Cyber threats are increasing and, based on the U.S. Securities and Exchange Commission’s (SEC) Division of Examinations (previously OCIE) Risk Alert on November 19, 2020, regulators do not believe firms are doing enough for cyber and compliance. Weaknesses and deficiencies relating to the Compliance Rule (Rule 206(4)-7 under the Investment Advisers Act of 1940) were found across maintenance of written policies, due diligence processes, third-party oversight, cybersecurity, client safeguards for privacy, and more.
Firms are under pressure to meet SEC expectations for operational resilience as well as their own internal and client expectations for cybersecurity and privacy.