SEC: Prioritizing Cybersecurity

Cybersecurity is now a priority for many investment advisers to address. On June 14, SEC Chair Mary Jo White echoed that sentiment in her testimony before the U.S. Senate Committee on Banking, Housing, and Urban Affairs.

“Cybersecurity is – as I have said before – one of the greatest risks facing the financial services industry and will be for the foreseeable future,” Chair White said in her remarks. She went on to note that the SEC has taken a “proactive” approach that includes “examining and enforcing the rules we oversee that relate to cybersecurity.”

Reading between the lines, it appears that the SEC does not need a new Cybersecurity Rule to enforce requirements. Rather, the Commission appears willing and able to enforce existing regulations that already address cybersecurity – particularly Rule 30(a) of Regulation S-P, which requires registered investment advisers to adopt written policies and procedures reasonably designed to safeguard customer records and information.

Regulation S-P violations have paved the way for the SEC to bring two cybersecurity enforcement actions against investment advisers within the last nine months – first, against RT Jones in September 2015 and more recently against Morgan Stanley Smith Barney in June 2016.

SEC’s 2016 Efforts on Cybersecurity Exams

Chair White stated that the SEC is focusing on “ensuring that our registered entities have policies and procedures to address the risks posed to their systems and data by cyberattacks,” explaining that the agency has expanded its cybersecurity examinations to include testing of firms’ implementation of procedures and controls.

The SEC is currently examining these issues at firms in 2016, and recently announced the promotion of Christopher Hetner to the role of Senior Advisor to the Chair for Cybersecurity Policy. Mr. Hetner, a former chief information security officer at GE Capital, is the Cybersecurity Lead for the SEC’s Office of Compliance Inspections and Examinations (OCIE) Technology Controls Program.

Chair White’s full testimony is available by clicking here.

Related Content

Latest Content

SEC’s Latest Risk Alert Focuses on Electronic Communications

The SEC’s most recent risk alert, “Observations from Investment Adviser Examinations Relating to Electronic Messaging,” issued on December 14, 2019, focuses on the use and maintenance of electronic communications for business purposes. The purpose of the alert is to remind advisers of their obligations related to personal use of electronic messaging and the requirements for … Continued

SEC OCIE Issues 2019 Examination Priorities

Well ahead of the New Year, the SEC Office of Compliance Inspections and Examinations (OCIE) announced its 2019 examination priorities. In keeping with OCIE’s four “pillars” of promoting compliance, preventing fraud, identifying and monitoring risk, and informing policy, the Dec. 20 release provides a preview of key areas where OCIE intends to focus its limited … Continued

Highlights of 2018: Predictions for 2019

Our annual year-end review covers investment adviser compliance highlights from 2018, and makes 2019 predictions. We will highlight enforcement actions and SEC risk alerts for retail advisers, private fund managers, and institutional wealth managers. Using these as road markers, our predictions are designed to lead reasonable and effective compliance program development. Evaluate 2018 Compliance and … Continued

A New View of How Technology Will Change the Emerging Crytpo-Economy

From the top of the world, it’s amazing what you can see.  I recently had the opportunity to travel to the United Arab Emirates to speak in Dubai at the 7th Edition of the Alternative Investment Management Summit. While I was there, I took a few moments to ride to the top of the Burj … Continued

SEC Retail Investor Focus Turns Towards Registered Investment Companies

Earlier this year when the SEC’s Office of Compliance Inspections and Examinations (“OCIE”) announced its 2018 examination priorities, OCIE stated that a core priority was to protect retail investors, including seniors and individuals saving for retirement. OCIE is now continuing this effort by focusing on mutual funds and exchanged-traded funds (together, the “Funds”) as the … Continued

Mailing List

Subscribe to the Ascendant Compliance email list for the latest compliance resources, conferences, ComplianceCasts™, and more.

Loading form...

Contact Us

Ascendant works together with clients to identify and assess critical needs through customized plans. If you need assistance with compliance functions, regulatory services, cybersecurity or technology tools, we’d love to speak with you.