OCIE Publishes Risk Alert Summarizing Observations from Recent Cybersecurity Examinations

OCIE Publishes Risk Alert Summarizing Observations from Recent Cybersecurity Examinations

On August 7, 2017, the SEC’s Office of Compliance Inspections and Examinations (OCIE) issued a Risk Alert summarizing its observations from cybersecurity preparedness examinations conducted of 75 broker-dealers, investment advisers and investment companies.1 These exams are part of OCIE’s Cybersecurity 2 Initiative. The examinations focused on six particular areas: (1) governance and risk assessment; (2) access rights and controls; (3) data loss prevention; (4) vendor management; (5) training; and (6) incident response. …

ocie

FINRA Report on Cybersecurity Practices (2015)

FinraFeb2015

On February 4, 2015, FINRA published its report on cybersecurity practices arising out of its 2014 targeted examination of firms’ cybersecurity preparedness.  The Report reflects FINRA’s risk management-based approach to cybersecurity issues, identifying principles and “effective practices” for member firms to consider, as opposed to decreeing specific requirements, policies or procedures. FINRA characterizes its intent in preparing the Report as an attempt to focus firms on a “risk management-based approach to cybersecurity” that can be tailored to each firm’s particular circumstances. . .

 

SEC Issues Cybersecurity Exam Observations (2015)

SECCyber

On February 3, 2015, the SEC’s Office of Compliance Inspections and Examinations (OCIE) issued a Risk Alert summarizing its findings following examination of the preparedness of 57 broker-dealers and 49 investment advisory firms to address legal, regulatory and compliance challenges related to cybersecurity. These examinations grew out of the SEC’s Cybersecurity Examination Initiative which began last year . . .