Compliance Glossary

RIA Cybersecurity

Home // Compliance Glossary // RIA Cybersecurity

The Securities and Exchange Commission (SEC) has proposed and implemented cybersecurity rules for Registered Investment Advisors (RIAs).
These rules require RIAs to:

  • Develop cybersecurity policies: RIAs must create and document policies and procedures to manage cybersecurity risks.
  • Educate employees: RIAs should educate their employees about cybersecurity.
  • Develop incident response plans: RIAs must create and document plans for responding to cyber incidents.
  • Disclose cybersecurity incidents: RIAs must disclose cybersecurity incidents and risks to clients, investors, and other market participants. The SEC requires that RIAs report cybersecurity incidents within four business days.
  • Notify customers of unauthorized access: RIAs must notify customers of unauthorized access to their sensitive customer information as soon as possible, but no later than 30 days.

Non-compliance with the SEC’s cybersecurity rules can result in penalties such as regulatory fines, reputational damage, loss of client trust, and legal action.

Interested in learning more?

Cybersecurity & Outsourced IT with COMPLY

Sophisticated cyber-attack vectors pose significant threat. Arm your firm with a cybersecurity and outsourced IT solution that’s up to the challenge.

Related Resources

Blog

RIA cybersecurity: Top five FAQs

Learn More >

 Blog

RIA cybersecurity: Levels of cybersecurity training

Learn More >

 Blog

Everything your RIA firm needs to know about the NIST Framework

Learn More >