Cybersecurity & 2017 SEC Exam Priorities

In September 2015, the SEC announced it was starting Phase 2 Cybersecurity Exam Initiative exams in which the SEC started doing more in-depth testing of policies, procedures and controls at firms. For example: testing a firm’s access provisioning policy by standing over the shoulder of various employees to confirm whether they could or couldn’t access certain files and folders on the network.

In January 2016, the SEC’s Exam Priorities announced a continuation of the Phase 2 exams.

Now in January 2017, it appears that Phase 2 is over, and this more in-depth testing has found its way into SEC examinations in general.

Granted, some exams might not focus on cybersecurity at all, but the ones that do are likely to now include a more in-depth examination of it, and the SEC will be looking to corroborate that you are doing what your policies say you are doing, and that you have policies on things they expect you to have policies on when it comes to cyber.

At the upcoming Ascendant Compliance Management conference, “Revolutionizing Compliance: The Matrix of Regulation, Operations & Technology,” we will be covering things on the SEC’s cybersecurity request list – what documentation they expect, what types of controls they expect, what policies they expect; how to test various policies ahead of time; ways to improve your firm’s training and security awareness program – since some firms are being called out for inadequate cyber training and since the SEC is using the benefit of hindsight to fine firms that have a cyber incident that comes to light during an exam.

Translation: more training reduces the likelihood of a cyber incident in the first place.

If you need to gain a deeper understanding of the SEC’s views of cybersecurity and how it might affect your firm, join us in Naples on April 3-5. For more information, read our agenda by clicking here.

Latest Content

Firms Encouraged Not to Overlook Oct. 1 Books and Records Changes

While changes to Form ADV on October 1, 2017 have been well-publicized, we encourage firms not to overlook the other changes to Books and Records requirements put forth in the SEC’s final rule release, effective October 1, 2017. The changes to the Rule relate to the retention of documents regarding the calculation of performance data. Rule … Continued

SEC Offers Regulatory Relief to Advisers Affected by Hurricanes

On September 28, 2017, the SEC provided regulatory relief to individuals and entities subject to the ’33 Act, ’34 Act and ’40 Act who were affected by Hurricanes Harvey, Irma or Maria. The relief came in the form of conditional exemptions from certain requirements. The hurricanes, which struck between August and September of 2017, devastated … Continued

SEC Discloses Cybersecurity Breach That May Have Led to Insider Trading

The determination of hackers to exploit existing cybersecurity vulnerabilities of government agencies and businesses shot to the forefront again last Wednesday, when SEC Chair Jay Clayton revealed that the commission’s EDGAR database had been hacked in 2016 through a software vulnerability in the test filing component of the system. According to Clayton, the breach was … Continued

Ethics: Building a More Ethical Workforce

How to make ethics part of your Firm’s Compliance Culture Where does the requirement to act ethically come from? Dealing with Ethical Dilemmas 2016 SEC Enforcement Cases that pertain to Ethics

Ascendant’s Jason Morton to Speak on RegTech at Strata Data Conference

Alongside technology experts from American Express, Credit Suisse and CIBC, Ascendant’s Jason Morton will speak on developments in regulatory technology at the ‘Fintech Data Day’ at the annual Strata Data Conference on September 26, 2017 in New York. The Strata Data Conference is an annual conference for technology and business professionals who are seeking innovative … Continued

Mailing List

Subscribe to the Ascendant Compliance email list for the latest compliance resources, conferences, ComplianceCasts™, and more.

Loading form...

Contact Us

Ascendant works together with clients to identify and assess critical needs through customized plans. If you need assistance with compliance functions, regulatory services, cybersecurity or technology tools, we’d love to speak with you.