SEC Risk Alert Shows Gaps in Firm Cybersecurity Programs

The SEC’s Office of Compliance Examinations and Inspections (OCIE) has released a Risk Alert with a brief summary of observations from its second round of cybersecurity exam sweeps, where it surveyed 75 broker dealers, investment advisors, and investment companies.  The Cybersecurity 2 Initiative was a more thorough follow-up to their 2014 Cybersecurity 1 Initiative.  The… READ MORE

Cybersecurity Deadline Approaches – Preparing your firm for the first phase of New York’s ’ Cybersecurity Rule 23 NYCRR 500

The first phase implementation date of New York’s “Cybersecurity Requirements for Financial Services Companies” rule is August 28th, 2017.   The rule requires firms to develop and maintain a cybersecurity program designed to protect the confidentiality, integrity and availability of their information systems.  The program must be based on a risk assessment, identify and assess internal… READ MORE

2016 SEC & FINRA Exam Priorities

If you ever want to know what the regulators are focusing on when they conduct examinations, they actually tell you. Last month FINRA and the SEC put out their examination priorities. These priorities can be used to help you understand their focus and give you guidance on how to prioritize your efforts to maintain a… READ MORE