1 MINUTE READ
Over the past couple of years, the US Securities and Exchange Commission (SEC) has been examining broker-dealer and investment advisor cybersecurity risks and preparedness. In 2016, they advanced their efforts to include testing and assessment of firms’ implementation of cybersecurity procedures and controls as well as evaluating firms' policies and procedures designed to ensure the capacity, integrity, resiliency, availability and security of their Systems Compliance and Integrity.
This financial advisory firm, with 15 offices nationwide, was the first of Xantrion's clients to be chosen for a 2016 SEC cybersecurity audit. It had just one week to submit all the documentation necessary to demonstrate precisely what it was doing to protect its customers' sensitive financial information. It also needed to prepare for a subsequent onsite oral examination by SEC representatives.
Xantrion assisted with the technical side of the cybersecurity audit while the advisory firm’s own compliance team focused on more business-specific questions.
Xantrion provided the SEC with all the following documentation:
A Xantrion vCIO subsequently sat in with the firm's director of operations, chief compliance officer, and legal counsel during the SEC's in-person examination, providing answers to technical questions and elaborating on the documentation as needed.
The SEC didn’t find any deficiencies relative to their cybersecurity guidelines.