SEC Examinations – Are you prepared?

Examinations focusing on Cyber for brokerage and securities firms

The banking industry has traditionally been the poster child of regulation.  I’ve been dealing with federal and state regulators since I started in the industry back in the early 90s.  I can remember one of my first “IT Examinations” back in 1995 – the examiners at the time were more interested in getting up to speed on the rapidly evolving technology than they were with being able to provide direction to the bank.  Those days are definitely over and many very talented and skilled examiners now exist at every agency that regulates banking.

Review of technical controls back then may have been a bit of a joke, but nowadays, it’s no laughing matter, which is evident by the ramping up of cybersecurity by the examination body that regulates brokerage and securities firms – the OCIE.  For years, the examination effort spent on IT was marginal at best.

Last year around this time, the OCIE came out with a Risk Alert that stated that they were going to be focusing  their efforts on cybersecurity.  They published a document that outlines the key areas they will be covering in their examinations going forward.

Glancing through the appendix of this document, the traditional banker wouldn’t bat an eye, but if you are a small securities firm, this is something that will likely give you pause.  It discusses such topics as periodic assessments, vulnerability scans, and policies.  These are not typically a problem and can be put in place rather quickly, but what about nebulous areas like data mapping, data classification, risk management, vendor management and incident response? That’s a heavy weight on the shoulders of a small IT staff – especially if most of those terms are unfamiliar!

Peters & Associates can help you put together a strategy for understanding where the gaps are and executing the project to close those gaps.  Compliance initiatives are something we work with continually across many industries.  Contact us today for more information on our expert IT consulting and security solutions at

By |2018-12-18T12:18:40-05:00January 9th, 2017|Security Solutions|Comments Off on SEC Examinations – Are you prepared?

About the Author:

As the Information Security Architect at Peters & Associates, Thomas Johnson (TJ) is responsible for providing security and compliance leadership. This includes such areas as vendor management, disaster recovery, business continuity, data protection, security products, budgeting and risk management. He has over 25 years of experience in security and technology and has extensive compliance related expertise in banking and healthcare. TJ holds many security related certifications as well as a Master’s Degree in Information Technology Management with a specialization in Information Security from the Illinois Institute of Technology in Technology. TJ focuses on Security Leadership, Risk Management, Information Security Assessments, Compliance Management and DR / BCP.