SEC Examination Staff Issues Risk Alert on Cybersecurity Initiative

The staff of the SEC’s Office of Compliance Inspections and Examinations (OCIE) issued a Risk Alert discussing its initiative to assess cybersecurity preparedness in the securities industry.  The initiative, which will include examinations of more than 50 broker-dealers and advisers, will focus on the following areas:

  • cybersecurity governance,
  • identification and assessment of cybersecurity risks,
  • protection of networks and information,
  • risks associated with remote customer access and funds transfer requests,
  • risks associated with vendors and other third parties,
  • detection of unauthorized activity, and
  • experiences with certain cybersecurity threats.

The Risk Alert includes a sample request for information with detailed questions in each of the foregoing areas, which “is intended to empower compliance professionals in the industry with questions and tools they can use to assess their firms’ level of preparedness, regardless of whether they are included in OCIE’s examinations.”    The Risk Alert notes that the topics it lists are not exhaustive (or necessarily applicable to all firms), and that “the adequacy of supervisory, compliance, and other risk management systems can be determined only with reference to the profile of each specific firm and other facts and circumstances.”

The Risk Alert follows the announcement of a technology element in OCIE’s 2014 examination priorities and the SEC’s March 26, 2014 Cybersecurity Roundtable

IRS Circular 230 Disclosure: To ensure compliance with requirements imposed by the IRS, we inform you that any U.S. tax advice contained in this informational piece (including any attachments) is not intended or written to be used, and may not be used, for the purpose of (i) avoiding penalties under the Internal Revenue Code or (ii) promoting, marketing or recommending to another party any transaction or matter addressed herein.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Goodwin Procter LLP | Attorney Advertising

Written by:


Goodwin Procter LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.