News & Events

Corporate Partner Rajib Chanda was quoted in Ignites, a Financial Times news service, in an article discussing the SEC’s plan for further upcoming cybersecurity exams, in which firms should expect to be asked more detailed questions on the six areas of focus: governance and risk assessment, access rights and controls, data loss prevention, vendor management, employee training and incident response. In the SEC’s National Exam Program risk alert issued on September 15, the agency also listed sample questions within each focus category, which examiners may ask investment advisers and broker-dealers. Rajib points to certain notable sample questions, in which the SEC asks for a firm’s policy on an array of issues, not whether the firm has them in the first place. The implication, according to Rajib, is that there should be written policies covering these particular activities. He noted, “This will have the effect of making people write down policies that were not necessarily previously on paper.”