SEC Releases Cybersecurity Examination Blueprint
In March 2014 the SEC’s Office of Compliance Inspections and Examinations (OCIE) sponsored a Cybersecurity Roundtable looking for stronger partnerships between the government and private sector to address cyber threats.
We now have evidence of their next step: on April 15, 2014, the SEC released its Cybersecurity Examination Blueprint. The nine-page National Exam Program Risk Alert contains a sample checklist of the questions SEC examiners might ask brokerages and asset managers during inspections.
The document puts firms on alert to be prepared, for instance, to provide a comprehensive list of when they detected malware, suffered a "denial of service" attack or discovered a network breach since January 2013. In addition, it asks whether firms have implemented the Identity Theft Red Flag Rules effective in 2013. OCIE is planning examinations of more than 50 registered broker-dealers and registered investment advisers that will focus on cybersecurity preparedness.
Brown Smith Wallace has a network of resources to provide specialized services for the unique regulatory and operational complexities of the brokerage and investment advisory industries.
To discuss your firm’s IT and cybersecurity needs, contact Lincoln Gray, Principal, Broker-Dealer and Investment Advisory Services, at firstname.lastname@example.org or 314.983.1235, or Tony Munns, Partner, Risk Advisory Services, at email@example.com or 314.983.1297.