Phase two of the Securities and Exchange Commission’s exams of advisors’ cybersecurity policies will resume this summer, with “most” of the cyber exams to be conducted onsite and to be “shorter” in length yet “more in-depth,” Jane Jarcho, national associate director of investment adviser/investment company exams, said Friday.
Speaking at the Investment Adviser Association’s annual compliance conference in Arlington, Virginia, just outside Washington, Jarcho said that the SEC plans to zero in on such issues as “vulnerabilities that we want [advisors] to think about”; advisors’ relationships with vendors and third parties; authentication procedures, such as logins and firewalls; as well as “response plans” advisors have made for cyberattacks that have been “successful.”
The SEC noted in its recently released exam priorities list for this year that its Office of Compliance Inspections and Examinations will continue its exams of BDs’ and advisors’ cybersecurity compliance controls that started last year, and that such exams will also be expanded to include transfer agents.
The agency will also resume exams of alternative mutual funds, Jarcho said Friday, looking at 30 to 40 funds across 25 to 30 sponsors of alternative funds. “The goal is to assess the operations of these funds to protect investors and to inform policy in this area,” she said.
Regarding alt funds, the agency will look at the funds’ liquidity, if they have adequate policies and procedures regarding “illiquid holdings,” as well as leverage.