SEC: Prioritizing Cybersecurity

Cybersecurity is now a priority for many investment advisers to address. On June 14, SEC Chair Mary Jo White echoed that sentiment in her testimony before the U.S. Senate Committee on Banking, Housing, and Urban Affairs.

“Cybersecurity is – as I have said before – one of the greatest risks facing the financial services industry and will be for the foreseeable future,” Chair White said in her remarks. She went on to note that the SEC has taken a “proactive” approach that includes “examining and enforcing the rules we oversee that relate to cybersecurity.”

Reading between the lines, it appears that the SEC does not need a new Cybersecurity Rule to enforce requirements. Rather, the Commission appears willing and able to enforce existing regulations that already address cybersecurity – particularly Rule 30(a) of Regulation S-P, which requires registered investment advisers to adopt written policies and procedures reasonably designed to safeguard customer records and information.

Regulation S-P violations have paved the way for the SEC to bring two cybersecurity enforcement actions against investment advisers within the last nine months – first, against RT Jones in September 2015 and more recently against Morgan Stanley Smith Barney in June 2016.

SEC’s 2016 Efforts on Cybersecurity Exams

Chair White stated that the SEC is focusing on “ensuring that our registered entities have policies and procedures to address the risks posed to their systems and data by cyberattacks,” explaining that the agency has expanded its cybersecurity examinations to include testing of firms’ implementation of procedures and controls.

The SEC is currently examining these issues at firms in 2016, and recently announced the promotion of Christopher Hetner to the role of Senior Advisor to the Chair for Cybersecurity Policy. Mr. Hetner, a former chief information security officer at GE Capital, is the Cybersecurity Lead for the SEC’s Office of Compliance Inspections and Examinations (OCIE) Technology Controls Program.

Chair White’s full testimony is available by clicking here.


Subscribe to CSS Blog

CSS frequently publishes blog posts which are written by our team from their observations in the field, at conferences and through experiences with compliance professionals. These posts are designed to further knowledge and share industry best practices. Topics run the gamut, including Form ADV, cybersecurity, MiFID II, position limit monitoring, technology challenges and more. Complete and submit the brief form below to receive notifications when we publish new content.

Latest Content

From One CCO to Another: Don’t Lie to the SEC

Every once in a while, I think it’s important to get back to the basics. Since the adoption of the compliance rules in 2004, the Securities and Exchange Commission staff has repeatedly stated that the intent of the rules were not to hunt CCOs. Great pains have been made to enlist CCOs support in ensuring … Continued

BME Partners with CSS to Strengthen its Regulatory Service Suite

BME to offer financial services firms in Spain and Portugal a multi-regulation reporting platform Partnership brings a unique combination of local market presence and global coverage BME has partnered with Compliance Solutions Strategies (CSS), a leading RegTech platform provider, to offer a global regulatory reporting solution in Spain and Portugal. The combination of BME’s local … Continued

Compliance Solutions Strategies Acquires AMFINE

Combination Creates First Fully End-To-End Compliance Reporting Platform NEW YORK, September 10, 2020 – Compliance Solutions Strategies (“CSS”), a leading RegTech platform providing technology-driven solutions which enable financial services firms to meet mandatory regulatory compliance requirements, today announced the acquisition of AMFINE (“AMFINE”), a provider of SaaS-based regulatory reporting services to European asset managers, asset … Continued