Mar. 22, 2023
March 22, 2023 Public Comment on Proposed Cybersecurity Risk Management Rules and Amendments To the U.S. Securities and Exchange Commission, I am writing to express my concerns and provide feedback on the proposed cybersecurity risk management rules and related amendments under the Investment Advisers Act of 1940 and the Investment Company Act of 1940. While I appreciate the Commission's efforts to enhance the preparedness and resilience of investment advisers and investment companies against cybersecurity threats, I am particularly concerned about the potential for bad actors to exploit cybersecurity vulnerabilities to hide corruption within investment funds and government institutions. My concerns stem from the increasing sophistication and capabilities of malicious actors who may seek to undermine the integrity of our financial systems. By circumventing cybersecurity measures, these individuals or groups may not only gain unauthorized access to sensitive data but also manipulate, alter, or delete critical information to conceal fraudulent activities and corruption. To address this issue, I believe that a strong emphasis should be placed on whistleblower protection and rewards, as whistleblowers play a crucial role in uncovering corruption and fraudulent activities. The following suggestions aim to strengthen the proposed cybersecurity risk management rules and amendments by enhancing whistleblower protections and rewards: Robust Whistleblower Protections: Implement strong whistleblower protection measures to encourage employees and other stakeholders to report suspected corruption or fraudulent activities without fear of retaliation. Such measures should include strict policies prohibiting retaliation against whistleblowers, along with legal remedies and support for those who experience retaliation. Substantial Rewards for Whistleblowers: Offer significant financial incentives for whistleblowers who provide information leading to successful enforcement actions against corruption and fraudulent activities. These rewards should be commensurate with the monetary sanctions collected as a result of the enforcement actions and should serve as a powerful motivator for individuals to come forward with valuable information. Confidentiality and Anonymity for Whistleblowers: Ensure that whistleblowers have the option to remain anonymous when reporting suspected corruption or fraudulent activities, and that their identities are protected throughout the investigation and enforcement process. Confidentiality should be maintained to the fullest extent possible under the law. Clear Reporting Channels and Processes: Establish clear and easily accessible reporting channels for whistleblowers within investment advisers and investment companies, along with a transparent process for handling and investigating whistleblower reports. This will help ensure that reports are taken seriously and acted upon promptly. In addition to the above suggestions focusing on whistleblower protections and rewards, I also recommend implementing enhanced monitoring and auditing, promoting collaboration with law enforcement and regulatory agencies, and requiring mandatory training and education programs as previously mentioned in my initial comment. By incorporating these additional measures into the proposed cybersecurity risk management rules and amendments, the Commission can further strengthen the resilience of investment advisers and investment companies against cybersecurity threats while also working to prevent the exploitation of cybersecurity vulnerabilities for the purpose of concealing corruption and other fraudulent activities. Thank you for considering my comments and suggestions. I believe that a collaborative approach between the financial industry, regulatory agencies, and the public is crucial to effectively address these pressing issues and protect the integrity of our financial markets. Sincerely, Trevor Panhorst