If advisors and funds have a data breach and have not implemented the measures described in the IM guidance, the SEC "may take regulatory action because your cybersecurity internal controls and policies and procedures were not sufficient."
Cipperman Compliance Services |