SEC: Prioritizing Cybersecurity

Cybersecurity is now a priority for many investment advisers to address. On June 14, SEC Chair Mary Jo White echoed that sentiment in her testimony before the U.S. Senate Committee on Banking, Housing, and Urban Affairs.

“Cybersecurity is – as I have said before – one of the greatest risks facing the financial services industry and will be for the foreseeable future,” Chair White said in her remarks. She went on to note that the SEC has taken a “proactive” approach that includes “examining and enforcing the rules we oversee that relate to cybersecurity.”

Reading between the lines, it appears that the SEC does not need a new Cybersecurity Rule to enforce requirements. Rather, the Commission appears willing and able to enforce existing regulations that already address cybersecurity – particularly Rule 30(a) of Regulation S-P, which requires registered investment advisers to adopt written policies and procedures reasonably designed to safeguard customer records and information.

Regulation S-P violations have paved the way for the SEC to bring two cybersecurity enforcement actions against investment advisers within the last nine months – first, against RT Jones in September 2015 and more recently against Morgan Stanley Smith Barney in June 2016.

SEC’s 2016 Efforts on Cybersecurity Exams

Chair White stated that the SEC is focusing on “ensuring that our registered entities have policies and procedures to address the risks posed to their systems and data by cyberattacks,” explaining that the agency has expanded its cybersecurity examinations to include testing of firms’ implementation of procedures and controls.

The SEC is currently examining these issues at firms in 2016, and recently announced the promotion of Christopher Hetner to the role of Senior Advisor to the Chair for Cybersecurity Policy. Mr. Hetner, a former chief information security officer at GE Capital, is the Cybersecurity Lead for the SEC’s Office of Compliance Inspections and Examinations (OCIE) Technology Controls Program.

Chair White’s full testimony is available by clicking here.

Latest Content

Ascendant’s Jason Morton to Speak on RegTech at Strata Data Conference

Alongside technology experts from American Express, Credit Suisse and CIBC, Ascendant’s Jason Morton will speak on developments in regulatory technology at the ‘Fintech Data Day’ at the annual Strata Data Conference on September 26, 2017 in New York. The Strata Data Conference is an annual conference for technology and business professionals who are seeking innovative … Continued

Hurricane Season: How Does your BCM Program Stack Up?

As Hurricane Harvey touches down on U.S. soil and we hope for the safety of the millions in its path, we encourage all firms, even those outside Harvey’s path of flooding and damaging winds, to consider their BCM readiness for such an event. Business Continuity Plans are designed to ensure firms have conducted sufficient advance preparation so … Continued

Surprise, Surprise: SEC Conducting Unannounced Exams

The Boston Regional Office of the SEC has recently conducted roughly 20 unannounced visits to registered investment advisers in the region. This fact, confirmed during the recent meeting of the New England Broker-Dealer and Investment Adviser Association (NEBDIAA), is in keeping with the SEC’s renewed focus on a more robust examination program. While onsite, the … Continued

One Phish, Two Phish, Red Phish, Blue Phish: How to Detect and Mitigate Social Engineering and Ransomware Techniques

Ransomware attacks like WannaCry and NotPetya are increasing in both frequency and damage, routinely making headline news with their abilities to bring down networks of established companies. Yet these cyberattacks typically start by compromising the weakest point in your security chain – people – through simple or complex phishing techniques before spreading to other parts … Continued

DOL Fiduciary Rule Transition Period Extension to 2019 Requested

The Secretary of Labor, Alexander Acosta, made a court filing on August 9 requesting the Transition Period and Delay of Applicability for the Department of Labor Fiduciary Rule be extended from January 1, 2018 to July 1, 2019. This court filing included extending the deadlines for the following Prohibited Contract Exemptions: Best Interest Contract Exemption … Continued

Mailing List

Subscribe to the Ascendant Compliance email list for the latest compliance resources, conferences, ComplianceCasts™, and more.

Loading form...

Contact Us

Ascendant works together with clients to identify and assess critical needs through customized plans. If you need assistance with compliance functions, regulatory services, cybersecurity or technology tools, we’d love to speak with you.