Office of Compliance Inspections and Examinations (OCIE) Cybersecurity Initiative
On April 15, 2014, the SEC’s Office of Compliance Inspections and Examinations (OCIE) published a risk alert detailing its initiative to examine over 50 registered broker-dealers and investment advisers to assess cybersecurity preparedness. To view OCIE’s Risk Alert, click here.
The Risk Alert includes a copy of a sample document request list that OCIE may use in conducting examinations regarding cybersecurity matters. OCIE stated that the sample document request list is "intended to empower compliance professionals in the industry with questions and tools they can use to assess their firms’ level of preparedness, regardless of whether they are included in OCIE’s examinations." OCIE indicated that it may alter this document request list for a registrant as it considers the specific circumstances presented by the registrant’s particular systems or information technology environment.
OCIE is seeking information relating to a variety of cybersecurity topics including:
identification of risks and cybersecurity governance;
protection of firm networks and information;
risks associated with remote customer access and fund transfer requests;
risks associated with vendors and other third parties;
detection of unauthorized activity; and
a registrant’s specific experiences with cybersecurity threats.
OCIE may inquire as to how broker-dealers and investment advisers are responding to cybersecurity threats and whether such threats have been reported to regulatory agencies or law enforcement. OCIE’s Risk Alert was published subsequent to the SEC’s Cybersecurity Roundtable held on March 26, 2014.