SEC Publishes Observations on Cybersecurity and Resiliency Practices
The SEC Office of Compliance Inspections and Examinations (OCIE) issued examination observations related to cyber-security and operational resiliency practices of market participants. The observations highlight approaches of market participants in the areas of governance and risk management, access rights and controls, data loss prevention, mobile security, incident response and resilience, vendor management, and training and awareness. The observations cover specific examples of cyber-security and operational resiliency practices and controls that organizations have taken to potentially safeguard against threats and respond in the event of an incident.
While the effectiveness of any given cyber-security program is fact-specific, it has been observed that a key element of effective program is the incorporation of a governance and risk management program that generally includes, among other things:
- Developing and conducting a risk assessment process to identify, manage, and mitigate cyber risks relevant to the organization’s business. This includes considering the organization’s business model, as part of defining a risk assessment methodology, and working to identify and prioritize potential vulnerabilities.
- Adopting and implementing comprehensive written policies and procedures addressing the identified risks.
- Establishing comprehensive testing and monitoring to validate the effectiveness of cyber-security policies and procedures on a regular and frequent basis. Testing and monitoring can be informed based on cyber threat intelligence.
- Responding promptly to testing and monitoring results by updating policies and procedures to address any gaps or weaknesses and involving board and senior leadership appropriately.
OCIE conducts examinations of SEC-registered investment advisers, investment companies, broker-dealers, self-regulatory organizations, clearing agencies, transfer agents, and others. It uses a risk-based approach to examinations to fulfill its mission to promote compliance with U.S. securities laws, prevent fraud, monitor risk, and inform SEC policy.
Related Links
Keywords: Americas, US, Securities, Operational Resilience, Governance, Data, Cyber Risk, SEC
Featured Experts
María Cañamero
Skilled market researcher; growth strategist; successful go-to-market campaign developer
Pierre-Etienne Chabanel
Brings expertise in technology and software solutions around banking regulation, whether deployed on-premises or in the cloud.
Nicolas Degruson
Works with financial institutions, regulatory experts, business analysts, product managers, and software engineers to drive regulatory solutions across the globe.
Previous Article
FIN-FSA Amends Regulations and Guidelines on Credit Risk ManagementRelated Articles
BCBS Amends Guidelines on Sound Management of AML/CFT Risks
BCBS amended the guidelines on sound management of risks related to money laundering and financing of terrorism (ML/FT).
EBA Guidelines on Treatment of Structural Foreign Exchange Under CRR
EBA finalized the guidelines on treatment of structural foreign-exchange (FX) positions under Article 352(2) of the Capital Requirements Regulation (CRR).
FSB Issues Statement on Impact of COVID-19 Crisis on Benchmark Reform
FSB published a statement on the impact of COVID-19 pandemic on global benchmark transition.
IAIS Publishes List of Internationally Active Insurance Groups
IAIS published the list of Internationally Active Insurance Groups (IAIGs) publicly disclosed by group-wide supervisors.
FED Temporarily Revises FR Y-9C With Respect to PPPLF and CARES Act
FED has temporarily revised the reporting form on consolidated financial statements for holding companies (FR Y-9C; OMB No. 7100-0128).
EC Launches Consultation on Review of Solvency II Directive
EC launched a consultation on the review of the key elements of Solvency II Directive, with the comment period ending on October 21, 2020.
ECB Consults on Supervisory Approach to Consolidation in Banking
ECB launched a consultation on the guide that sets out supervisory approach to consolidation projects in the banking sector.
PRA Letter Sets Expectations on Approach to Managing Climate Risks
PRA published a letter that builds on the expectations set out in the supervisory statement (SS3/19) on enhancing banks' and insurers' approaches to managing the financial risks from climate change.
US Agencies Finalize Amendments to Swap Margin Rule
US Agencies (Farm Credit Administration, FDIC, FED, FHFA, and OCC) finalized changes to the swap margin rule to facilitate implementation of prudent risk management strategies at banks and other entities with significant swap activities.
IAIS on Package for 2020 Data Collection on ICS and Aggregation Method
IAIS published technical specifications, questionnaires, and templates for 2020 Insurance Capital Standard (ICS) and Aggregation Method data collections.
