Proposed recommendations would enable SEC to achieve policy goals while mitigating negative unintended consequences.
Washington, DC— Managed Funds Association (MFA) recommended improvements to the U.S. Securities and Exchange Commission’s (SEC) proposed Advisers Act Cybersecurity rules. MFA’s third comment letter on the proposal demonstrates how the SEC can achieve its policy goals while mitigating negative unintended consequences that would result from the rules as initially proposed.
MFA’s recommendations include rule text edits that harmonize the proposed rules with other regulatory requirements and clarify when and how quickly an adviser must report a cybersecurity incident. Additionally, the rule text edits would establish a safe harbor for advisers who adopt a preapproved, robust cybersecurity framework.
“The SEC’s cybersecurity proposal weakens an adviser’s ability to respond to cyber-attacks,” said Bryan Corbett, MFA President and CEO. “MFA’s detailed recommendations support the SEC’s objective of bolstering alternative asset managers’ cybersecurity practices by encouraging thoughtful and tailored cybersecurity incident response and risk management while mitigating negative unintended consequences.”
To allow advisers to prioritize combatting and limiting damage from a cyberattack when it occurs and to harmonize incident reporting requirements with those of other regulatory regimes, MFA’s letter proposes a 72-hour reporting window. From the letter:
Requiring an adviser to file a report within 48 hours after discovery of a cybersecurity incident would have the negative unintended consequence of diverting adviser resources away from responding to the incident itself and communicating with law enforcement and/or other stakeholders during a critical window… Moreover, a 72-hour reporting window would harmonize with other regulatory requirements to which advisers may be subject, such as the New York Department of Financial Services’ Cybersecurity Regulation and the EU General Data Protection Regulation, as well as with “current report” reporting requirements under Form PF.
MFA’s letter also recommends establishing a safe harbor provision to encourage managers to adopt and utilize the strongest cybersecurity frameworks available. From the letter:
Establishing a safe harbor for advisers who adopt and utilize programs that align with one or more of the recognized frameworks listed… will promote and encourage the use of such frameworks, allowing advisers and their investors to benefit from the considerable industry expertise and ongoing refinement reflected in each such framework. Moreover, advisers who opt to adopt and utilize such programs should not be second-guessed with the benefit of hindsight as to the suitability of their related policies and procedures.
MFA’s latest comment letter can be found here.
About the Global Alternative Asset Management Industry
The global alternative asset management industry, including hedge funds, credit funds, and crossover funds, has assets under management of $4 trillion (Q4 2022). The industry serves thousands of public and private pension funds, charitable endowments, foundations, sovereign governments, and other global institutional investors by providing portfolio diversification and risk-adjusted returns to help meet their funding obligations and return targets.
About Managed Funds Association
Managed Funds Association (MFA), based in Washington, DC, New York, Brussels, and London, represents the global alternative asset management industry. MFA’s mission is to advance the ability of alternative asset managers to raise capital, invest, and generate returns for their beneficiaries. MFA advocates on behalf of its membership and convenes stakeholders to address global regulatory, operational, and business issues. MFA has more than 170 member firms, including traditional hedge funds, credit funds, and crossover funds, that collectively manage nearly $2.2 trillion across a diverse group of investment strategies. Member firms help pension plans, university endowments, charitable foundations, and other institutional investors to diversify their investments, manage risk, and generate attractive returns over time.
