On September 23, 2018, the North American Securities Administrators Association, Inc. (“NASAA”) released a proposed model rule for state-registered investment advisers (“state RIAs”) that would impose new information security and privacy requirements (the “Cyber Proposal”).1 NASAA intends the Cyber Proposal to provide state RIAs with a basic structure for implementing information security policies, procedures and practices and to create uniformity in state regulation of investment adviser cybersecurity.

The Cyber Proposal is intended to build on existing NASAA cybersecurity efforts, such as the 2017 release of a security checklist to help state RIAs identify and remediate cybersecurity vulnerabilities.2

This Legal Update (i) describes the relevant scope of the Cyber Proposal, (ii) explains its substantive requirements, and (iii) highlights some takeaways for the investment adviser industry.

Continue reading.