On February 9, 2022, the Securities Exchange Commission (“SEC” or “Commission”) voted 3-1 to propose rules, forms and amendments concerning cybersecurity risk management, as well as registered investment adviser and fund disclosures. As we have previously discussed, the proposal under the Investment Advisers Act of 1940 (Advisers Act) and the Investment Company Act of

Adam D. Kanter
SEC Proposals Would Significantly Impact Private Fund Advisers and Impose New Cybersecurity Requirements on Registered Advisers and Funds, including BDCs
On February 9, 2022, the US Securities and Exchange Commission (SEC) voted to propose several new rules and amendments to existing rules that would significantly alter the current requirements for investment advisers and funds, with one proposal specifically focused on private funds and the other focused on cybersecurity.
SEC’s OCIE Issues Risk Alert for Investment Adviser and Broker-Dealer Compliance Issues Related to Regulation S-P
On April 16, 2019, the staff from the Office of Compliance Inspections and Examinations (the “OCIE”) of the US Securities and Exchange Commission (“SEC”) published a Risk Alert describing privacy and related customer information safeguarding issues it has identified in recent examinations of registered investment advisers and broker-dealers (“Registered Entities”).1 These issues continue to…
NASAA Proposes Investment Adviser Model Cybersecurity Rule
On September 23, 2018, the North American Securities Administrators Association, Inc. (“NASAA”) released a proposed model rule for state-registered investment advisers (“state RIAs”) that would impose new information security and privacy requirements (the “Cyber Proposal”).1 NASAA intends the Cyber Proposal to provide state RIAs with a basic structure for implementing information security policies, procedures…
SEC Brings First Enforcement Action Under the Identity Theft Red Flags Rule
On September 26, 2018, the US Securities and Exchange Commission (“SEC”) brought and settled charges against a registered broker-dealer/investment adviser (the “Registrant”) for allegedly violating the Gramm-Leach-Bliley Act Safeguards Rule (Regulation S-P) and the Identity Theft Red Flags Rule (Regulation S-ID).1 The Registrant allegedly violated the SEC’s rules by failing to implement appropriately designed…
Form ADV: New Disclosure Requirements and Additional Disclosures to Consider
The compliance date is fast approaching for the US Securities and Exchange Commission’s recently adopted amendments to Form ADV. Initial or amended Form ADVs filed on or after October 1, 2017 (with limited exception, as discussed in this Legal Update) must comply with the amendments. Among other things, the amendments require advisers to provide additional…
US Securities and Exchange Commission’s Office of Compliance Inspections and Examinations Announces Results of Cybersecurity Examination Initiative
On August 7, 2017, the Office of Compliance Inspections and Examinations (“OCIE”) of the US Securities and Exchange Commission (“SEC”) announced the results of its second cybersecurity examination initiative.1 This initiative built on the SEC’s 2014 cybersecurity examination initiative (“Cybersecurity 1 Initiative”) but “involved more validation and testing of procedures and controls surrounding cybersecurity…
US Securities and Exchange Commission Continues Focus on Cybersecurity by Bringing Charges Against a Registered Investment Adviser for Violations of Regulation S-P
On September 22, 2015, the US Securities and Exchange Commission (“SEC”) brought and settled charges against a registered investment adviser (the “RIA”) for violations of the Gramm-Leach-Bliley Act’s “safeguards rule” adopted under Regulation S-P.1 These violations occurred immediately prior to a cybersecurity breach of the RIA’s systems, in which the hackers may have obtained…
Mayer Brown Explains SEC’s Continued Focus on Cybersecurity
In a bylined article, Cybersecurity & Data Privacy partner Rajesh De, Financial Services Regulatory & Enforcement partner Jeffrey P. Taft, Corporate & Securities associate Adam D. Kanter, and Financial Services Regulatory and Enforcement associate Matthew Bisanz (all Washington DC) examine the SEC’s continued focus on cybersecurity.