The Securities and Exchange Commission has issued new cybersecurity requirements for investment advisors and broker-dealers.
A top cybersecurity priority for examiners will be to ensure companies have policies to promptly install software patches to prevent theft of customer information, the SEC said.
Examiners will also be looking to see if firms are quickly terminating access rights to their computers when employees leave and making changes in those rights when workers move to different assignments.
In another part of insuring cyber protection at advisory firms and broker dealers, the agency said it is looking at policies to verify customer requests to transfer funds.
The agency’s cybersecurity check list also includes making sure firms are giving due diligence to the selection and monitoring of vendors.
This is the first written guidance on cybersecurity sweep exams since the regulator completed its initial round of cybersecurity exams last year, said Laura Grossman, assistant general counsel of the Investment Advisor Association.
The five-page report: can be viewed here.