SEC publishes observations on industry cybersecurity practices

SEC publishes observations on industry cybersecurity practices
The agency highlights specific examples of firms' cybersecurity and operational resiliency practices
JAN 27, 2020

The Securities and Exchange Commission’s office of Compliance Inspections and Examinations released a report on observations relating to cybersecurity and best practices by financial market participants.

The observations are based on thousands of examinations of broker-dealers, investment advisers, clearing agencies, national securities exchanges and other SEC registrants, according to the report published on the SEC’s website.

The intent is to highlight specific examples of cybersecurity and operational resiliency practices and controls that firms are taking to safeguard against threats, and how they respond in the event of a breach.

OCIE acknowledged that there is no one-size-fits-all approach to cybersecurity and that the approaches highlighted may not be appropriate for all organizations. The observations are meant more as guidelines for firms considering how to improve their cybersecurity preparedness and response procedures.

“Through risk-targeted examinations in all five examination program areas, OCIE has observed a number of practices used to manage and combat cyber risk and to build operational resiliency,” Peter Driscoll, director of OCIE, said in a statement. “We felt it was critical to share these observations in order to allow organizations the opportunity to reflect on their own cybersecurity practices.”

For example, OCIE observed that effective cybersecurity programs begin at the top with senior leaders committed to improving a firm’s defenses. Common elements include a risk assessment to identify, analyze and prioritize security risks; a written cybersecurity policy to address the risks; and the effective implementation and enforcement of those policies.  

Areas covered in the report include governance and risk management, access rights and controls, data loss prevention, mobile security, incident response and resiliency, vendor management, and training and awareness.

SEC Chairman Jay Clayton commended OCIE for compiling and sharing the observations and encouraged market participants to incorporate the information into their cybersecurity policies.

“Data systems are critical to the functioning of our markets, and cybersecurity and resiliency are at the core of OCIE’s inspection efforts,” Mr. Clayton said in a statement.

Latest News

Fed's Bowman pushes for lighter-touch AI oversight at smaller firms
Fed's Bowman pushes for lighter-touch AI oversight at smaller firms

Supervision vice chair speaks following recent launch of AI adoption practices by regulators.

Why fixed income still belongs in your clients' portfolios
Why fixed income still belongs in your clients' portfolios

In an era of AI euphoria and market FOMO, getting back to basics with fixed income may be the most contrarian and most important move advisors can make.

Voya expands advisor managed accounts to add private market assets
Voya expands advisor managed accounts to add private market assets

Voya Financial adds private equity, credit and real estate options to its AMA program, building on support for looser federal investment rules in retirement accounts.

With executives leaving, Osaic’s Reid now in the spotlight
With executives leaving, Osaic’s Reid now in the spotlight

Shannon Reid, president of Osaic and the network’s number two executive, has plenty of challenges, industry executives said.

Investors sue crypto fund and platform, alleging $1.5 million never returned
Investors sue crypto fund and platform, alleging $1.5 million never returned

Auditors flagged the commingling. The COO allegedly knew. Investors kept getting the pitch

SPONSORED Who builds the income when the pension disappears?

Dan Biagini of American Equity says the steady decline of pensions, longer lifespans and a reset in interest rates are rewriting how advisors build retirement income

SPONSORED Why direct indexing stopped being optional

Direct indexing is on pace to outgrow ETFs and mutual funds. Northern Trust's Ken Lassner explains why the advisors who get it wish they had started sooner.