Illumant offers cybersecurity services to help financial institutions efficiently and effectively meet the cybersecurity requirements of the SEC and OCIE, and to protect sensitive customer and organizational information and assets, including:
The OCIE is pressuring registered investment advisors and broker-dealers to improve their cybersecurity measures. Illumant’s services help to meet those goals.
In April of 2015, the SEC issued guidance (https://www.sec.gov/investment/im-guidance-2015-02.pdf) to investment funds and advisers on protection of confidential and sensitive information.
The Office of Compliance Inspections and Examinations (OCIE) was subsequently tasked by the SEC with assessing industry practices, and legal and compliance issues associated with cybersecurity. And despite current political trends that favor reduction in compliance, OCIE examinations are set to rise (https://www.financial-planning.com/slideshow/sec-ocie-exams-to-rise-despite-lower-budget).
According to the OCIE’s examination priorities for 2017 : "In 2017, we will continue our initiative to examine for cybersecurity compliance procedures and controls, including testing the implementation of those procedures and controls." (https://www.sec.gov/about/offices/ocie/national-examination-program-priorities-2017.pdft)
In August, the OCIE released a risk alert (https://www.sec.gov/files/observations-from-cybersecurity-examinations.pdf) with observations from examinations performed as part of its most recent "Cybersecurity 2 Initiative" (https://www.sec.gov/ocie/announcement/ocie-2015-cybersecurity-examination-initiative.pdf).
In brief, the issues resulting from OCIE's examinations are as follows:
Illumant's services and help investment advisors and broker-dealers build a robust and compliant security program that addresses the issues called out by the OCIE Furthermore, Illumant’s services help financial institutions meet individual state cybersecurity requirements (e.g. New York State's Cybersecurity Requirements for Financial Services Companies: https://www.dfs.ny.gov/docs/legal/regulations/adoptions/dfsrf500txt.pdf)
The SEC has issued guidance for cybersecurity programs for investment advisers and broker-dealers. The OCIE has undertaken cybersecurity examination on the SEC's behalf. OCIE examinations are increasing, and penalties have been issued for not protecting customer data properly (https://www.sec.gov/news/pressrelease/2015-202.html).
Our OCIE-C service includes interviews with stakeholders to assess compliance as well as to educate and inform about compliance requirements, which increases cross-departmental responsibility and accountability, and helps drive security initiatives. You control who should be involved in the interview process.
Illumant's OCIE-C service leverages our expertise and resources to shift much of the burden of compliance away from you, to distribute responsibility for compliance to appropriate personnel, and to add clarity and education to the process – what needs to be meet the standards, and what needs to be remediated to achieve compliance, avoid penalties, and of course, avoid breaches.
security risk analysis required addressable administrative technical physical safeguards security measures policies procedures vulnerability assessment penetration testing social engineering breach notification
electronic records applications servers routers firewalls physical security awareness data centers server rooms telco closets workstations
OCIE Cybersecurity Examinations OCIE Security Policy best practices