• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to secondary sidebar

Alston & Bird Privacy, Cyber & Data Strategy Blog

  • Home
  • Services
  • Events
  • Contacts

SEC Proposed Rule Will Require Private Funds to Report Certain Cyber Events

January 31, 2022 By Kate Hanniford and Alysa Austin

On January 26, 2022, the U.S. Securities and Exchange Commission (SEC) proposed new rules to enhance hedge fund and private fund disclosure requirements and increase regulators’ visibility into the private funds industry.

The proposed rules would amend the SEC’s Form PF, the confidential reporting form by which private funds disclose regulatory assets to the SEC, in an effort to provide regulators with information to better monitor systemic risks to the private markets as a result of the significant growth and complexity of the private fund industry, according to the SEC.

Among the proposed changes to Form PF would require private funds to disclose cybersecurity events that cause a “significant disruption or degradation” of the entity’s “key operations” to the SEC within one business day.  Proposed section 5, Item H would require the entity to provide specific information about the event in its report, including the date of occurrence and date of discovery, along with information concerning its current understanding of the circumstances relating to the operations event and its impact on the normal operations of the reporting fund.  The proposed changes would further require the reporting entity to indicate whether it initiated a business continuity plan in response to the triggering event.

In addition to the provisions contained in the proposed rule, the SEC signaled in footnote 40 of the rule release that the much-anticipated proposed rules to enhance fund and investment adviser disclosures and governance relating to cybersecurity risks are still forthcoming.

Among other proposed changes include reducing the Form PF reporting threshold for private equity funds from $2 billion to $1.5 billion in assets under management, presumably to expand its reporting base, and requiring such entities disclose additional information about fund strategies and their use of leverage and portfolio companies.

The proposed rule is subject to a 30-day notice and comment period upon publication in the Federal Register.

Filed Under: Cyber Risk, Cybersecurity, Enforcement Tagged With: cybersecurity, Notice of Proposed Rulemaking, SEC

About Kate Hanniford

Kate Hanniford is a senior associate with Alston & Bird’s Privacy, Cyber & Data Strategy Team. . She focuses her practice on cybersecurity counseling, as well as federal securities law compliance, enforcement, and litigation.

[Read Bio]

About Alysa Austin

Alysa Austin is an associate with Alston & Bird’s Privacy & Data Security Team and advises clients on cybersecurity compliance, breach investigations and response, online procedures and policies, and vendor contracts.

[Read Bio]

Primary Sidebar

This blog is a service of Alston & Bird’s Privacy, Cyber & Data Strategy team and focuses on key data privacy and data security issues.


Receive email notifications when new posts are added.

Receive email notifications when new posts are added.


THE DIGITAL DOWNLOAD
Click here to see the editions

PRIVACY & CYBER EVENTS
Click here to see upcoming and past events

PRIVACY & CYBER MAILINGS
Click here to sign up

@ALSTONPRIVACY
Click here to follow us on Twitter

Secondary Sidebar

Categories

Recent Posts

  • Recent Exploits of Blockchain Bridges Highlight Need for Cybersecurity in Crypto and Risk of Liability
  • Germany’s Cyber Threat Landscape – Top 3 Lessons from the BKA Situation Report
  • CPPA Board Opposes American Data Privacy and Protection Act
  • SEC Settles Enforcement Actions with Broker-Dealers and Investment Advisors for Identity Protection Deficiencies
  • UK Information Commissioner’s Office Issues Warning on Ransomware Payments
Copyright © 2022 · Alston & Bird · All Rights Reserved. Privacy.