North American Securities Administrators Association publishes model cybersecurity rule (May 2019)

The North American Securities Administrators Association (NASAA) has unveiled a model cybersecurity rule package for state-registered investment advisers.

The model, which has been developed with the intention of bolstering the protection of client data, proposes that investment advisers must establish, adopt and update written cybersecurity policies and procedures. The policies would cover the following core functions: protecting the delivery of the infrastructure; detecting events of security breach; responding to these events; and recovering from these events.

The policies would need to be tailored to the investment adviser’s individual model, accounting for size, types of service and location. In order to become law, the model rule package will need to be adopted by individual states.