The Securities and Exchange Commission Expands Cybersecurity Compliance Requirements For 2016

Anne Peterson from McGuireWoods LLP posted on the JD Supra Legal News’ site about the expanded compliance requirements by the US Securities and Exchange Commission for the new year. A couple of highlights from her article below:

This year the Office of Compliance Inspections and Examinations will focus on cybersecurity protocols implemented by financial firms to protect consumer information from cyberattack.

As a practical matter, the 2016 priorities list highlights the importance of identifying risks, building a robust security framework, monitoring program effectiveness and establishing protocols to respond to cyberattacks. Periodic risk assessments, with documented benchmarks for success, are now an integral part of verifying compliance with SEC obligations.

Investment advisors and brokers should expect OCIE examiners to request detailed security program assessments and evaluations throughout 2016.

Cynthia Larose from Mintz Levin (Chair of the firm’s Privacy and Security Practice) echoes this in her write-up about the OCIE’s 2016 Examination Priorities.

It is imperative that registered adviser firms ramp up their cybersecurity compliance game in 2016 and include mock OCIE examinations and mock data breaches as part of their compliance testing.

Looks like the needle is beginning to move in the right direction with increased momentum!