MFDF - Mutual Fund Directors Forum - Board Considerations on Cybersecurity Exams test

Member Login

Request an account

Sample Banner 1

Board Considerations on Cybersecurity Exams

According to a  recent alertfrom consulting firm ACA Compliance Group, the SEC’s Office of Compliance Inspections and Examinations recently updated the list of documents they typically request during adviser examinations based on their 2019 cyber exam focus areas. ACA’s observations may be helpful to boards as they consider OCIE’s current lines of inquiry into firms’ cybersecurity programs. ACA Compliance in its report found: OCIE’s current exams are significantly different from prior exams; dramatically increased sophistication in OCIE’s questions and precision of the requested information; and the SEC’s data-gathering and analytic capabilities have become broader and more vibrant.  ACA Compliance highlights several oversight areas and queries for boards to pursue with management, including: the overall environment of controls and supervision; the policies governing the cybersecurity environment; the tools used to control these matters including access controls, data integrity, and loss prevention; a focus on employees (and contractors) including onboarding, training, monitoring behavior, and departure procedures; and service provider and vendor management issues. ACA Compliance also recently released a white paper, Board Oversight of Cybersecurity...In Search of the Rosetta Stone, that provides insights on how to build a framework for cybersecurity oversight. 

  • All
  • Accounting and Audit
  • Advisory Contracts
  • Board Governance
  • Board Governance: Board Leadership
  • Board Governance: Compensation
  • Board Governance: Oversight of CCO
  • Board Governance: D&O Insurance
  • Board Governance: Self-Evaluation
  • Closed-end Funds
  • ETFs
  • Other Oversight
  • Other Oversight: Alternative Investments and Derivatives
  • Other Oversight: Custody
  • Other Oversight: Fixed Income funds
  • Other Oversight: Distribution
  • Other Oversight: Portfolio Trading
  • Other Oversight: Proxy Voting
  • Other Oversight: Securities Lending
  • Legislative News
  • Money Market Funds
  • Reference
  • Regulatory News
  • Risk
  • Shareholder Disclosure
  • Valuation
  • Webinars
  • Aaron New Tag