This March the Securities and Exchange Commission’s (“SEC’s”) national associate director of investment advisor and investment company exams at its Office of Compliance Inspections and Examinations (“OCIE”), Jane Jarcho (“Jarcho”), spoke at the Investment Advisor Association’s compliance conference in Arlington, Virginia. Jarcho discussed cybersecurity and the upcoming second round of sweep examinations.
OCIE’s National Examination Program staff recently examined 57 registered broker-dealers and 47 registered investment advisers. The firms were selected “to provide perspectives from a cross-section of the financial services industry and to assess various firms’ vulnerability to cyber-attacks”. The findings from the exams have been summarized and can be found in the National Exam Program’s February 3, 2015 Risk Alert.
According to Jarcho, the SEC plans to begin its second round of sweep examinations this summer with shorter but “more in-depth” exams of broker-dealers, advisors and transfer agent’s (transfer agents were previously excluded). These exams will take place onsite and evaluate cybersecurity compliance controls. Jarcho stated that the “vulnerabilities that we want [advisers] to think about” include; advisors’ relationships with vendors and third parties; authentication procedures, such as logins and firewalls; as well as “response plans” advisors have made for cyberattacks that have been “successful.” The continued risk-based cybersecurity exams are part of OCIE’s 2015 priorities.
It is important to take the appropriate steps to develop and implement an effective cybersecurity policy within your organization. Not only will you be safeguarding and protecting your clients, but you will be better prepared for your next regulatory exam.
For more information on this and other related subjects, please contact us at info@jackolg.com or (619) 298-2880.