Is your Cyber Security Ready for the Regulators?
With U.S. regulators citing cybercrime as the greatest threat to financial markets, the chief compliance officer’s job in the financial sector has become more daunting than ever.
Examiners from the SEC, NFA, CFTC and FINRA have been conducting industry sweeps to review registrants’ compliance with current cyber security rules and regulations.
When regulators review a regulated entity in response to a deficiency, as part of a targeted sweep or in the course of routine examinations, they evaluate more than the components of a registrant’s cyber program. They focus on the quality and full scope of a firm’s cyber program risk management program, including a firm’s cyber preparedness and its plans to handle an attack after-the-fact, including whether or not it has insurance coverage to manage the potentially costly impact.
Regulatory Focus Areas
- Written cyber security policies and procedures
- Cyber risk analysis and assessment practices
- Business continuity and response plans in case of a cyber-attack
- Registrant’s understanding of concerns and threats faced by the industry
- Deployment of protective measures against the identified threats and vulnerabilities
- Assessment of the impact of cyber-attacks on the firm over the past 12 months
- Processes for sharing and obtaining information about cyber threats
- Employee cyber security education and training programs
- Approaches to handling distributed denial of service (DoS) and other attacks
- Contractual arrangements with third-party service providers
- Insurance coverage for cyber security-related events
Registrants that fail to meet the regulatory requirements risk not only violating the law but also their reputation and long-term survival. Failure to comply may be deemed an independent violation of federal securities laws and could result in enforcement actions.
How Alaric can help
Cyber security is one of the most challenging issues facing firms today. Alaric offers several solutions powered by BW Cyber Services to help your firm comply with the cyber security regulatory requirements of the SEC, FINRA, CFTC and NFA, and to mitigate the threat of real-world security breaches.
For more information please visit www.alariccompliance.com, or call 1-888-243-2448 or email