The Security and Exchange Commission’s (SEC) Office of Compliance Inspections and Examinations (OCIE) has launched an initiative designed to examine the cybersecurity policies in place at as many as fifty Wall Street firms to determine if adequate governance and controls are in place.
“OCIE’s cybersecurity initiative is designed to assess cybersecurity preparedness in the securities industry and to obtain information about the industry’s recent experiences with certain types of cyber threats,” a Risk Alert issued by the SEC stated.
The OCIE had previously announced its intention to conduct the cybersecurity preparedness examination during a roundtable session with participants in March, and issued the Risk Alert in order to provide additional information on exactly what the agency will be investigating.
“OCIE’s cybersecurity initiative is designed to assess cybersecurity preparedness in the securities industry and to obtain information about the industry’s recent experiences with certain types of cyber threats,” the Risk Alert continued.
“As part of this initiative, OCIE will conduct examinations of more than 50 registered broker-dealers and registered investment advisers focused on the following: the entity’s cybersecurity governance, identification and assessment of cybersecurity risks, protection of networks and information, risks associated with remote customer access and funds transfer requests, risks associated with vendors and other third parties, detection of unauthorized activity, and experiences with certain cybersecurity threats.”
The OCIE administers the SEC’s examination and inspection programs focused on “registered entities, including broker-dealers, transfer agents, investment advisers, investment companies, the national securities exchanges, clearing agencies, SROs such as the Financial Industry Regulatory Authority (FINRA) and the Municipal Securities Rulemaking Board, and the Public Company Accounting Oversight Board (PCAOB).”
The initiative is the most comprehensive such examination ever undertaken by the SEC, and the public release of the questionnaire is unprecedented for the agency.
“I don’t think they have been this focused, this broad, this creative or this exhaustive. This is a very well written questionnaire,” said risk management analyst John Stark.
Categories: Top Security Stories