In BoardIQ, data, privacy & cybersecurity partner and co-chair Ed McNicholas (Washington, D.C.) explained how fund board oversight will be affected by the new Securities and Exchange Commission cybersecurity disclosure regulatory guidance that mandates annual investor disclosures on cybersecurity preparedness, and requires advisors to maintain records on such practices.
Ed explains that several other regulators have pushed towards more specificity in terms of requiring specific cybersecurity risk management controls, such as using multi-factor authentication. He notes the SEC is trying to preserve more technological flexibility and margin to maneuver, while using enforcement actions and disclosure obligations to establish expectations.
Stay Up To Date with Ropes & Gray
Ropes & Gray attorneys provide timely analysis on legal developments, court decisions and changes in legislation and regulations.
Stay in the loop with all things Ropes & Gray, and find out more about our people, culture, initiatives and everything that’s happening.
We regularly notify our clients and contacts of significant legal developments, news, webinars and teleconferences that affect their industries.