Simpson Thacher discusses SEC and FINRA Report on Cybersecurity Sweep Examinations and SEC’s Cybersecurity Guidance Update

The SEC issued a National Exam Program risk alert summarizing OCIE’s cybersecurity examination sweep of advisers and broker-dealers on February 3, 2015 (SEC Risk Alert). On the same day, FINRA issued its report on cybersecurity practices of broker-dealers, based on its own sweep examination (FINRA Report). Neither the SEC Risk Alert nor the FINRA Report creates any new rules or legal obligations, but each provides insight into current industry practice.

Many commentators have interpreted the reported results as a sign that the industry is on top of cybersecurity issues, but OCIE specifically included cybersecurity controls among its examination priorities for … Read more