The SEC's 2021 Exam Priorities
For 2021, the SEC has recently outlined the attached list of exam priorities for market participants. Of particular note are the areas of information security and operational resiliency:
Information Security and Operational Resiliency
"The Division will continue to review business continuity and disaster recovery plans of firms, but will shift its focus to whether such plans, particularly those of systemically important registrants, are accounting for the growing physical and other relevant risks associated with climate change. The Division will also review whether registrants have taken appropriate measures to safeguard customer accounts and prevent account intrusions, including verifying an investor’s identity to prevent unauthorized account access; oversee vendors and service providers; address malicious email activities, such as phishing or account intrusions; respond to incidents, including those related to ransomware attacks; and manage operational risk as a result of dispersed employees in a work-from-home environment".
Feel free to reach out to us for a consultation in these areas.