This month, the Securities and Exchange Commission’s Division of Examinations announced its 2021 examination priorities. The examination priorities are published each year, offering insights into those areas that the Division believes could present risks to investors and the U.S. capital markets. The Division will focus on climate-related risks, as well as conflicts of interest for brokers and investment advisers and attendant risks relating to FinTech in its initiatives and examinations.
When it comes to Information Security and Operational Resiliency, the Division continues to review business continuity and disaster recovery plans and is focusing on the growing concern for physical and other relevant risks associated with climate change.
However, it’s important to note that the Division will also review whether firms have taken the appropriate steps when it comes to:
- Safeguarding customer accounts
- Preventing account intrusions
- Verifying an investor’s identity to prevent unauthorized account access
- Overseeing vendors and service providers
- The ability to address malicious email activities, including phishing and other attack tactics
- The ability to respond to incidents, especially when it comes to ransomware attacks
- Managing operational risk considering the increased risk due to a dispersed workforce and the work-from-home environment created during the COVID-19 pandemic
Cybersecurity remains a key priority for the Securities and Exchange Commission’s Division of Examinations. Last year, the Division issued examination observations related specifically to cybersecurity and operational resiliency practices, focusing on governance and risk management, access rights and controls, data loss prevention, mobile security, vulnerability management, incident response and resiliency, vendor management and training, and awareness. You can find out more about the 2020 Cybersecurity and Resiliency Observations in our blog on the topic here.
For additional information please visit:
If you’d like to learn more about how Drawbridge can help you address your cybersecurity needs, contact the team.