SEC Examiners Find Cybersecurity Problems at Firms

Stay up-to-date with the latest developments in securities law through access to both news and all statutes and regulations. Find relevant corporate filings through a searchable EDGAR database. And...

By Andrew Ramonas

SEC staffers discovered at least one cybersecurity issue with the “vast majority” of broker-dealers, investment advisers, and funds they examined between September 2015 and June 2016, a new risk alert said.

The problems included cybersecurity procedures and policies that provided only general guidance to employees and didn’t appear to be enforced by firms, according to the Aug. 7 report from the Securities and Exchange Commission’s Office of Compliance Inspections and Examinations. Computer system maintenance, such as installing software updates to address vulnerabilities, also seemed to be a challenge for at least some of the 75 firms the SEC staff observed, the agency said.

Examiners, however, did see an improvement in cybersecurity preparedness despite the issues, according to the agency. For example, all broker-dealers, funds, and almost every adviser examined had written cyber policies and procedures on protecting customer information. Written details on those protections were less common the last time the SEC looked.

“Cybersecurity remains one of the top compliance risks for financial firms,” the alert said. “As noted in OCIE’s 2017 priorities, OCIE will continue to examine for cybersecurity compliance procedures and controls, including testing the implementation of those procedures and controls at firms.”

To contact the reporter on this story: Andrew Ramonas in Washington at

To contact the editor responsible for this story: Phyllis Diamond at

For More Information

Copyright © 2017 The Bureau of National Affairs, Inc. All Rights Reserved.

Request Securities & Capital Markets on Bloomberg Law