SEC Establishes Cybersecurity Initiative for Broker-Dealers and Investment Advisers


To listen to the podcast, please click here.

On April 15, 2014, the Office of Compliance Inspections and Examinations (OCIE) of the Securities and Exchange Commission (SEC) released a National Exam Priority Risk Alert announcing its initiative to evaluate cybersecurity policies currently utilized in the securities industry. OCIE's implementation of the Risk Alert is the product of the SEC's March 26, 2014 cybersecurity roundtable, which emphasized the importance of cyber-readiness for broker-dealers and investment advisers.

Pursuant to the Risk Alert, OCIE will interview 50 registered broker-dealers and investment advisers regarding their cybersecurity policies. OCIE has also provided a sample request for information in the Risk Alert to enable any firm not examined by OCIE to independently evaluate its cybersecurity policies. The sample request for information is not all-inclusive, and OCIE may tailor or amend its requests for information in order to best address the particular circumstances of each firm.

The disclosure per the Risk Alert "is intended to empower compliance professionals in the industry with questions and tools they can use to assess their firms' level of preparedness." OCIE's examinations will focus on the following areas: cybersecurity governance; identification of cybersecurity risks; risks associated with remote customer access and funds transfer requests; risks associated with vendors and other third parties; protection of networks and information; detection of unauthorized activity; and experiences with cybersecurity threats.

OCIE's decision to address cybersecurity in its annual examinations, along with its public release of a sample request for information, signals that the SEC has increased its scrutiny of broker-dealer and investment adviser cybersecurity policies. Registered broker-dealers and investment advisers should review their current cybersecurity policies in order to best prepare for a potential cybersecurity examination by OCIE.

Written by:

Published In:


DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Bracewell & Giuliani LLP | Attorney Advertising

Don't miss a thing! Build a custom news brief:

Read fresh new writing on compliance, cybersecurity, Dodd-Frank, whistleblowers, social media, hiring & firing, patent reform, the NLRB, Obamacare, the SEC…

…or whatever matters the most to you. Follow authors, firms, and topics on JD Supra.

Create your news brief now - it's free and easy »

All the intelligence you need, in one easy email:

Great! Your first step to building an email digest of JD Supra authors and topics. Log in with LinkedIn so we can start sending your digest...

Sign up for your custom alerts now, using LinkedIn ›

* With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name.