SEC Publishes Observations on Cybersecurity and Resiliency Practices
The SEC Office of Compliance Inspections and Examinations (OCIE) issued examination observations related to cyber-security and operational resiliency practices of market participants. The observations highlight approaches of market participants in the areas of governance and risk management, access rights and controls, data loss prevention, mobile security, incident response and resilience, vendor management, and training and awareness. The observations cover specific examples of cyber-security and operational resiliency practices and controls that organizations have taken to potentially safeguard against threats and respond in the event of an incident.
While the effectiveness of any given cyber-security program is fact-specific, it has been observed that a key element of effective program is the incorporation of a governance and risk management program that generally includes, among other things:
- Developing and conducting a risk assessment process to identify, manage, and mitigate cyber risks relevant to the organization’s business. This includes considering the organization’s business model, as part of defining a risk assessment methodology, and working to identify and prioritize potential vulnerabilities.
- Adopting and implementing comprehensive written policies and procedures addressing the identified risks.
- Establishing comprehensive testing and monitoring to validate the effectiveness of cyber-security policies and procedures on a regular and frequent basis. Testing and monitoring can be informed based on cyber threat intelligence.
- Responding promptly to testing and monitoring results by updating policies and procedures to address any gaps or weaknesses and involving board and senior leadership appropriately.
OCIE conducts examinations of SEC-registered investment advisers, investment companies, broker-dealers, self-regulatory organizations, clearing agencies, transfer agents, and others. It uses a risk-based approach to examinations to fulfill its mission to promote compliance with U.S. securities laws, prevent fraud, monitor risk, and inform SEC policy.
Related Links
Keywords: Americas, US, Securities, Operational Resilience, Governance, Data, Cyber Risk, SEC
Featured Experts
María Cañamero
Skilled market researcher; growth strategist; successful go-to-market campaign developer
Dieter Van der Stock
IFRS subject matter expert; accounting authority; risk management specialist
Previous Article
IAIS Consults on Guidance on Liquidity Risk Management for InsurersRelated Articles
|
News
APRA Plans to Assess Climate Risks and Develop Prudential GuidanceAPRA published a letter that outlines its plans to undertake a climate change vulnerability assessment and develop a prudential practice guide focused on climate-related financial risks.
February 24, 2020
WebPage
Regulatory News
|
|
News
FDIC Publishes Guide to Help with Third-Party Risk ManagementThe technology lab of FDIC (FDiTech) published a new guide to help financial technology, or fintech, companies and others partner with banks.
February 24, 2020
WebPage
Regulatory News
|
|
News
APRA to Transition to Annual Stress Testing of Large Banks in 2020APRA published key findings of the stress testing assessment conducted on authorized deposit-taking institutions.
February 21, 2020
WebPage
Regulatory News
|
|
News
IAIS Statement on Monitoring Period of Insurance Capital StandardIAIS published a statement from its Secretary General Jonathan Dixon on the Insurance Capital Standard (ICS) monitoring period.
February 21, 2020
WebPage
Regulatory News
|
|
News
EC Consults on Review of Non-Financial Reporting DirectiveEC is launched a consultation on the review of the Non-Financial Reporting Directive or NFRD (Directive 2014/95/EU, as part of its strategy to strengthen sustainable investment in Europe.
February 20, 2020
WebPage
Regulatory News
|
|
News
EIOPA Consults on Standards for Supervisory Reporting Under PEPP RuleEIOPA is consulting on the implementing technical standards for supervisory reporting and cooperation, as mandated by the Pan-European Personal Pension Product (PEPP) Regulation (Regulation 2019/1238).
February 20, 2020
WebPage
Regulatory News
|
|
News
EIOPA Publishes Statement on Adverse Interest Rate EnvironmentEIOPA published a supervisory statement on the impact of the ultra-low or negative interest rate environment on the insurance sector in EU.
February 20, 2020
WebPage
Regulatory News
|
|
News
ECB Report on Transfer of Liquidity from EONIA Products to €STRECB published a report on the transfer of liquidity from the cash and derivatives products of the Euro Overnight Index Average (EONIA) to the Euro Short-Term Rate (€STR).
February 19, 2020
WebPage
Regulatory News
|
|
News
ESRB Publishes Report on Systemic CyberattacksESRB published a report that explores systemic implications of cyber incidents, such as cyberattacks.
February 19, 2020
WebPage
Regulatory News
|
|
News
FSB Chair Sets Out Key Deliverables for G20 Presidency of Saudi ArabiaFSB published a letter from the Chair Randal K. Quarles to the G20 finance ministers and Central Bank governors ahead of the meetings in Riyadh on February 22-23.
February 19, 2020
WebPage
Regulatory News
|
