In March 2019 the SEC’s Office of Compliance, Inspections and Examinations (OCIE) announced it would soon commence its annual “Cybersecurity Sweep” of registered investment advisers and broker-dealers. The reality of daily breaches and hacks combined with the watchful eye of the SEC and other regulatory and enforcement bodies means registrants should recommit to dedicating the necessary resources to protect their customers from cyber threats.
The SEC has provided some ideas as to the areas of emphasis for the Cyber Sweep in its 2019 Examination Priorities document. OCIE will focus on, among other things, “proper configuration of network storage devices, information security governance generally, and policies and procedures related to retail trading information security. Specific to investment advisers, OCIE will emphasize cybersecurity practices at investment advisers with multiple branch offices, including those that have recently merged with other investment advisers, and continue to focus on, among other areas, governance and risk assessment, access rights and controls, data loss prevention, vendor management, training, and incident response.”
Click here for the full GT Alert, where we discuss OCIE’s likely points of focus in its upcoming cyber sweep.