The SEC’s Office of Compliance Inspections and Examinations, or OCIE, previously announced that its 2014 Examination Priorities included a focus on technology, including cybersecurity preparedness. OCIE has issued a Risk Alert to provide additional information concerning its initiative to assess cybersecurity preparedness in the securities industry.
As part of this initiative, OCIE will conduct examinations of more than 50 registered broker-dealers and registered investment advisers focused on the following: the entity’s cybersecurity governance, identification and assessment of cybersecurity risks, protection of networks and information, risks associated with remote customer access and funds transfer requests, risks associated with vendors and other third parties, detection of unauthorized activity, and experiences with certain cybersecurity threats.
As part of OCIE’s efforts to promote compliance and to share with the industry where it sees risk, OCIE has included, as an Appendix to the Risk Alert, a seven page sample request for information and documents to be used in this initiative.