SEC Post

Posted on Posted in Uncategorized

Securities and Exchange Commission (SEC) 2017 Examination Priorities Emphasize Cybersecurity

October 6th, 2016

The SEC’s Office of Compliance Inspections and Examinations (OCIE) published a warning to all firms serving investors or working with the capital markets, and warned them that the OCIE would be ensuring market-wide risks are covered from a Cybersecurity perspective.The OCIE is specifically going to be examining firms for compliance procedures and controls, including testing the implementation of those procedures and controls.

What this means for firms in the securities industry is that if they haven’t already taken steps towards meeting the stringent requirements laid out in 2014, they should hurry towards that, so that they don’t incur charges the way R. T. Jones Capital Equities Management did. R. T. Jones violated the “safeguards rule” by not keeping written policies and procedures to ensure the security and confidentiality of personally-identifiable information (PII), implement a firewall, encrypt PII on its server, and maintain a response plan for cybersecurity incidents.

While the fine is one aspect, the firm also had to write to all of their 100,000 customers letting them know that they had a security breach in July 2013 and let a China-based intruder steal their customers’ information. They also had to offer to pay for credit monitoring services for all of their customers.

In this environment, securities industry companies need to meet and exceed every cybersecurity requirement of the SEC so as never to compromise the data of their customers, and have to send out those embarrassing letters to their customers, explaining that the customers’ data was compromised, and risk losing those hard-earned customers!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.