2024-2025 Global AI Trends Guide
In today’s connected world, businesses face constant pressure to improve their cybersecurity practices and to confirm that they are meeting industry standards. To continue helping businesses achieve those goals, the SEC Office of Compliance Inspections and Examination (OCIE) published on January 27 its latest Examination Observations related to cybersecurity and operational resiliency practices.
Now in the sixth year of its cybersecurity initiative, the OCIE compiled observations from thousands of examinations of broker-dealers, investment advisers, clearing agencies, national securities exchanges and other SEC registrants to identify common approaches businesses have taken to bolster their cybersecurity and resilience practices within seven distinct areas:
Although these observations are not instructions on how best to implement these strategies or programs, they address the key areas that OCIE believes businesses should focus on to strengthen their cyber defenses. If a business realizes it has not implemented one of these strategies, OCIE suggests a business should examine whether implementing that strategy would be feasible and would help improve its cybersecurity and resilience practices.
The Examination Observations highlights the SEC’s growing interest in cybersecurity among its regulated entities and follows the SEC’s decision in December to permit the National Securities Clearing Corporation to enact a cybersecurity requirement of its own for its 3,000 members. Although the OCIE observations are most directly applicable to SEC-regulated entities, other businesses may find the observations a useful guide to assessing the strength of their cybersecurity practices.
Authored by Peter Marta and Jasmeet Ahuja
Jake Nevola, a Law Clerk in our New York office, contributed to this entry.