What the OCIE Cybersecurity Risk Alert Means for Investment Advisers and Broker-Dealers

Continuing its emphasis on the cyber-preparedness of broker dealers, the SEC Office of Compliance Inspections and Examinations (OCIE) announced a second round of examinations “to assess implementation of firm procedures and controls.”  On September 15, 2015, OCIE issued a Risk Alert detailing its concerns, as well as sample requests for information in six focus areas: governance and risk assessments, access controls, data security, vendor management, training and incident response.  We analyze the alert and explore the cybersecurity implications for investment advisers and broker-dealers.  See also “Meeting Expectations for SEC Disclosures of Cybersecurity Risks and Incidents (Part One of Two)” (Aug. 12, 2015); Part Two (Aug. 26, 2015).

To read the full article

Continue reading your article with a CSLR subscription.