SEC Risk Alert
The Office of Compliance Inspections and Examinations (OCIE) concluded its Cybersecurity 2 Initiative.
OCIE staff examined 75 firms, including registered investment advisers and investment companies (“funds”) to assess industry practices as well as legal and compliance issues associated with cybersecurity preparedness.
The Cybersecurity 2 Initiative comprises OCIE’s next phase of inquiry – using the 2014 Cybersecurity 1 Initiative, and subsequent cybersecurity examination intelligence.
However, the Cybersecurity 2 Initiative examinations involved more extensive validation of procedures and testing of controls surrounding cybersecurity preparedness than in prior examinations.
Specifically, the Cybersecurity 2 examinations focused on the firms’ written policies and procedures regarding cybersecurity, including validating and testing that such policies and procedures were properly implemented and utilized. Moreover, the staff used the following metrics to better understand how firms managed their cybersecurity preparedness:
- Governance and risk assessment;
- Access rights and controls;
- Data loss prevention;
- Vendor management;
- Training, and
- Incident response.
Generally, the staff observed increased cybersecurity preparedness since the 2014 Cybersecurity 1 Initiative.
However, the staff noted several areas, which require improved compliance and oversight.
The Risk Alert contained herein provides a summary of the staff’s observations from the Cybersecurity 2 Initiative. Click Here
For RCA accredited commentary and analysis on Examination and Enforcement Priorities as well as other critical issues for 2018, join over 1000 Alternative Investment and Asset Management Executives at the RCA’s Compliance, Risk & Enforcement – NYC 2017 Symposium, which shall feature:
1 – The largest group of RECENT EXAMINEES to provide you with the most actionable and practical intelligence regarding the actual tactics and practices of Examination Staff.
2 – The LARGEST COLLECTION OF SENIOR REGULATORS.
3 – During the Symposium you will develop a comprehensive action plan to:
- Upgrade compliance controls, testing and reviews to avoid deficiencies,
- Address prospective 2018 Examination priorities and tactics,
- Obtain a deep understanding of the latest Enforcement initiatives,
- Conduct effective risk assessments and inventories, and
- Develop efficient supervisory practices for 3rd Party Service Providers.
To view the entire Alert, CLICK HERE