Featured Product

    SEC Publishes Observations on Cybersecurity and Resiliency Practices

    January 27, 2020

    The SEC Office of Compliance Inspections and Examinations (OCIE) issued examination observations related to cyber-security and operational resiliency practices of market participants. The observations highlight approaches of market participants in the areas of governance and risk management, access rights and controls, data loss prevention, mobile security, incident response and resilience, vendor management, and training and awareness. The observations cover specific examples of cyber-security and operational resiliency practices and controls that organizations have taken to potentially safeguard against threats and respond in the event of an incident.

    While the effectiveness of any given cyber-security program is fact-specific, it has been observed that a key element of effective program is the incorporation of a governance and risk management program that generally includes, among other things:

    • Developing and conducting a risk assessment process to identify, manage, and mitigate cyber risks relevant to the organization’s business. This includes considering the organization’s business model, as part of defining a risk assessment methodology, and working to identify and prioritize potential vulnerabilities.
    • Adopting and implementing comprehensive written policies and procedures addressing the identified risks.
    • Establishing comprehensive testing and monitoring to validate the effectiveness of cyber-security policies and procedures on a regular and frequent basis. Testing and monitoring can be informed based on cyber threat intelligence.
    • Responding promptly to testing and monitoring results by updating policies and procedures to address any gaps or weaknesses and involving board and senior leadership appropriately.

    OCIE conducts examinations of SEC-registered investment advisers, investment companies, broker-dealers, self-regulatory organizations, clearing agencies, transfer agents, and others. It uses a risk-based approach to examinations to fulfill its mission to promote compliance with U.S. securities laws, prevent fraud, monitor risk, and inform SEC policy.

     

    Related Links

    Keywords: Americas, US, Securities, Operational Resilience, Governance, Data, Cyber Risk, SEC

    Featured Experts
    Related Articles
    News

    BIS Innovation Hub Sets Out Work Program for 2021

    BIS Innovation Hub published the work program for 2021, with focus on suptech and regtech, next-generation financial market infrastructure, central bank digital currencies, open finance, green finance, and cyber security.

    January 22, 2021 WebPage Regulatory News
    News

    EC Plans to Consult on Crisis Management and EDIS Framework Revisions

    In an article published by SRB, Mairead McGuinness, the European Commissioner for Financial Services, Financial Stability, and Capital Markets Union, discussed the progress and next steps toward completion of the Banking Union.

    January 21, 2021 WebPage Regulatory News
    News

    EBA Finalizes Remuneration Standards for Investment Firms in EU

    EBA finalized the two sets of draft regulatory technical standards on the identification of material risk-takers and on the classes of instruments used for remuneration under the Investment Firms Directive (IFD).

    January 21, 2021 WebPage Regulatory News
    News

    ECA Recommends Actions to Enhance Resolution Planning for Banks

    EC published, in the Official Journal of the European Union, a notification that the European Court of Auditors (ECA) has published a special report on resolution planning in the Single Resolution Mechanism.

    January 20, 2021 WebPage Regulatory News
    News

    BoE Publishes Key Elements of the 2021 Stress Testing for Banks in UK

    BoE published a scenario against which it will be stress testing banks in 2021, in addition to setting out the key elements of the 2021 stress test, guidance on the 2021 stress test, and the variable paths for the 2021 stress test.

    January 20, 2021 WebPage Regulatory News
    News

    PRA Proposes Rules on Identity Verification of Depositor Protection

    PRA published a consultation paper (CP3/21) proposes rules regarding the timing of identity verification required for eligibility of depositor protection under the Financial Services Compensation Scheme (FSCS).

    January 20, 2021 WebPage Regulatory News
    News

    FSB Publishes Work Program for 2021

    FSB published the work program for 2021, which reflects a strategic shift in priorities in the COVID-19 environment.

    January 20, 2021 WebPage Regulatory News
    News

    FCA Issues Update on Move to New Data Collection Platform

    FCA announced that 50% firms have started using the new data collection platform RegData, which is slated to replace the existing platform known Gabriel.

    January 20, 2021 WebPage Regulatory News
    News

    Bundesbank Publishes Derivation Rules for Reporting by Banks

    Bundesbank published Version 5.0 of the derivation rules for completeness check at the form level, with respect to the data quality of the European harmonized reporting system.

    January 19, 2021 WebPage Regulatory News
    News

    FED Revises Capital Planning and Stress Testing Requirements for Banks

    FED finalized a rule that updates capital planning requirements to reflect the new framework from 2019 that sorts large banks into categories, with requirements that are tailored to the risks of each category.

    January 19, 2021 WebPage Regulatory News
    RESULTS 1 - 10 OF 6488