OCIE to Perform Second Round of Cybersecurity Exams



Over the last year, cybersecurity has been a top focus for the Securities and Exchange Commission (“SEC”) prompting them to issue various guidance to financial firms in the way of risk alerts and guidance statements, and to investors via investor alerts[1]. On September 15, 2015 the SEC’s Office of Compliance Inspections and Examinations’ (“OCIE”) issued another Risk Alert, titled “OCIE’s 2015 Cybersecurity Examination Initiative”, which outlines that OCIE will be performing a second round of cybersecurity exams on registered broker-dealers and investment advisers.

According to the Risk Alert, “the Cybersecurity Examination Initiative is designed to build on OCIE’s previous examinations in this area and further assess cybersecurity preparedness in the securities industry.”

The September 15th alert provides details on the areas of focus for this next round of exams, which include:

  • Governance and Risk Assessment
  • Access Rights and Controls
  • Data Loss Prevention
  • Vendor Management
  • Training
  • Incident Response

In addition, the Risk Alert contains a sample copy of the document and information request letter OCIE is issuing to examined firms.

Importantly, this Risk Alert confirms the importance the SEC is placing on this topic and the need for firms to ensure they have effective cybersecurity measures in place.

For helpful cybersecurity tips from the CCLS Consultants, check out one of our previous blogs, “The Big Four: Cybersecurity Tips.”

CCLS can assist firms with getting prepared for an OCIE cybersecurity exam, including assistance with performing risk assessments, creating written policies and procedures, and provide employee training. For more information, please contact us at info@corecls.com or (619) 298-2880.

[1] See www.sec.gov.