The SEC has been particularly committed to the regular communication of known threats and expectations for firms. In January 2020, the SEC’s Office of Compliance Inspections and Examinations (OCIE) released its 2020 examination priorities focusing on (1) governance and risk management; (2) access controls; (3) data loss prevention; (4) vendor management; (5) training; and (6) incident response and resiliency. See “2020 OCIE Exam Priorities Include New Emphasis on Compliance Programs; Retail Investors Remain Top Focus
” (Feb. 25, 2020). OCIE also issued a report (OCIE Report) that functionally delineates industry best practices for mitigating cybersecurity risks, while also promoting the maintenance and enhancement of operational resiliency among firms. A substantial portion of the OCIE Report is devoted to incident response and resiliency, which encourages the adoption of routine and comprehensive network testing and monitoring by firms to validate the effectiveness of the implemented cybersecurity policies and procedures. The OCIE publications, taken together, effectively detail what the examiners will be focusing on when reviewing a fund manager’s cybersecurity program. This article provides six important steps for fund managers to take in light of those two documents. See “Keys for Fund Managers to Implement a Comprehensive Cybersecurity Program
” (Jun. 18, 2015).