SEC: Prioritizing Cybersecurity

Cybersecurity is now a priority for many investment advisers to address. On June 14, SEC Chair Mary Jo White echoed that sentiment in her testimony before the U.S. Senate Committee on Banking, Housing, and Urban Affairs.

“Cybersecurity is – as I have said before – one of the greatest risks facing the financial services industry and will be for the foreseeable future,” Chair White said in her remarks. She went on to note that the SEC has taken a “proactive” approach that includes “examining and enforcing the rules we oversee that relate to cybersecurity.”

Reading between the lines, it appears that the SEC does not need a new Cybersecurity Rule to enforce requirements. Rather, the Commission appears willing and able to enforce existing regulations that already address cybersecurity – particularly Rule 30(a) of Regulation S-P, which requires registered investment advisers to adopt written policies and procedures reasonably designed to safeguard customer records and information.

Regulation S-P violations have paved the way for the SEC to bring two cybersecurity enforcement actions against investment advisers within the last nine months – first, against RT Jones in September 2015 and more recently against Morgan Stanley Smith Barney in June 2016.

SEC’s 2016 Efforts on Cybersecurity Exams

Chair White stated that the SEC is focusing on “ensuring that our registered entities have policies and procedures to address the risks posed to their systems and data by cyberattacks,” explaining that the agency has expanded its cybersecurity examinations to include testing of firms’ implementation of procedures and controls.

The SEC is currently examining these issues at firms in 2016, and recently announced the promotion of Christopher Hetner to the role of Senior Advisor to the Chair for Cybersecurity Policy. Mr. Hetner, a former chief information security officer at GE Capital, is the Cybersecurity Lead for the SEC’s Office of Compliance Inspections and Examinations (OCIE) Technology Controls Program.

Chair White’s full testimony is available by clicking here.

Related Content

Latest Content

When Policies, Procedures and Testing Protocols Aren’t Enough…

The Compliance Program Rule continues to be a powerful tool for SEC enforcement, recently used by the SEC to address trading away in wrap accounts, misappropriation of retail client assets, and the misuse of an omnibus account. Advisory firms had written policies and procedures and testing protocols, but they were not good enough; are yours? … Continued

The Compliance Professionals Guide to Effective Trade Desk Monitoring

Global regulators continue to enhance their ability to monitor the activities of market participants through a combination of new rules, filing requirements, and upgrades to surveillance technologies. As a result, many market participants, including both buy-and sell-side firms, need to re-assess how they currently monitor the trading desk, and whether new policies and procedures are … Continued

How Do You Supervise for SEC Pay-to-Play Violations?

If you wanted more information about the contours of the SEC’s Pay-to-Play Rule, or how the SEC may enforce it, three recent Settlement Orders against large investment advisers for “over de minimis” political contributions provide some insight regarding one of the prohibitions: Contributions by Covered Associates to certain Government Officials over the specified Exception amount (capitalized words are terms in the … Continued

Do your Fund Documents Clearly Disclose Receipt of Accelerated Monitoring Fees?

Somewhat more reminiscent of the broken-windows enforcement era, two affiliated private equity advisers managing billions settled with the SEC on charges that they failed to make pre-commitment disclosures in fund governing documents related to accelerated fees received from portfolio companies. Interestingly, according to the Settlement Order, the advisers had made some disclosures in fund documents … Continued

With New Risk Alert, SEC Doubles Down on Best Execution

On July 11, 2018, the SEC issued a Risk Alert outlining commonly found compliance issues related to best execution by investment advisers. Advisers have an obligation to seek best execution of client transactions, taking into consideration quantitative factors such as execution quality and commission rate, as well as more qualitative factors such as the value … Continued

Mailing List

Subscribe to the Ascendant Compliance email list for the latest compliance resources, conferences, ComplianceCasts™, and more.

Loading form...

Contact Us

Ascendant works together with clients to identify and assess critical needs through customized plans. If you need assistance with compliance functions, regulatory services, cybersecurity or technology tools, we’d love to speak with you.