Home / Agencies / SEC / 2023-05766
Proposed Rule

Cybersecurity Risk Management for Investment Advisers, Registered Investment Companies, and Business Development Companies; Reopening of Comment Period

Agency
Document Number
2023-05766
Published
March 21, 2023
Effective Date
March 9, 2022

Abstract

The Securities and Exchange Commission ("Commission") is reopening the comment period for a release ("Investment Management Cybersecurity Release") proposing new rules under the Investment Advisers Act of 1940 ("Advisers Act") and the Investment Company Act of 1940 ("Investment Company Act") that would require registered investment advisers ("advisers") and investment companies ("funds") to adopt and implement written cybersecurity policies and procedures reasonably designed to address cybersecurity risks, disclose information about cybersecurity risks and incidents, report information confidentially to the Commission about certain cybersecurity incidents, and maintain related records. Reopening the comment period for the Investment Management Cybersecurity Release will allow interested persons additional time to analyze the issues and prepare their comments in light of other regulatory developments on cybersecurity.

Federal Register Source

This document is published by the Office of the Federal Register, National Archives and Records Administration. Access the full regulatory text, preamble, and docket comments below.

View Full Text on FederalRegister.gov →

Opens in new tab · federalregister.gov

Frequently Asked Questions

What is the 2023-05766 Federal Register document?
Document 2023-05766 is a Proposed Rule published by the Securities and Exchange Commission in the Federal Register on March 21, 2023, with an effective date of March 9, 2022. The Securities and Exchange Commission ("Commission") is reopening the comment period for a release ("Investment Management Cybersecurity Release") proposing new rules under the Investment Advisers Act of 1940 ("Advisers Act") and the Investment Company Act of 1940 ("Investment Company Act") that would require registered investment advisers ("advisers") and investment companies ("funds") to adopt and implement written cybersecurity policies and procedures reasonably designed to address cybersecurity risks, disclose information about cybersecurity risks and incidents, report information confidentially to the Commission about certain cybersecurity incidents, and maintain related records. Reopening the comment period for the Investment Management Cybersecurity Release will allow interested persons additional time to analyze the issues and prepare their comments in light of other regulatory developments on cybersecurity. View the original at https://www.federalregister.gov/documents/2023/03/21/2023-05766/cybersecurity-risk-management-for-investment-advisers-registered-investment-companies-and-business.
Is document 2023-05766 an economically significant rule?
No. Document 2023-05766 is not classified as economically significant under Executive Order 12866. Economically significant rules require OIRA review and are estimated to have impacts of $100 million or more per year.
Data sourced from official state legislatures, IAPP, NCSL, and federal regulatory trackers. See our methodology for details. Retrieved and formatted by PlainRegWatch Editorial

Every figure on PlainRegWatch is rendered directly from state source data, no number is typed in by an editor. This page draws directly on federal and state source data, no figure is typed in by an editor. See our editorial standards & corrections policy, the methodology behind these numbers, or report a data error.