News & Insights

SEC Cyber Oversight 2024 Exam Priorities

What happened?

On October 16th, 2023 the SEC Division of Examinations announced its 2024 exam priorities. The 2024 examination priorities allows investors and registrants to be aware of key risks, examination topics, and priorities of the Division in the upcoming year.

This announcement from the SEC comes earlier than usual. In past years, the priority list has been published in the first quarter. The timeline was adjusted this year to align with the commission’s fiscal year-end. This shift allows firms to use the priority list to prepare budgets for 2024.

Cybersecurity and information security and operational resiliency were among the items referenced within the priority list. The Division plans to continue to focus on broker-dealers’ and advisers’ practices in place to deter interruptions to critical services and protect client information. Focus will center on registrants’;

  • Policies and procedures,
  • Internal controls,
  • Oversight of third-party vendors (where applicable),
  • Governance practices,
  • Responses to cyber-related incidents (including those related to ransomware attacks),
  • Training on the registrants’ identity theft prevention program, and
  • Policies and procedures to protect client information.

Additionally, the Division will continue to review registrants’ practices to safeguard client information at branch offices.

Next Steps:

Increased cybersecurity risks and concerns remains a focus area for the Division. Registrants should review the 2024 examination priorities the Division has published to ensure they are prepared to adequately address each item in the event of an exam. The Division will expect registrants to have practices and policies in place to address the items included in the priority list to show they are prepared for a disruption to a critical service and are protecting client information.

Fairview Cyber offers turnkey solutions that address SEC requirements for cybersecurity, and our team of regulatory experts are available to answer any questions you may have regarding training, phishing, and vendor due diligence. To learn more, visit our Cyber Solutions page or contact us if you’d like to speak to one of our regulatory experts.