ICI Comment Letter on Proposed Cybersecurity Risk Management Rule for Investment Companies and Investment Advisers
The Investment Company Institute appreciates the opportunity to provide its comments in response to the U.S. Securities and Exchange Commission reopening the comment period on the rule it proposed last year that would require registered investment companies and investment advisers to adopt and implement written cybersecurity risk programs. The Commission is reopening the comment period “to allow interested person additional time to analyze the issues and prepare their comments in light of other regulatory developments in cybersecurity.” These other regulatory developments include the Commission’s proposed cybersecurity risk management rule for broker-dealers, transfer agents, and other covered entities and revisions to Regulation S-P.
Last year, the Institute filed detailed comments on the 2022 Release. We were disappointed to see none of our recommended revisions nor similar recommendations from other public commenters reflected in the 2023 Release. In fact, with two exceptions, the 2023 Release is identical to the 2022 Release.
Read more in the comment letter.