Under any circumstance, taken altogether, the IM Guidance, OCIE Risk Alert and OCIE Sweep Summary are clear indicators that the SEC considers regulating cybersecurity an important priority of its mission. Historically, the SEC’s cybersecurity interest was geared toward the protection of customer data – now it seems the SEC’s cybersecurity paradigm has shifted. Now the SEC’s concern about cybersecurity stems from its self-stated mandate to protect the global financial marketplace. I predicted this increased scrutiny in an article I wrote in early 2014 for Bloomberg BNA entitled, Cybersecurity and Financial firms: Bracing for the Regulatory Onslaught, and I admire the SEC’s marking of territory in the realm of cybersecurity. Cybersecurity is especially critical for SEC regulated entities, like broker-dealers, investment advisers, mutual funds, exchanges, etc. – and it is important for the SEC to play an active role in cybersecurity regulation.
via More SEC Guidance on Cybersecurity.
