Featured Product

    SEC Publishes Observations on Cybersecurity and Resiliency Practices

    January 27, 2020

    The SEC Office of Compliance Inspections and Examinations (OCIE) issued examination observations related to cyber-security and operational resiliency practices of market participants. The observations highlight approaches of market participants in the areas of governance and risk management, access rights and controls, data loss prevention, mobile security, incident response and resilience, vendor management, and training and awareness. The observations cover specific examples of cyber-security and operational resiliency practices and controls that organizations have taken to potentially safeguard against threats and respond in the event of an incident.

    While the effectiveness of any given cyber-security program is fact-specific, it has been observed that a key element of effective program is the incorporation of a governance and risk management program that generally includes, among other things:

    • Developing and conducting a risk assessment process to identify, manage, and mitigate cyber risks relevant to the organization’s business. This includes considering the organization’s business model, as part of defining a risk assessment methodology, and working to identify and prioritize potential vulnerabilities.
    • Adopting and implementing comprehensive written policies and procedures addressing the identified risks.
    • Establishing comprehensive testing and monitoring to validate the effectiveness of cyber-security policies and procedures on a regular and frequent basis. Testing and monitoring can be informed based on cyber threat intelligence.
    • Responding promptly to testing and monitoring results by updating policies and procedures to address any gaps or weaknesses and involving board and senior leadership appropriately.

    OCIE conducts examinations of SEC-registered investment advisers, investment companies, broker-dealers, self-regulatory organizations, clearing agencies, transfer agents, and others. It uses a risk-based approach to examinations to fulfill its mission to promote compliance with U.S. securities laws, prevent fraud, monitor risk, and inform SEC policy.

     

    Related Links

    Keywords: Americas, US, Securities, Operational Resilience, Governance, Data, Cyber Risk, SEC

    Featured Experts
    Related Articles
    News

    EC Rule on Contractual Recognition of Write Down and Conversion Powers

    The European Commission (EC) published the Delegated Regulation 2021/1527 with regard to the regulatory technical standards for the contractual recognition of write down and conversion powers.

    September 17, 2021 WebPage Regulatory News
    News

    APRA Issues Further Guidance on Application of Securitization Standard

    The Australian Prudential Regulation Authority (APRA) published a new set of frequently asked questions (FAQs) to provide guidance to authorized deposit-taking institutions on the interpretation of APS 120, the prudential standard on securitization.

    September 16, 2021 WebPage Regulatory News
    News

    SRB Provides Update on Approach to Prior Permissions Regime

    The Single Resolution Board (SRB) published a Communication on the application of regulatory technical standard provisions on prior permission for reducing eligible liabilities instruments as of January 01, 2022.

    September 16, 2021 WebPage Regulatory News
    News

    APRA Publishes FAQs on Capital Treatment of Overseas Subsidiaries

    The Australian Prudential Regulation Authority (APRA) published a new set of frequently asked questions (FAQs) to clarify the regulatory capital treatment of investments in the overseas deposit-taking and insurance subsidiaries.

    September 15, 2021 WebPage Regulatory News
    News

    EBA Finalizes Guidance to Assess Breaches of Large Exposure Limits

    The European Banking Authority (EBA) published the final report on the guidelines specifying the criteria to assess the exceptional cases when institutions exceed the large exposure limits and the time and measures needed for institutions to return to compliance.

    September 15, 2021 WebPage Regulatory News
    News

    PRA Finalizes Changes to Consolidated Prudential Rules Under CRD5/CRR2

    The Prudential Regulation Authority (PRA) issued the policy statement PS20/21, which contains final rules for the application of existing consolidated prudential requirements to financial holding companies and mixed financial holding companies.

    September 15, 2021 WebPage Regulatory News
    News

    EBA Revises Guidelines on Stress Tests of Deposit Guarantee Schemes

    The European Banking Authority (EBA) revised the guidelines on stress tests to be conducted by the national deposit guarantee schemes under the Deposit Guarantee Schemes Directive (DGSD).

    September 15, 2021 WebPage Regulatory News
    News

    Nordea Bank and EIB Sign Agreement to Fund Green Projects in Nordics

    The European Commission (EC) announced that Nordea Bank has signed a guarantee agreement with the European Investment Bank (EIB) Group to support the sustainable transformation of businesses in the Nordics.

    September 15, 2021 WebPage Regulatory News
    News

    HKMA Endorses Industry Guidance to Support LIBOR Transition

    The Hong Kong Monetary Authority (HKMA) issued a circular, for all authorized institutions, to confirm its support of an information note that sets out various options available in the loan market for replacing USD LIBOR with the Secured Overnight Financing Rate (SOFR).

    September 14, 2021 WebPage Regulatory News
    News

    OCC Issues Booklet on Supervision of Problem Banks

    The Office of the Comptroller of the Currency (OCC) issued a new "Problem Bank Supervision" booklet of the Comptroller's Handbook. The booklet covers information on timely identification and rehabilitation of problem banks and their advanced supervision, enforcement, and resolution when conditions warrant.

    September 13, 2021 WebPage Regulatory News
    RESULTS 1 - 10 OF 7481