SEC Establishes Cybersecurity Initiative for Broker-Dealers and Investment Advisers


To listen to the podcast, please click here.

On April 15, 2014, the Office of Compliance Inspections and Examinations (OCIE) of the Securities and Exchange Commission (SEC) released a National Exam Priority Risk Alert announcing its initiative to evaluate cybersecurity policies currently utilized in the securities industry. OCIE's implementation of the Risk Alert is the product of the SEC's March 26, 2014 cybersecurity roundtable, which emphasized the importance of cyber-readiness for broker-dealers and investment advisers.

Pursuant to the Risk Alert, OCIE will interview 50 registered broker-dealers and investment advisers regarding their cybersecurity policies. OCIE has also provided a sample request for information in the Risk Alert to enable any firm not examined by OCIE to independently evaluate its cybersecurity policies. The sample request for information is not all-inclusive, and OCIE may tailor or amend its requests for information in order to best address the particular circumstances of each firm.

The disclosure per the Risk Alert "is intended to empower compliance professionals in the industry with questions and tools they can use to assess their firms' level of preparedness." OCIE's examinations will focus on the following areas: cybersecurity governance; identification of cybersecurity risks; risks associated with remote customer access and funds transfer requests; risks associated with vendors and other third parties; protection of networks and information; detection of unauthorized activity; and experiences with cybersecurity threats.

OCIE's decision to address cybersecurity in its annual examinations, along with its public release of a sample request for information, signals that the SEC has increased its scrutiny of broker-dealer and investment adviser cybersecurity policies. Registered broker-dealers and investment advisers should review their current cybersecurity policies in order to best prepare for a potential cybersecurity examination by OCIE.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Bracewell LLP | Attorney Advertising

Written by:


Bracewell LLP on:

Readers' Choice 2017
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.

Already signed up? Log in here

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.