Regulatory and Legislative

SEC Proposes Requirements to Mitigate Cybersecurity Threats

The Securities and Exchange Commission (SEC) has released a proposed rule “Cybersecurity Risk Management for Investment Advisers, Registered Investment Companies, and Business Development Companies”. According to the press release, the proposed rule would require advisers and investment companies to implement written cybersecurity policies and procedures designed to 1) address cybersecurity risks that could harm advisory clients and fund investors, and 2) publicly disclose significant risks and incidents. The proposed rule would also implement new recordkeeping requirements for advisers and funds to improve the availability of cybersecurity-related information and to help facilitate the SEC’s enforcement capabilities.

The SEC will accept public comments for the longer of 1) 60 days following the release of the proposed rule on the SEC’s website, or 2) 30 days following the publication of the proposed rule in the Federal Register.

Regulatory and Legislative

IRS Provides 403(b) Amendment Cycle Updates

IRS Provides 403(b) Amendment Cycle Updates

The Internal Revenue Service has announced that it intends to begin issuing opinion letters regarding Cycle 2 pre-approved 403(b) plans, including the 2022 cumulative list of changes in those requirements.