SEC Compliance Office Announces Examination Priorities for 2019
The Securities and Exchange Commission’s (“SEC”) Office of Compliance Inspections and Examinations (“OCIE”) has announced the following examination priorities for 2019: Digital assets Cybersecurity Compliance and risk at registrants responsible for critical market infrastructure; Matters of importance to retail investors Financial Industry Regulatory Authority, Inc. (“FINRA”) and Municipal Securities Rulemaking Board (“MSRB”) operations Anti-money laundering programs OCIE plans to review digital assets because of the rapid growth of the cryptocurrency market and the potential risks the market may present investors. Digital asset market participants (e.g., broker-dealers, investment advisors) are also on the rise. OCIE plans to continue monitoring how digital. Read More.
Corp Fin Director Wants Public Companies to Improve Cybersecurity Disclosures
With public companies giving investors more information about cybersecurity risk factors, the director of the Securities and Exchange Commission’s (“SEC”) Division of Corporation Finance believes there is still room for improvement. At a speech last month, William Hinman noted that SEC staff is seeing inconsistencies regarding the quality of cybersecurity disclosures. To resolve the issue, Hinman wants companies to provide more details on how their boards of directors oversee risks and breaches. Hinman’s remarks come as Corp Fin staffers continue to review companies’ cybersecurity disclosures since the SEC issued Release No. 33-10459, Commission Statement on Guidance and Public Company Cybersecurity Disclosures . Issued in February, the guidance stresses why companies must implement controls for. Read More.
Steve Ursillo Discusses How Technology Will Impact Audit
In a short video for the International Federation of Accountants (“IFAC”), Steve Ursillo, Jr. , shares his thoughts on how technology will affect audit and assurance services. Ursillo, Cherry Bekaert’s National Leader for the Information Assurance & Cybersecurity practice, says new accounting technologies will likely impact the way auditors perform engagements and client services. Watch the video on the IFAC website.
Important New Cyber Provisions in the 2019 NDAA
By: Curt Smith , Manager and Neal Beggan , Principal The National Defense Authorization Act for Fiscal Year 2019 (“NDAA” or “the Act”) was signed into law on August 13, 2018. The 2019 NDAA includes several broad provisions on cybersecurity that will interest government contractors. Generally, the Act in Section 1636 establishes a more aggressive policy on cyberspace, cybersecurity, cyber warfare, and cyber deterrence stating that the U.S. should “employ all instruments of national power, including the use of offensive cyber capabilities, to deter if possible, and respond to when necessary, all cyber attacks or other malicious cyber activities of foreign powers that target. Read More.
Public Companies Advised to Review Internal Controls for Cybersecurity
An October 16 report from the Securities and Exchange Commission (“SEC”) asks public companies to reassess their internal accounting control systems to safeguard against potential cyber-attacks. The SEC wants issuers to evaluate the degree to which cyber-related threats should be considered when developing and maintaining their internal controls. Issuers are also asked to determine whether their internal controls can provide reasonable assurances in protecting company assets from cyber-related risks. Report of Investigation Pursuant to Section 21(a) of the Securities Exchange Act of 1934 Regarding Certain Cyber-Related Frauds Perpetrated Against Public Companies and Related Internal Accounting Controls Requirements is the result. Read More.
Proposed House Bill Asks Companies to Disclose Board Members’ Cybersecurity Expertise
A bipartisan group in the House of Representatives has proposed a bill requiring public companies to say whether their boards include members with knowledge of cybersecurity. Similar to a Senate bill debated this year, the Cybersecurity Disclosure Act directs the Securities and Exchange Commission (“SEC”) to create provisions requiring public companies to disclose in annual reports or proxy statements the details of their board members’ “expertise or experience” in cybersecurity. If a board member has no cybersecurity background, then a company would have to explain how it considers cybersecurity when selecting new directors. The SEC and the National Institute of. Read More.