SEC CORNER

SEC ANNOUNCES PROPOSED CYBER RULES UNDER ADVISERS AND INVESTMENT COMPANY ACTS

The U.S. Securities and Exchange Commission (“SEC”) recently announced proposed rules to address cyber risks under the Investment Advisers Act and the Investment Company Act. 

The proposed rules would require Registered Investments Advisers (“Advisers”) and Business Development Companies (“Funds”) to implement policies and procedures designed specifically to address cyber risks. Under this rule change, Advisers would also be required to maintain records around their risk mitigation efforts and to report significant cybersecurity incidents to the SEC, using a confidential form. Perhaps the most visible change in the eyes of the investing public would be the requirement that funds provide current and prospective investors with a description of any such incidents that have occurred in the preceding two fiscal years. 


It appears from this proposal that the SEC is working to move beyond seeking transparency around cyber risk from regulated entities, in an effort to become de facto enforcers of security standards. The SEC’s proposal contains over twenty pages detailing the elements of the policies and procedures these entities would be required to implement, including risk assessment, user security and access, information protection, threat and vulnerability management, and incident response and recovery.  Although there is a period for public comment, regulated entities would do well to begin reviewing these elements now, because even with some amendments, the SEC can be expected to enact the substance of these proposed rules.

 

The Takeaway

The proposed rules have potential implications on cyber liability insurance, as most policies contain coverage for regulatory proceedings. However, as an investment advisory errors and omissions (“E&O”) policy may also offer regulatory coverage, it is important to consider how these two coverages might interplay in the event of an inquiry by the SEC. 

 

SEC SEEKS FASTER INVESTOR DISCLOSURE TO PUBLIC 

In an effort to distribute market information to the investing public more quickly, U.S. Securities and Exchange Commission (“SEC”) Chair Gary Gensler recently proposed several amendments to the SEC’s disclosure rules. 

First, Gensler proposed that investors who acquire at least a 5% stake of a company must disclose this position within five days. He also recommended that amendments to such filings be provided within one business day, as they have a material impact on the company’s share price. Lastly, Gensler proposed shortening alternative filings for investors with no intention of exerting control over a company to five days. The proposed changes are intended to prevent some market participants, such as activist investors, from having certain advantages in the trading environment that tend to create an imbalance with other shareholders. The proposal also expands regulations concerning derivative securities and their reporting obligations, amongst other changes. 


While technological advances have made shorter deadlines more feasible, the proposal drew dissent from SEC Commissioner Hester Pierce. Pierce noted that the purpose of longer deadlines was to balance the shareholders’ needs to learn about a potential change in company control against investors’ needs to keep their strategies private. The ability to comment on the proposal will remain open through April 2022 and a vote on a final version is expected to take place later this year.

 

SEC ENFORCEMENT ACTIONS, SETTLEMENTS AND JUDGMENTS

February 2022 Noteworthy Enforcement Actions Filed

 Director/Officer

 Role

 Company

 Charles Strongo 

 CEO, CFO 

 Global Wholehealth Partners Corp. 

 James Velissaris 

 Chief Investment Officer 

 Infinity Q Capital Management

February 2022 Noteworthy Settlements and Judgments 

Amount

Director/Officer

Role

Company

$1,392,000.00 

Martin Shkreli

CEO

Retrophin, Inc.

Source: U.S. Securities and Exchange Commission