Routine SEC examinations of investment advisers and investment companies this year will include scrutiny of these entities’ cybersecurity policies, an SEC official told attendees Thursday at a national agency-hosted compliance seminar.
The SEC’s Regulation S-P, which implements the federal Gramm-Leach-Bliley Act, requires brokers, dealers, investment companies, and registered investment advisers to “adopt policies and procedures that address administrative, technical, and physical safeguards for the protection of customer records and information.”
Jane Jarcho, national associate director of the SEC National Exam Program’s Investment Adviser/Investment Company examination program, told attendees at Thursday’s seminar that the SEC would be examining asset managers’ policies for securing their systems, responding to cyber attacks, and reporting “material” breaches to regulators, according to remarks reported by Reuters. An archived webcast of the compliance seminar also will be made available on the SEC’s website.
Earlier this month, the SEC staff’s “Examination Priorities for 2014” noted that information security would be among the agency’s areas of focus across the entire National Examination Program, which covers investment advisers and investment companies, broker-dealers, exchanges and self-regulatory organizations, and clearing and transfer agents.
investment advisers and
investment companies(“IA-IC”), (ii) broker-dealers (“B-D”), (iii) exchanges and self-regulatory
organizations (“SROs”, and collectively, “market oversight”), and (iv) clearing and transfer agents