Navigating FCA and SEC Cybersecurity Expectations (Part Two of Two)

When designing cyber-compliance programs, financial firms operating in multiple jurisdictions must adopt a coordinated approach to cybersecurity that meets the divergent regulatory requirements of all jurisdictions in which they are doing business. This two-part series examines the operations of the U.K. Financial Conduct Authority (FCA) and the SEC, both of which have increased their focus on cybersecurity, albeit with differing approaches. Part One discussed the FCA and SEC as regulators of financial services in their respective jurisdictions and outlined the guidance issued, and the methods adopted, by the two regulators. This article explores how asset managers and others in the financial sector can navigate the current regulatory environments, including existing guidance, in the U.S. and U.K., and simultaneously satisfy the requirements of each regulator. See also Regulatory Compliance and Practical Elements of Cybersecurity Testing for Fund Managers (Part One of Two)” (Jun. 17, 2015); Part Two (Jul. 1, 2015) and “Analyzing and Mitigating Cybersecurity Threats to Investment Managers (Part One of Two) (May 6, 2015); Part Two (May 20, 2015).

To read the full article

Continue reading your article with a CSLR subscription.