Tips: Financial Services OCIE Cyber Security Compliance

November 30, 2015

Maintaining Your Cybersecurity Posture

If you’re in the financial services industry, you should be aware that U.S. regulators require financial services companies to make cyber attacks public in their company filings (See “OCIE Cyber Security Compliance” below). This requirement is to address the steady increase in cyber crime towards the industry and to maintain transparency between a company and their clients.

Financial 2

As one of the top targeted industries by cyber criminals, it is crucial that financial services organizations establish written policies to maintain their security posture, including:

  • Maintaining security and confidentiality of customer records and information
  • Protecting against potential threats to the security or integrity of customer records and information
  • Defending against unauthorized access to private company and customer information that could result in substantial hard to the customer

OCIE Cyber Security Compliance Examination Initiative

Just a few months ago, the Office of Compliance Inspection and Examinations (OCIE) announced a Cybersecurity Examination Initiative to increase scrutiny of firms cybersecurity practices. Previous cybersecurity measures focused on industry practices, however the most recent initiative addresses the implementation of cyber policies and procedures, such as:

  • Governance and Risk Assessment
  • Access Rights and Controls
  • Data Loss Prevention
  • Vendor Management
  • Training
  • Incident Response

Below are some key steps to make sure your financial services firm is prepared should it have to undergo a screening by the OCIE:

  1. Be prepared to show documentation of compliance with their policies
  2. Understand your firm’s vulnerabilities and implement a plan to address these risks
  3. Scrutinize vendors and companies that you collaborate with to ensure they are not putting your business at risk
  4. Educate your employees about cyber threats and prevention
  5. Undergo a security assessment by a cybersecurity expert to create a proactive plan to detect suspicious activity

Cyber Security Solutions for the Financial Services Industry

NetWatcher provides a solution that enables mid-market enterprises in the financial services industry to meet strict regulations including Payment Card Industry (PCI), Sarbanes-Oxley Act (SOX), Gramm-Leach-Bliley Act (GLBA), International Standards Organization (ISO), and other compliance programs that require log storage, management, and monitoring. Want to find out more? Click Here

Financial 4

Related Content: