From: Data Matters
Geeta Malhotra, Matthew J. Saldaña and Colleen Theresa Brown
On February 7, 2018, the SEC’s Office of Compliance Inspections and Examinations (OCIE) released its 2018 National Exam Program Examination Priorities (2018 Exam Priorities) and, once again, identified cybersecurity as one of its main areas of focus. According to OCIE, each of its examination programs will prioritize cybersecurity. The 2018 Exam Priorities include five main focus areas: (1) cybersecurity; (2) compliance and risks in critical market infrastructure; (3) matters of importance to retail investors, including seniors and those saving for retirement; (4) oversight of the Financial Industry Regulatory Authority (FINRA) and Municipal Securities Rulemaking Board (MSRB); and (5) anti-money laundering programs. For an in-depth discussion regarding the entirety of the 2018 Exam Priorities, see Sidley’s previous analysis here.
As related to cybersecurity, the 2018 Exam Priorities make clear that OCIE’s examinations will focus on governance, risk assessments, access rights and controls, data loss prevention, vendor management, training, and incident response. OCIE emphasized the “critical” importance of cybersecurity protection to market operation and the far-reaching effects of cyber threats. In addition, OCIE will continue to work with firms in all sectors to identify and manage cybersecurity risks and to encourage other market participants to engage in this effort as well.
Leave a Reply