Cybersecurity is a key focus for the SEC. For example, the SEC Division of Examinations’ 2022 exam priorities report notes that registered investment advisers and broker-dealers must have strong information security and data protection controls to ensure their ability to continue operations in the event of a cyber attack or other disruption. See “Private Funds Top the SEC’s 2022 Exam Priorities
” (Jun. 9, 2022). FINRA is also keenly focused on cybersecurity. To that end, on May 5, 2022, FINRA released a tool to help small firms identify key cybersecurity risks and enhance their customer information protection, cybersecurity written supervisory programs and related controls. The tool (Tool) highlights the most common and recent categories of cybersecurity threats facing small firms; includes questions to assist firms with addressing those threats; provides a summary of core controls small firms should consider; and contains relevant questions for firms to answer when evaluating their current cybersecurity programs. Although the Tool was written for broker-dealers, its guidance is generally applicable to fund managers’ oversight of their cybersecurity programs. This article summarizes the Tool and provides a checklist – including a downloadable, standalone version – created from the questions in the Tool that managers can use to assess the sufficiency of their cybersecurity programs. For another checklist derived from FINRA guidance, see “A Checklist for Fund Managers to Ensure Adequate Vendor Management
” (Sep. 9, 2021).