Seven Cybersecurity Risks That SEC Examiners Will Look For in Examinations of Hedge Fund Managers

Cybersecurity has been a growing priority for the SEC.  See “Top SEC Officials Discuss Hedge Fund Compliance, Examination and Enforcement Priorities at 2014 Compliance Outreach Program National Seminar (Part Two of Three),” Hedge Fund Law Report, Vol. 7, No. 8 (Feb. 28, 2014).  On March 26, 2014, the SEC hosted a cybersecurity roundtable that featured representatives of regulatory agencies, leading professional firms, financial institutions and other businesses.  SEC Chair Mary Jo White and Commissioner Luis A. Aguilar gave opening remarks that stressed the SEC’s concerns about cybersecurity threats.  Following that event, the SEC’s Office of Compliance Inspections and Examinations issued a National Exam Program Risk Alert (Alert) that outlined a new initiative to “assess cybersecurity preparedness in the securities industry and . . . obtain information about the industry’s recent experiences with certain types of cyber threats,” including a plan to examine more than 50 registered investment advisers and broker-dealers on cybersecurity matters.  The Alert also included examples of questions relating to cybersecurity that examiners may pose to investment advisers and broker-dealers.  For hedge fund managers, whether or not registered, the Alert and speeches at the roundtable offer valuable guidance for identifying and addressing cybersecurity threats, and preparing for SEC examinations that focus in part on cybersecurity.  See also “Evolving Operational Due Diligence Trends and Best Practices for Due Diligence on Emerging Hedge Fund Managers,” Hedge Fund Law Report, Vol. 7, No. 15 (Apr. 18, 2014).

To read the full article

Continue reading your article with a HFLR subscription.