On August 7, 2017, the SEC’s Office of Compliance Inspections and Examinations (OCIE) issued its third National Exam Program Risk Alert of the 2017 calendar year, detailing OCIE’s findings and observations from its Cybersecurity 2 Initiative. This Cybersecurity 2 Initiative, the name for OCIE’s second round of cybersecurity examinations, builds on OCIE’s prior 2015 Cybersecurity 1 Initiative, and includes more robust validation and testing of cybersecurity controls to evaluate how well firms implement and follow their cybersecurity-related policies and procedures.

This latest OCIE Risk Alert summarizes the exam staff’s findings after conducting examinations of 75 firms, consisting of broker-dealers, investment advisers and investment companies registered with the SEC and includes three key sections. First, the staff provided a summary of its exam observations, including discussions of the use by registrants of risk assessments, penetration testing, tools to monitor loss of personal data, and other policies, procedures and methods for dealing with cybersecurity and related business continuity issues. Second, the staff noted that the vast majority of examinations uncovered one or more cybersecurity-related issues, and highlighted certain of the more prevalent issues observed by the staff. Finally, and perhaps most notably, the staff provided a list of “several elements that were included in the policies and procedures of firms that the staff believes had implemented robust controls.” When creating and implementing cybersecurity programs, other registrants may benefit from considering these good practices identified by the staff. We will be publishing a more detailed summary and analysis of the August 2017 Risk Alert, and in particular these guideposts for registrants consideration, in the coming week.

The August 2017 Risk Alert is the second cybersecurity-related Risk Alert issued by OCIE this year (the May 2017 Risk Alert dealt with ransomware issues), and with the September 2015 Risk Alert is the fifth expressly dealing with cybersecurity since 2014 when OCIE announced its Cybersecurity Preparedness Initiative, the results of which were summarized in a February 2015 Risk Alert. It is safe to say that not only has the SEC’s interest in cybersecurity issues faced by broker-dealers, investment advisers and investment companies not waned but, as is the case in almost every industry, it has intensified.

Financial industry participants registered with or subject to oversight by the SEC need to take notice of the spate of information on this topic produced by the SEC and be mindful of the concepts discussed by OCIE in these releases when creating, reviewing and/or modifying their cybersecurity policies and procedures to comply with and meet SEC regulatory requirements and expectations.

Tags: advisers, arthur don, broker-dealers, cybersecurity, Elizabeth Rogers, Greenberg Traurig, gtlaw, gt_law, Investment, OCIE, OCIE Risk Alert, Richard Cutshall, SEC
Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Arthur Don Arthur Don

Arthur Don has more than 45 years of experience representing public and private investment companies, money managers and investment advisers, mutual funds and their independent directors, private investment funds (including private equity funds and real estate funds), and broker-dealers. His practice focuses on…

Arthur Don has more than 45 years of experience representing public and private investment companies, money managers and investment advisers, mutual funds and their independent directors, private investment funds (including private equity funds and real estate funds), and broker-dealers. His practice focuses on regulatory structuring and compliance matters, governance, and sophisticated securities matters and transactions.

Throughout his career, Arthur has represented some of the nation’s most well-known and successful investment managers. His decades-long experience in the investment management arena enables him to provide bespoke counseling and strategies.

In addition, Arthur has represented issuers and underwriters in numerous public offerings. He frequently advises on independent director fiduciary duties and compliance policy issues and the implementation of ESG (Environmental, Social, and Governance) principles.

Read more about Arthur Don
Show more Show less
Photo of Richard M. Cutshall Richard M. Cutshall

Richard M. Cutshall is Co-Chair of the firm’s Financial, Regulatory and Compliance Practice, Co-Chair of the firm’s Private Funds Group, and Co-Chair of the firm’s Investment Management Group. Rich has experience representing clients in a variety of investment management, general securities, and corporate

Richard M. Cutshall is Co-Chair of the firm’s Financial, Regulatory and Compliance Practice, Co-Chair of the firm’s Private Funds Group, and Co-Chair of the firm’s Investment Management Group. Rich has experience representing clients in a variety of investment management, general securities, and corporate matters, including the representation of mutual funds, ETFs, and other funds registered under the Investment Company Act of 1940; fund and ETF independent directors; unregistered investment funds; federally registered, state registered, and federally and state exempt investment advisers; broker-dealers; and an array of public and private companies.

Rich represents investment adviser clients at all stages of their life cycle, from concept and formation through registration, daily operation through wind-down and exiting the business, including representing investment adviser clients on both the buy-side and sell-side in M&A transactions. He also represents clients in all aspects of investment company practice, including organizing and forming new funds and ETFs, registering mutual funds and ETFs with the SEC, and the acquisition and merger of public funds.

In the course of representing investment advisers and public and private funds, Rich advises Greenberg Traurig’s clients on all aspects of securities regulatory compliance, particularly including new and existing SEC rules; SEC examination, regulatory, and investigative initiatives and sweeps; the SEC’s proposal, adoption, and implementation of new regulations, such as the recently rewritten investment adviser marketing rule; and finding compliance solutions related to the regulatory scheme applicable to investment advisers and investment funds, including implementing both novel and long-standing SEC regulatory guidance and interpretations. He also advises clients on the day-to-day aspects of corporate governance, board and adviser fiduciary responsibility, and SEC compliance, as well as assisting clients in all aspects of SEC and other regulatory examinations.

Rich has given presentations on and assists a variety of investment management clients with their compliance with anti-money laundering laws, and has performed annual independent third party audits of several clients’ anti-money laundering policies, programs and controls.

Rich also has experience representing clients in many industries in the sale or acquisition of businesses, formation of corporate entities, sophisticated contract negotiations, and in obtaining, renewing and renegotiating the terms of financing business operations. He routinely works with clients’ chief executive officers, chief financial officers, directors, and in-house general and assistant general counsels, including occasionally working from clients’ corporate headquarters upon request. Rich works with corporate and finance clients of all sizes, from startup family-run businesses and entrepreneurial endeavors to Fortune 500 clients. He also has experience representing clients across many industries, including health care, data management, retail product display and advertising design and manufacturing, industrial manufacturing, and real estate management and brokerage industries.

Read more about Richard M. Cutshall
Show more Show less
Related Posts
shutterstock_551895805
2023 Report on FINRA’s Examination and Risk Monitoring Program
February 7, 2023
Bitcoin gold coins with wallet, close-up Virtual cryptocurrency concept
Federal Reserve, FDIC, and OCC Issue the First Joint Statement on Crypto-Asset Risks to Banking Organizations
February 1, 2023
Shutterstock_2091191497
NYDFS Proposes Significant Changes to Its Cybersecurity Regulation
January 6, 2023