Cybersecurity: Dig That Crazy Important Beat

Securities and Derivative Litigation   |   Technology   |   Securities Transactions and Compliance   |   Financial Services Regulatory   |   Cybersecurity and Privacy   |   December 22, 2014
Download Download   
Share Share Page

The SEC and FINRA are maintaining a steady drumbeat to motivate regulated firms to adequately protect themselves from cyberattack.

The SEC’s Office of Compliance Inspections and Examinations (OCIE) began 2014 by prominently emphasizing information security technology in its published examination priorities for the year. These included a specific reference to the cybersecurity issues around broker-dealer trading activities. Then, in March, the Commission held a Cybersecurity Roundtable at which SEC Chairman Mary Jo White and Commissioner Luis Aguilar both emphasized this topic’s importance for regulated firms.

In April, OCIE again weighed in, issuing a risk alert that announced an initiative to conduct targeted cybersecurity exams of more than 50 broker-dealers and investment advisers. OCIE included a sample information request as an appendix to the risk alert, “to empower compliance professionals … with questions and tools they can use to assess their firms’ level of preparedness” regardless of whether they are subject to an exam.

FINRA also included cybersecurity prominently among its published regulatory and examination priorities for 2014, announcing that it was sending targeted examination letters to broker-dealer firms to assess their approaches to cybersecurity threat management. The concerns itemized in this announcement are similar to those reflected in more detail in OCIE’s risk alert and its accompanying appendix. FINRA panelists discussed the findings of FINRA’s targeted examination sweep at its South Regional Compliance Seminar in November.

Under the circumstances, firms that have not already done so should strongly consider assembling a team across business areas to address cybersecurity, in consultation with compliance and legal personnel. The OCIE Risk Alert Appendix can serve as a very useful guide and checklist for that effort.

©2020 Carlton Fields, P.A. Carlton Fields practices law in California through Carlton Fields, LLP. Carlton Fields publications should not be construed as legal advice on any specific facts or circumstances. The contents are intended for general information and educational purposes only, and should not be relied on as if it were advice about a particular fact situation. The distribution of this publication is not intended to create, and receipt of it does not constitute, an attorney-client relationship with Carlton Fields. This publication may not be quoted or referred to in any other publication or proceeding without the prior written consent of the firm, to be given or withheld at our discretion. To request reprint permission for any of our publications, please use our Contact Us form via the link below. The views set forth herein are the personal views of the author and do not necessarily reflect those of the firm. This site may contain hypertext links to information created and maintained by other entities. Carlton Fields does not control or guarantee the accuracy or completeness of this outside information, nor is the inclusion of a link to be intended as an endorsement of those outside sites.

Subscribe to Publications


The information on this website is presented as a service for our clients and Internet users and is not intended to be legal advice, nor should you consider it as such. Although we welcome your inquiries, please keep in mind that merely contacting us will not establish an attorney-client relationship between us. Consequently, you should not convey any confidential information to us until a formal attorney-client relationship has been established. Please remember that electronic correspondence on the internet is not secure and that you should not include sensitive or confidential information in messages. With that in mind, we look forward to hearing from you.