SEC Issues New Guidance on Cybersecurity and Resiliency: Is your firm prepared?

The Office of Compliance Inspections and Examinations (“OCIE”) of the U.S. Securities and Exchange Commission (“SEC”) recently published its Cybersecurity and Resiliency Observations to guide market participants in enhancing their cybersecurity preparedness and operational resiliency. Based on its recent examinations of broker-dealers, investment advisers and other SEC registrants, OCIE identified certain measures and industry practices that, when implemented, OCIE believes can effectively combat cybersecurity risk. While OCIE acknowledged that there is no “one-size fits all” approach, OCIE’s discussion is a useful guide as to the industry practices and measures that OCIE may consider when assessing an organization’s cybersecurity preparedness and potential deficiencies. As in recent years, cybersecurity will continue to be a key element of OCIE’s examination program in 2020 and will likely remain an examination priority for years to come.