Skip to content

Menu

LexBlog, Inc. logo
NetworkSub-MenuBrowse by SubjectBrowse by PublisherAbout the NetworkJoin the NetworkProductsSub-MenuProducts OverviewBlog ProBlog PlusBlog PremierMicrositeSyndication PortalsAbout UsContactSubscribeSupport
Book a Demo
Search
Close

The SEC’s Cybersecurity Initiative

By Luke Falgoust on May 15, 2014
Email this postTweet this postLike this postShare this post on LinkedIn

On April 15, 2014 the Securities and Exchange us-securities-and-exchange-commissionCommission’s (“SEC”) Office of Compliance Inspections and Examinations (“OCIE”) issued a National Exam Program Risk Alert entitled OCIE Cybersecurity Initiative (the “Risk Alert”) announcing its plans to conduct examinations of more than 50 registered broker-dealers and investment advisers focused on cybersecurity governance, identification and assessment of cybersecurity risks, protection of networks and information, risks associated with remote customer access and funds transfer requests, risks associated with vendors and other third parties, detection of unauthorized activity, and experiences with certain cybersecurity threats.

Although the Risk Alert does not specify, it can be expected that the sample of firms to be examined will be selected to gather information about how firms of different sizes and levels of complexity are addressing cybersecurity risks. Accordingly, registered broker-dealers and investment advisers should review the Risk Alert carefully and prepare for dealing with a potential examination by OCIE of their cybersecurity protocols, policies and defenses.

The Risk Alert includes a sample information and document request list that describes the various categories of detailed information that OCIE will potentially be seeking through its examinations. This disclosure by OCIE is intended to provide compliance professionals in the securities industry with questions and tools they can use to assess their firms’ level of preparedness. The sample information and document request list also can be used by a firm’s compliance department as a guide to track the firm’s cyber infrastructure, assess the firm’s cybersecurity risks and document, implement and monitor policies and procedures regarding identification, documentation, prioritization and mitigation of cyber risks. The sample request list suggests that all financial firms should, among various other measures:

  • use an established framework to address cybersecurity;
  • have written policies and procedures in place to manage information security assets, networks and information;
  • conduct periodic risk assessments to identify physical cybersecurity threats and vulnerabilities;
  • identify persons responsible for overseeing cybersecurity risks;
  • implement a cybersecurity incident response policy; and
  • maintain insurance that specifically covers losses and expenses attributable to cybersecurity incidents.

OCIE hopes that these examinations will identify areas where the SEC and the securities industry can work together to protect investors and capital markets from cybersecurity threats.  Registered broker-dealers and investment advisers should review the information and document requests included in the Risk Alert and evaluate their existing cybersecurity policies and procedures. Financial firms should also prepare for OCIE’s greater scrutiny of their cybersecurity policies and procedures.

Photo of Luke Falgoust Luke Falgoust
Read more about Luke FalgoustEmail
  • Posted in:
    Intellectual Property
  • Blog:
    Trade Secret Insider
  • Organization:
    Jones Walker LLP
  • Article: View Original Source

Have questions? Call 1-800-913-0988 or email sales@lexblog.com.
Facebook LinkedIn Twitter RSS
  • About LexBlog
  • Our Beliefs
  • Our Team
  • Careers
  • Press
  • Contact LexBlog
  • Privacy Policy
  • Disclaimer
  • Editorial Policy
  • Terms of Service
  • RSS Terms of Service
  • Syndication Terms of Service
  • Blog Pro
  • Blog Plus
  • Blog Premier
  • Microsite
  • Syndication Portals
  • LexBlog Community
  • Submit a Request
  • Support Center
  • System Status
  • Resource Center
  • Blogging 101
Copyright © 2025, LexBlog, Inc. All Rights Reserved.
Law blog design & platform by LexBlog LexBlog Logo