PLANADVISER - Fall 2023 - 36

Compliance Analysis
The SEC on Cybersecurity
Review your policies and procedures-it's a fiduciary duty
CYBERSECURITY, and related vulnerabilities, have become
the focus of regulators, including the Securities and
Exchange Commission. As a result, investment advisers
registered under the Investment Advisers Act of 1940 should
be reviewing their practices and procedures in light of the
SEC's guidance and proposed cybersecurity regulation.
Current Interpretations
The SEC has stated that certain provisions in the Advisers
Act should be interpreted to require that an adviser firm
have policies and procedures in place to protect its investment
operations and customer information from cyberattack.
Specifically, the SEC cites an adviser's duty of care and
duty of loyalty under the act.
These fiduciary obligations demand that advisers " take
steps to protect client interests from being placed at risk
because of the adviser's inability to provide advisory services. "
Therefore, the adviser should adopt policies and procedures,
in accordance with the SEC's compliance rule at 17 CFR
Section 275.206, designed to minimize operational and other
risks caused by incidents that may prohibit the advisory firm
from providing its services or that would allow for the misuse
of the information on the adviser's systems.
Additionally, the SEC points to Regulation S-P (17 CFR
248.1 through 248.31), which requires that an adviser adopt
written policies and procedures that address safeguards-
administrative, technical and physical-for the protection
of customer records and information. These requirements,
in the SEC's view, extend to protecting the firm and its
customers against cybersecurity threats.
Similarly, the SEC points to its Regulation S-ID (17 CFR
248.201), which demands that advisers implement an identity
theft program, including policies and procedures designed to
detect attempts at, and to react to, identity theft affecting
customers by electronic or other means. Finally, the agency
noted that firms may be required to report to their clients
certain material cybersecurity events on Part 2 of Form ADV.
In 2014, the SEC's Office of Compliance Inspections and
Examinations conducted examinations of adviser information
security policies and procedures. Based on the findings,
the OCIE published, in September 2015, its " Cybersecurity
Initiative Report, " which summarizes the security practices it
observed. And, in January 2020, the office published " Cybersecurity
and Resiliency Observations, " highlighting what it
deemed to be appropriate practices.
The SEC's Cybersecurity Proposal
Notwithstanding the agency's position that the Advisers
Act already requires a firm to adopt policies and procedures
designed to protect itself and its customers from
36 planadviser.com | Fall 2023 | Practice Management
Art by OYOW

http://www.planadviser.com

PLANADVISER - Fall 2023

Table of Contents for the Digital Edition of PLANADVISER - Fall 2023

At the Core
A Need to Show Value
The Talent Pipeline
Inside the Deal
Demand Performance
Are They Legally Binding?
The SEC on Cybersecurity
From Managing to Leading
Can You Predict Client Stress?  
PLANADVISER - Fall 2023 - C1
PLANADVISER - Fall 2023 - FC1
PLANADVISER - Fall 2023 - FC2
PLANADVISER - Fall 2023 - C2
PLANADVISER - Fall 2023 - 1
PLANADVISER - Fall 2023 - 2
PLANADVISER - Fall 2023 - 3
PLANADVISER - Fall 2023 - 4
PLANADVISER - Fall 2023 - 5
PLANADVISER - Fall 2023 - 6
PLANADVISER - Fall 2023 - 7
PLANADVISER - Fall 2023 - 8
PLANADVISER - Fall 2023 - 9
PLANADVISER - Fall 2023 - 10
PLANADVISER - Fall 2023 - 11
PLANADVISER - Fall 2023 - 12
PLANADVISER - Fall 2023 - 13
PLANADVISER - Fall 2023 - 14
PLANADVISER - Fall 2023 - 15
PLANADVISER - Fall 2023 - At the Core
PLANADVISER - Fall 2023 - 17
PLANADVISER - Fall 2023 - 18
PLANADVISER - Fall 2023 - 19
PLANADVISER - Fall 2023 - A Need to Show Value
PLANADVISER - Fall 2023 - 21
PLANADVISER - Fall 2023 - 22
PLANADVISER - Fall 2023 - 23
PLANADVISER - Fall 2023 - 24
PLANADVISER - Fall 2023 - 25
PLANADVISER - Fall 2023 - The Talent Pipeline
PLANADVISER - Fall 2023 - 27
PLANADVISER - Fall 2023 - 28
PLANADVISER - Fall 2023 - 29
PLANADVISER - Fall 2023 - Inside the Deal
PLANADVISER - Fall 2023 - 31
PLANADVISER - Fall 2023 - Demand Performance
PLANADVISER - Fall 2023 - 33
PLANADVISER - Fall 2023 - Are They Legally Binding?
PLANADVISER - Fall 2023 - 35
PLANADVISER - Fall 2023 - The SEC on Cybersecurity
PLANADVISER - Fall 2023 - 37
PLANADVISER - Fall 2023 - From Managing to Leading
PLANADVISER - Fall 2023 - Can You Predict Client Stress?  
PLANADVISER - Fall 2023 - 40
PLANADVISER - Fall 2023 - C3
PLANADVISER - Fall 2023 - C4
https://www.planadviserdigital.com/planadviser/winter_2023
https://www.planadviserdigital.com/planadviser/fall_2023
https://www.planadviserdigital.com/planadviser/summer_2023
https://www.planadviserdigital.com/planadviser/industryleader_2023
https://www.planadviserdigital.com/planadviser/spring_2023
https://www.planadviserdigital.com/planadviser/november_december_2022
https://www.planadviserdigital.com/planadviser/september_october_2022
https://www.planadviserdigital.com/planadviser/july_august_2022
https://www.planadviserdigital.com/planadviser/may_june_2022
https://www.planadviserdigital.com/planadviser/industry_leader_awards_2022
https://www.planadviserdigital.com/planadviser/march_april_2022
https://www.planadviserdigital.com/planadviser/january_february_2022
https://www.planadviserdigital.com/planadviser/november_december_2021
https://www.planadviserdigital.com/planadviser/september_october_2021
https://www.planadviserdigital.com/planadviser/july_august_2021
https://www.planadviserdigital.com/planadviser/may_june_2021
https://www.planadviserdigital.com/planadviser/march_april_2021
https://www.planadviserdigital.com/planadviser/january_february_2021
https://www.planadviserdigital.com/planadviser/november_december_2020
https://www.planadviserdigital.com/planadviser/september_october_2020
https://www.planadviserdigital.com/planadviser/july_august_2020
https://www.planadviserdigital.com/planadviser/may_june_2020
https://www.planadviserdigital.com/planadviser/march_april_2020
https://www.planadviserdigital.com/planadviser/january_february_2020
https://www.planadviserdigital.com/planadviser/november_december_2019
https://www.planadviserdigital.com/planadviser/september_october_2019
https://www.planadviserdigital.com/planadviser/july_august_2019
https://www.planadviserdigital.com/planadviser/may_june_2019
https://www.planadviserdigital.com/planadviser/march_april_2019
https://www.planadviserdigital.com/planadviser/january_february_2019
https://www.planadviserdigital.com/planadviser/november_december_2018
https://www.planadviserdigital.com/planadviser/september_october_2018
https://www.planadviserdigital.com/planadviser/july_august_2018
https://www.planadviserdigital.com/planadviser/may_june_2018
https://www.planadviserdigital.com/planadviser/march_april_2018
https://www.planadviserdigital.com/planadviser/january_february_2018
https://www.planadviserdigital.com/planadviser/november_december_2017
https://www.planadviserdigital.com/planadviser/september_october_2017
https://www.planadviserdigital.com/planadviser/july_august_2017
https://www.nxtbookmedia.com