April 27, 2023
On April 26, 2023, the SEC’s Division of Examinations (EXAMS) published a Risk Alert regarding the security of customer information at branch offices maintained by broker dealers and investment advisers. EXAMS notes that the Risk Alert emphasizes the need for firms to “[establish] written policies and procedures for safeguarding customer records and information at branch offices” pursuant to Regulation S-P. EXAMS staff observed that while many firms have implemented safeguarding policies and procedures at their main office, implementation at remote or branch offices can fall short of the following in exams:
What Does This Mean For Me?
Firms should assess their cybersecurity programs for compliance with Regulation S-P, especially as they govern the conduct of any remote offices that firms maintain.
Additionally, given the SEC’s continued focus on cybersecurity, advisers should consider conducting a comprehensive review of their cybersecurity programs. In the past fourteen months, the SEC has released three material cybersecurity proposals for investment advisers, including:
We expect these proposals to be adopted. Regardless of the adoption timeline, firms must continue to comply with existing requirements, including Regulation S-P, and should also consider enhancing programs to prepare for upcoming regulatory changes.
The proposed amendments will require a significant amount of time and enhancement to existing cybersecurity practices. Fairview Cyber offers turnkey solutions that address SEC requirements for cybersecurity, and our team of regulatory experts are available to answer any questions you may have regarding the proposed rules. To learn more, visit our Cyber Solutions page or contact us if you’d like to speak to one of our regulatory experts.