SEC prioritizes data security, digital assets for examinations

The Securities and Exchange Commission’s Division of Examinations will be prioritizing issues related to information security and emerging technologies like cryptocurrency for its 2022 examination year, among other items.

On information security and operational resiliency, the SEC division plans to review registrants’ IT practices in relation to how the company plans to prevent interruptions to mission-critical services and protect investors’ information, records and assets. Examiners intend to review the degree to which firms have taken measures to:

  • Safeguard customer accounts and prevent intrusions;
  • Properly supervise vendors and other service providers;
  • Address malicious email activities like phishing;
  • Respond to incidents like ransomware attacks;
  • Identify red flags related to identity theft; and,
  • Manage overall operational risk as a result of remote work.

Connected to this will be reviews about continuity and disaster recovery plans, especially where it concerns climate risk.
On emerging technologies, the division wants to look at how companies are managing the risks that come with the use of financial technologies such as cryptocurrency, and the degree to which these risks are considered when crafting regulatory compliance programs. Examiners will focus in particular on companies that say they are offering new products and services, or employing new practices, to see whether their operations and controls are consistent with standards, regulations and previous disclosures.

They will also look extra hard at companies that offer advice and recommendations, including via algorithm, to make sure they’re consistent with the investors’ strategies and the standard of conduct owed to them, and have strong controls. When looking specifically at digital assets, the division plans to review custody arrangements, as well as more general offers, sales, recommendations, advice and trading.

"In this time of heightened market volatility, our priorities are tailored to focus on emerging issues, such as crypto-assets and expanding information security threats, as well as core issues that have been part of the SEC’s mission for decades — such as protecting retail investors," said Division of Examinations’ acting director Richard Best in a statement. "Our priorities cover a broad landscape of potential risks to investors that firms should consider as they review and strengthen their compliance programs."

Other examination priorities include matters relevant to registered investment advisors who manage private funds; ESG advisory services and investment products; and retail investors and working families.

The Securities and Exchange Commission flag flies in front of a building.
The SEC said McKinsey & Co. failed to maintain proper policies for partners who had access to material nonpublic information about issuers while they also sat on an investment committee of an internal fund that was trading those issuers' securities. Photographer: Joshua Roberts/Bloomberg
Bloomberg News

For reprint and licensing requests for this article, click here.
Technology Cyber security SEC Cryptocurrency
MORE FROM ACCOUNTING TODAY