Cybersecurity Risk Management for Investment Advisers, Registered Investment Companies, and Business Development Companies

The Securities and Exchange Commission (“Commission”) is reopening the comment period for a release (“Investment Management Cybersecurity Release”) proposing new rules under the Investment Advisers Act of 1940 (“Advisers Act”) and the Investment Company Act of 1940 (“Investment Company Act”) that would require registered investment advisers (“advisers”) and investment companies (“funds”) to adopt and implement written cybersecurity policies and procedures reasonably designed to address cybersecurity risks, disclose information about cybersecurity risks and incidents, report information confidentially to the Commission about certain cybersecurity incidents, and maintain related records. Reopening the comment period for the Investment Management Cybersecurity Release will allow interested persons additional time to analyze the issues and prepare their comments in light of other regulatory developments on cybersecurity.