Mon, Feb 9, 2015
On February 3, 2015, the SEC’s Office of Compliance Inspections and Examinations issued a Risk Alert summarizing its observations from the examinations conducted under its 2014 Cybersecurity Examination Initiative. The Risk Alert can be found here.
Although the alert does not provide specific guidance, it highlights key areas of concern. We anticipate further cybersecurity guidance from the SEC in the future. In the meantime, fund managers may wish to consider the following items that were discussed in the alert:
The SEC noted that most examined firms experienced a cyber-related incident, primarily related to malware or fraudulent e-mails. Additionally, some firms suffered losses because their employees failed to follow their identity authentication procedures. As a result, firms should strongly consider conducting periodic employee training on detecting and responding to cybersecurity red flags.
End-to-end governance, advisory and monitorship solutions to detect, mitigate, drive efficiencies and remediate operational, legal, compliance and regulatory risk.