What are the latest SEC Risk Alert findings?

The Securities and Exchange Commission's Office of Compliance Inspections and Examinations released a Risk Alert recently that provided further cybersecurity guidance for financial services firms, with specific focus on protecting broker-dealer and investment advisor customer information. What are the takeaways from this latest SEC Risk Alert?

The SEC recently announced the findings of its recent Cybersecurity Examination Initiative, which is an effort to address the numerous data breaches and cyberattacks against financial services firms. The initiative, according to the SEC, is designed to "build off OCIE's previous examinations" and concentrate more on cybersecurity preparedness. Based on the findings of the Cybersecurity Examination Initiative, the SEC informed regulated financial services firms that it will focus on six key areas in upcoming examinations. Financial services firms subject to examination by the OCIE should review their practices in each of these six areas to increase the likelihood of a favorable result on future examinations. The areas of focus are:

• Governance and risk assessment
• Access rights and controls
• Data loss prevention
• Vendor management
• Training
• Incident response

These six areas will be the focus of upcoming examinations, but they are only a small portion of the requirements subject to audit under the program. Firms subject to these assessments should review the full SEC Risk Alert: OCIE's 2015 Cybersecurity Examination Initiative.

Ask the Expert:
Got a vexing problem for Mike Chapple or any of our other experts? Ask your enterprise-specific questions today. (All questions are anonymous.)