OCIE Observations on Cybersecurity and Resiliency Practices

 
Friday, March 27, 2020

On January 27, 2020, the Securities and Exchange Commission Commission’s Office of Compliance Inspections and Examinations (OCIE) issued a ten-page report on examination observations related to cybersecurity and operational resiliency practices taken by market participants.

From their observations, here are the main areas that market participants will want to reflect on in their own cybersecurity assessments:

  1. GOVERNANCE AND RISK MANAGEMENT – Firms must set the right tone at the top.
  2. ACCESS RIGHTS AND CONTROLS – Determine appropriate users for systems based on job responsibilities, control/limit access to authorized users. 
  3. DATA LOSS PREVENTION – Tools/Processes organization uses to ensure that sensitive data, including client information, is not lost, misused, or accessed by unauthorized users.
  4. MOBILE SECURITY – Mobile devices and applications can create additional vulnerabilities.
  5. INCIDENT RESPONSE AND RESILIENCY – Detection, disclosure, corrective actions, as well as business continuity and resiliency.
  6. VENDOR MANAGEMENT – Vendor due diligence, monitoring and overseeing vendors and assessing vendor relationships.
  7. TRAINING AND AWARENESS – Key to any good program.

Cybersecurity remains a key priority for OCIE. To date, OCIE has issued eight risk alerts that relate to cybersecurity. We encourage you to read the full report. It can provide a great starting block for building or enhancing your organization’s own cybersecurity policies. You can also find additional guidance here.


Red Oak is the advertising review software of choice in the financial services industry, with clients having over $19 trillion in assets under management. Partners of Red Oak benefit from quick implementation timelines, agile technology that responds to your needs and is 100% Books and Records compliant, all resulting in 35% faster approvals, and 70% fewer touches. Are you ready to minimize risk, relieve the regulatory burden, and improve efficiency?  Contact the Red Oak team to learn how. 

About Red Oak Compliance Solutions

Red Oak Compliance Solutions is the global advertising review software of choice in the financial services industry. It is a comprehensive suite of SEC 17A-4 compliant features that are 100% books and records compliant and provides clients with 35% faster approvals and 70% fewer touches or better. We also offer Smart Review(SM), which solves for the storage and maintenance of disclosures, helping firms reduce risk, decrease review times, and increase the speed of distribution of marketing materials. Smart Registration(SM) automates the licensing and registration management process to help reduce regulatory risk and time spent on manual processes. Overall, Red Oak allows firms to minimize risk, reduce costs, and increase compliance review process effectiveness and efficiencies.