Rule 204-2 under the
Investment Advisers Act of 1940
Revision of a currently approved collection
No
Regular
05/23/2022
Requested
Previously Approved
36 Months From Approved
10/31/2024
14,774
13,724
3,049,945
2,764,563
0
0
Rule 204-2 sets forth mandatory
requirements for maintaining and preserving specified books and
records. The records that an adviser must keep in accordance with
rule 204-2 must generally be retained for not less than five years.
The proposed amendments to Rule 204-2 would require advisers to
retain: (1) a copy of their cybersecurity policies and procedures
formulated pursuant to proposed rule 206(4)-9 that is in effect, or
at any time within the past five years was in effect; (2) a copy of
the adviser’s written report documenting the annual review of its
cybersecurity policies and procedures pursuant to proposed rule
206(4)-9 in the last five years; (3) a copy of any Form ADV-C filed
by the adviser under rule 204-6 in the last five years; (4) records
documenting the occurrence of any cybersecurity incident, as
defined in rule 206(4)-9(c), occurring in the last five years,
including records related to any response and recovery from such an
incident; and (5) records documenting any risk assessment conducted
pursuant to the cybersecurity policies and procedures required by
rule 206(4)-9(a)(1) in the last five years.
US Code:
15
USC 80b-4 Name of Law: Investment Advisers Act of 1940
US Code: 15
USC 80b-11 Name of Law: Investment Advisers Act of 1940
PL: Pub.L. 111 - 213 410 Name of Law:
Dodd-Frank Wall Street Reform and Consumer Protection Act
The estimated annual burden
hours associated with rule 204-2 has increased from 2,764,563 hours
to 3,049,945 hours (an increase of 285,382 hours). In addition, the
external cost burden associated with rule 204-2 ($0) has not
changed. The change in annual burden hours is due to our proposed
amendments to rule 204-2 requiring advisers to retain: (1) a copy
of their cybersecurity policies and procedures formulated pursuant
to proposed rule 206(4)-9 that is in effect, or at any time within
the past five years was in effect; (2) a copy of the adviser’s
written report documenting the annual review of its cybersecurity
policies and procedures pursuant to proposed rule 206(4)-9 in the
last five years; (3) a copy of any Form ADV-C filed by the adviser
under rule 204-6 in the last 5 years; (4) records documenting the
occurrence of any cybersecurity incident, as defined in rule
206(4)-9(c), occurring in the last five years, including records
related to any response and recovery from such an incident; and (5)
records documenting any risk assessment conducted pursuant to the
cybersecurity policies and procedures required by rule
206(4)-9(a)(1) in the last five years.
$0
No
No
No
No
No
No
No
Thomas Strumpf 202
551-3135
No
On behalf of this Federal agency, I certify that
the collection of information encompassed by this request complies
with 5 CFR 1320.9 and the related provisions of 5 CFR
1320.8(b)(3).
The following is a summary of the topics, regarding
the proposed collection of information, that the certification
covers:
(i) Why the information is being collected;
(ii) Use of information;
(iii) Burden estimate;
(iv) Nature of response (voluntary, required for a
benefit, or mandatory);
(v) Nature and extent of confidentiality; and
(vi) Need to display currently valid OMB control
number;
If you are unable to certify compliance with any of
these provisions, identify the item by leaving the box unchecked
and explain the reason in the Supporting Statement.
Rule 204-2 (P-Cyber) Supporting Statement.pdf
Rule 204-2, Books and Records to Be Maintained by Investment Advisers