Lessons Learned:
Worth Reading, Watching, and Hearing
Mid-February Regulatory Updates from Cari Hopsfenperger at Foreside.
Topics include:
As background, Form PF requires private fund advisers with at least $150 million in private fund assets under management to report certain information to the SEC at least annually and for a subset of large private fund advisers to provide more information on a more frequent basis.
The rule proposal makes changes in three principal areas including:
On February 9, 2022, the SEC proposed new rules that require investment advisers registered with or required to register with the SEC to adopt policies and procedures reasonably designed to address the cybersecurity risks they face as well as to conduct periodic assessments and annual reviews of their cybersecurity programs. The proposed rules would also require advisers to make and update public disclosures on Form ADV regarding cybersecurity risks and significant cybersecurity incidents and to make additional confidential disclosures to the SEC regarding cybersecurity incidents experienced by the firm or any funds they manage within 48 hours of a cybersecurity incident.
The rule proposal, if adopted, will invariably require advisers to devote significantly more time and resources to cybersecurity risk management.
So cautions Richard Chen:
The SEC is taking aim at investment advisory contracts between the adviser and its clients, and many advisers may need to amend those contracts in light of the staff’s recent guidance where it takes the position that certain contract provisions designed to protect the adviser from liability constitute so-called “hedge clauses” that raise confusion as to whether the client is waiving its right to take action against an adviser provided under federal or state laws. The types of provisions can vary, but the SEC is particularly focused on claims where an adviser disclaims liability for its acts or omissions other than those that result from its gross negligence, willful misconduct, or bad faith.