SEC, OCIE and Your Compliance

Compliance regulations and certification frameworks are essential to an organization and remain at the top of priorities for financial firms. Every year there are changes and shifts in emphasis for regulations, which is why most firms hire a Compliance Officer to oversee all compliance operations. Advancements in FinTech innovations, the shift to the cloud, & client demands are continuing to grow at an accelerated rate. All these innovations and advancements of technology have created an entirely new source of information called Big Data, which is a combination of client data and behavior, used to drive investment decision making and has shown to be very efficient & effective for financial firms. However, because this data is constructed by client personal information, it must be regulated, private, and secure. Any organization that is an SEC registrant are aware of the Office of Compliance Inspections and Examinations (OCIE) and their responsibilities.  

OCIE is a sub-organization under the SEC that “…gathers an understanding of the firm’s operations, assess the effectiveness of your compliance program and review the procedures and controls surrounding the production of documents.” OCIE Exams focus on investment sustainability, safety of client funds & assets, effectiveness of compliance programs, prevent fraud, monitor risk, and inform policy. These findings from the OCIE are used by the SEC to “inform rule-making initiatives, identify and monitor risks, improve industry practices and pursue misconduct.” The OCIE tracks and evaluates the impact of major risk themes such as information security, resiliency risk, & geopolitical events and the SEC uses these results to make the necessary changes and adjustments for the new fiscal year. So, long story short, the results from the OCIE exam tell the SEC where financial firms need to shift emphasis for compliance and improve industry practices for the new year. Unfortunately, because regulatory demands are constantly changing, it is hard for financial firms to keep up and more times than not get left behind. Let’s look at some of the results from the 2019 Examination Priorities from the OCIE report that came out June 23^rd, of this year:  

A big area of emphasis in the report was a lack of written policies on how to handle non-public client information. The SEC requires that managers have written policies and procedures in place to detect and isolate instances where the manager comes into possession client PII. Registered Investment Advisors that are at the top of the FinTech game and utilize automated investment tools and platforms for their clients are encouraged to put more focus on these areas they were lacking: SEC registration eligibility, cybersecurity policies and procedures, marketing practices, adherence to fiduciary duty, including adequacy of disclosures, and effectiveness of compliance programs, per OCIE. 

So, what does all that mean? In Layman’s terms, the SEC is cracking down on financial firms to protect, secure, and document all security measures and practices for client information. Failure to comply to SEC regulations could cost hundreds of thousands of dollars and the loss of business. The shift to the cloud and the advancements of financial technology have increased productivity, efficiency, and client satisfaction. However, they have also increased regulatory demands and practices. Financial firms not only have to secure their data, they also must be able to provide evidential documentation stating how they are protecting said data. 

The OCIE comes out with the report at the beginning of every fiscal year. Compliance regulations will forever be changing since technology continues to grow and evolve. No one will ever be completely on top of compliance because as soon as they do, regulations change. But what if there was a way to secure you data & information and stay compliant with all regulations without all of the nightmares and constant changes? Steel Patriot Partners provides a comprehensive, outsourced, full-scale cybersecurity solution that can be fully implemented in a 1-2 months. Our services allow financial firms to not only create a holistic approach to their data security, but they will also be able to adhere to many digital compliance requirements. We meet all elements and requirements for PCI DSS, GDRP, FedRAMP, and the SEC with the main theme being: “Protect all systems against malware and regularly update antivirus software or programs”. Financial Firms no longer have to worry about the next OCIE report or SEC changes and we take on that burden.   

If anything in this article struck your attention, please do not hesitate to reach out to us! We are real people, providing real solutions, to a real problem. Cybersecurity is our profession and creating partnerships by way of education and empowerment is our passion. For more information regarding anything cybersecurity and healthcare, simply give us a follow on social media (Facebook, Twitter, LinkedIn), send us an email, give us a call at 703-297-4405 or contact us directly! Regardless of the method you choose, we look forward to hearing from you and – as always, we appreciate your time for reading this content! Stay blessed and stay secure!