cropped-flc_design2024011690552.png
New-SEC-Requirements-for-Registered-Investment-Advisors

New SEC Requirements for Registered Investment Advisors (RIAs): A Guide to Staying Compliant

As the digital landscape continues to evolve, the financial industry faces increasing scrutiny when it comes to cybersecurity and data protection. RIAs, or registered investment advisors,  are not exempt from this.

Recent modifications to the Securities and Exchange Commission (SEC) laws have put a greater emphasis on cybersecurity compliance for RIAs, making it essential for firms to stay up to date with the newest requirements.

Financial service companies face particular issues, which CyberShield CSC recognizes. With our Cyber Compliance solutions, we help make sure your company stays compliant and protected from new threats.

Are All Investment Advisers Required to Register with the SEC?

Not all investment advisers are required to register with the SEC.

Investment advisers who manage assets under management (AUM) of at least $110 million are generally required to register with the SEC; while advisers whose AUM is less than this amount may need to register with the state regulatory bodies.

There are a few exclusions, though. For instance, advisers managing less than $100 million in AUM may still be subject to SEC oversight if they meet certain conditions, such as advising registered investment companies or business development companies.

What Is the SEC Filing for RIAs?

To ensure transparency and protect investors, the Securities and Exchange Commission (SEC) mandates specific filings that RIAs must complete and maintain.

  1. Form ADV is the cornerstone of the SEC’s regulatory framework for RIAs. It serves as a comprehensive disclosure document that provides detailed information about an advisory firm’s business practices, fees, services, and potential conflicts of interest.
  2. While primarily applicable to larger RIAs managing private funds, Form PF (Private Fund Reporting) requires firms to provide detailed information about their private fund activities.
  3. Effective from June 2020, Form CRS mandates that RIAs provide a concise, standardized disclosure document to their clients.

Compliance with SEC filing requirements is not just a regulatory obligation—accurate and transparent disclosures help clients make informed decisions about their investments. It also helps keep away from cybersecurity risks.

What Are the New Advisor Rules?

SEC-New-Advisor-Rules

The SEC has introduced several new rules for RIAs, particularly around cybersecurity, marketing, and recordkeeping. Some key changes include:

  1. Cybersecurity Requirements: RIAs must now adopt written policies and procedures designed to protect their clients’ sensitive information. These policies should address risk assessments, incident response plans, and the handling of third-party vendors who may have access to sensitive data.
  2. Marketing Rule Changes: The new Marketing Rule, effective since 2021, consolidates the SEC’s advertising and solicitation regulations. This rule impacts how RIAs can promote their services online and on social media.
  3. Recordkeeping Requirements: The SEC has expanded its recordkeeping requirements to ensure that RIAs maintain documentation of communications with clients, particularly regarding investment advice and marketing efforts.

What Is the Requirement of SEBI-Registered Investment Advisors?

Key SEBI requirements include:

  • A cap on fees charged by SEBI-registered RIAs to clients.
  • Prohibitions on RIAs receiving commissions or kickbacks from third-party product providers.
  • A requirement to maintain proper records of client communications and investment decisions for inspection by SEBI.

What is the Expanding Risk for Financial Service Firms?

  • Phishing Attacks
  • Ransomware
  • Data Breaches

What are the New Requirements for Registered Investment Advisers?

  1. RIAs must conduct regular risk assessments to identify vulnerabilities in their systems and processes.
  2. Firms are required to have a well-documented incident response plan that outlines their response plan to cyber incidents.
  3. RIAs must also ensure that third-party vendors who handle sensitive information have adequate cybersecurity measures in place.
  4. Firms must implement measures to protect sensitive client information.

What are the Best Practices for Effective Cyber Risk Management?

  1. Adopt industry-recognized cybersecurity frameworks
  2. Conduct regular cybersecurity awareness training for employees
  3. Regular security audits and penetration testing can help identify weaknesses
  4. Implement a zero-trust approach that requires verification of all users, both inside and outside your organization

Collaborating with a trusted cybersecurity partner, like CyberShield CSC, ensures that your firm receives expert guidance on maintaining compliance and staying protected from emerging cyber threats.

At CyberShield CSC, we specialize in helping RIAs navigate the complexities of cybersecurity compliance. Our services include vCISO services and providing a tailored plan.

Contact us today to learn more about how we can help protect your firm and its clients from cyber risks.

Frequently Asked Questions

A Registered Investment Advisor (RIA) is a firm or individual that provides financial advice to clients and is registered either with the Securities and Exchange Commission (SEC) or a state-level regulatory authority.

Form ADV provides detailed information about the firm’s operations, fees, services, and any conflicts of interest.

While the SEC has not set a specific frequency, RIAs are expected to conduct regular cybersecurity risk assessments to identify potential vulnerabilities.
Send Us Email

info@cybershieldcsc.com
Simple drop us an email at and you'll receive a reply within 24 hours

Make a Call

813-920-0085
Give us a ring.Our Experts are standing by monday to friday from 9am to 5pm EST.

Questions or Comments? Get in Touch