OCIE OFFERS CYBERSECURITY AND RESILIENCY OBSERVATIONS

OCIE has now issued examination observations related to cybersecurity and operational resiliency practices taken by investment advisers and other market participants. With examples, the observations included governance and risk management, access rights and controls, data loss prevention, mobile security, incident response and resiliency, vendor management, and training and awareness. Members are encouraged to incorporate these observations in their cybersecurity assessments. A copy of the examination guidance can be found here.

Author: Dexter Johnson

The author is a an attorney who for the past 14 years has concentrated his practice in representing, successfully, investment advisers, broker-dealers, corporations and individuals who are subject to SEC, FINRA, State or other regulations and who may be the subject of regulatory examination, review or investigation. He formerly worked at the SEC. His regulatory and litigation experience has encompassed virtually every type of securities issue in the industry. He has also negotiated favorable outcomes in many of these matters for his clients.