While it is true that many firms are not yet compliant with the most recent guidance it is understandable to some degree due to the rapid emergence of cyber/data security challenges.
A September Securities and Exchange Commission Risk Alert on cybersecurity in which the agency's Office of Compliance Inspections and Examinations said it planned a new round of examinations to gather information on cybersecurity-related controls and assess implementation of certain firm controls. OCIE will focus on governance and risk assessment, access rights and controls, data loss prevention, vendor management, training and incident response.
A week after the risk alert was issued, the SEC fined an adviser at St. Louis-based R.T. Jones $75,000 for a breach that compromised the personally identifiable information of approximately 100,000 individuals, including thousands of the firm's clients.
Prior to the September alert, the SEC and the Financial Industry Regulatory Authority Inc. had been monitoring the compliance of financial firms with cybersecurity standards. Times are changing. MORE