SEC OCIE to Launch a Third Cybersecurity Sweep

by: Align on Mar, 29, 2019 | 0 Comments
 hero Image

The Securities and Exchange Commission’s (SEC’s) Office of Compliance Inspections and Examinations (OCIE) has launched a third cybersecurity sweep, announced by deputy director Kristin Snyder, on March 19th at the Investment Company Institute’s 2019 Mutual Funds and Investment Management Conference in San Diego, California.

The third cybersecurity sweep will focus primarily on cybersecurity practices at investment advisers, encompassing firms with multiple branch offices and those involved in recent merger and acquisitions (M&As).

Because of the fundamental and operational changes firms experience during M&A, complexities arise, risk exposure increases and vulnerabilities surface if cybersecurity is not addressed on the onset and with a comprehensive approach.

This reverberates with the SEC’s 2019 examination priorities, whereupon the agency communicated it would emphasize these focal areas at advisers and urged them to actively and effectively manage cyber-related issues and operational risk.

Align Guidance

Align recommends that all investment advisers with multiple branch offices and those who experienced recent mergers, or other business combinations, should focus their efforts on the “cyber six,” which includes:

  • Governance
  • Access Rights and Controls
  • Data Loss Prevention
  • Vendor Management
  • Employee Training
  • Incident Response

Furthermore, Align extrapolates from this that private equity firms that are integrating the IT structure of their portfolio companies will be of similar interest and certainly on the SEC’s radar.

Align continues to monitor all regulatory activity related to cybersecurity inquiries and examinations. If you have any questions, please contact our cybersecurity specialists today.

Contact Us ➜

Tags: Cybersecurity, Due Diligence, Managed Services

Related Articles

 
SEC Risk Alert: COVID-19 Compliance Risks for Broker-Dealers and RIAs

Cybersecurity

SEC Risk Alert: COVID-19 Compliance Risks for Broker-Dealers and RIAs

On August 12th, 2020, the U.S. Security and Exchange Commission’s (SEC) Office of Compliance

Read More >

Common Phishing Attack Methods and Tips to Avoid Scams

Cybersecurity

Common Phishing Attack Methods and Tips to Avoid Scams

Phishing, a form of social engineering, is the most prevalent and persuasive attack vector used to

Read More >