SEC | Cybersecurity and Resiliency Observations

Cyber Response

On January 7, 2020, the US Securities and Exchange Commission’s Office of Compliance Inspections and Examinations (“OCIE”) released its 2020 examination priorities. While a number of the 2020 priorities are continuations from the prior year, OCIE made certain enhancements and/or additions to these exam priorities that are similar to themes highlighted in its risk alerts and regulatory initiatives during 2019.

Many of OCIE’s 2020 examination priorities, including the focus on retail investors, fraud, conflicts (and related disclosures), among others, are perennial risk areas that OCIE routinely prioritizes. While the SEC release discusses new issues in greater detail than continuing areas of interest, practitioners must continue to focus on these areas and monitor whether the SEC provides guidance throughout the year.

In its 2020 report, OCIE emphasized that the keys of effective compliance are a culture and tone set from the top (including C-level executives). In fact, a commitment to compliance from C-level executives was referenced as perhaps the most important “hallmark” of a good compliance program. Therefore, top level executives will benefit from reviewing the 2020 priorities to assess the impact on their business models and take proactive measures to strengthen their compliance programs.

The 2020 report also emphasizes certain “hallmarks” of effective compliance, including the compliance department’s active engagement in most facets of firm operations, early involvement in important business developments, and the employment of a knowledgeable CCO empowered with full responsibility, authority, and resources to develop and enforce policies and procedures. It is crucial that firms invest resources – including time and personnel – to enable effective compliance in the operation of their businesses.

  • Information security.
    • Access Rights & Permissions (FIM)
    • Mobile Device Management (MDM)
    • Incident Response
    • Vendor Management
    • Training
  • Financial technology (fintech) and innovation, including digital assets and electronic investment advice.
  • Additional focus areas involving RIAs and investment companies.
  • Additional focus areas involving broker-dealers and municipal advisors.
  • Market infrastructure.

Further Reading:

Responding to a Cyber Incident: NIST

January 20, 2020 OCIE Cybersecurity and Resiliency Observations : CIS

Pylon Technology