Cybersecurity for Investment Advisers

October 28, 2014

In its Examination Priorities for 2014 notice the U.S. Securities and Exchange Commission’s (SEC) Office of Compliance Inspections and Examinations (OCIE) indicated that technology would be one of the most significant initiatives in 2014. This focus on technology will include an assessment on an investment adviser’s cybersecurity preparedness. In April 2014, OCIE issued a National Exam Program Risk Alert to provide additional information regarding its focus on assessing cybersecurity preparedness in the securities industry. The Risk Alert discusses OCIE’s cybersecurity initiative and the registered investment adviser and broker-dealer examinations OCIE is conducting of as part of this initiative that will, at a minimum, focus on the following:

  • Cybersecurity governance;
  • Identification and assessment of cybersecurity risks;
  • Protection of networks and information;
  • Risks associated with remote customer access and funds transfer requests;
  • Risks associated with vendors and other third parties;
  • Detection of unauthorized activity; and
  • Experiences with certain cybersecurity threats.

Also included as part of the Risk Alert is a sample request for information and documents that is used when OCIE conducts its cybersecurity examinations.  The Risk Alert specifically states, “This Risk Alert is intended to highlight for firms risks and issues that the staff has identified. In addition, this Risk Alert describes factors that firms may consider to (i) assess their supervisory, compliance and/or other risk management systems related to these risks, and (ii) make any changes, as may be appropriate, to address or strengthen such systems.” Investment advisers should review this sample list of requests to help assess their level of cybersecurity preparedness.

On October 30, 2014, RIA Compliance Consultants will be presenting a webinar, “Cybersecurity for Investment Advisers,” at 12:00pm CDT. We will present this webinar to address the importance of information security as it pertains to registered investment advisers.  In addition to discussion regarding the National Examination Program Risk Alert and the regulatory focus on developing, maintaining, monitoring and testing written information security programs, our consultants will provide some tips and best practices regarding information security safeguards that investment advisers should include in their written plans. The fee for participating in the webinar is $69.95. Click here now to purchase and register for the webinar.

Posted by Bryan Hill
Labels: Cyber Security, Cybersecurity, Information Security