ARTICLE
6 October 2015

SEC Issues Top Cybersecurity Priorities For Broker-Dealers And Investment Advisers

MT
McCarthy Tétrault LLP

Contributor

McCarthy Tétrault LLP provides a broad range of legal services, advising on large and complex assignments for Canadian and international interests. The firm has substantial presence in Canada’s major commercial centres and in New York City, US and London, UK.
On September 15, 2015, the Office of Compliance Inspections and Examinations ("OCIE") issued a risk alert to announce the priorities for its second round of cybersecurity examinations. The examinations are part of the Cybersecurity Initiative announced by the OCIE on its April 15, 2014 risk alert.
Canada Media, Telecoms, IT, Entertainment

On September 15, 2015, the Office of Compliance Inspections and Examinations ("OCIE") issued a risk alert to announce the priorities for its second round of cybersecurity examinations.  The examinations are part of the Cybersecurity Initiative announced by the OCIE on its April 15, 2014 risk alert.

This second round of examination is focused on assessing the implementation of firm procedures and controls, building on the foundation established by the first examination, which focused on collecting information about the industry's recent experiences with certain types of cyber threats and understanding industry wide practices regarding cybersecurity governance, identification and assessment of cybersecurity risks, protection of networks and information, risks associated with remote customer access and funds transfer requests, risks associated with vendors and other third parties and detection of unauthorized activity.

The priorities for this round of examination include: Governance and Risk Assessment, Access Rights and Controls, Data Loss Prevention, Vendor Management, Training, Incident Response. The alert indicates that while these are the priorities, examiners may select additional areas based on risks identified during the course of the examinations and also to account for a particular firm's business.

The alert includes a sample request for information to assist registered entities prepare for the examination. It is not intended to be an all-inclusive list but will aid firms in assessing their cybersecurity practices, policies and procedures.

To view the original article please click here.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More