The SEC has announced its exam priorities for 2020
On January 7, 2020, the Office of Compliance Inspections and Examinations (OCIE) of the Securities and Exchange Commission (SEC) released its 2020 examination priorities. The OCIE will continue to examine firms’ abilities to manage risk associated with cybersecurity breaches and technology, including:
- Proper configuration of storage devices
- Information security governance
- Retail trading information security
- Governance and risk management
- Access controls
- Data loss prevention
- Vendor management
- Incident response and resiliency
- Proper disposal of retired technology equipment
- Access controls of customer brokerage accounts
Examinations will focus on proper configuration of network storage devices, information security governance, retail trading information security, and protection of clients’ personal financial information. With respect to third-party and vendor risk management, OCIE will focus on oversight related to certain service providers.
According to the SEC, “The published priorities for FY 2020 are not exhaustive and will not be the only areas OCIE focuses on in its examinations, risk alerts, and investor and industry outreach. While the priorities drive OCIE’s examinations, the scope of any examination is determined through a risk-based approach that includes analysis of a given entity’s history, operations, services, products offered, and other risk factors.”
ACE IT Solutions offers a comprehensive suite of customizable cybersecurity services to meet your organization’s specific risk profile and compliance needs. We can help ensure you are prepared for SEC exams. Contact us at 646.558.5575 to set up a cybersecurity risk assessment.
For more details: