X

SEC Issues Risk Alert to Announce OCIE Cybersecurity Initiative (with Isajiw Comment)

The SEC Office of Compliance Inspections and Examinations ("OCIE") issued a Risk Alert to provide additional information regarding the Cybersecurity Initiative. The alert states that the OCIE will be conducting examinations of more than 50 registered broker-dealers and investment advisers to assess firms' governance, identification and assessment of cybersecurity risks. Additionally, the OCIE will evaluate the security of networks and information, including risks associated with customer access to fund information, transfer requests, and working with vendors or third parties.

The OCIE's Risk Alert includes a sample request for information and other documents used in the initiative, explaining that the initiative is designed to assess cybersecurity preparedness in the securities industry and obtain information about recent cybersecurity threats.

Isajiw Comment: This action by OCIE demonstrates that the SEC is making cybersecurity regulation a top priority. As discussed at the March 26, 2014 SEC Roundtable (see link below for a summary of the roundtable) concerning the issues and challenges of cybersecurity, cyber-threats arguably are a greater risk to the economy than terrorism. The very real potential of these threats to harm market participants and consumers is highlighted by the spate of recent news reports concerning data breaches at major corporations. Firms should act quickly to assess systemic weaknesses and ensure data security in connection with the OCIE inspections.By issuing a sample questionnaire related to the cybersecurity governance matters on which the SEC is focused, the OCIE has given firms a rare opportunity to prepare in advance for what is likely to be significant regulatory scrutiny of detailed and technical cybersecurity concerns. Firms are well advised to use this information to take a proactive approach to assess and, where appropriate, remediate any cybersecurity weaknesses in connection with (or in advance of) this review.

See also: Description of March 26, 2014 SEC Roundtable;Cadwalader Practice: Cyber and National Security. Related news: OCC Comptroller Curry Discusses Cybersecurity; SEC Commissioner Aguilar Gives FSOC Thumbs-Down on Mutual Funds, Discusses Cybersecurity and Reg. NMS (with Lofchie Comment) (April 2, 2014); SEC Holds Cybersecurity Roundtable (with Delta Strategy Group Summary) (March 27, 2014); Cadwalader C&F Alert: DOJ and FTC Release Joint Antitrust Policy Statement Regarding Sharing of Cybersecurity Information (April 15, 2014).

Tags

Regulated Activities
Data Protection / Cybersecurity Supervision / Compliance
Regulated Entities
Adviser / CTA / CPO Broker-Dealers
Jurisdiction
US - Federal
Organization
SEC
Sub-Author
SEC Division of Examinations (OCIE)