SEC Cybersecurity Rule and Compliance Requirements Consulting

FLANK provides SEC Cybersecurity Rules and compliance requirements services and solutions for financial institutions affected by current Securities and Exchange (SEC) pronouncements. We also offer a SEC Cybersecurity Compliance Policy Packet that’s available for instant download today. The Chief Council’s Office (the “Division”) of the SEC regularly puts forth notices regarding the broader topic of information security, and cybersecurity has been a notable topic as of late.

The Division has therefore identified that cybersecurity relating to registered investment companies (“funds”) and registered investment advisers (“advisers”) is an essential issue. Because both funds and advisers increasingly use technology for conducting critical transactions and activities, the need for ensuring the confidentiality, integrity, and availability (CIA) of such transactions/activities is of utmost importance.

SEC Cybersecurity Guidance and Disclosures

Therefore, the SEC’s Cybersecurity Rules and requirements consist of the following initiatives for registered investment companies, registered investment advisers, and other related parties:

  • Conduct a periodic assessment of: (1) the nature, sensitivity and location of information that the firm collects, processes and/or stores, and the technology systems it uses; (2) internal and external cybersecurity threats to and vulnerabilities of the firm’s information and technology systems; (3) security controls and processes currently in place; (4) the impact should the information or technology systems become compromised; and (5) the effectiveness of the governance structure for the management of cybersecurity risk.
  • Create a strategy that is designed to prevent, detect and respond to cybersecurity threats. Therefore, such a strategy could include: (1) controlling access to various systems. (2) data encryption; (3) protecting against the loss or exfiltration of sensitive data. (4) data backup and retrieval; and (5) the development of an incident response plan.
  • Implement the strategy through written policies and procedures and training that provide guidance to officers and employees concerning applicable threats and measures to prevent, detect and respond to such threats, and that monitor compliance with cybersecurity policies and procedures.
    In summary, funds and advisers should identify their respective compliance obligations under the federal securities laws and take into account these obligations when assessing their ability to prevent, detect and respond to cyber-attacks. Funds and advisers could also mitigate exposure to any compliance risk associated with cyber threats through compliance policies and procedures, such as those provided by FLANK.

Download the SEC Cybersecurity Compliance Policy Packet

Our industry leading SEC Cybersecurity Compliance Policy Packet for ensuring rapid and quick compliance comes complete with the following documentation:

  • Information Security Policies and Procedures Manual
  • Employee Security Awareness Training Packet
  • Risk Management & Risk Assessment Program
  • Incident Response Plan
  • SEC Cybersecurity Internal Monitoring Checklist
  • Third Party Service Provider Monitoring Program

Learn more about the six different categories of material you’ll receive when downloading the SEC Cybersecurity Compliance Policy Packet today from FLANK.