f963441daef02c9c01bedb?s=96&d=mm&r=g","caption":"chantelleharvey"},"url":"https:\/\/iqeq.com\/us\/insights\/author\/chantelleharvey\/"}]}},"_links":{"self":[{"href":"https:\/\/iqeq.com\/us\/wp-json\/wp\/v2\/posts\/171","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/iqeq.com\/us\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/iqeq.com\/us\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/iqeq.com\/us\/wp-json\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/iqeq.com\/us\/wp-json\/wp\/v2\/comments?post=171"}],"version-history":[{"count":1,"href":"https:\/\/iqeq.com\/us\/wp-json\/wp\/v2\/posts\/171\/revisions"}],"predecessor-version":[{"id":558,"href":"https:\/\/iqeq.com\/us\/wp-json\/wp\/v2\/posts\/171\/revisions\/558"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/iqeq.com\/us\/wp-json\/wp\/v2\/media\/172"}],"wp:attachment":[{"href":"https:\/\/iqeq.com\/us\/wp-json\/wp\/v2\/media?parent=171"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/iqeq.com\/us\/wp-json\/wp\/v2\/categories?post=171"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/iqeq.com\/us\/wp-json\/wp\/v2\/tags?post=171"},{"taxonomy":"expertise","embeddable":true,"href":"https:\/\/iqeq.com\/us\/wp-json\/wp\/v2\/expertise?post=171"},{"taxonomy":"service_category","embeddable":true,"href":"https:\/\/iqeq.com\/us\/wp-json\/wp\/v2\/service_category?post=171"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}