Share these talks and lectures with your colleagues
Invite colleaguesPractice paper
Navigating the US Securities and Exchange Commission's evolving expectations for cybersecurity preparedness
Journal of Securities Operations & Custody,
9
(1),
6-17
(2017)
Abstract
The US Securities and Exchange Commission expects its registered broker-dealers, investment advisers and investment companies to implement cybersecurity safeguards through policies and procedures reasonably designed to protect customer records and information, as well as to prepare generally for cybersecurity threats that could undermine the ability to meet regulatory obligations. However, the manner in which registrants are expected to accomplish these goals is uncertain given the SEC's reliance on a principles-based standard, non-specific staff guidance, and the contextualisation of its expectations through enforcement actions. This paper explains the bases of the SEC's approach to cybersecurity preparedness and the challenge of navigating through changing and uncertain expectations, and then offers simple steps to understand and respond to regulatory signals when choosing appropriate cybersecurity measures, as well as memorialising that a firm has acted with the appropriate standard of care.
Keywords: cybersecurity; SEC; guidance; investment; adviser; broker; enforcement
The full article is available to subscribers to the journal.
Author's Biography
Vincente L. Martinez is a Government Enforcement Partner at K&L Gates LLP, which he joined after almost 13 years in regulatory enforcement. He most recently served in the SECs Division of Enforcement as Chief of the Office of Market Intelligence, and was also a member of the SECs Cybersecurity Working Group. He also previously served as the first Director of the US Commodity Futures Trading Commissions Whistleblower Office.
Erin Ardale Koeppel is a Government Enforcement Partner at K&L Gates LLP. Ms Koeppel defends financial services clients and other companies and individuals in government investigations, regulatory or private litigation and corporate internal investigations. She also counsels clients with respect to corporate governance and compliance matters.
Mark Amorosi is an Investment Management Partner at K&L Gates LLP. Mr Amorosi previously served in the SECs Division of Investment Management, and his practice focuses on investment management and securities law matters involving investment advisers, mutual funds, insurance companies and private investment vehicles, and related issues affecting broker-dealers, administrators, transfer agents and custodians.
