Jacko Law Group, PC
Call Today for a Consultation
San Diego 619-298-2880 San Francisco 415-766-3599 Los Angeles 213-631-2549

SEC OCIE's Cybersecurity Initiative: What Your Firm Needs to Know

There has been a recent flurry of news reports, analysis and webinars in the securities law world around the Securities and Exchange Commission's ("SEC's") Office of Compliance Inspections and Examinations ("OCIE") proposed 2014 Cybersecurity Initiative. Launched as a major news item this month after the SEC's OCIE published its April 15, 2014 Risk Alert devoted to the topic, the Cybersecurity Initiative redirects the financial industry's compliance focus back to SEC examinations, as OCIE purports to conduct exams on "more than 50 registered broker-dealers and registered investment advisers", focusing specifically on a firm's "cybersecurity preparedness." So what do you need to know the most from this latest Risk Alert? The areas that OCIE will be most concentrating on include:

  • The entity's cybersecurity governance [through risk assessments, an inventory of technology, and internal policies and procedures ("P&P")];
  • Identification and assessment of cybersecurity risks [malware, network breaches, etc.];
  • Protection of networks and information [encryption, etc.];
  • Risks associated with remote customer access and funds transfer requests [including external controls for authentication of identity];
  • Risks associated with vendors and other third parties [tracking new software packages, etc.];
  • Detection of unauthorized activity [how to track the notifications process for intrusions, etc.]; and
  • Experiences with certain cybersecurity threats.

Also key to this Risk Alert is its 7-page Appendix, which details a "sample list of requests for information" that the SEC may request in conducting an examination of your firm. While this list is not fully inclusive of all the requests that could be made, it is highly recommended to use it as an important guide for assuring your firm is on track with SEC examination standards. Consider assessing this Appendix and its contents with your compliance and executive team, and then develop and implement an effective cybersecurity policy within your organization. Not only will you be safeguarding and protecting your clients, but you will be better prepared for your next regulatory exam. For further information on this and other related subjects, please contact us at [email protected]  or (619) 298-2880.

No Comments

Leave a comment
Comment Information
Email Us For A Response

How Can We Help?

Email us to request more information or to schedule an appointment.

Bold labels are required.

Contact Information

The use of the Internet or this form for communication with the firm or any individual member of the firm does not establish an attorney-client relationship. Confidential or time-sensitive information should not be sent through this form.


Privacy Policy

San Diego Office
1350 Columbia Street
Suite 300
San Diego, CA 92101

Toll Free: 866-497-2298
Phone: 213-631-2549
Phone: 619-298-2880
Fax: 619-298-2882
Map & Directions

San Francisco Office
Four Embarcadero Center
Suite 1400
San Francisco, CA 94111

Phone: 213-631-2549
Phone: 415-766-3599
Fax: 619-298-2882
Map & Directions

Los Angeles Office
535 N. Brand Boulevard
Suite 270
Glendale, CA 91203

Phone: 213-631-2549
Fax: 619-298-2882
Map & Directions