2022 is not even halfway over, and the Securities and Exchange Commission (SEC) has already made it a banner year for the SEC’s efforts to shape cybersecurity policy. This alert highlights this year’s cyber developments to date and the SEC’s likely future regulatory efforts in this space.

Several states are offering legal safe harbors to businesses that follow industry-recommended cybersecurity frameworks, in a carrot-not-stick approach intended to encourage better defenses.

The Securities and Exchange Commission has bolstered the size of its teams dealing with cybersecurity and cryptocurrency, according to the associate director of its enforcement division. Last year, the Securities and Exchange Commission sanctioned eight firms for cybersecurity failures.

It’s rainy season for proposed SEC cybersecurity rules. The first watershed was proposed regulations targeting investment companies’ and advisers’ cybersecurity preparedness. See “SEC Plants New Cybersecurity Regulations; Time Will Tell What Will Bloom.” The next torrent arrived on March 9 and threatens to soak public companies. See “Four Takeaways From the SEC’s Proposed Cyber Rule for Public Companies.”

While the proposals differ in many respects, the forecast is clear:

In its most focused and significant response to cyber threats in nearly 20 years, the Securities and Exchange Commission released on Feb. 9 proposed new rules regarding cybersecurity risk management, risk disclosures and reporting. My partner Trina Glass spoke to me about the impact that Rule 206(4)-9 under the Investment Advisers Act of 1940 and Rule 38-2 under the Investment Company Act of 1940 could have on the advisory industry.

An investment adviser’s ability to protect sensitive records and continue mission-critical services during times of stress will be on the Securities and Exchange Commission’s exam docket in 2022

On February 9, 2022, the Securities Exchange Commission (“SEC” or “Commission”) voted 3-1 to propose rules, forms and amendments concerning cybersecurity risk management, as well as registered investment adviser and fund disclosures. As we have previously discussed, the proposal under the Investment Advisers Act of 1940 (Advisers Act) and the Investment Company Act of 1940 (Investment Company Act) seeks to set out specific requirements for cybersecurity risk management for registered investment advisers (RIAs), registered investment companies (“RICs,” including mutual funds, exchange-traded funds (ETFs), unit investment trusts (UITs), and closed-end funds) and business development companies (BDCs)1 and related amendments to certain rules and forms that govern RIA and fund disclosures.

Rounding out a series of quarter-end announcements from the US Securities and Exchange Commission (SEC), the Division of Examinations (Exams) announced its 2022 examination priorities on March 30, 2022. These priorities reflect SEC Chair Gary Gensler's stated view that the examinations program is crucial to the SEC's work to protect investors and instill trust in markets. Exams will focus on, among other things, (i) private funds, (ii) broker-dealers, (iii) Environmental, Social, and Governance (ESG) or impact investing, (iv) financial technology (FinTech) and crypto-assets, and (v) information security (InfoSec) and operational resiliency.

The Securities and Exchange Commission (“SEC”) recently published proposed rulemaking regarding cybersecurity for (1) investment advisers and funds and (2) public companies. If implemented, these rules will have significant impact regarding cybersecurity governance, risk management by management, oversight by boards of directors, and the maintenance and update of policies, procedures, and compliance programs regarding cybersecurity.

This 27-year-old finance pro lost $3,000 to an Instagram scam — here are the 4 red flags he missed

In a world where Elizabeth Holmes, Anna Delvey and the Tinder Swindler co-exist, it seems like scammers are waiting for unsuspecting victims around every corner. Sometimes, those victims are even sophisticated finance professionals.