SEC Issues Cybersecurity Risk Alert


On April 15th, the SEC's Office of Compliance Inspections and Examinations ("OCIE") issued a Risk Alert concerning its initiative to assess the cybersecurity preparedness of the securities industry. The Risk Alert states that OCIE will conduct examinations of more than 50 registered broker-dealers and investment advisers in order to identify areas where the SEC and the industry "can work together to protect investors and our capital markets from cybersecurity threats."

To facilitate compliance, the Risk Alert includes a sample information request ("Request") that outlines the following areas where OCIE sees risk and will focus its examinations:

  1. Identification of Risks/Cybersecurity Governance
  2. Protection of Firm Networks and Information
  3. Risks Associated with Remote Customer Access and Funds Transfer Requests
  4. Risks Associated with Vendors and Other Third Parties
  5. Detection of Unauthorized Activity
  6. Experiences with Certain Cybersecurity Threats.

The Request provides a detailed roadmap of factors that firms may wish to consider in assessing their supervisory, compliance, and risk management systems. The 28 factors listed include several questions relating to:

  • network security,
  • physical security,
  • periodic cybersecurity risk assessments,
  • contracting with and monitoring vendors and other third parties,
  • cybersecurity roles and responsibilities for employees and managers, and
  • cybersecurity insurance. 

The Risk Alert follows closely on the heels of the SEC's Cybersecurity Roundtable held on March 26, during which Chair Mary Jo White stated that the SEC's "formal jurisdiction over cybersecurity is directly focused on the integrity of our market systems, customer data protection, and disclosure of material information."  Although the Risk Alert focuses on registered broker-dealers and investment advisers, other SEC-regulated entities that maintain client accounts or directly process customer transactions on an application-way basis may find it prudent to review the factors identified in the Risk Alert and keep a close eye on how these examinations play out in the coming year.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Carlton Fields | Attorney Advertising

Written by:


Carlton Fields on:

Popular Topics
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.

Already signed up? Log in here

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.