Thu, May 30, 2019
On May 23, 2019, the Office of Compliance Inspections and Examinations (OCIE) published a Risk Alert regarding security risks associated with the storage of electronic customer records and information by broker-dealers and investment advisers in various network storage solutions, including those leveraging cloud-based storage.
OCIE staff noted that although most of these network storage solutions offer encryption, password protection and other security features designed to prevent unauthorized access, firms do not always use the available features. Weak or misconfigured security settings on a network storage device could result in unauthorized access to information.
The main concerns identified during examinations included concerns that may raise compliance issues under Regulations S-P and S-ID:
The following effective practices were identified:
For further information, read the full report.
End-to-end governance, advisory and monitorship solutions to detect, mitigate, drive efficiencies and remediate operational, legal, compliance and regulatory risk.