On March 26, 2014, the Securities and Exchange Commission (SEC) hosted a roundtable to discuss cybersecurity issues facing public companies, broker-dealers, investment advisers and other market participants. While cybersecurity has been a hot topic for the last couple of years, the SEC has provided only informal guidance to registrants and other market participants. At the roundtable, Chair Mary Jo White emphasized the “compelling need for stronger partnerships between the government and private sector” to address cyber threats.
On April 15, 2014, SEC’s Office of Compliance Inspections and Examinations (OCIE) issued a Risk Alert describing an initiative it is currently undertaking to assess cybersecurity preparedness in the securities industry. The nine-page documen contains several examples of the questions Securities and Exchange Commission examiners might ask brokerages and asset managers during inspections. According to OCIE, the examinations will focus on “cybersecurity governance, identification and assessment of cybersecurity risks, protection of networks and information, risks associated with remote customer access and funds transfer requests, risks associated with vendors and other third parties, detection of unauthorized activity, and experiences with certain cybersecurity threats.”
The SEC hopes these examinations will help identify areas where the Commission and the industry can work together to protect investors and our capital markets from cybersecurity threats. The sample document request is intended to empower compliance professionals in the industry with questions and tools they can use to assess their firms’ level of preparedness, regardless of whether they are included in OCIE’s examinations.