White Paper: Unveiling Industry Perspectives on the SEC’s Proposed Cyber Rule 206(4)-9

We are pleased to present our white paper: Unveiling Industry Perspectives on the SEC’s Proposed Cyber Rule 206(4)-9.

In February of 2022, the U.S. Securities and Exchange Commission (SEC) released its proposal for Rule 206(4)-9 (the Rule), which establishes cybersecurity risk management expectations for investment advisers and investment companies. Since its proposal, the rule has had a twice-extended comment period, giving the public and affected companies ample opportunity to weigh in on the costs and benefits of the rule. With ninety-five public comments submitted since the Rule was first proposed — totaling around 900 pages of written feedback – we have a unique opportunity to understand the industry’s reaction to this proposal.

The SEC’s intent with this Rule is to create standards for cybersecurity programs to protect the stability of markets and investors’ interest from ever-growing cyber threats. While most commenters agree that cybersecurity needs to be regulated and assessed on some level, they note there is still room for improvement in how this should be achieved.

Our latest white paper will provide an overview of the seven major cybersecurity requirements within the Rule and offer context for what commenters believe to be the most challenging aspects of each requirement. The comments submitted by firms are also signposts as to where the SEC could make modifications to the proposed Rule. However, regardless of if the SEC modifies the Rule, or maintains its current form, covered firms will have much to prepare for before the Rule is scheduled to receive its final vote this fall.

Download our white paper

How we help

Our cybersecurity and compliance experts are always available to discuss your cybersecurity needs. ACA Aponix^®  can help your firm develop, implement, and maintain the required information security program to meet the SEC's regulatory requirements, including:

• Support and advice to build and to assess an organization’s cybersecurity risk, identify cybersecurity program gaps, and draft and execute against a mitigation roadmap.
• Risk assessments and mock regulatory exams to identify and remediate gaps in a firm’s current cybersecurity and regulatory state.
• Policy development, business continuity planning, and impact analysis complete with robust policies, plans, and procedures to better protect your company from data breaches and efficiently recover from a cyber incident or significant business disruption.

For questions, or to discuss how ACA can help your firm strengthen its cyber program, increase efficiencies through technology, and ensure your regulatory obligations are met, reach out to your ACA consultant or contact us here.