Managed Funds Association has recommended improvements to the US Securities and Exchange Commission’s proposed Advisers Act Cybersecurity rules in a third comment letter setting out how the SEC can achieve its goals while mitigating negative unintended consequences.
Managed Funds Association (MFA) has recommended improvements to the US Securities and Exchange Commission’s (SEC) proposed Advisers Act Cybersecurity rules in a third comment letter setting out how the SEC can achieve its goals while mitigating negative unintended consequences.
MFA’s recommendations include rule text edits that harmonise the proposed rules with other regulatory requirements and clarify when and how quickly an adviser must report a cybersecurity incident. Additionally, the rule text edits would establish a safe harbour for advisers who adopt a pre-approved, robust cybersecurity framework.
To allow advisers to prioritise combatting and limiting damage from a cyberattack when it occurs and to harmonise incident reporting requirements with those of other regulatory regimes, MFA’s letter proposes a 72-hour reporting window rather than the SEC’s proposed 48-hour timeframe.
MFA’s letter also recommends establishing a safe harbour provision to encourage managers to adopt and utilise the strongest cybersecurity frameworks available.
“The SEC’s cybersecurity proposal weakens an adviser’s ability to respond to cyber-attacks,” said Bryan Corbett, MFA President and CEO. “MFA’s detailed recommendations support the SEC’s objective of bolstering alternative asset managers’ cybersecurity practices by encouraging thoughtful and tailored cybersecurity incident response and risk management while mitigating negative unintended consequences.”
