From our friends at SEC³ , the August regulatory updates you need to know about:

• More Flack on WhatsApp, Hypothetical Performance SmackDown, A Timely Warning on the Pay-to-Play Rule, and Updates to Qualifying Venture Capital Fund Exemption
• 26 More Firms Slammed with $390 Million in Fines for Failure to Retain Texts and Chats
• Adviser Ordered to Stop Using Hypothetical Performance on Public Website
• Adviser Pays $95,000 Fine for Pay-to-Play Foot Fault in a Timely Reminder this Election Season
• Venture Capital Funds Adjustment for Inflation

Read all about them here.

The SEC has just finalized rules requiring RIAs to adopt new measures for responding to cybersecurity incidents and notifying clients of such incidents.

RIAs and broker-dealers , among others, will now be required to develop, implement, and maintain written policies and procedures for an incident response program reasonably designed to detect, respond to, and recover from unauthorized access to or use of customer information.

The policies and procedures must address assessment of the situation, containment of the situation, and notification of affected clients.

Large advisers (i.e., those with at least $1.5 billion in assets under management) would need to comply with the new rules within 18 months of the publication of the final rules in the Federal Register while smaller advisers would need to comply within 24 months of such publication date.

Read more here.