SEC Releases the 2022 Examination Priorities

//From the desk of Colton Sumners

SEC Releases the 2022 Examination Priorities

Cybersecurity remains one of the top compliance risks for financial firms. The SEC underlines the importance of maintaining operational resiliency by focusing on the areas highlighted below, as stated in their 2022 Examination Priorities Report. Key points to concentrate on this year are the importance of updating policies & response plans and the emphasis on climate-related and physical risk.

Safeguarding Customer Accounts
Are you using MFA/SSO wherever possible?

Adding an extra layer of security will help filter out malicious activity. OCIE will continue to focus on preventing account intrusions, including verifying an investor’s identity to prevent unauthorized account access.


Vendor Due Diligence
How is your data stored? Who has access to it?


Continued oversight on vendors and service providers is necessary, especially if cloud-based, to ensure that proper precautions are taken to protect data. One-time review is not enough as systems and practices change.

Malicious Email Activities
Can your employees identify phishing? How often do you conduct security training?

It can be easy to mistake a hacker’s email for a real request because malicious actors use social engineering methods designed to trick victims. Educating employees provides you with a first line of defense and equips them with the necessary knowledge to identify phishing attempts and keep your business safe.

Responding to Incidents
What’s your plan for responding to ransomware events?

Testing your Incident Response Plan regularly using tabletop exercises prepares you and your team to address incidents quickly, calmly, and effectively. The OCIE will focus on the impact of climate-related risk this year, so pay special attention to exercises involving environmental issues such as flood, fire, and earthquake scenarios.

Planning Ahead: BCP and DRP
Are you prepared to address disasters and continuity issues?

This year Business Continuity and Disaster Recovery Plans should reflect the growing shift towards focusing on physical and natural disaster risks related to climate change and pandemic. Neither are just momentary issues, so ensure that your policies reflect that by covering your bases.


Policies & Procedures
How often do you review and update your Information Security Policy?

Policies must be updated regularly to be current and to help you stay ahead of the curve. Because they outline best practices, boundaries, and other guidance, they also aid in mobilizing employees to actively be aware of their role in the company’s security.

Contact Cobaltix Compliance today to make sure your company is positioned properly to adhere to all the guidelines by the SEC 

more insights

SEC Releases the 2022 Examination Priorities

Cybersecurity remains one of the top compliance risks for financial firms. The SEC underlines the importance of maintaining operational resiliency by focusing on the areas highlighted below, as stated in their 2022 Examination Priorities Report.

Read more >

Pwn’t: Okta

I think it’s worth taking a step back and shining a light on how this occurred again: a third party contractor got popped which lead to access to Okta’s sensitive data. Crappy. Really, really crappy.

Read more >