CCOs would be well advised to carefully review and implement where appropriate the SEC’s latest cybersecurity guidance.
By: Judy Selby and Jonathan A. Forman
Two recent speeches by Securities and Exchange Commission (SEC) officials likely got the attention of every chief compliance officer (CCO).
In the first, SEC Chief of Staff Andrew J. Donohue indicated that the SEC will continue to bring enforcement actions against CCOs for not addressing compliance issues, including cybersecurity. Donohue tempered his remarks by reiterating SEC Chair Mary Jo White’s position that the SEC does “not bring cases based on second guessing compliance officers’ good faith judgments.” However, Donohue challenged compliance professionals to be “pro-active” in their work and pointed to three recent SEC enforcement actions against CCOs on the ground that they failed to implement compliance programs reasonably tailored to the specific needs of their firms.