Cybersecurity has been a key priority for the SEC and its Office of Compliance Inspections and Examinations (OCIE) in recent years. The OCIE regularly releases publications addressing cybersecurity risks and practices, including eight risk alerts related to cybersecurity since 2012.

In the latest example, OCIE recently published its Cybersecurity and Resiliency Observations Report, describing 34

The SEC’s new Risk Alert provides valuable insight as to what the OCIE wants to see broker dealers and investment advisers accomplish with their privacy notices and their cybersecurity policies and procedures. The SEC wants this written documentation to be comprehensive, to accurately reflect the registrant’s practices, and to be implemented effectively throughout their business.

The SEC plans to examine the cybersecurity practices of over 50 registered broker-dealers and investment advisers. The SEC announced its plan in an April 15, 2014 Risk Alert, which closely follows the March 26 Cybersecurity Roundtable at which Chair Mary Jo White underscored the importance of cybersecurity to market security and customer data protection. At

After announcing that cybersecurity will be one of its 2014 examination priorities, FINRA wasted no time before commencing a sweep.  FINRA announced a Targeted Examination Letter to conduct an assessment of firms’ approaches to managing cybersecurity threats.

FINRA bases its concern on “the critical role information technology (IT) plays in the securities industry, the increasing

In its recently issued 2014 Regulatory and Examination Priorities Letter, FINRA stated that cybersecurity remains a priority given the ongoing cybersecurity issues reported across the financial services industry, including the increasing frequency and sophistication of attacks targeting the nation’s largest financial institutions. The securities industry watchdog continues to be concerned with the integrity of firms’