On August 7, 2017, the SEC’s Office of Compliance Inspections and Examinations (OCIE) issued its third National Exam Program Risk Alert of the 2017 calendar year, detailing OCIE’s findings and
Continue Reading August 2017 Cybersecurity & Risk Alert from SEC
cybersecurity
SEC Convenes Fintech Forum
By Jonathan A. Beckham on
On Nov. 14, 2016, the Securities and Exchange Commission (SEC) hosted an all-day forum on FinTech ( Forum). The event highlighted the active role the SEC intends to take in…
Continue Reading SEC Convenes Fintech Forum
Financial Stability Oversight Council Releases 2016 Annual Report
By Richard J. Fidei on
The Financial Stability Oversight Council (FSOC) has released its 2016 Annual Report, which was unanimously approved by its voting members on Tuesday, June 21, 2016. The FSOC is required by…
Continue Reading Financial Stability Oversight Council Releases 2016 Annual Report
Asset Managers and Cybersecurity Risk Management
By Nanette Aguirre on
Posted in Cybersecurity
As if 2016 wasn’t challenging enough for asset managers, the rise in Cybersecurity risk has certainly become increasingly prevalent. As our industry continues to depend on digital platforms for real…
Continue Reading Asset Managers and Cybersecurity Risk Management
SEC’s Office of Compliance Inspections and Examinations Releases Annual Examination Priorities
By Richard M. Cutshall on
On Jan. 11, 2016, the Office of Compliance Inspections and Examinations (OCIE) of the U.S. Securities and Exchange Commission (SEC) issued its annual Examinations Priorities for 2016 (Exam Priorities), which…
Continue Reading SEC’s Office of Compliance Inspections and Examinations Releases Annual Examination Priorities
OCIE Issues New Cybersecurity Risk
By Richard M. Cutshall on
Posted in Cybersecurity, SEC
Two weeks ago, the SEC’s Office of Compliance Inspections and Examinations (OCIE) issued its newest guidance on the subject of cybersecurity in the form of a new National Exam Program (NEP) Risk Alert, issued Sept. 15. In addition to the matters discussed below, the Risk Alert contains links to several earlier Commission and OCIE materials, including to the March 2014 SEC Cybersecurity roundtable, past NEP cybersecurity-related releases, and the 2015 SEC examination priorities.
With the purpose of “[providing] additional information on the areas of focus for OCIE’s second round of cybersecurity examinations” and in addition to informing industry participants that testing and assessing the implementation of cybersecurity procedures and controls will characterize the next phase of exams, the Risk Alert identifies six key areas of focus for OCIE: (1) governance and risk assessment; (2) access rights and controls; (3) data loss prevention; (4) vendor management; (5) training; and (6) incident response. The Risk Alert also provides a sample document request, which regulated entities may use in assessing their cybersecurity programs.Continue Reading OCIE Issues New Cybersecurity Risk
New SEC Cybersecurity Guidance for Investment Advisers and Fund Managers
By Scott L. MacLeod on
Posted in SEC
This post summarizes the recent U.S. Securities and Exchange Commission (SEC) Guidance Update related to cybersecurity issues applicable to registered advisers and funds. This update will likely serve as a…
Continue Reading New SEC Cybersecurity Guidance for Investment Advisers and Fund Managers
Cybersecurity Viewed as Market Risk by CFTC
By Douglas E. Arend & Jeffry M. Henderson on
Posted in CFTC
In a recent public speech, CFTC Chairman Timothy Massad described cybersecurity as “perhaps the single most important new risk to market integrity and financial stability.” On March 18, 2015, CFTC staff conducted a roundtable regarding this topic, during which CFTC suggested possible proposed rulemaking. CFTC staff said that CFTC is considering a rule imposing cybersecurity requirements on exchanges and clearing organizations, but one that at least initially would not apply to other market participants. Chairman Massad indicated that a proposed rule would focus on setting standards for testing: (a) system safeguards; (b) vulnerability and penetration; (c) key controls; and (d) business recovery and disaster recovery.
Continue Reading Cybersecurity Viewed as Market Risk by CFTC
The SEC and FINRA Double-Down on Cybersecurity Enhancement and Prevention
By Matthew S. Johns‡ on
In the wake of recent cybersecurity breaches, the SEC and FINRA simultaneously issued reports this week to the securities industry summarizing cybersecurity examination findings and to investors recommending certain precautions…
Continue Reading The SEC and FINRA Double-Down on Cybersecurity Enhancement and Prevention