Beginning in May The SEC Will Assess More than 50 Broker-Dealers, Investment Advisers
If you’re an investment advisor or broker dealer, the time is rapidly approaching when you’ll be subjected to an SEC cybersecurity readiness audit. Are you prepared?
The Securities and Exchange Commission is planning to conduct more than 50 examinations to assess cybersecurity preparedness in the securities industry and to obtain information about the industry’s recent experiences with certain types of cyberthreats.
Organizations to be examined by the SEC’s Office of Compliance Inspections and Examinations include registered broker-dealers and registered investment advisers.
- What The SEC Is Looking For
The examinations will focus on the entities’ identification and assessment of risks; protection of networks and information; risks associated with remote customer access and funds transfer requests; risks associated with vendors and other third parties; detection of unauthorized activity; and experiences with certain cybersecurity threats.
- Information Sought From Wall Street Companies
In its announcement of the upcoming examinations, the SEC says some of the information it may seek from Wall Street companies includes:
- An inventory of physical devices and systems, as well as software platforms and applications;
- A copy of the organization’s written information security policy;
- Evidence of whether the organization conducts periodic risk assessments;
- Evidence of whether cybersecurity roles and responsibilities have been explicitly assigned;
- Practices and controls regarding the protection of networks and information utilized by the organization;
- Evidence of whether the organization conducts or requires risk assessments of vendors and business partners;
- Steps taken to detect unauthorized activity on networks and devices;
- Updates on whether the organization experienced any type of cyber-incident.
A pro-active approach to improving your overall security framework will prove the least costly to preparing for your SEC Cybersecurity Exam. Putting prevention measures in place now can save your company not only time, money, production resources, but will also provide you and your customer a level of trust and confidence rather than the embarrassment of full customer disclosure that their personal information has been compromised and could be used in a fraudulent manner. TBG can help you prepare by first performing a Security Readiness Assessment to see how your company would fare in a real cybersecurity audit.
For more information on how TBG Security can help your organization reach compliance contact our our Compliance Practice Manager or call us directly at 877.233.6651 ext 704.