An investment adviser settled SEC charges for failing to properly oversee a third-party contractor hired to remove, wipe and destroy decommissioned hardware containing customers' personal identifying information.
Three broker-dealers settled separate SEC charges for failing to implement an adequate supervisory system designed to prevent identity theft for covered accounts.
In submitted comments, financial services and alternative investment associations raised multiple concerns about the SEC's proposal on cybersecurity risk management and reporting requirements for investment advisers and funds.
The SEC proposed cybersecurity risk management and reporting requirements that would be applicable to registered investment advisers, registered investment companies and business development companies. The SEC also proposed amendments to certain rules that govern investment adviser and fund disclosures.
SEC Chair Gary Gensler honed in on three policy areas concerning the SEC's role in protecting the financial sector from cyber risks: (i) cyber hygiene and preparedness, (ii) reporting of certain cyber incidents to the government, and (iii) disclosure of cyber incidents to the public.