In March 2014, the SEC sponsored a Cybersecurity Roundtable where SEC Commissioners and staff, along with industry representatives, underscored the importance of cybersecurity to the integrity of the market system and customer data protection.
In April 2014, OCIE published a Risk Alert announcing a series of examinations to identify cybersecurity risks and assess cybersecurity preparedness in the securities industry.
In February 2015, OCIE published summary observations of the findings from these examinations, which discussed some of the legal, regulatory, and compliance issues associated with cybersecurity.
Given the continued importance of cybersecurity and the positive response from broker-dealers and advisers on OCIE’s efforts, OCIE announced a focus on cybersecurity compliance and controls as part of its 2015 Examination Priorities. OCIE is issuing this Risk Alert to provide additional information on the areas of focus for OCIE’s second round of cybersecurity examinations, which will involve more testing to assess implementation of firm procedures and controls.
INFORMATION OCIE WILL BE LOOKING FOR IN EXAMS:
Examiners will gather information on cybersecurity-related controls and will also test to assess implementation of certain firm controls. In order to promote better compliance practices and inform the Commission’s understanding of cybersecurity preparedness, this Initiative will focus on the following areas:
You can find more information regarding OCIE’s 2015 Cybersecurity Examination here: http://www.sec.gov/ocie/announcement/ocie-2015-cybersecurity-examination-initiative.pdf