We have repeatedly warned broker-dealers and registered investment advisers that they needed to be prepared as it related to cybersecurity. Now, the SEC's Office of Compliance Inspections and Examinations has announced that it will conduct cybersecurity examinations of these entities. See http://www.sec.gov/ocie/announcement/Cybersecurity+Risk+Alert++%2526+Appendix+-+4.15.14.pdf.
These examinations will be conducted as part of a "sweep exam," and will assess cybersecurity risks; network and information protection; fund remote access; vendor risk; unauthorized activity detection; cybersecurity threat history; and firm controls, procedures and governance. In anticipation of this "sweep exam," the SEC Staff released a 7-page sample request list to assist compliance officers in preparing for these exams as well as routine examinations where the SEC Staff has also stated it would review cybersecurity issues.
The critical point in all of this is compliance officers should be in contact with their IT department who will be immeasurably in valuable during this process.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
