Last week the Securities and Exchange Commission provided additional guidance following up on its prior disclosure that it would focus on cybersecurity compliance and controls among its 2015 examination priorities for broker-dealers and investment advisers. (Click here for additional information on the SEC’s earlier announcement in the article “Industry Watchdogs Warn Brokers and Advisory Firms on Cybersecurity Threats” in the February 8, 2015 edition of Bridging the Week.) Among other elements, the SEC’s Office of Compliance Inspections and Examinations announced that, in connection with its assessment of the effectiveness of registrants’ cybersecurity controls, it will focus on registrants’ governance and risk assessment; access rights and controls; data loss prevention; vendor management; training; and incident response. Two weeks ago, the National Futures Association submitted to the Commodity Futures Trading Commission for its approval a proposed Interpretive Notice requiring certain NFA members to maintain formal, written information systems security programs. Firms impacted by NFA’s proposal are futures commission merchants, commodity trading advisors, commodity pool operators, introducing brokers, retail foreign exchange dealers, swap dealers and major swap participants. (Click here for background regarding the NFA’s proposal in the article “NFA Proposes Cybersecurity Guidance” in the September 13, 2015 edition of Bridging the Week.)