The Securities and Exchange Commission has off-an-on expressed concerns about cybersecurity for broker-dealers and registered investment advisers. Now it’s officially concerned. The SEC’s Office of Compliance Inspections and Examinations has announced a new cybersecurity initiative. The Risk Alert follows the announcement of a technology element in OCIE’s 2014 examination priorities and the SEC’s March 26, 2014 Cybersecurity Roundtable.
As part of the initiative, OCIE will conduct cybersecurity examinations of registered investment advisers. These examinations will be conducted as a ”sweep exam” to assess cybersecurity risks. The Risk Alert states the sweep will be of more than 50 registered broker-dealer and registered investment advisers.
In anticipation of the sweep exams, the SEC included a sample request list for the Identification of Risks/Cybersecurity Governance.
I would anticipate that the sweep exam will be targeted at the big BDs and retail investment adviser shops and not be focused on private fund managers. However, I plan to sit down and go through the sample letter to make sure I can answer all of the questions.
References:
- OCIE Cybersecurity Initiative
- SEC to Launch Cybersecurity Exams of Investment Firms, Offers Sample Document Requests by Bruce Carton in Compliance Week
- SEC Releases Cybersecurity Examination Roadmap by Debevoise & Plimpton LLP
Hacker is by Dani Latore
CC BY SA