On March 3, 2021, the SEC OCIE announced its exam priorities for 2021. The sudden shift to a decentralized workforce and remote operations has raised new concerns about firms’, endpoint security, data loss, remote access, use of third-party communication systems and vendor management. The SEC will focus their exams on the security gaps created by this shift. This includes examining firms’ operational controls, compliance programs, and governance structures.
The alert also noted its 2021 examination priorities will include a greater focus on climate-related risks. As climate-related events become more frequent and more intense, the OCIE will review whether firms are considering effective practices to help improve responses to large-scale events.
Highlights of the SEC Alert
The OCIE will continue to review the compliance programs of financial firms, including whether those programs and their policies and procedures are reasonably designed, implemented, and maintained. They will also review whether registrants have taken appropriate measures to:
- Safeguard customer accounts and prevent account intrusions, including verifying an investor’s identity to prevent unauthorized account access
- Oversee vendors and service providers
- Address malicious email activities, such as phishing or account intrusions
- Respond to incidents, including those related to ransomware attacks
- Manage operational risk as a result of dispersed employees in a work-from-home environment.
This alert should serve as a strong reminder that a well-planned, defensible IT infrastructure is arguably the most consequential decision a fund manager can make as it affects virtually every aspect of a firm’s business.
Preparing for an SEC Exam?
Contact ACE IT Solutions at 646.558.5575 or firstname.lastname@example.org to learn more about our compliance and cybersecurity solutions for financial services in the work-from-home era. We will work with you to make sure your firm is properly prepared to meet SEC requirements.
Read the SEC alert here: https://www.sec.gov/news/press-release/2021-39