The Securities and Exchange Commission will prioritize infosec and digital assets this review season

The examination division of the Securities and Exchange Commission will be prioritize problems related to information security and emerging technologies like cryptocurrency for its 2022 exam year, among others.

With respect to information security and operational resilience, the SEC division plans to review registrant IT practices with respect to how the company plans to prevent disruptions to critical services and protect investors’ information, records and assets. The examiners intend to examine the extent to which companies have taken steps to:

  • Securing customer accounts and preventing intrusions;
  • Properly supervise vendors and other service providers;
  • Address malicious email activity such as phishing;
  • Respond to incidents such as ransomware attacks;
  • Identify red flags related to identity theft; and,
  • Manage overall operational risk resulting from remote working.

In connection with this will be examined the continuity and disaster recovery plans, in particular with regard to climate risk.
With regard to emerging technologies, the division wants to examine how companies manage the risks associated with the use of financial technologies such as cryptocurrency, and to what extent these risks are taken into account when developing programs. regulatory compliance. Examiners will focus in particular on companies that say they are offering new products and services, or employing new practices, to see if their operations and controls comply with past standards, regulations and disclosures.

They will also take a closer look at companies that offer advice and recommendations, including via algorithms, to ensure that they are consistent with investors’ strategies and the standard of conduct due to them, and that they have strong controls. With specific regard to digital assets, the division plans to review custodial agreements, as well as more general offers, sales, recommendations, advice and exchanges.

“In this time of heightened market volatility, our priorities are tailored to focus on emerging issues, such as crypto-assets and growing information security threats, as well as the fundamental issues that are part of the mission of the SEC for decades – such as protecting retail investors,” Acting Division Director of Examinations Richard Best said in a statement. “Our priorities cover a wide range of potential risks to investors that companies should consider when reviewing and strengthening their compliance programs.”

Other review priorities include matters relevant to registered investment advisers who manage private funds; Advisory services and ESG investment products; and retail investors and working families.

The SEC said McKinsey & Co. failed to maintain appropriate policies for partners who had access to material, nonpublic information about issuers while also serving on the investment committee of an internal fund that traded. the securities of these issuers. Photographer: Joshua Roberts/Bloomberg

Bloomberg News

Aurora J. William