On April 15, 2014, the United States Securities and Exchange Commission’s Office of Compliance Inspections and Examinations (“OCIE”), released a Risk Alert to notify investment advisers that it will make cybersecurity preparedness a focus of upcoming examinations. This comes shortly after the National Exam Program of OCIE released its Examination Priorities for 2014 on January 9, 2014, which included technology as a significant initiative.
How Should Your RIA be Addressing the Risk Alert?
It is clear from the Risk Alert that an RIA should develop policies and procedures to reduce the risk of cybersecurity breaches.
The Risk Alert addressed five major subjects that RIAs should focus on:
- Identification of Risks/Cybersecurity Governance;
- Protection of Firm Networks and Information;
- Risks Associated with Remote Customer Access and Funds Transfer Requests;
- Risks Associated With Vendors and Other Third Parties; and
- Detection of Unauthorized Activity.
Stark & Stark has developed a Policy for you based on the OCIE’s Sample List of Questions. Every SEC registered investment advisor needs a Cybersecurity Policy, and establishing one will not only protect your clients from adverse effects of a security breach, but will also help avoid deficiencies during a regulatory cybersecurity examination, which could eventually result in enforcement proceedings. For a flat fee, we offer a Policy that can be easily incorporated into your existing Policies and Procedures Manual, or adopted as a stand-alone policy.
If you are interested in establishing your personalized Cybersecurity Policy, please fill out the contact form below.