Key Takeaways from SEC Speaks 2024 Event
Last week, Paul Hastings attended the Securities and Exchange Commission (SEC) Speaks 2024 event presented by the Practising Law Institute (PLI) in cooperation with the SEC on April 1 and 2. The SEC Speaks program provides essential updates on current initiatives and priorities at the SEC.
Updates Regarding Risk Alerts on Cybersecurity
The Division of Examinations held a panel covering several updates, including updates regarding the most recent cybersecurity risk alert issued. Risk alerts are used to communicate with investors and to enhance compliance. Co-Associate Director of the Advisor/Investment Company Examination Program, Vanessa Horton, explained that risk alerts are critical in that they provide a roadmap to issues that the SEC is identifying and gives companies a look at risks that the Division of Examinations sees.
Recent Cybersecurity Risk Alert
Assistant Director of the Division of Examinations, Rich Hannibal, highlighted the most recent cybersecurity risk alert issued, which was about safeguarding customer records and information at branch offices. Mr. Hannibal further noted exam priorities this year include conducting exams in the topic area of safeguarding records and branch offices. Key observations expressed by Mr. Hannibal include:
Some firms are centrally managed in controlling network/IT policies
Other firms are decentralized and allow branches discretion in how they operate, so branches lack oversight and consistency; some issues specific to branches include:
Lack of due diligence with vendors
Lack of compliance with email security
Password complexity dissimilar to what is required at main office
Multi-factor authentication dissimilar to what is required at main office
Lack of updates for patching