What Financial Advisory Firms Need To Know About Cyber Security To Pass OCIE Exams
- Created: Tuesday, 22 September 2015 14:50
In April 2014, OCIE published a Risk Alert announcing a series of examinations to identify cybersecurity risks and assess cybersecurity preparedness in the securities industry.
In February 2015, OCIE published summary observations of the findings from these examinations, which discussed some of the legal, regulatory, and compliance issues associated with cybersecurity.
Given the continued importance of cybersecurity and the positive response from broker-dealers and advisers on OCIE’s efforts, OCIE announced a focus on cybersecurity compliance and controls as part of its 2015 Examination Priorities. OCIE is issuing this Risk Alert to provide additional information on the areas of focus for OCIE’s second round of cybersecurity examinations, which will involve more testing to assess implementation of firm procedures and controls.
INFORMATION OCIE WILL BE LOOKING FOR IN EXAMS:
Examiners will gather information on cybersecurity-related controls and will also test to assess implementation of certain firm controls. In order to promote better compliance practices and inform the Commission’s understanding of cybersecurity preparedness, this Initiative will focus on the following areas:
- Cyber Security Assessment
- Access Rights & Controls per Employee
- Vendor Management
- Cyber Security Training
- Incidence Response Plan
- Data Loss Prevention which Includes Managed Security and Disaster Recovery
You can find more information regarding OCIE’s 2015 Cybersecurity Examination here: //www.sec.gov/ocie/announcement/ocie-2015-cybersecurity-examination-initiative.pdf