ARTICLE
13 January 2020

Cybersecurity Remains A Top SEC Examination Priority In The New Decade

B
BakerHostetler

Contributor

BakerHostetler logo
Recognized as one of the top firms for client service, BakerHostetler is a leading national law firm that helps clients around the world address their most complex and critical business and regulatory issues. With five core national practice groups — Business, Labor and Employment, Intellectual Property, Litigation, and Tax — the firm has more than 970 lawyers located in 14 offices coast to coast. BakerHostetler is widely regarded as having one of the country’s top 10 tax practices, a nationally recognized litigation practice, an award-winning data privacy practice and an industry-leading business practice. The firm is also recognized internationally for its groundbreaking work recovering more than $13 billion in the Madoff Recovery Initiative, representing the SIPA Trustee for the liquidation of Bernard L. Madoff Investment Securities LLC. Visit bakerlaw.com
It may be a new decade, but the focus of the Securities and Exchange Commission (SEC) on cybersecurity has not shifted. In particular, the SEC noted in its 2020 Examination Priorities
United States Technology
To print this article, all you need is to be registered or login on Mondaq.com.

It may be a new decade, but the focus of the Securities and Exchange Commission (SEC) on cybersecurity has not shifted. In particular, the SEC noted in its 2020 Examination Priorities that the Office of Compliance Inspections and Examinations (OCIE) "will continue to prioritize cyber and information security risks across the entire examination program." This pronouncement and other recent regulatory guidance underscore the risk of potentially far-reaching harm that breaches and security incidents pose to market participants and retail investors. Building on its earlier guidance (previously covered here), OCIE emphasized a cooperative approach to help firms identify and address these risks, bolster compliance programs to protect against them, and encourage engagement with regulators and law enforcement.

OCIE also indicated that SEC exam staff will continue to focus on investment advisers' policies, procedures and controls with respect to:

  • Governance and risk management
  • Access controls
  • Data loss prevention
  • Vendor management
  • Training
  • Incident response and resiliency

To help firms address these areas, OCIE referenced its Risk Alerts on configuring network storage and safeguarding customer information (previously covered here). Among other things, these alerts urged firms to:

  • Properly configure network storage solutions
  • Adequately monitor vendors
  • Accurately classify data and inventory systems
  • Timely provide privacy and opt-out notices
  • Avoid boilerplate programs by conducting risk assessments and tailoring policies, procedures and controls
  • Prepare incident response plans and train employees
  • Address common risks posed by personal devices, electronic communications, networks and outside vendors

Notably, OCIE announced in its 2020 Examination Priorities that it plans to scrutinize access controls for online accounts and mobile applications as well as proper disposal of retired hardware that may contain sensitive customer or network information.

Given the SEC's continued focus here, firms of all stripes – including broker-dealers, investment companies, investment advisers and private funds – should be prepared for OCIE to closely examine their written information security programs, internal controls, and compliance with Regulation S-P and Regulation S-ID. After all, it's 2020 and the risks remain.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

We operate a free-to-view policy, asking only that you register in order to read all of our content. Please login or register to view the rest of this article.

ARTICLE
13 January 2020

Cybersecurity Remains A Top SEC Examination Priority In The New Decade

United States Technology

Contributor

BakerHostetler logo
Recognized as one of the top firms for client service, BakerHostetler is a leading national law firm that helps clients around the world address their most complex and critical business and regulatory issues. With five core national practice groups — Business, Labor and Employment, Intellectual Property, Litigation, and Tax — the firm has more than 970 lawyers located in 14 offices coast to coast. BakerHostetler is widely regarded as having one of the country’s top 10 tax practices, a nationally recognized litigation practice, an award-winning data privacy practice and an industry-leading business practice. The firm is also recognized internationally for its groundbreaking work recovering more than $13 billion in the Madoff Recovery Initiative, representing the SIPA Trustee for the liquidation of Bernard L. Madoff Investment Securities LLC. Visit bakerlaw.com
See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More