Each month, Core Compliance & Legal Services, Inc. (“CCLS”) publishes a Risk Management Update (“RMU”), authored by one of our staff members on a current “hot topic” in the securities industry. In late May 2014, CCLS’s Lead Senior Compliance Consultant, Tina Mitchell, concentrates on one of the industry’s most urgent concerns – cybersecurity – and how recent regulatory initiatives impact the development and risk management of effective cybersecurity programs for investment advisers (“IAs”) and broker-dealers (“BDs”).
With the Securities Exchange Commission’s (“SEC’s”) Office of Compliance Inspections and Examinations (“OCIE”) April 2014 Risk Alert announcement of a greater agency focus on cybersecurity governance, threat management, network protection and remote client access issues, SEC-registered investment advisers and broker-dealers must now more than ever address high risk areas of their cybersecurity programs. Mitchell begins her RMU by outlining five key areas of high cybersecurity risk, including:
- Lack of Senior Management Involvement
- Not Considering Associated Regulations
- Being Underinsured
- Lack of Trainings for Employees.
- Inadequate Due Diligence of Service Providers
She then references the SEC’s document request letter, issued with its Risk Alert, as a key tool for assisting firms with assessing risk in their current or developing programs. Other key testing and control efforts are also emphasized by Mitchell, such as appointing appropriate personnel to monitor the program; requiring strong passwords and encrypting services; and incorporating cyber threats testing into a firm’s business continuity plan (“BCP”).
To read a PDF of the full article “Cybersecurity – Important Considerations for Investment Advisers and Broker-Dealers,” please click here. To browse our RMU library, including insightful articles on a wide range of industry topics, please click here.
For more information, or for assistance on other compliance topics, please contact us at (619) 278-0020, or email us at firstname.lastname@example.org.
GENERAL DISCLAIMER: Information contained within this blog does not create a business-client relationship, and none of the content of this blog can be deemed to be consultive business advice.