Financial Advisor Consultant. Recently the Securities and Exchange Commission (SEC) Office of Compliance Inspections and Examinations (OCIE) provided their examination observations concerning cybersecurity that includes operational practices registered investment advisor firms consider when reviewing your internal cybersecurity policy and procedures.
The topics in OCIE’s exam observations include:
Governance and Risk Management – assess your RIA firm’s ‘tone from the top’ and senior leaders buy in to your firm’s cybersecurity protocols.
Access Rights and Controls – review the access rights and controls for your RIA firm to determine the location of your client’s data; assess how you currently restrict access to your systems and data to unauthorized users; and establish appropriate controls to prevent and monitor for unauthorized access.
Data Loss Prevention – review your investment advisor firm’s tools and processes to ensure that sensitive data, including client information, is not lost, misused or accessed by unauthorized users.
Mobile Security – this section provides observations and guidance on what current RIA firms use to manage personal mobile devices to ensure compliance and protection of the investment advisor firm’s information.
Incident Response and Resiliency – review your procedures for timely detection and appropriate disclosure of material information regarding incidents; and assess the appropriateness of corrective actions taken in response to incidents.
Vendor Management – perform due diligence for your RIA firm’s vendor selection; monitor and oversee vendors and contract terms; assess how those relationships are considered within the investment advisory firm’s risk assessment process; and, review how vendors protect any accessible client information.
Training and Awareness – These are key components to a firm’s cybersecurity program by providing employees with information about cyber risks and responsibilities that heightens awareness of cyber threats.
Click here, for the complete list of examination observations on cybersecurity observations! Let Registered Advisor Services be your Financial Advisor Consultant for your important registered investment advisor compliance needs.