Cybersecurity: SEC Is Starting to Scrutinize Registrants’ Practices

The SEC plans to examine the cybersecurity practices of over 50 registered broker-dealers and investment advisers. The SEC announced its plan in an April 15, 2014 Risk Alert, which closely follows the March 26 Cybersecurity Roundtable at which Chair Mary Jo White underscored the importance of cybersecurity to market security and customer data protection. At the Roundtable, Chair White emphasized the “compelling need for stronger partnerships between the government and private sector” to address cyber threats.

The Risk Alert included a comprehensive Appendix detailing the types of questions the SEC may be asking registrants in these exams, on such topics as cybersecurity governance, risks associated with remote customer access and risks associated with vendors and third parties. The sample questions include whether companies have discovered malware in their systems, suffered a network breach or found that computers used by customers and vendors to remotely access networks have been compromised since January 2013.

Please see full alert below for more information.

LOADING PDF: If there are any problems, click here to download the file.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Morrison & Foerster LLP - Broker-Dealer Compliance + Regulation | Attorney Advertising

Written by:


Morrison & Foerster LLP - Broker-Dealer Compliance + Regulation on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.