Over the last year, cybersecurity has been a top focus for the Securities and Exchange Commission (“SEC”) prompting them to issue various guidance to financial firms in the way of risk alerts and guidance statements, and to investors via investor alerts. On September 15, 2015, the SEC’s Office of Compliance Inspections and Examinations (“OCIE”) issued another Risk Alert, titled “OCIE’s 2015 Cybersecurity Examination Initiative”, which outlines that OCIE will be performing a second round of cybersecurity exams on registered broker-dealers and investment advisers.
According to Risk Alert, “the Cybersecurity Examination Initiative is designed to build on OCIE’s previous examinations in this area and further assess cybersecurity preparedness in the securities industry.”
The September 15th alert provides details on the areas of focus for this next round of exams, which include:
- Governance and Risk Assessment
- Access Rights and Controls
- Data Loss Prevention
- Vendor Management
- Incident Response
In addition, the Risk Alert contains a sample copy of the document and information request letter OCIE is issuing to examined firms.
Importantly, this Risk Alert confirms the importance the SEC is placing on this topic and the need for firms to ensure they have effective cybersecurity measures in place.
Core Compliance can assist firms with getting prepared for an OCIE cybersecurity exam, including assistance with performing risk assessments, creating written policies and procedures, and providing employee training. For more information, please contact us at (619) 278-0020 to schedule a consultation.