Skip to content

SEC Published Cybersecurity and Operational Resiliency Best Practices

On January 27, the Securities and Exchange Commission’s Office of Compliance Inspections and Examinations (OCIE) issued various examination observations. These examinations are related to operational resiliency and cybersecurity practices taken by the market participants.

OCIE highlighted various approaches taken by organizations in the area of vendor management, data loss prevention, governance and risk management, mobile security, access rights and controls, training and awareness, as well as incident response and resiliency.

The latest observation focuses on particular examples of operational resiliency and cybersecurity practices and control. These are the measures that organizations have taken aiming to safeguard against various threats and respond when incidents arise. SEC Chairman Jay Clayton said:

“Data systems are critical to the functioning of our markets and cybersecurity and resiliency are at the core of OCIE’s inspection efforts. I commend OCIE for compiling and sharing these observations with the industry and the public.”

Clayton encouraged market participants to incorporate the information into their cybersecurity assessments. OCIE observed several practices used in the management and combating of cyber risk using risk-targeted examinations in each of the five examination program areas. According to Peter Driscoll, Director of OCIE, these practices are also used to build operational resiliency.


OCIE felt it was important to share their findings to enable organizations to have an opportunity to reflect on their in-house cybersecurity practices. OCIE is tasked with examining all SEC-registered investment companies, clearing agencies, investment advisers, transfer agents, self-regulatory organizations, broker-dealers and many others.

It implements its risk-based approach to examinations enabling it to fulfill its mission of enhancing compliance using US securities laws. OCIE also uses the same approach to monitor risk, prevent fraud, and inform SEC policy.

By sharing these observations, the Commission encourages market participants to review their policies, practices and procedures. Assessing preparedness levels and implementing the proposed measures makes an organization more secure. Market participants should also engage in law enforcement and regulators actively in these strategies.

Best Crypto Exchange for Intermediate Traders and Investors

  • Invest in 70+ cryptocurrencies and 3,000+ other assets including stocks and precious metals.

  • 0% commission on stocks - buy in bulk or just a fraction from as little as $10.

  • Copy top-performing traders in real time, automatically.

  • Regulated by financial authorities including FCA and FINRA.

2.8 Million Users
eToro is a multi-asset investment platform. The value of your investments may go up or down. Your capital is at risk. eToro USA LLC does not offer CFDs, only real Crypto assets available. Don’t invest unless you’re prepared to lose all the money you invest.

Read Next:

Weekly Finance Digest

Related posts