Header graphic for print
The BD/IA Regulator Providing securities regulatory, enforcement and litigation trends for broker-dealers, investment advisers and investment funds

OCIE Provides Insight into Issues Identified in Recent Cybersecurity Sweep

Posted in Broker-Dealer Regulation, Cybersecurity/Privacy, Fund Regulation, Investment Adviser Regulation

The National Exam Program of the SEC’s Office of Compliance Inspections and Examinations (OCIE) recently published its observations from the second generation of its Cybersecurity Initiative. It reported overall improvement in firms’ cybersecurity awareness and preparedness, but said there is plenty of room for improvement. The staff noted that many firms have failed to adopt procedures reasonably tailored to their specific needs, and identified how firms can develop a more robust control environment.

OCIE examined 75 firms, including broker-dealers, investment advisers, and registered funds. It said that it conducted more validation and testing of the firms’ policies and procedures than during prior cybersecurity examinations and focused its testing on: (1) governance and risk assessment; (2) access rights and controls; (3) data loss prevention; (4) vendor management; (5) training; and (6) incident response.

Read our client alert.