August 5, 2021

Volume XI, Number 217

Advertisement

August 05, 2021

Subscribe to Latest Legal News and Analysis

August 04, 2021

Subscribe to Latest Legal News and Analysis

August 03, 2021

Subscribe to Latest Legal News and Analysis

SEC’s 2018 Exam Priorities Reflect Continued Focus on Cybersecurity

Annually, the Securities and Exchange Commission’s Office of Compliance Inspections and Examinations (“OCIE”) publishes its examination priorities for the new year.  Recently, OCIE announced five priorities that will inform its examinations moving in to 2018.

OCIE is committed to “promoting compliance, preventing fraud, identifying and monitoring risk, and informing policy.” In support of these “pillars,” OCIE intends to focus on:

  1. Issues of importance to retail investors, such as fee disclosures, mutual funds, and exchange-traded funds;

  2. Entities that are critical to the proper functioning of capital markets, such as clearing agencies and national securities exchanges;

  3. Oversight of the Financial Industry Regulatory Authority (FINRA) and the Municipal Securities Rulemaking Board (MSRB);

  4. Cybersecurity; and

  5. Anti-money laundering programs.

The emphasis on cybersecurity is not new.  As early as 2014, OCIE highlighted its commitment to monitoring cybersecurity practices of regulated entities when it launched a series of examinations to identify cybersecurity risks and assess cybersecurity preparedness in the securities industry.  In 2015 and 2017, the SEC released the results of its first two cybersecurity examination sweeps.  Prior examination priorities also included the SEC’s commitment to “examine for cybersecurity compliance procedures and controls, including testing the implementation of those procedures and controls at broker-dealers and investment advisers.”

In this year’s announcement, OCIE noted that the scope and severity of risks related to data breaches and cyber attacks have increased and that such attacks can affect not only the targeted firms, but unsuspecting investors and market participants as well.  In evaluating firms’ cybersecurity programs and potential enforcement referrals, the agency intends to emphasize governance and risk assessment, access rights and controls, data loss prevention, vendor management, training, and incident response.

As noted in a recent post, cybersecurity continues to be a top priority for the SEC’s Division of Enforcement as well.  Indeed, in 2017 the Enforcement Division created a new specialized “Cyber Unit” dedicated to investigating violations related to cybersecurity intrusions and breakdowns.  And the SEC’s Chairman, Jay Clayton, has made clear in public remarks that he is personally focused on the issue.  Unfortunately, these public statements provide little specific guidance as to what cybersecurity measures will be deemed adequate.  Whether specifically subject to OCIE’s examination authority or not, however, organizations should be mindful that the SEC’s spotlight on cybersecurity is likely to intensify and approach their own risk assessments, budget, resources, and compliance priorities accordingly.   

© Copyright 2021 Squire Patton Boggs (US) LLPNational Law Review, Volume VIII, Number 44
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement

About this Author

Coates Lear Government Investigations Attorney Squire Patton Boggs Denver, CO & Washington DC
Partner

Coates Lear specializes in assisting companies, boards of directors, board committees and individuals in internal investigations, government inquiries and enforcement proceedings. Drawing on his extensive government experience, Coates has particular expertise in matters involving the US Securities and Exchange Commission (SEC). He also helps clients evaluate and improve their compliance programs, and represents clients in complex litigation.

Before joining the firm, Coates was senior counsel in the SEC’s Division of Enforcement, where he worked from 2007 to 2015. While at the SEC,...

303-894-6141
Partner

Tara Swaminatha is a member of the Data Privacy and Cybersecurity Practice. Tara has acted as outside cybersecurity counsel on some of the most significant data breaches in recent years and has defended clients against federal, state and international regulatory actions and related litigation.

202-457-6031
Elizabeth Weil Shaw attorney Squire Patton Boggs
Associate

Elizabeth Weil Shaw assists clients primarily with government enforcement actions and inquiries, as well as internal investigations and compliance reviews. Liz has analyzed matters involving investigations by the US Securities and Exchange Commission, Department of Justice and State Attorneys General. She is a contributor to the firm's Anticorruption Blog.

303-830-6129
Advertisement
Advertisement