This week the Office of Compliance Inspections and Examinations (“OCIE”) released its latest Risk Alert: Cybersecurity Examination Sweep Summary.
A focused examination of over 100 registered broker-dealers and advisers was conducted to “better understand how broker-dealers and advisers address the legal, regulatory, and compliance issues associated with cybersecurity.”
The results of the exams determined that almost 95% of the broker-dealers included had in fact “adopted written information security policies,” while only 83% of advisers had done so.
Below is a sampling of what the findings revealed:
- A number of Business Continuity Plans addressed the impact of cyber-attacks and outlined mitigation steps
- While almost all firms have written Cybersecurity Policies and Procedures, most did not address the responsibility of client loss due to cyber attacks
- Most firms perform risk assessments on their program, but very few advisers extended such to include their service providers
- A large majority of firms had experienced a cyber attack, with most attacks involving email hacking and spam.
Click here for the full observation list and details.
This summary brings to light the need for more effective cybersecurity measures, both on the broker-dealer and adviser levels. In a previous blog, the Core Compliance team shared their four cybersecurity tips to prevent breaches. Check out the list and be sure to share the information with your compliance team.
For more information on this and other related subjects, please contact us at (619) 278-0020 to schedule a consultation.