MFA submitted a comment letter to the U.S. Securities and Exchange Commission’s (SEC) on the proposed rules regarding the Advisers Act Cybersecurity rules. This letter, MFA’s third on the proposal, provides valuable recommendations to help the SEC achieve its policy goals while mitigating negative unintended consequences that may arise from the proposed rules.
MFA raises concerns regarding the expansive nature of certain aspects of the proposed rules, highlighting their potential to diminish cybersecurity across the industry. Furthermore, MFA expresses apprehension regarding the burdensome and excessively rigid reporting requirements that the proposed rule would impose on advisers. MFA highlights the unintended consequences of such requirements, which could potentially divert crucial resources from advisers during a critical period following the identification of an attack.
MFA urges the SEC to incorporate textual revisions into the proposed rules that align them with existing regulatory requirements. This alignment would provide clarity on the timing and expediency with which an adviser should report a cybersecurity incident. Additionally, the rule text edits would establish a safe harbor for advisers who adopt a preapproved, robust cybersecurity framework.