On March 22nd, Peter Driscoll, Office of Compliance Inspections and Examinations (OCIE) Director, announced plans for its third cybersecurity sweep exam in four years.
The next cyber initiative, will focus on advisers who maintain remote offices and advisers that have merged firms. The initiative will specifically investigate the use of personal email or other unregulated forms of communication used for business and will examine firms’ cybersecurity programs following a merger.
In addition, as mentioned in the OCIE’s 2018 Exam Priorities, examiners will be interested in activity in cryptocurrencies, with an emphasis on how representatives engage with their clients and any policies firms currently have in place.
Lastly, the OCIE looks forward to reviewing the data required by the new Form ADV 1 reporting. OCIE expects that the additional disclosures captured in the new form will enhance its risk-based exam program such as making it easier for the OCIE to identify a registered adviser’s top custodian.
Finally, Mr. Driscoll noted that Chief Compliance Officers can speed up the exam process by cooperating in a timely matter and by connecting examiners with the appropriate persons of the firm.
WHAT DOES THIS MEAN FOR ME?
Fairview will be working to assist clients with data security policies and procedures to ensure clients are prepared for regulatory exams.
As always, Fairview is happy to answer any questions or concerns regarding the OCIE cyber initiatives and to assist with revising your firm’s cybersecurity policies and procedures as necessary.