|
|
Matthias Knab, Opalesque for New Managers: At at a recent Opalesque webinar, produced in conjunction with Castle Hall and presented by Chris Addy and Matthias Knab, it became clear that the new SEC Private Fund Rule and an upcoming rule on "cybersecurity risk management, strategy, governance, and incidents" directed at registered investment advisers are meeting a largely unprepared audience. The webinar answered dozens of questions from participants and can be accessed here: https://www.opalesque.com/webinar/index.php?id=58#pw58
The proposed SEC Private Fund Rule was originally put out in February 2022. Final drafts are now circulating between the commissioners, and it is quite likely the rule could come through at any moment. Indeed, by end of August is quite possible.
Some of the key provisions of the proposed rule include:
- Disclosure of fees: The rule would require private fund managers to disclose all fees charged to investors, including management fees, performance fees, and other expenses. This would make it easier for investors to compare the fees charged by different managers and make informed investment decisions.
- Disclosure of performance: The rule would require private fund managers to disclose their investment performance on a quarterly basis. This would help investors track the performance of their investments and make sure that they are getting the returns they expect.
- Disclosure of conflicts of interest: The rule would require private fund managers to disclose any conflicts of interest that could impact their investment decisions. This would help investors understand the potential risks of investing in a particular fund.
The proposed rule has been met with mixed reactions from the private fund industry. Some managers support the rule, arguing that it will make the industry more transparent and protect investors. Others oppose the rule, arguing that it is too burdensome and will make it more difficult to raise capital.
Once the rule is finalized, it will be applicable to all private funds that are registered with the SEC.
Material cybersecurity incidents to be reported within four business days
On July 26, 2023, the SEC issued a final rule that requires registrants to provide enhanced and standardized disclosures regarding "cybersecurity risk management, strategy, governance, and incidents." The final rule addresses concerns over investor access to timely and consistent information related to cybersecurity as a result of the widespread use of digital technologies and artificial intelligence, the shift to hybrid work environments, the rise in the use of crypto assets, and the increase in illicit profits from ransomware and stolen data, all of which continue to escalate cybersecurity risk and its related cost to registrants and investors.
While the published rule related to public companies, the SEC has started putting through rules for registered investment advisers. These are very pervasive - Addy and Knab believe that investment advisors have not really focused on how much is coming through with this new rule set.
The current rule requires public companies to disclose material cybersecurity incidents within four business days of the incident. The disclosure must include information about the nature and scope of the incident, the impact on the company's operations, and the steps the company has taken to mitigate the incident.
The rule also requires companies to provide annual information about their cybersecurity risk management, strategy, and governance. This information must include the company's:
- Risk assessment process
- Incident response plan
- Policies and procedures for managing cybersecurity risks
- Oversight of cybersecurity by the board of directors
A user friendly video replay of the webinar, as well as all future Opalesque educational webinars, are listed here: https://www.opalesque.com/webinar/.
|