On January 27, 2020, the Securities and Exchange Commission Commission’s Office of Compliance Inspections and Examinations (OCIE) issued a ten-page report on examination observations related to cybersecurity and operational resiliency practices taken by market participants.
From their observations, here are the main areas that market participants will want to reflect on in their own cybersecurity assessments:
- GOVERNANCE AND RISK MANAGEMENT – Firms must set the right tone at the top.
- ACCESS RIGHTS AND CONTROLS – Determine appropriate users for systems based on job responsibilities, control/limit access to authorized users.
- DATA LOSS PREVENTION – Tools/Processes organization uses to ensure that sensitive data, including client information, is not lost, misused, or accessed by unauthorized users.
- MOBILE SECURITY – Mobile devices and applications can create additional vulnerabilities.
- INCIDENT RESPONSE AND RESILIENCY – Detection, disclosure, corrective actions, as well as business continuity and resiliency.
- VENDOR MANAGEMENT – Vendor due diligence, monitoring and overseeing vendors and assessing vendor relationships.
- TRAINING AND AWARENESS – Key to any good program.
Cybersecurity remains a key priority for OCIE. To date, OCIE has issued eight risk alerts that relate to cybersecurity. We encourage you to read the full report. It can provide a great starting block for building or enhancing your organization’s own cybersecurity policies. You can also find additional guidance here.
Red Oak is the advertising review software of choice in the financial services industry, with clients having over $19 trillion in assets under management. Partners of Red Oak benefit from quick implementation timelines, agile technology that responds to your needs and is 100% Books and Records compliant, all resulting in 35% faster approvals, and 70% fewer touches. Are you ready to minimize risk, relieve the regulatory burden, and improve efficiency? Contact the Red Oak team to learn how.