A high-level SEC official told an industry group yesterday that the National Examination Program (NEP) will be reviewing asset managers’ policies and procedures for preventing cyber attacks. In particular, the SEC is looking at the risks created by asset managers who give vendors access to their information technology systems.
As reported by Reuters, Jane Jarcho, national associate director of the SEC’s Investment Adviser/Investment Company examination program, stated, “We will be looking to see what policies are in place to prevent, detect and respond to cyber attacks.”
Ms. Jarcho’s statement about asset managers continues a theme recently articulated in the NEP’s 2014 examination priorities. Among other things, NEP examiners will review firms’ vendor due diligence procedures and ensure that asset managers report cyber intrusions to their regulators. It is safe to say that the SEC’s examination program will also look at how broker-dealers maintain system security.
Please read our recent Client Alert regarding broker-dealer cybersecurity, including the state of the law and regulatory guidance, a summary of FINRA and SEC enforcement actions, and the lessons learned from those actions.