SEC Examinations Division Publishes 2023 Priorities Letter>
Goodwin Law – Nicholas J. Losurdo, Jonathan H. Hecht, David G. Adams
Information Security and Operational Resiliency: Now a perennial area of focus, information security and resiliency and cybersecurity are overarching considerations for Division staff. Examinations will focus on firms’ policies and procedures, governance practices, and response to cyber incidents. Broker and adviser exams will encompass compliance with Regulations S-P and S-ID, where applicable, particularly safeguarding customer records and PII on firms’ systems and stored with vendors. As a clear sign that the agency is strongly focused on climate-related matters, Division staff will assess systemically significant registrants’ operational resiliency planning, including efforts to consider and/or address climate-related risks. Firms should remain mindful and resolute regarding preventing malicious email activities, such as phishing or account intrusions; incident response, including for ransomware attacks; identity theft red flags (likely including SAR filings); and managing operational risk in light of a dispersed workforce. The priorities letter devotes an entire section to Reg. SCI (Systems Compliance and Integrity), particularly focused on evaluating whether exchanges, ATSs, and other SCI entities have established, maintained, and enforced written policies and procedures to ensure that their systems’ capacity, integrity, resiliency, availability, and security is adequate to maintain their operational capability and promote the maintenance of fair and orderly markets.
Link: https://www.goodwinlaw.com/en/insights/publications/2023/02/02_09-sec-examinations-division-publishes-2023-priorities-letter