On April 16, 2019, the staff from the Office of Compliance Inspections and Examinations (the “OCIE”) of the US Securities and Exchange Commission (“SEC”) published a Risk Alert describing privacy and related customer information safeguarding issues it has identified in recent examinations of registered investment advisers and broker-dealers (“Registered Entities”).1 These issues continue to be an oversight concern of OCIE, more recently in connection with the safeguarding of client information from cybersecurity incidents and breaches. This Legal Update summarizes certain observations identified by OCIE related to those exams and provides certain key takeaways for Registered Entities.
