Featured Product

    SEC Publishes Observations on Cybersecurity and Resiliency Practices

    January 27, 2020

    The SEC Office of Compliance Inspections and Examinations (OCIE) issued examination observations related to cyber-security and operational resiliency practices of market participants. The observations highlight approaches of market participants in the areas of governance and risk management, access rights and controls, data loss prevention, mobile security, incident response and resilience, vendor management, and training and awareness. The observations cover specific examples of cyber-security and operational resiliency practices and controls that organizations have taken to potentially safeguard against threats and respond in the event of an incident.

    While the effectiveness of any given cyber-security program is fact-specific, it has been observed that a key element of effective program is the incorporation of a governance and risk management program that generally includes, among other things:

    • Developing and conducting a risk assessment process to identify, manage, and mitigate cyber risks relevant to the organization’s business. This includes considering the organization’s business model, as part of defining a risk assessment methodology, and working to identify and prioritize potential vulnerabilities.
    • Adopting and implementing comprehensive written policies and procedures addressing the identified risks.
    • Establishing comprehensive testing and monitoring to validate the effectiveness of cyber-security policies and procedures on a regular and frequent basis. Testing and monitoring can be informed based on cyber threat intelligence.
    • Responding promptly to testing and monitoring results by updating policies and procedures to address any gaps or weaknesses and involving board and senior leadership appropriately.

    OCIE conducts examinations of SEC-registered investment advisers, investment companies, broker-dealers, self-regulatory organizations, clearing agencies, transfer agents, and others. It uses a risk-based approach to examinations to fulfill its mission to promote compliance with U.S. securities laws, prevent fraud, monitor risk, and inform SEC policy.

     

    Related Links

    Keywords: Americas, US, Securities, Operational Resilience, Governance, Data, Cyber Risk, SEC

    Featured Experts
    Related Articles
    News

    BoE Seeks Information Before Migrating Statistical Reporting to BEEDS

    The Bank of England (BoE) published the Statistical Notice 2021/09 requiring additional information from firms and software vendors to assist in the onboarding and testing phases for migrating statistical reporting to the BEEDS portal.

    October 25, 2021 WebPage Regulatory News
    News

    FCA Publishes Final Rules on Investment Firms Prudential Regime

    The Financial Conduct Authority (FCA) published the final rules on the Investment Firms Prudential Regime (IFPR) to streamline and simplify the prudential requirements for solo-regulated UK firms authorized under the Markets in Financial Instruments Directive (MiFID).

    October 25, 2021 WebPage Regulatory News
    News

    CFRF Publishes Guides to Manage Financial Risks from Climate Change

    The working groups of the Climate Financial Risk Forum (CFRF) published a second round of guides (or Session 2 guides), written by the industry for the industry, to help financial firms manage climate-related financial risks.

    October 21, 2021 WebPage Regulatory News
    News

    PRA Finalizes Policy for Non-Performing Exposure Securitizations

    The Prudential Regulation Authority (PRA) published the final Policy Statement PS24/21 that contains the new Non-Performing Exposures Securitization Part of the PRA Rulebook and an updated Supervisory Statement SS10/18 on the general requirements and capital framework with respect to securitizations.

    October 21, 2021 WebPage Regulatory News
    News

    EBA Updates Filing Rules for Supervisory Reporting

    The European Banking Authority (EBA) published version 5.1 of the filing rules for supervisory reporting.

    October 19, 2021 WebPage Regulatory News
    News

    ECB Amends Guideline on Procedures for Collection of AnaCredit Data

    The European Central Bank (ECB) Guideline 2021/1829 on the procedures for the collection of granular credit and credit risk data has been published in the Official Journal of European Union.

    October 19, 2021 WebPage Regulatory News
    News

    ECB Amends Guideline on Procedures for Collection of AnaCredit Data

    The European Central Bank (ECB) Guideline 2021/1829 on the procedures for the collection of granular credit and credit risk data has been published in the Official Journal of European Union.

    October 19, 2021 WebPage Regulatory News
    News

    EBA Publishes Standards on Disclosure of Investment Policy Under IFR

    The European Banking Authority (EBA) published the final draft regulatory technical standards on disclosure of investment policy by investment firms, under the Investment Firms Regulation (IFR).

    October 19, 2021 WebPage Regulatory News
    News

    EU to Explore Potential of Establishing a Joint Cyber Unit

    The European Council adopted conclusions inviting the European Union (EU) and the member states to further develop the cybersecurity crisis management framework.

    October 19, 2021 WebPage Regulatory News
    News

    EC Sets Out Work Program for 2022

    The European Commission (EC) adopted the work program for 2022.

    October 19, 2021 WebPage Regulatory News
    RESULTS 1 - 10 OF 7598